Must We Trade Privacy for Security? The Battle Over Government Surveillance

By Daniel J. Solove, John Marshall Harlan Research Professor of Law at the George Washington University Law School. Solove will have a signing of his book at Politics & Prose in Washington, D.C. on July 9 at 6 p.m.

A battle is raging in Congress and the courts about various forms of government surveillance. Federal courts have reached conflicting conclusions about whether the Fourth Amendment provides any protection against GPS surveillance by the government. The government is pressing Congress to allow broad access to location information. And Senator Leahy recently introduced a bill to update the Electronic Communication Privacy Act (ECPA), the law that regulates government access to our Internet records, among other things. 

The debate between privacy and security remains vigorous, and the outcome of this debate will have profound effects on the scope of government power for years to come. My book, Nothing to Hide: The False Tradeoff Between Privacy and Security, is about how we should have this debate. For a long time, pro-security proponents have been using a set of arguments that are skewing the debate toward the security side. My book is written to put some of these arguments to rest.

One of the prime examples of these arguments is one I refer to as the “All-or-Nothing Fallacy.”  Many people contend that “we must give up some of our privacy in order to be more secure.” In polls, people are asked whether the government should track people with GPS or wiretap people’s communications if it will help catch terrorists. Many people readily say yes. They conduct a balancing between the government having powers to monitor terrorists and privacy. “We certainly want the government to be listening,” people say. “If there’s a terrorist running around, we want the government to be tracking that person.” It’s hard to disagree. In the balance, privacy loses. 

But this is the wrong way to conduct the balance. Rarely does protecting privacy involve totally banning a security measure. So when civil libertarians call for greater protections against government access to Internet use records or when they argue the Fourth Amendment should protect against GPS surveillance, they are not proposing that the government can never get its hands on the records or can never use GPS to monitor people. It’s not all-or-nothing. Instead, privacy protection merely means that these forms of surveillance should be regulated by requiring the government to justify before a court that it has probable cause to believe the surveillance will reveal evidence of criminal activity. 

What does this mean for balancing privacy and security? It means that we shouldn’t be balancing the full security measure against privacy. We should be balancing how requiring judicial oversight and making the government justify its need for surveillance will impede the effectiveness of law enforcement. The protections might slow down law enforcement; they might create more paperwork; they might in some cases result in courts rejecting the surveillance if the government can’t make an adequate justification. These things are the true cost of privacy, not the exaggerated claims by pro-security proponents that the government won’t be able to listen to terrorists or track their location. 

Far too often in the law, very invasive government surveillance ends up receiving absolutely no protection. When the government argues that GPS tracking should not be protected by the Fourth Amendment, the consequence of this result is that GPS tracking can be done without the traditional judicial oversight and warrant and probable cause requirements. ECPA as it currently stands is obsolete, for it was crafted 25 years ago, long before most contemporary uses of the Internet. So many forms of government surveillance and data gathering fall through the cracks.  They receive minimal protection or none at all. This situation is untenable. 

In my book, I argue that the most sensible way to address issues of government surveillance is to ask: Does it create a problem? What kind of judicial oversight and regulation should we employ? Unfortunately, such direct questions rarely get asked in the law. Instead, courts look to whether something falls under arbitrary and narrow definitions of “privacy” to determine if it receives protection.  Or they try to fit new technologies into the rusty frameworks of ECPA with rather confusing and contorted results. 

Progress begins when we clear out the underbrush and vanquish some of the flawed arguments that constantly skew the debate. Let’s focus instead on asking sensible questions, and we then can craft law that actually makes some sense.