Barry Steinhardt on Surveillance Technologies and Civil Liberties

Picture this: You’re attending a trade show in Las Vegas.

Strolling around the city one evening, you happen upon a sex shop and pause for a moment to snicker at the curious items in the store’s window. Then you continue on your way.

However, unbeknownst to you, the store’s Customer Identification System has detected a radio identification signal emitted by a computer chip in one of your credit cards, and is recording your identity and the date and time of your brief stop. A few weeks later, your spouse is surprised to find in the mail a lurid solicitation from the store mentioning your visit.

You’ve got some explaining to do.

The technologies enabling that scenario already exist. The proliferation of computers, cameras, sensors, wireless communications, GPS and biometrics over just the past 10 years, along with the recent emphasis on homeland security, are feeding a surveillance monster that is growing silently in our midst. In fact, from a technical point of view, the Big Brother regime portrayed by George Orwell has now become entirely feasible.

As surveillance increases in our society, the legal chains that might otherwise restrain it are weakening. We should respond to intrusive new technologies by building stronger safeguards to protect our privacy. Instead, we are doing the opposite: loosening regulations on government surveillance, watching passively as private surveillance goes unchecked and contemplating the creation of tremendously powerful surveillance infrastructures that will tie together disparate pieces of personal information.

For good or ill, CIOs will play a significant role in this unfolding drama. Unfortunately, many CIOs don’t take the time to consider the long-term civil liberties ramifications of the technologies they’re developing and deploying. But they should—the surveillance society those technologies are helping to create will not be good for American business, which for 200 years has thrived on economic and political freedom. Instead of using their technical and economic clout to loosen restrictions on surveillance—whether it be in the name of security or profits—CIOs should use that edge to push back on the corporate policies and government regulations within the USA Patriot Act that violate our civil liberties.

Sometimes willingly, sometimes unwillingly, CIOs are cooperating with government surveillance programs. The government is forcing telecommunications providers to design equipment in ways that make eavesdropping easier. The Patriot Act gives the FBI the power to demand customer records from ISPs, bookstores or any other business. It also requires financial companies to develop systems for identifying customers, flagging suspicious transactions and reporting them to the government. The Atlanta Business Chronicle reported in November 2002 that Bank of America had to create a whole new department to handle the government’s new surveillance mandates, staffed by the financial company’s workers who are, in effect, outsourced employees of the government’s growing surveillance machine.

Other businesses, particularly in the IT industry, are actively pushing for expanded government monitoring—creating a kind of “surveillance-industrial complex.” This year an estimated $115 billion is being poured into government research and development on antiterror initiatives, according to The Wall Street Journal, and there’s no shortage of companies that want a piece of the action.

For example, Oracle CEO Larry Ellison made headlines when he called for national identity cards and promised to provide the software for them free of charge. E-mails the American Civil Liberties Union obtained as part of its effort to monitor face-recognition technology show that companies selling those systems blitzed airport officials with pitches just days after the 9/11 attacks.

Monitoring and security might yield big profits for a few companies, but wise businesses won’t join the surveillance-industrial complex. They understand that many Americans find these incursions deeply troubling. They also realize that exploiting people’s personal information will likely attract negative attention as the privacy issue heats up.

CIOs know better than most citizens what today’s technology can do, and because of their expertise, they are in a better position to do something about it. They can use their resources to fight new government surveillance mandates. And they can direct information systems to collect the minimum amount of data needed from customers, and store it for the minimum length of time. (Too often technologies are still designed to track and record by default, with no thought given by their creators to the value of privacy.)

It is not too late to tame the surveillance monster. Privacy is not dead, as some have suggested, but it is on life support. Heroic measures—including help from CIOs—are needed to save it.