Chapter Three
Government Surveillance and the Right to Privacy

The right to privacy is not mentioned explicitly anywhere in the Constitution. However, court rulings have suggested that a right to privacy is inherent in the Fourth Amendment's limits on government searches and the Fifth Amendment's protection against self-incrimination. Moreover, the Ninth Amendment specifically states that individuals have rights other than those enumerated in the Constitution. Supreme Court justice Louis Brandeis has written that the bedrock of the Bill of Rights is "the right to be let alone,"⁵⁰ and many people feel this means that individuals have the right to remain anonymous unless authorities have reasonable cause to believe they have committed a crime.

One of the greatest civil liberties issues in the war on terrorism is the inherent tension between individuals' right to privacy and the government's need to identify and locate potential terrorists. Some of the most insidious crimes of terrorists, such as suicide bombings and airline hijackings, take advantage of their ability to become anonymous and blend in with a crowd. Even if the names and appearances of terrorists have been determined through intelligence and investigation operations, terrorists, like other criminals, may still evade detection through the use of disguises, forged credentials, or simply by "lying low" and not attracting attention to themselves. Therefore, the ability of law enforcement officials to establish an individual's identity is a key part of homeland security measures. Some of the means used to verify people's identities, however, have come under fire from privacy-rights groups.

ID Checkpoints and Watch Lists

One of the first steps taken after September 11 was to enact stricter procedures for identification (ID) checks at airports and border crossings. Such checkpoints, however, are not a security panacea. First, ID credentials can be faked. Second, ID checkpoints are useless if terrorists can circumvent them and gain access to a building or events through some unnoticed hole in security. Finally, it is impractical to set up effective ID checkpoints at every conceivable terrorist target.

To supplement ID checkpoints, security officials usually keep "watch lists" with the photos of suspected criminals, including terrorists. Of course, watch lists are prone to human error. On the one hand, in a crowd, it is easy for security officials to miss the individuals on the watch lists. On the other hand, security officials may also mistakenly detain, search, or even arrest anyone who looks like the suspects on their watch lists. Civil libertarians worry that security officials may engage in  harassing Arab and Arab-looking individuals based solely on their appearance.

Picking Terrorists Out of a Crowd

One proposed solution to both the vulnerabilities of ID checkpoints and the shortcomings of watch lists is facial-recognition technology (FRT). FRT combines video surveillance cameras with special software in order to automatically scan crowds for wanted individuals. The video cameras capture images of people's faces, which are automatically compared against a database of wanted individuals, and the FRT system alerts authorities if a match is found. After September 11, FRT was implemented at airports in Boston, Rhode Island, California, and Florida. It was also used at the 2001 Super Bowl in Tampa, Florida.

Advocates of FRT say that it automates and improves on the current system of watch lists. They point out that the technology cannot identify just anyone, but rather only those individuals listed in the database to which the FRT system is linked. In September 2001, the then-president of Visionics Corporation, Joseph Atick, stated that the FaceIt surveillance system, his own company's version of the technology, "does not identify you or me. It is simply an alarm that alerts when a terrorist on a watch list passes through [an entrance] at an airport."⁵¹

Advocates of such systems also argue that they benefit civil liberties by reducing the likelihood of discrimination and ethnic profiling by security agents. "Face recognition machines," writes Harvard law professor Alan fc"are certainly preferable to ethnic stereotyping, which is simply a primitive, human method of face identification."⁵²

"Big Brother Is Watching You"

Despite its potential to reduce ethnic profiling, many civil liberties groups maintain that FRT and other video surveillance of the public is an invasion of privacy. The American Civil Liberties Union (ACLU) states that people "have the right to know if their movements and identities are being captured"⁵³ and warns that if public video surveillance becomes widespread it "will have a chilling effect on public life."⁵⁴

Privacy advocate Sonia Arrison expands on this idea. She worries that video surveillance of public spaces will encourage conformity and stifle individual expression because people who know they are being watched or who fear the government will misuse the information will act differently. She writes that such surveillance

can be used to pressure individuals into acting according to majority norms because they worry they will be identified and persecuted. For example, a Muslim may not walk into a mosque, or a gay couple may avoid public displays of affection.… Systematic surveillance of Americans by government is something to avoid if we wish to maintain the freedoms that define this country.⁵⁵

