Privacy after 11 September 2001?

Introduction

Quoted above is one of the basic rules of law that modern civilization is built on. How does the practising of this rule fare when it comes into conflict with a government's need to protect itself and the nation from terrorism?

One of the worst acts of terror in post World War II history, and definitely the most media-covered, happened in New York, US, one year ago - 11 September 2001. In fact, even the date itself has evolved into a term known worldwide as a one of great tragedy.

As a result of this act of terror, several actions have been set into force from governmental and other institutions around the world. The aim of such actions is said e.g. to be to reduce the vulnerablilities of potential targets for terror and to be more able to identify terror groups.

However, a government's needs to protect itself and the state they represent, will often conflict with the individual's rights for privacy, as it is quoted in the Universal Declaration of Human Rights above. One interesting question to ask is: Has a person's ability to protect his private life from intrusion of any kind been diminished during the year that has passed since 11 September 2001?

Privacy and Human Rights 2002

The US based Electronic Privacy Information Center (EPIC) and the UK based Privacy International (PI) jointly issue a study of privacy. The first edition was in 1998 and it has been a yearly event since then. This year's version - Privacy and Human Rights 2002 - An International Survey of Privacy Laws and Developments was published 6 September. (Link to the full report is at the end of this Security Information.)

This is interesting reading! The main report, which should be read in its entirety by those interested in security and privacy for individals, is approximately 100 pages. In addition there are separate reports from more than fifty countries located all over the world - a total of 400 pages.

Impacts on privacy after 11 September

The survey acknowledges the events of 11 September and the impact it may have on privacy in the foreword's first paragraph:

The events of September 11, 2001 brought new challenges to the protection of privacy in the modern era. In the rush to strengthen national security and to reduce the risk of future terrorist acts, governments around the world turned to legal authority and new technology to extend control over individuals. Many of these proposals have had far-reaching consequences for the protection of privacy.

The report discusses several aspects of privacy. This includes as different subjects as genetic identification and testing, to cybercrime and measures used to prevent this.

It would, of course, be too ambitious for this Security Information to deal with all topics raised by the report. We will therefore restrict ourselves mainly to point to some of the results that are postulated as a direct consequence of the tragic event last fall.

Such are:

• There is a tendency to increased communication surveillance, and power to search and seizure. Example: The USA-PATRIOT Act allows governmental bodies easier access to sensitive data than previous regulations.
• There is a weakening of data protection regimes. Example: The European Union directive on data protection in electronic services supports creating laws within the member countries that enable the retention of communication traffic for several years.
• There is a tendencey to increased data sharing between governmental agencies, the private sector, and between countries. Example: Data sharing between governmental agencies and financial institutions has increased in order to survey potential money transfers to groups affiliated with terrorism.
• There is an increase in profiling (of individuals) and identification (of individuals). Example: Airports have installed face-recognition technlology in order to make it easier to identify persons that may be considered a security risk.

It should be noted that according to the survey, the techniques used are not new. However, the use is intensified and they are implemented into new areas and sometimes have become law.

As mentioned before, there is an inherent conflict between a government's wish to know as much as possible about its citizens (and non-citizens), and an individual's need to protect his privacy. Among techniques available to the individual to accomplish this, are encryption, anonymous remailers, web sites that offer anomymous surfing etc. It should come as no big surprise that according to the report, the availability of some of those tools has been less in recent months. This includes new restrictions on developing and spreading encryption devices/programs.

Other topics in the report

The event of 11 September and its consequences for privacy issues is only part of the report. The reports discusses various different approaches to privacy, and also looks at how privacy regulation has evolved over the years in different countries.

Very interesting reading is the reports discussion about how e.g. the US and the European have taken a completely different approach to the privacy issue. While the European approach can be said to be of a legislative nature, the US approach tends to be more self-policing, and legislative only in specific sectors.

The report also attempts to look ahead and speculate on how restriction on privacy is going to be implemented in new devices in the not-so-far future.

Download the complete report

The complete report from EPIC and PI may be downloaded from here:

• Download page Privacy and Human Rights 2002

The survey is highly recommended reading for those interested in the techniques used, history and recent development with respect to different countries adoption of new/changed laws after 11 September 2001.

Per Olav Førland