In a previous post I listed five considerations for assessing acceptable behavior in collecting information: Utility (why); Transparency (how, when, where); Security (appropriate); Boundary (what); Accountability (who). With NSA so much in the news, it is interesting to compare NSA performance in these categories with the comparable assessment of Facebook or Google (or, many other public internet companies). Here is how they stack up for me.
Utility – why are they collecting data? OK, for NSA that’s easy, National Security. Clearly an important goal, and one that I strongly support, especially when I look at other places in the world where it is not a given. Google or Facebook? The party line explanation seems to be that they collect data in order to better serve the needs of their customers for customized information services. A more cynical explanation is that they collect data in order to monetize your private information to their benefit. We’ll grade these as red/yellow/green. Grades: NSA – green. F/G – yellow.
Transparency – how, when and where is data being collected? Yeah, nobody has been very good here. NSA is limited by law in some aspects of their data collection, and have said publicly that they have an extremely good track record in meeting the requirements of the laws. Also, under intense current scrutiny the Administration has explicitly vowed to increase transparency and many previously hidden aspects are now public. FaceGoo? I think chances are 100% that they have fairly substantial data about me as an individual and a US citizen. I have a pretty good idea what it might contain, but they are not very forthcoming about it. And there are few laws that require them to be. So, overall, seems more likely that the commercial folks have a lot more data on me than the Government folks, but neither are what I would consider “transparent”. Grades: NSA – red, moving to yellow perhaps involuntarily. F/G – yellow at best.
Security – appropriate to the information they hold. NSA would have scored higher before the Snowden affair. I’m guessing they patched some of those holes in the interim. And, since it is their core business hard to believe that (headlines to the contrary) their security is anything less than world class. How secure is my information on the FaceGoo? OK, let’s ignore Heartbleed for a minute. Even so, well, let’s see…somewhat vulnerable? Yep, that seems to fit. Grades: NSA – green, with an asterik. F/G – yellow at best.
Boundary – what are they collecting? “It’s only metadata”. And FaceGoo? Brings to mind that old song by the Police: “Every step you take, every move you make, I’ll be watching you”. Short answer is anything that might have value. Grades: NSA – yellow. F/G – red. No stopping them!
And finally, Accountability – who is responsible, who provides oversight, who answers the phone when you call to complain. Rest easy, it’s Congress and those special court things that provide extensive oversight to the national security apparatus. Face/Goo? I read somewhere that there’s this guy in California, the Facebook Chief Privacy Officer, who can get up in the morning and change the privacy rules for half the worlds population. He’s accountable to, well, shareholders for continued profitability of the company relative to his actions. As far as his accountability for your privacy? That one’s kind of complicated. There are a lot of laws that vary significantly around the world. Don’t worry though; he’s on it. Grades: sorry gang, RED all around.
Zero for red, 1 for yellow, 2 for green. Final score out of a possible 10? NSA – 6, F/G – 3. Both are failing grades. And because of the special power and authority we grant to our Government it is essential that we collectively continue to discuss, search for and enforce appropriate limits on our Government, particularly the Intelligence and Law Enforcement functions. Personally though I think the unfettered Corporate collection and use of personal information, in a way that does not align with either my public or private interests, is a much greater threat to both privacy and liberty. And the possible paths to remedy this situation are much less well defined.