Solution to NSA overreach – put people in charge of their own data

Massive US surveillance of phone records and Internet data disclosed by former NSA contractor Edward Snowden should prompt a public debate on the balance between privacy and the use of personal data. A 'new deal on data' should put people in charge of their own communication. 

Edward Snowden, a former contractor for the National Security Agency (NSA), and President Obama are printed on the front pages of local English and Chinese newspapers in Hong Kong June 11. Mr. Snowden, who leaked details of top-secret US surveillance programs, dropped out of sight in Hong Kong on Monday ahead of a likely push by the US government to have him sent back to the United States to face charges.

Bobby Yip/Reuters

June 11, 2013

Edward Snowden, who leaked information about far-reaching US government surveillance programs to the media, calls these programs the “architecture of oppression.” He says it is the public, not the government, who should decide their use.

At the very least, the secret and massive government surveillance of phone records and Internet data disclosed by Mr. Snowden should prompt a public debate on the balance between privacy and the collection and use of personal data – and, we believe, a change in who controls the use of that data.

One reason this debate must happen is that data gathering has evolved to include “metadata.” This involves the sweeping collection of call records, for instance, or email logs that record the traffic between email accounts and phone numbers – but not the content of what was talked about.

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

The multiple layers of the kinds of information that are gathered today, and the many uses of that information, are far more revealing than people generally realize. This argues for an entirely new approach to managing information – one that’s bottom up, instead of top down.

In recent years, however, the public has mostly yawned over the need for a privacy-data discussion. The zeitgeist has evolved to a point where most people know that their daily activities leave countless digital traces. Data collection is like the rain, it will be there, whether we like it or not. This seems especially true when it comes to fighting terrorism.

According to a June 6-9 survey by the Pew Research Center and The Washington Post, a majority of Americans (56 percent) don’t object to the National Security Agency’s (NSA) broad tracking of phone records to find terrorists, which was exposed earlier this month.

The institutions in America that control information collection also haven’t put the topic of change seriously on the table. Businesses don’t want to give up their marketing advantage. The NSA, which obtained secret court permission for its dragnet of phone records and surveillance of foreigners using data from US Internet companies, doesn’t want to give up its intelligence advantage in fighting terrorism. And Congress seems overwhelmed by the unwieldy nature of electronic communication today.

Many players in government characterize the NSA’s use of metadata as more or less benign. The agency gathers the phone records, detects worrisome patterns that might threaten America’s security, and only then asks for a search warrant to dig into the communications content of certain individuals.

Why Florida and almost half of US states are enshrining a right to hunt and fish

But metadata is more powerful than most people realize. For instance, something as simple as recording Facebook “likes” and website clicks can reveal a person’s religious and political views, economic standing, sexual preference, personality, mental health, ethnicity, use of addictive substances, and more. The ability to characterize groups by these traits might tempt some in the government to cross the line from finding terrorists to targeting groups because of their political leanings.

Because of the scale and connectedness of data collection and the inability of today’s institutions to squarely face the privacy issues involved, we strongly back a new approach to data privacy that we’re working on here at MIT’s Media Lab. It puts individuals in control of their personal data, allowing them to determine who can possess their data, how it can be shared, redistributed, and disposed of.

 Each citizen would have a personal data store, like an email inbox, that would let them see where data about them goes and how it is being used. The NSA could still get a court order allowing it to use a person’s metadata to track terrorists, but at least an individual could see that something is happening – rather like seeing a police cruiser patrolling the neighborhood. The big difference from now is that individuals could see which companies or government agencies were using data about them, and control these groups’ access to that data.

Given the new data landscape, simply attempting to redraft policies on how the government collects data will not achieve the needed balance between the privacy and utility of data. A “new deal on data” is needed that puts individuals in charge of their own communication. That starts with a national debate.

Cesar Hidalgo and Alex Pentland teach at the Massachusetts Institute of Technology Media Lab, where Yves-Alexandre de Montjoye is a graduate student. All three specialize in “metadata.”