Sherlock H.

Letters to the President

Security vs. Privacy

Dear President,

A concern of mine is balancing surveillance and data collection via the interweb and personal privacy. 

It is the age of connectivity. We have our Facebook ‘friends’ or Twitter ‘followers’. A girl named Siri guides our way. Pay bills, shoot aliens, find a restaurant or a life partner. Get caught speeding. Get caught smooching. It’s all recorded. Somewhere. Virtually. We have unprecedented access to the world from our phones, pads, and PCs, but the one thing that still holds true is that every relationship is a two way street. If we can see them, they can see us. For every transaction or transgression we make, that action is digitally recorded and stored to be recalled at a later date. It is convenient, but it is also vulnerable. While we’re paying our bills or sending selfies and tweets, we tend to forget that everything we do with technological assistance is just a sequence of 1’s and 0’s funneled through random computer servers via WiFi. Anyone with a computer, the skill, and some time on their hands can hack in and steal your information. The best case scenario is inconvenience and embarrassment. The worst cases can be life-altering or life-threatening.

 Compounding this situation is that our government and law enforcement have also become engaged in this type of cyber snooping. Though their ends may presumably differ from a criminal hacker, they no longer need to physically follow us around or bug a room or a phone to keep tabs on us. Surveillance has become so much easier since we’re doing most of the work ourselves. However, the public outrage when it was discovered that our phones were tapped and tracked not by hackers but by our own government made it became apparent that there need to be lines drawn and a balance achieved between privacy and security. The enactment of certain rules and guidelines will help create this necessary balance between the need of data collection for security and the right to personal privacy.

The employment of anonymous algorithms that provide needed information to law enforcement, but which do not disclose identities or other information without a system of checks and balances approval. Simply put, the government should have a reason to suspect you before they are allowed to tap and track you. These types of algorithms could provide law enforcement with an alert for suspicious activities and conversations, but would not provide the target of a specific person at first. For phone and computer activities, the algorithm might provide a tiered level of information—say a general geographic area of the occurrence, maybe a zipcode or city. Before being permitted to hone in further, an approval, similar to the way a search warrant is used, would have to be issued. Perhaps an assessment would even need to be performed at each level. Each search of the algorithm would hone in further until providing a specific target with a wide range of personal information.

Reconstruction of judiciary codes and laws incorporating technology as a specific, not interpretive, condition. The judicial system is outdated, unfit, and perhaps unable to deal with the onslaught of technology related crimes and scenarios. We are already taxing the interpretation of laws by extrapolating intent from 100 year old scenarios to deal with threats of terrorism. Adding the technological component to terrorism and other crimes makes it almost impossible to have a clean and clear set of guidelines for law enforcement. Our laws are based entirely on the basis of constitutional intent, and as new problems arise they have had to try to add on to existing laws in an attempt to plug the gaps. Just as the RICO laws were crafted to deal with a new type of crime, current laws need to be revised and rewritten to specifically account for this new era of cyber-spying and cyber-crime. These laws would help to clarify and would prevent confusion because they would be specific and less open for interpretation.

Have multiple cross referencing, individually secure databases to compartmentalize personal information. It seems the main issue with all cyber-crime and cyber-surveillance is that all personal information is stored by companies and corporations in one place (or a minimal amount of files). The Snowden incident and various commercial hacks have shown that nothing is compartmentalized. Only one server had to be hacked to gain entry to whatever information was being sought. Some of the information wasn’t even coded or encrypted. Or, once you got into the network it assumed you were supposed to be there so it had no further firewalls. Multiple servers across multiple secure networks would help compartmentalize information stored. No one server would have a complete file on an individual, and files would be coded, encrypted, and need a level of secure cross-referencing to produce a complete individual’s profile. The result would be that a criminal or the government would have to successfully gain access, either through court order and oversight or by illegally hacking, and then successfully decode all of the servers to gain a complete picture, with each server and database having separate firewalls and security.

In conclusion, digital surveillance is necessary today due to information and transactions being online and virtual, but there need to be rules and boundaries specifically formulated—instead of ad hoc—to regulate the surveillance and to protect the identity of the individuals being watched and victimized. The rules and guidelines presented here would help to establish a criteria that must be met before the government can track you, and would also serve to protect the individual's privacy from crime and theft.