For many critics of FRT, the prospect of widespread video surveillance is too reminiscent of Big Brother in George Orwell's novel 1984. 1984 depicts a dark future in which a totalitarian government monitors the movements, actions, and even the thoughts of its citizens. Big Brother is the symbol of the government that rules the world of 1984, a government that knows everything about the people under its rule. In the world of 1984, huge posters proclaiming "Big Brother Is Watching You" are everywhere, as are "telescreens" that record everything that people do. Authors David Kopel and Michael Krause argue that, like the telescreens in 1984, "widespread face scanning could eventually make it possible for the government to track the movement of most citizens most of the time."⁵⁶

Though currently in use as an experimental technology, FRT faces many technical hurdles before it becomes either the security solution its advocates envision or the threat to privacy its critics fear. "So far, computer-recognition systems have achieved only 5 to 10 percent of the accuracy of the human eye,"⁵⁷ writes Science World reporter Libby Tucker. In tests of FRT, the systems often fail to identify the target individuals, while incorrectly zeroing in on others. FRT systems, like human security guards, can also be fooled when the target individual wears sunglasses, sports facial hair, or otherwise covers his or her face. The technology for facial recognition systems is constantly improving, but at airports and other areas where security is a concern, driver's licenses and other credentials are still the primary means of verifying a person's identity.

Biometric Identifiers

Facial-recognition technology (FRT) is a biometric system. A biometric system uses a personal trait, physical characteristic, or combination thereof to identify an individual. In the case of FRT systems, the biometric identifier is the face. Individuals may alter their appearance, but many aspects of a person's face—such as the distance between the eyes, the width of the mouth, and hundreds of other measurements—are largely immutable. Taken together, these facial measurements form a unique "faceprint," and in fact traditional police fingerprinting is another example of a biometric system. More sophisticated bio-metric systems may use retinal scans or voice-recognition technology, while the photographs used in driver's licenses or police mug shots are basic forms of biometric identification.

The advantage of FRT over other forms of biometric systems is that FRT can be employed from a distance. Individuals must wait in line at security checkpoints to show photo IDs or have their thumbprint scanned, and security officials must guard against anyone getting around the security checkpoints. In contrast, FRT cameras can be placed throughout a building. In theory, FRT cameras could be used both to guard every entrance to an area and to scan the crowds of people who have already gained access to the secure area.

The Debate over a National ID Card

September 11 exposed many of the flaws of the United States's systems for issuing driver's licenses and other IDs. As Marti Dinerstein, president of the public policy firm Immigration Matters, notes, "The issue of secure identification became a national concern in the United States after it was discovered that all 19 September 11 hijackers had valid or fake Social Security numbers and 18 of the 19 had authentic or phony driver's licenses or motor vehicle ID cards."⁵⁸ Seven of the terrorists, for example, were able to obtain nondriver's ID cards from the Virginia Department of Motor Vehicles (DMV), which at the time did not require applicants to provide proof of residency. The state has since closed that particular loophole, but the Virginia example is only part of a much broader problem. An October 2002 Government Computer News article notes that "there are about 240 different driver's licenses formats in use across the 50 states today"⁵⁹ and that it is almost impossible for a security official to be truly knowledgeable about each one of them.

Given the easy availability of phony driver's licenses and other forms of ID in various states, many policy analysts have suggested that a national ID card should replace the current driver's license system. It does not make sense, they argue, that driver's licenses—issued by local DMVs that deal primarily with tasks such as driver testing and vehicle registration—are the most accepted proof of identification in the United States. "You can't get on a plane today without a driver's license or passport. A national ID card would perform the same function but with a great deal more accuracy and security,"⁶⁰ writes James Glassman of the American Enterprise Institute.

Americans, however, have historically opposed the idea of a national ID card. In 1996, when uniform national driver's license standards were enacted into law, Congress responded to public criticism and quickly repealed the standards. Referring to the appeal, Representative Dick Armey proclaimed, "This is a classic victory of freedom over 'Big Brother.' Because we acted quickly, no American will have to carry a national ID card. A national driver's license … is more suited to a police state than to a free country."⁶¹ Some civil libertarians fear that a national ID system would require individuals to provide proof of identification whenever they travel, apply for a job, or make a major purchase. This will make it easier, they argue, for the federal government to track where citizens go and what they do. "National IDs threaten liberty and anonymity,"⁶² writes Clyde Wayne Crews Jr. of the libertarian Cato Institute.

