American Civil Liberties Union

Former Senator Joseph Lieberman recently charged that mistakes by U.S. security agencies were responsible for failing to stop the Boston Marathon bombing. I recently wrote about how mass surveillance makes this kind of recrimination inevitable, because once a government agency spies on a person, they become in a sense responsible for any actions that that person takes. To paraphrase Colin Powell, we might sum it up as “You surveil him, you own him.”

I recently came across a good analogy for why it’s deceptively hard for security agencies to detect and stop out-of-nowhere terrorist attacks like the Boston bombing—and why mass surveillance isn’t likely to help. It comes from the book The Drunkard’s Walk: How Randomness Rules Our Lives, by the physicist and writer Leonard Mlodinow, in a discussion of Brownian motion.

Brownian motion, you may recall, is the random jiggling of molecules in a liquid or other substance. A dye molecule floating in a seemingly still glass of water will randomly move about, covering about an inch in three hours, buffeted by random collisions with the smaller water molecules that surround it.

What would it take to actually explain the motion of that molecule? This is where the parallel to anti-terrorism efforts comes in. Mlodinow points out, “In any complex string of events in which each event unfolds with some element of

A recent cell phone tracking case from New York is both a win and loss for privacy. In People v. Moorer, police officers submitted an emergency or “exigent circumstances” request to a phone company asking it to ping (locate) a cell phone—but the court concluded that the circumstances were not exigent at all. The Stored Communications Act (18 USC 2702) permits the voluntary disclosure (without any kind of court order) of customer records to the government, but only if “the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency.”

Yesterday the Federal Trade Commission (FTC) took an important step towards protecting children’s privacy online when it formally published new rules interpreting the Children’s Online Privacy Protection Act (COPPA). The FTC updated existing definitions to recognize that “personal information” can include elements like Internet Protocol (IP) information and location information. These changes will help ensure that the personal information of kids isn’t collected without parental permission. Perhaps more significantly, it establishes an important precedent for how information on all of us should be treated going forward.

Internet-based text message apps are one of the most common means of communicating today. But when it comes to this relatively new technology, surveillance law is behind the times in important ways, and as is so often the case when the law lags technology, our privacy suffers as a result.

Text messages have for some time been a cash cow for the wireless carriers—back in 2007, annual global SMS revenue was estimated to be 60 billion dollars. Charging consumers 25 cents per 140 character text message is a great way to make money, but when those same consumers are already paying for internet connectivity to their smartphones, the market was ripe for disruption. In recent years, a number of internet companies have entered the text message market. In some cases, they have offered low-cost or free SMS services that interoperate with the carriers’ existing SMS system. In other cases, large companies like Facebook, Apple and WhatsApp have offered closed text message services to their smartphone using customers. Often seeking to reduce their monthly telephone bills, millions of consumers have migrated from smartphone text message services provided by the wireless carriers to smartphone text message services provided by internet companies.