The recent hacking of Gov. Sarah Palin’s email accounts is the latest in a series of events that show how urgently we need better privacy protections in this country – and that privacy is an issue that transcends partisan politics.

Although we face unprecedented threats to our privacy, many Americans still shrug their shoulders and say, “I have nothing to hide.”Government officials use this complacency to pry further into our personal lives, justifying the wholesale capture of all communications between Americans and their friends and relatives abroad, for example, by saying that only the terrorists need fear scrutiny.

Most readers of this blog know this is bogus, and recognize that privacy is a fundamental ingredient to a free society. But for those who think they have nothing to hide, the Presidential campaign has provided at least two chilling examples of how bad actors take advantage of our weak privacy protections. In March, the passport accounts of Sens. Barack Obama, John McCain and Hillary Clinton were hacked by rogue employees at the State Department.As the ACLU noted at the time, this was more than just a case of celebrity voyeurism. It was a cautionary tale about the dangers of unprotected data in the information age, and how insiders may exploit it when enforcement of privacy laws is lacking.

Just last week, hackers broke into the Yahoo email account of Vice Presidential candidate Sarah Palin. As Kim Zetter chronicled yesterday on Threat Level, the hackers were able to take advantage of information about Palin readily available on the internet — her zip code, birthdate, and where she attended high school.

Admittedly, Gov. Palin has a higher profile than most, but this kind of information is widely available about all of us. If you haven’t disseminated it intentionally through Facebook or one of its lesser populated predecessors, it has likely been collected for you by the growing data-broker industry. And as the Government builds larger identity databases like the one mandated by the Real ID Act, you can bet that cases of internal fraud as well as criminal hacking will become ever more prolific.

It’s clear that at a personal and policy level, the candidates cannot ignore our urgent need for a comprehensive national dialogue about privacy.With breaches affecting three of the four names on the major tickets (and don’t think you’re safe, Joe Biden!), our next President cannot hide behind claims of “nothing to hide.”

He doesn't mind you knowing. In fact, he thinks it would be totally reasonable for you to seize and copy the contents, provided you're a government official and he's crossing the border.

In recent testimony, and in an article in yesterday's Christian Science Monitor, James Jay Carafano of the Heritage Foundation called it "unrealistic to require probable cause" for such searches, and argued that privacy protections would "create some kind of sanctuary for criminals and terrorists to carry things across the border."

First of all, not all terrorists are stupid – the ones that try to set their shoes on fire notwithstanding. One of the nice things about electronic data is that you can transport it…electronically! Any terrorist carrying copies of nefarious schemes across the border on a Blackberry is going to be pretty ineffective as a covert operative. And if there are terrorists who are so dangerous that we can justify seizing a laptop-full of their plots, why are we letting them into the country at all?

To be fair, we don't always know who the terrorists are. So is the solution to search every laptop and cell phone, hoping to uncover an Outlook calendar entry that says "8 a.m.: Coffee and Bagel; 9 a.m.: Blow up Sears Tower?" An all-invasive approach that treats everyone like a suspect is not a smart trade-off for the miniscule chance that we'll catch a break like that. The costs of such a policy are high: it gives terrorists a strong ideological advantage by portraying our country as oppressive and demagogic, rather than free and open, and, as the Association of Corporate Business Travelers has explained, diminishes our capability to do business with the rest of the world, whether it's American businesses sending employees to other countries, or foreign investors bringing their Euros, yen and shekels here.

The danger for businesses trying to keep trade secrets is one of the reasons that the Transportation Security Administration disavowed the policy of confiscating laptops, saying this ugly stepchild belonged to Customs and Border Patrol. One wonders why a scholar at an organization supposedly dedicated to free enterprise would support such a hostile policy towards business.

But besides the costs to our economy (which last time I checked did not need the government's help to take a nosedive), there are some basic principles at work here. Basic American principles of privacy and liberty from unreasonable searches (such as scanning your entire hard drive – a digital space more analogous to a home than a briefcase) and seizures (storing that information, and often the actual hardware, for indefinite periods), should not evaporate at the border.

To be sure, there are reasonable searches that should be conducted at ports of entry. We don't want people bringing weapons or dangerous materials into the country, for example. But those things are very different from data – they are inherently dangerous and not protected by the First Amendment.

Probable cause is not just a legal formality, but actually helps to keep us safe by focusing our security resources away from innocent people and improving our overall safety. Security experts have recognized the need for a Constitutional bedrock to our pursuit of the war on terror. Among the fundamental principles that should guide us are:

• Any intrusion on liberty should be justified by its proven effectiveness.
• Intrusions should be minimized to the extent possible while maintaining effectiveness.
• If there are less intrusive means for achieving the same security goal, these should be the preferred means.

The all-invasive laptop and cell-phone screening policy that Carafano has been defending in recent weeks fails every test he lays out in Winning the Long War. If you don't believe me, check out page 95 of the book, "Principles for Preserving Security and Civil Liberties." You can get a copy at your local bookstore, or, if you’re a customs agent, just wait until Carafano takes an international trip: He's probably got a free copy somewhere on his laptop.

