What Should be the Penalties for Misuse of Surveillance Data?
The Privacy and Civil Liberties Oversight Board (PCLOB) is holding a “Workshop Regarding Surveillance Programs Operated Pursuant to Section 215 of the USA PATRIOT Act and Section 702 of the Foreign Intelligence Surveillance Act.” Many luminaries in the privacy community are participating. I’m sure they will have great ideas about rendering PRISM, PINWALE, MARINA, et al. more subject to oversight.
But I have heard very little on what the appropriate penalties should be for misuse of surveillance data. In the health care world, we have some pretty clear precedents. For instance, a researcher served four months in prison for snooping into medical records in 2003. Imagine a very similar incident happened in the NSA context—say, an analyst abused his or her access to the data to learn details about an acquaintance who exhibited no suspicious characteristics. What should be the penalty? Feel free to comment below, or to submit ideas directly to the PCLOB.