Judge: Give NSA unlimited access to digital data

An influential federal judge says NSA should collect everything it wants in the name of fighting terrorism

The U.S. National Security Agency should have an unlimited ability to collect digital information in the name of protecting the country against terrorism and other threats, an influential federal judge said during a debate on privacy.

"I think privacy is actually overvalued," Judge Richard Posner, of the U.S. Court of Appeals for the Seventh Circuit, said during a conference about privacy and cybercrime in Washington, D.C., Thursday.

"Much of what passes for the name of privacy is really just trying to conceal the disreputable parts of your conduct," Posner added. "Privacy is mainly about trying to improve your social and business opportunities by concealing the sorts of bad activities that would cause other people not to want to deal with you."

Congress should limit the NSA's use of the data it collects -- for example, not giving information about minor crimes to law enforcement agencies -- but it shouldn't limit what information the NSA sweeps up and searches, Posner said. "If the NSA wants to vacuum all the trillions of bits of information that are crawling through the electronic worldwide networks, I think that's fine," he said.

In the name of national security, U.S. lawmakers should give the NSA "carte blanche," Posner added. "Privacy interests should really have very little weight when you're talking about national security," he said. "The world is in an extremely turbulent state -- very dangerous."

Posner criticized mobile OS companies for enabling end-to-end encryption in their newest software. "I'm shocked at the thought that a company would be permitted to manufacture an electronic product that the government would not be able to search," he said.

Other speakers at Thursday's event, including Judge Margaret McKeown of the U.S. Court of Appeals for the Ninth Circuit, disagreed with Posner, saying legal limits on government surveillance are necessary. With much of U.S. privacy law based on a reasonable expectation of privacy, it's difficult, however, to define what that means when people are voluntarily sharing all kinds of personal information online, she said.

An expectation of privacy is a foundational part of democracies, said Michael Dreeben, deputy solicitor general in the U.S. Department of Justice. Although Dreeben has argued in favor of law enforcement surveillance techniques in a handful of cases before the U.S. Supreme Court, he argued courts should take an active role in protecting personal privacy.

"A certain degree of privacy is perhaps a precondition for freedom, political freedom, artistic freedom, personal autonomy," he said. "It's kind of baked into the nature of the democratic system."

David Cole, a professor at the Georgetown University Law Center, called for a change in the U.S. law that gives email stored for six months less legal protection than newer messages. The ability of law enforcement agencies to gain access to stored email without a warrant makes no sense when many email users never delete messages.

U.S. courts or Congress also need to reexamine current law that allows law enforcement agencies to gain access, without a warrant, to digital information shared with a third party, given the amount of digital information people share with online services, he said.

Some recent court cases, including the Supreme Court's 2014 Riley v. California ruling limiting law enforcement searches of mobile phones, have moved privacy law in the right direction, he said.

Posner questioned why smartphone users need legal protections, saying he doesn't understand what information on smartphones should be shielded from government searches. "If someone drained my cell phone, they would find a picture of my cat, some phone numbers, some email addresses, some email text," he said. "What's the big deal?

"Other people must have really exciting stuff," Posner added. "Do they narrate their adulteries, or something like that?"

Smartphones can contain all kinds of information that people don't want to share, including medical information, visits to abortion doctors and schedules for Alcoholics Anonymous meetings, Cole said. "Your original question, 'what's the value of privacy unless you've got something to hide?' that's a very short-sighted way of thinking about the value of privacy," he said.

In the 1960s and '70s, government agencies investigated political figures, in some cases, bugging hotel rooms in search of evidence of affairs, Cole noted. Government misuse of surveillance information is still a risk, he said, and smartphones could be a treasure trove of information.

The U.S. and other governments have a long history of targeting people "who they are concerned about because they have political views and political positions that the government doesn't approve of," Cole said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Court of Appeals for the Seventh CircuitGeorgetown University Law CenterMargaret McKeownU.S. National Security AgencyU.S. Court of Appeals for the Ninth CircuitlegislationinternetprivacyApplesecurityRichard PosnerlegalMichael DreebengovernmentU.S. Supreme CourtcybercrimeDavid ColeU.S. Department of Justice

More about Department of JusticeIDGNational Security AgencyNewsNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place