Supporters of national ID cards reject such fears. "We must identify ourselves for any number of activities in daily life," argues U.S. News & World Report' s Randall Stross, "so the only freedom that would be lost with the advent of improved ID technology is the freedom to falsify one's legal identity."⁶³

As to the question of the right to anonymity, Harvard professor Dershowitz maintains that "I don't believe we can afford to recognize such a right in this age of terrorism. No such right is hinted at in the Constitution. And though the Supreme Court has identified a right to privacy, privacy and anonymity are not the same."⁶⁴

Improving State-Issued Driver's Licenses

The movement for a national ID card seemed strong in the weeks after September 11. But as Newsweek reports, by May 2002 it had lost momentum: "An alliance of right and left [argued] that a national ID card was anathema [strongly opposed] to traditional privacy values. The Bush administration said it had no interest in such a system. Civil liberties groups kept hitting the Big Brother issue and the public seemed to agree."⁶⁵ But although the movement for a national ID card has stalled, efforts to develop a better nationwide identification system have not.

Since September 11, more than twenty states have enacted legislation to improve driver's license security. States such as Virginia have made the application process for obtaining state ID cards more rigorous, and many states have made the cards they issue harder to counterfeit, using holograms, watermarks, and high-definition photographs. Some states are also using biometric identifiers to ensure driver identity. California, Colorado, Florida, Georgia, Hawaii, Texas, and West Virginia all collect fingerprints from driver's license applicants. West Virginia also uses FRT to verify a driver's identity during renewal, and other states are planning to follow its lead.

Few object to these DMV reforms. More controversial, however, is the movement to transform driver's licenses into "smart cards" that can store information about an individual in a computer chip embedded in the card. The American Association of Motor Vehicle Administrators (AAMVA) is pushing state governments to adopt uniform standards for storing information on driver's licenses. If different states would adopt these standards, then universal card readers could be installed at security checkpoints in airports and government buildings to allow security officials to verify the authenticity of the cards.

Connecting Watch Lists

The AAMVA is also encouraging state DMVs to link their driver's license databases. This is part of a larger effort by homeland security officials to make it easier for different government agencies and different levels of government to share information quickly and easily. The potential of interconnected databases, in conjunction with smart ID cards, to prevent terrorism is best illustrated by example. On August 23, 2001, two of the September 11 hijackers, Khallad al-Mihdhar and Nawaf al-Hazmi, were put on the CIA watch list of persons to be denied entry into the country. However, by that time both men had already entered the United States and obtained state-issued photo IDs in multiple states. Beginning on August 27, 2001, the FBI began an investigation to locate the two men. Nevertheless, both men were able to use their state-issued IDs to board the flight that crashed into the Pentagon.

Will State Driver's Licenses Become National IDs?

The Electronic Privacy Information Center (EPIC) opposes a national ID card system on the grounds that it will erode individual privacy. In its February 2002 position paper "Your Papers, Please: From the State Drivers License to a National Identification System," EPIC argues that the movement to standardize state driver's licenses holds many of the same threats to privacy as a national ID card.

"The American Association of Motor Vehicle Administrators (AAMVA) Special Task Force on Identification Security has issued recommendations that would turn the state driver license into a de facto national ID card. The proposed scheme … would facilitate greater information sharing between jurisdictions and with state and federal agencies. It seeks to reduce fraud by encoding unique biometric identifiers on licenses and strictly enforcing prohibitions on credential fraud. But the biometric identifier would also enable new systems of identification in the private sector, and will contribute to greater profiling and surveillance of American citizens.

EPIC supports efforts to detect and prevent fraud occurring by means of the state driver's license. New technologies can reduce the risk of counterfeiting and fraud. It is also appropriate for the state Departments of Motor Vehicles (DMVs) to implement improved document security measures to prevent forgery. However, EPIC opposes AAMVA's move to standardize driver's licenses, to collect more and more invasive personal information, and to expand the information sharing capacities of DMVs. This proposal has all the elements, risks and dangers of a national identification card system. The only distinctions between the AAMVA proposal and other National ID proposals rejected in the past are that (a) the card will not be issued by the federal government but by state motor vehicle agencies under mandatory federal regulations, and (b) the driver's license and DMV issued identity cards, held by 228 million individuals, are not (yet) mandatory. These distinctions are illusory rather than substantive, do not diminish the harm to individuals' privacy, and should not dissuade public opposition to the scheme."

At the time, the CIA did not have procedures in place for quickly sharing its watch list with the FBI, let alone all of the nation's airport security personnel. Of course, many reforms have been implemented since then. But with the system of smart ID cards and interconnected databases that homeland security planners envision, the names of al-Mihdhar and al-Hazmi could have been disseminated to card readers almost instantly—essentially connecting the CIA's watch list with that of the airport's security personnel—and the two would-be hijackers would have raised security alarms upon attempting to enter the airport.

