« Prawfs' Sartorial Obsession | Main | Introducing Drexel University College of Law: Drivers Wanted »
August 22, 2006
The Ten Greatest Privacy Disasters
Wired News lists what it considers to be the 10 greatest privacy disasters:
10. ChoicePoint data spill
9. VA laptop theft
8. CardSystems hacked
7. Discovery of data on used hard drives for sale
6. Philip Agee's revenge
5. Amy Boyer's murder
4. Testing CAPPS II
3. COINTELPRO
2. AT&T lets the NSA listen to all phone calls
1. The creation of the Social Security Number
See the Wired article for its explanations. It's a good list, but there are a few problems. Although we still don't know all the details of the NSA surveillance program, it's not worse than COINTELPRO, which involved massive surveillance of a wide range of groups, the wiretapping of Martin Luther King, Jr., attempts to blackmail King, and more. The Social Security Number has indeed led a ton of problems, but the fault doesn't lie with its creation. Rather, the problem is mostly the expanding use of the number and the failure of the government to reign in government agencies and business from using it. CAPPS II, while flawed in its conception, should not be so high on the list.
Some notable omissions: Where's Total Information Awareness? What about Olmstead v. United States, 277 U.S. 438 (1928), where the Supreme Court held that the Fourth Amendment didn't regulate wiretapping? Olmstead led to nearly 40 years of extensive abuses of wiretapping before it was overruled. There are countless other Supreme Court 4th Amendment cases that could arguably be listed, but I'd definitely include Miller v. United States, 425 U.S. 435 (1976), which created the third party doctrine which holds that the Fourth Amendment does not apply to personal records possessed by third parties. Another possible inclusion: The birth of J. Edgar Hoover.
Hat Tip: Bruce Schneier
Posted by Daniel J. Solove at August 22, 2006 09:58 AM
Trackback Pings
TrackBack URL for this entry:
http://www.concurringopinions.com/movabletype/mt-tb.cgi/1207.
Comments
Where's fincen? Where's echelon?
Posted by: Paul Gowder at August 22, 2006 02:28 PM
Whether or not you like Miller, it is still good law, and therefore doesn't obviously fall into the category of a disaster. It also provoked the Right to Financial Privacy Act, which isn't obviously a disaster, either. The majority decision in Olmstead also provoked at least one rather manificent dissent, which is far from what I would call a disaster. In general, I don't know of any judicial decision about privacy which I would call a disaster. Judges can certainly make mistakes, but their decisions usually reflect a process of thoughtful argument and deliberation. The judicial process is also public, so judicial mistakes often provoke beneficial corrective legislation. On the other hand, privacy disasters usually happen in secret. They usually because people don't focus, not because focused people make mistakes in good faith. The creation of the social security number by Congress was not a disaster -- Congress focused on the danger -- the disaster happened because afterwards, everyone stopped focusing.
Posted by: Peter Winn at August 22, 2006 07:37 PM
Right, Peter, and the Hindenberg was not an aviation disaster at all, either. Just a glitch in the last few moments of an otherwise magnificently successful flight.
Posted by: bobechs at August 22, 2006 10:31 PM
Dan,
Since I contributed 'the creation of the SSN' I'd like to defend it a little.
You're correct, that it's the expanding use that's the real problem, but that use was predicted by our predecessors, and not addressed at the creation of the SSN. Now, I don't actually know what could have been done within the legal thinking of the 1930s to address those issues that would have worked. Regardless, the failure to address the concerns of privacy advocates was part of the creation of the SSN, and I stand by the claim its the worst US privacy disaster in living memory.
Posted by: Adam Shostack at August 23, 2006 12:12 AM
As a matter of history, was there a better alternative to the SSN in the 30's? Did the privacy advocates offer a solution which did not include a SSN? How exactly was the Roosevelt Administration going to run the Social Security System without a unique identifier?
Posted by: Peter Winn at August 23, 2006 12:21 PM
Peter,
They could have passed a law forbidding any non-retirement system use, or making it a crime to require the number to do (non-taxable) business.
Posted by: Adam Shostack at August 23, 2006 07:18 PM
Surely questions about nominee Bork's videotape viewing habits (which supposedly led to the enactment of the video tape sale/rental privacy law (18 USC § 2710)) deserves an honorable mention.
Posted by: BTD_Venkat at August 23, 2006 11:20 PM
Where is SWIFT bank transfers submitted to the CIA, where is Echelon, where is european airlines forced to give passenger details to the USA against every privacy law in Europe?
The US-governement is actually responsible for extremely gross privacy violations troughout the rest of the world, on a scale which would put half of the above list to "honourable mention".
Posted by: Peter Keel at September 18, 2006 05:53 AM
