Back to News & Commentary

Computers vs. Humans: What Constitutes A Privacy Invasion?

Jay Stanley,
Senior Policy Analyst,
ACLU Speech, Privacy, and Technology Project
Share This Page
July 2, 2012

The NSA is refusing to tell two U.S. Senators how many Americans the agency has eavesdropped upon. According to a letter obtained by Wired, the NSA claims that “dedicating sufficient additional resources” to gather that information “would likely impede the NSA’s mission.” (For all the billions that the NSA spends, they cannot spare the money to answer a key civil liberties oversight question posed by elected civilian officials? Shameful.)

But, the NSA also claimed that it would violate Americans’ privacy to find out this information. David Sirota, writing in Salon, compares this “oxymoronic” logic to the Vietnam War aphorism that a town had to be destroyed in order to save it.

But might the NSA have a point? What may well be going on is that the NSA is holding many records of Americans’ communications that have been scanned by computer algorithms, but have not been reviewed by actual human beings. To answer the senators’ questions, the agency may believe that human review would become necessary—thus violating privacy.

But the NSA is leaning on a very fine line. Is it really true that the agency can suck vast amounts of our communications and have a computer scrutinize them for “suspicious” signals without invading our privacy, as long as a human doesn’t review them?

This distinction does not make sense. When it comes to what constitutes an invasion of privacy, the question of whether one’s activities are being scrutinized by a computer or by a human is not the most important issue.

Commentators from a range of viewpoints have taken it for granted that mere machine monitoring should not be regarded as a true invasion of privacy. James Jay Carafano of the Heritage Foundation and Kim Taipale of the Center for Advanced Studies in Science and Technology Policy, for example, argued in a January 2006 piece that existing wiretap statutes are obsolete because they do not contemplate the “automated monitoring of suspected terrorist communications.” Such automation, they boast, “can monitor data to uncover terrorist connections without human beings ever looking at anybody’s emails or listening in on their phone calls.” The authors do not feel they even need to explain how that makes a difference; the implication is that it is a ridiculous idea that eavesdropping by machines might constitute an invasion of privacy.

Similarly, Heather MacDonald of the conservative Manhattan Institute, responding to arguments against the proposed CAPPS II airline passenger profiling system, wrote:

Having your data instantaneously scanned by a computer is not tantamount to being “surveilled.” Assuming that the entries were not flagged for further human investigation, no one has “investigated” you. The computer has no idea what those zeros and ones represent.

The intuition that machines are more benign observers than our fellow humans, along with the rapid spread of computers, raises a question: what is it about people, as opposed to machines, that makes us feel shy?

One obvious difference is that human beings are simply smarter than machines. But it’s a mistake to think that intelligence is what matters in determining what’s an invasion of privacy.

True, when it comes to an eavesdropper, intelligence matters to us because it determines the quality of information that is flagged or retained about us. A smarter “mind” (whether man or machine) will evaluate a greater quantity and more subtle information about us, and with greater sophistication, while a dumber mind will miss much of what is going on, fixating perhaps on a single dimension of our behavior.

The smarter mind acts as a much more accurate filter. For example, a smart mind might pick up the tone of disdain in your references to Starbucks, put that together with your references to Noam Chomsky as well as certain other signals, and conclude that you’re an anti-globalization activist. A dumber mind might reach the same conclusion based on your utterance of the keywords “globalization really sucks,” failing to discount for your sarcastic tone, your glowing references to NAFTA, and your position on the board of directors of an international banking conglomerate. A truly subtle mind might hear you making extremely vehement anti-globalization arguments, but pick up on the fact that you are actually ambivalent about the issue, and are merely staking out a radical position with some close friends in private for the fun of seeing how it stands up.

That does not mean that the smarter mind uses more information in forming its judgment. In fact, part of what makes the smarter mind smarter is precisely the fact that it has learned to ignore the vast majority of the information that comes its way and select only what is relevant. We never hear most of the noises that strike our ears, nor see most of the sights that strike our eyes, nor feel most things that touch us. Computers, on the other hand, tend to blindly retain everything.

But intelligence is not the crucial factor when we decide whether we feel our privacy has been invaded by an act of eavesdropping. There is another factor, tightly related to—but ultimately separate from—intelligence, that is the true measure of when we should (and do) care about privacy. That is the degree to which invasions of our privacy have real-world consequences for us.

I’ll discuss that in a followup post tomorrow.

Update (July 3)

Here’s the second part of this post.

Learn More About the Issues on This Page