While it has enormous potential to enhance security, the system of smart cards and interconnected government databases alarm civil libertarians. State-issued smart ID cards, after all, are very much like the national ID cards that so many privacy advocates oppose. Critics argue that individuals would inevitably be required to show their smart ID cards, just like a national ID card, not just at airports, but wherever security is a concern. And as privacy advocate Mar Rotenburg explains, "Every time you swipe [a smart card], it leaves a record."⁶⁶

By compiling all those records, law enforcement authorities could track the movements of any citizen. Even worse, according to privacy advocates, law enforcement databases could then potentially be linked to databases that contain individuals' financial, employment, and medical records. The United States would come a step closer to enabling the government to know almost everything about its citizens, just like Orwell's Big Brother in 1984. "To some, the scariest privacy prospect is a big centralized national database (or a series of linked ones) that has all the goods on almost everybody,"⁶⁷ writes Newsweek' s Steven Levy.

Total Information Awareness

This "big centralized database" is essentially what the U.S. Department of Defense is trying to create with its Terrorism Information Awareness (TIA) project. TIA aims to create software that will use a technique known as data mining to allow law enforcement agents to quickly search information that is stored in countless government databases throughout the country. TIA will not actually collect the information into one database, but the effect will be much the same.

When TIA initially became public in late 2002, it was called the Total Information Awareness project, and its Orwellian name instantly raised the ire of civil libertarians. "TIA may be the closest thing to a true 'Big Brother' program that has ever been contemplated in the United States,"⁶⁸ warned the ACLU. Even the rather conservative columnist William Safire called TIA a "supersnoop's dream" and warned that it would give the government the ability to monitor "every purchase you make with a credit card, every magazine subscription you buy and medical prescription you fill, every Web site you visit and e-mail you send or receive, every academic grade you receive, every bank deposit you make, every trip you book and every event you attend."⁶⁹

Some critics charge that TIA amounts to a violation of the Fourth Amendment, which protects individuals against unreasonable searches. James Harper, editor of the privacy website privacilla.org, charges that "the idea behind TIA is something akin to a permanent, institutional search of our papers and effects."⁷⁰

Homeland security officials were taken aback by the intensity of the backlash against TIA. The project's defenders vehemently denied that TIA will be used to spy on Americans. They point out that TIA will not give the government access to any information it does not already have, but instead will only allow federal agents to access that information more quickly, an improvement that would be a great boon to homeland security efforts. "The goal is to enable investigators to amass in minutes clues that now could take weeks or months to collect,"⁷¹ writes National Journal writer Stuart Taylor Jr.

As to the civil libertarians' concerns about the Fourth Amendment, TIA defenders cite Supreme Court precedents that have ruled that individuals cannot expect information that they voluntarily give to others—such as when they use a credit card instead of cash for purchases or enter their phone number or e-mail address on a website form—to remain private. And, they maintain, TIA will merely enable the government to access this information more easily. As lawyer Solveig Singleton explains, "The Fourth Amendment does not say that the government may not collect, keep or store information."⁷²

The Danger of Domestic Spying

As New Republic writer Jeffrey Rosen explains, one reason people oppose a government that knows everything about its people is the fear that such a government would have the evidence to prosecute many citizens for minor violations of the law.

"There is nothing inherently objectionable about increasing the power of federal officials to engage in domestic surveillance, as long as those powers are limited to the investigation and prosecution of terrorists. Domestic surveillance becomes dangerous, however, when federal officials are allowed to spy on millions of citizens suspected not of terrorism but of low-level crimes, such as drug offenses or illegally downloading copyrighted music. If the government insists on unrestricted access to our credit-card histories, Internet browsing, international phone calls, and bookstore purchases, who among us couldn't be prosecuted or embarrassed by some low-level wrongdoing? …

The [best] way to balance privacy and security in a world of integrated databases is to limit the use of evidence discovered in general data searches to the prosecution of terrorism and to prohibit the government from using it to prosecute low-level crimes."

Power and Its Abuse

Information is power. FRT, smart ID cards, and the TIA project all give the government more power in the form of information. This power may be vital in preventing future terrorist acts. But it may also be abused—for example, if the government were to use surveillance and tracking mechanisms to monitor and investigate dissenting individuals or political, religious, or ethnic groups. As security and law enforcement officials adopt new surveillance and computer technologies, civil libertarians hope that the government also adopts and enforces rules and oversight mechanisms to prevent their abuse.