Sunday, January 10, 2016

Privacy and Surveillance

                 This post is a summary of two articles and a report. The first article with the title above, was published at https://www.aclu.org/issues/national-security/privacy-and-surveillance. The second article was at https://www.schneier.com/essays/archives/2006/05/were_giving_up_priva.htm. The report was published in 2013 at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2242258

                  Privacy today faces growing threats from a growing surveillance apparatus that is often justified in the name of national security. Numerous governments agencies intrude upon the private communications of innocent citizens, amass vast databases of who we call and when, and catalog "suspicious activites" based on the vaguest standards. This is a invasion of privacy, But its use of this data is also rife with abuse. Innocuous data is fed into bloated watchlists, with severe consequences, innocent citizens have found themselves unable to board planes, barred from certain jobs, etc. Once information is in the government's hands, it can be shared widely and retained for years, and the rules about access and use can be changed without the public knowing. Our constitution and democratic system demand that the govenment be transparent and accountable to the people, not the other way around. History has shown that surveillance tools will almost certainly be abused for political ends and turned on disfavored minorities.
                 Collecting information about phone calls is an example of data mining. The basic idea is to collect as much information as possible on everyone, sift through it with massive computers, and uncover terrorists plots. It is a compelling idea, and convinces many. But it is a wrong. We are not going to find terrorists plots through systems like this, and we are going to waste resources chasing down false alarms. To understand why, we have to look at the economics of the system. Data mining works best wehn you are searching for well-defined profile. Credit-card fraud is one of data mining's success stories. Many credit-card thieves share a pattern purchasing things that can be easily fenced, and dara mining systems can minimize the losses in many cases by shutting down the card. Terrorists plots are different, there is no well-defined profile and attacks are very rare. This means that data-mining systems will not uncover any terrorist plots until they are very accurate, and that even very accurate systems will be so flooded with false alarms that they will be useless. This is not anything new. In statistics, it is called the "base rate fallacy" and it applied in other domains as well. And this is exactly the sort of things we saw with the NSA eacesdropping program: The New York Times reported that the computers spat out thousands of tips per month. Every one of them turned out to be false alarm. Finding terrorists plots is not a problem that lends itself to data mining. It is a needle-in-a-haystack problem, and throwing more hay on the pile does not make that problem any easier. By allowing the NSA to eacesdrop on us all, we are not trading privacy for security. We are giving up privacy without getting any security.
                  Concerns about privacy are growing. A right to privacy is a constitutional right. However, there are also important economic implications to the fair redress and enforcement of that right. Admittedly, not everything of value can be measured in dollars and cents and courts have found that monetary compensation is not sufficient for violations of constitutional rights, such as free speech and privacy. Nevertheless, a better understanding of the economic values associated with privacy, and its violation, can inform the current policy debate. Narrowly, violations of privacy that cause direct economic harm need to be compensated. The economic harms to individuals who have their privacy violared fall into at least two. First, some violations of privacy lead to direct economic harm. This is the type of harm, for example, that occurs from identify theft, someone gain access to your private information and that allow them to create liabilities in your name. Second, while not always economic costs, some privacy violations create value that is not shared with the individuals whose information creates the value. The broader economic issues reach beyond the value of data about individuals to those individuals and concern the externalities of costs and benefits to others. Better understanding these externalities is urgent as institutions around privacy are developed and policy is codified in legislation. These costs and benefits can be divided between those that directly impact other economic factors (e.g. firms, data aggregators, researchers) and those that concern society as a whole (e.g. social benefits of big data, protection of constitutional rights.) When your privacy is violated, you are harmed. Measuring that harm is revelant for at least two reasons. First, depending on the type of privacy violation, now or in the future there may be legal recourse . If so, an economically sound measure of harm will be needed to calculate compensation. Second, in evaluating policies related to privacy, some weighing of costs and benefits is required. Such analysis will need to assign a value to privacy to understand the costs of allowing privacy violations or the benefits of preventing them. In either case, however, a clear understanding of the harm from violating privacy is needed. Intellectual property is a type of information good and suffers as other information goods such as privacy, or its privacy. Traditional intellectual property, copyright and trade secrets. Privacy shares many features of intellectual property. As noted privacy is an information good. Once knowledge about you, for example your shopping habits have been created, it is nearly costless for that information to be shared. But unlike other intellectual property where there is a clear benefit of incentivizing innovation, there can be ambiguity about whether the creation of the knowledge is beneficial in the first place. Economic violations of privacy have three distinct buckets of value that need to be considered. The first is privacy as an economic good, including both the value of privacy to an individual and to those who would use the information about the individual. Second, is the value created when data are aggreggated. The third is costs to businesses of handling and securing private data.