My post highlighting the privacy problems and massive cost of the virtual fence appears to have touched a nerve at the Heritage Foundation. Dr. James Carafano, who has been blogging from the border for the last week, wrote yesterday, “I don’t know if the person who wrote the ACLU blog post has ever been to the border, but his or her criticisms read like many of those who have not…”

First, to clarify: I am a he, though I appreciate Carafano’s open-mindedness. Second, not only do ACLU affiliates in Texas, New Mexico, Arizona, and San Diego and Imperial Counties protect liberty on the border every day (as do our affiliates on the northern border), but I had the opportunity to tour the southern border with a group of them and a retired border patrol officer in April. I saw many of the same problems and heard many of the same frustrations that Carafano reports, and I certainly agree with him that there is no single solution to difficulties that we face there, both in maintaining security and, hopefully, in respecting the human rights and dignity of all people. Unfortunately, our nation’s track record is bad on both.

Now, as far as the virtual fence is concerned, Carafano accuses me of “simply quoting some convenient criticisms.” This is also known as citing your sources, but either way, the consensus among both Washington policymakers and the men and women on the ground is that the test run of the virtual fence, known as Project 28, has been an utter waste of money. No doubt this is partially because Boeing, the vendor responsible for the technological aspects of the project, did not take into account many of the realities of the environmental landscape and the challenges faced by the border patrol. Instead, Boeing grabbed older technology off the shelf and repackaged it to sell to the Department of Homeland Security (which bought it hook, line and sinker using almost $1 billion in taxpayer dollars). Rather than hold Boeing accountable for this failure, DHS renewed the company’s contract last month.

The real question here — and one that Carafano has yet to address — is why are we throwing good money after bad on the virtual fence? Carafano is thoughtful enough about security matters to know that we can’t just spend our way out of a problem, and he has pointed that out in this blog series. But how many times do we have to try a bad idea before we admit it’s a stupid idea?

Many of the topographical challenges to border surveillance, like the deep canyons that run through the Arizona desert, are unlikely to change (at least without a major investment in dynamite), so it is unlikely that the virtual fence will ever yield the kind of results that could be counted as success. I won’t belabor the old metaphor of lipstick on a pig, but this pig carries a hefty price tag — both in financial costs to American taxpayers and the cost of border residents’ privacy. Carafano rightly points out that Project 28 is one intervention among many, and that ramped-up security alone is not the answer. But shouldn’t we discard elements of our border strategy that are proven failures, especially ones that that put millions of Americans that live near the border under the constant gaze of federal government watch towers?

There are a lot of areas where the ACLU and the Heritage Foundation can find common ground, especially around protecting individuals’ privacy rights. But costly mass surveillance programs, like the virtual fence and Real ID (the national ID program that, bafflingly, Carafano has supported, despite the fact that Republicans and Democrats alike criticize it as the most egregious example of federal unfunded mandates - paging Newt Gingrich!) serve neither security nor civil liberties. As we debate solutions, it is important to remember that the border is not a Constitution-free zone. We look forward to continuing this open dialogue with our friends at Heritage, and all Americans who care about these vital issues.

The battle over Real ID — the Bush Administration’s backdoor national ID card — has been getting quieter in the last few weeks, but is by no means cooling down.

First, the statutory deadline for all states to comply with the Real ID Act — May 11, 2008 — came and went without a single state participating in the program. The Department of Homeland Security tried its best to bully states into agreeing to comply, but the best they got was half-hearted responses like that of California, which said it could not commit one way or the other.

A few states, like Montana and South Carolina, outright refused. Gov. Mark Sanford of South Carolina sent Michael Chertoff a five-page letter explaining in detail why his state would not participate, and called Real ID “the worst piece of legislation I have seen during the 15 years I have been engaged in the political process.” It’s no wonder DHS chose to extend the implementation deadline to 2017, when all of its top officials will be comfortably out of office, and on the lecture circuit.

That seemed to be that. Real ID was supposed to sleep-walk into the next president's administration, who would have to decide whether to put the multi-billion dollar unfunded mandate on life support, or drive the final steak through its vampiric heart.

Yesterday, however, the state of Alaska upset the balance…again, quietly. The Legislature passed a bill in early May that would prevent the state from spending any money to implement Real ID. Since Congress has appropriated only 1 percent of the total $9.9 billion cost, states have to shoulder almost the entire burden, so no state money effectively means no Real ID in Alaska. The bill sat on Governor Sarah Palin’s desk for the last few weeks, and yesterday she returned it to the legislature unsigned.

That might seem like a defeat for the bill, but take a look at this key section of the Alaska Constitution:

A bill becomes law if, while the legislature is in session, the governor neither signs nor vetoes it within fifteen days, Sundays excepted, after its delivery to him. If the legislature is not in session and the governor neither signs nor vetoes a bill within twenty days, Sundays excepted, after its delivery to him, the bill becomes law.

You needn’t have aced Civics to see what this means: By waiting the required twenty days after receiving the bill (excluding Sundays), the Governor allowed the bill to become law, making Alaska the ninth state to pass a statute against implementing Real ID.

We can expect to see other states quietly move to reject Real ID. Similar bills are awaiting final approval by the legislatures in Arizona and Louisiana, and others are pending in Pennsylvania and North Carolina. As the anti-Real ID rebellion continues to grow in the states, Congress would be wise to prick up its ears to the sounds of silence.