Today’s New York Times features the article “Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data,” which focuses on government meetings with venture capitalists and entrepreneurs in Silicon Valley, hoping to find or develop advanced technologies to take data mining to “a new level.” While government use of data mining as a form of surveillance is, unfortunately, nothing new, there is a twist to this recent flurry of activity:
But by fundamentally changing the nature of surveillance, high-tech data mining raises privacy concerns that are only beginning to be debated widely. That is because to find illicit activities it is necessary to turn loose software sentinels to examine all digital behavior whether it is innocent or not. [emphasis added]
“The theory is that the automated tool that is conducting the search is not violating the law,” said Mark D. Rasch, the former head of computer-crime investigations for the Justice Department and now the senior vice president of Solutionary, a computer security company. But “anytime a tool or a human is looking at the content of your communication, it invades your privacy.”
I don’t have time for a detailed analaysis, but Mr. Rasch has it right. These actions would be an invasion of privacy. While citizens do share some information with their insurance providers, credit card companies, Amazon.com, and yes, even to Google, there are norms of information flow that shape expectations about how this information is distributed. I am willing to let Amazon track my page views, but only to enhance their ability to recommend books to me. Norms govern my expectations that government agencies don’t have access to the entire history of my book browsing and purchases.
The proposed level of data aggregation and mining violates the contextual integrity of existing norms of information flows.