Feb 24 2014

What’s wrong with mass surveillance of travel metadata?

In a live online question-and-answer session last month, NSA whistleblower Edward Snowden gave this explanation of what’s wrong with pervasive, suspicionless tracking and logging of our activities:

What’s the worst and most realistic harm from bulk collection of data?…

The worst and happening-right-now harm of bulk collection — which again, is a euphemism for mass surveillance — is two-fold.

The first is the chilling effect, which is well-understood. Study after study has show that human behavior changes when we know we’re being watched. Under observation, we act less free, which means we effectively *are* less free.

The second, less understood but far more sinister effect of these classified programs, is that they effectively create “permanent records” of our daily activities, even in the absence of any wrongdoing on our part. This enables a capability called “retroactive investigation,” where once you come to the government’s attention, they’ve got a very complete record of your daily activity going back, under current law, often as far as five years. You might not remember where you went to dinner on June 12th 2009, but the government does.

The power these records represent can’t be overstated. In fact, researchers have referred to this sort of data gathering as resulting in “databases of ruin,” where harmful and embarrassing details exist about even the most innocent individuals. The fact that these records are gathered without the government having any reasonable suspicion or probable cause justifying the seizure of data is so divorced from the domain of reason as to be incapable of ever being made lawful at all, and this view was endorsed as recently as today by the federal government’s Privacy and Civil Liberties Oversight board.

Fundamentally, a society in which the pervasive monitoring of the sum of civil activity becomes routine is turning from the traditions of liberty toward what is an inherently illiberal infrastructure of preemptive investigation, a sort of quantified state where the least of actions are measured for propriety. I don’t seek to pass judgment in favor or against such a state in the short time I have here, only to declare that it is not the one we inherited, and should we as a society embrace it, it should be the result of public decision rather than closed conference.

Most of the reporting on Mr. Snowden’s revelations has focused on the NSA’s collection and use of communications “metadata”:  not the content of our phone calls and email messages, but information about the movements of those messages, such as from whom, to whom, and when they were sent.

But communications (message movement) metadata isn’t the only category of movement metadata being collected by the NSA.  Documents leaked by Mr. Snowden reveal that the NSA is also hacking into airline reservation systems to collect what we would call, “travel metadata“: information about the movements of our physical bodies, such as from where, to where, and when we traveled. And of course, the DHS is also collecting this sort of data, and compiling it into lifetime “personal travel history” files.

Do you want the government to be able to demand an explanation, years later, of every trip you have taken, when, where, why, and with whom, even if at the time it was a perfectly legal journey and you were under no suspicion?  We’ve been questioned by US border guards about innocuous years-old entries in our Automated Targeting System files, and it’s a disturbing experience. (It would have been even more creepy if we hadn’t previously requested and obtained our files, so we knew at least part of what was in the records about which we were being questioned.) That potential is inherent in any collection and retention of travel metadata.

Both message movement metadata and personal movement metadata are important, and neither should be the subject of government surveillance without a warrant supported by probable cause.

You might think that information about the movements of our physical bodies would be considered more intimate, and subject to greater protection, than information about the movements of our messages. In the US, however, none of the limited protections against communications surveillance apply to travel surveillance, except to the very limited extent that reservation messages are protected by wiretapping laws.

We’ll be in Geneva next month talking to the UN Human Rights Committee about how US government surveillance and control of travel violates the International Covenant on Civil and Political Rights. Other human rights organizations including Privacy Internatrional and Human Rights Watch will be talking to the Human Rights Committee about  NSA surveillance of communications metadata. We think the same International Principles on the Application of Human Rights to Communications Surveillance should be applied to travel surveillance and travel metadata collection.