Expectation Of Privacy? A Very Lax Standard

Written by Evan Schuman
May 16th, 2006

With the latest allegations that The White House and the National Security Agency have been secretly collecting the telephone call records of tens of millions of Americans, backers of the program have routinely cited a legal concept known as “expectation of privacy.”

The phrase references a 1979 U.S. Supreme Court decision that narrowly concluded people do not expect privacy about the numbers they dial because they give those numbers to various telephone companies.

In the 27 years since that decision was handed down, the Web has done quite a bit to make people assume a great deal of their lives are up for public consumption.

In the E-Commerce world, retailers and manufacturers routinely ask consumers to give up a piece of their privacy–personal contact information–in exchange for something, such as discounts, recall alerts, warranty assistance, tech support and customized services (think Amazon with its book recommendations).

What retailers and suppliers have discovered is that there is a distinct age divide when it comes to privacy. There is a disconnect between what senior retail marketers expect consumers will give up their privacy for and what younger consumers actually will do.

The younger consumers seem much more willing to surrender their data, not necessarily because they find the lure of the incentive so great but because they assume that their private data is already out there, so why not?

It’s less “the digital divide” and more “the cynical connection” that younger Americans simply assume their privacy is nil. This attitude explains why members of Congress and veteran media commentators–who tend to be sharply beyond their puberty years–have been so aghast at the telephone records grab while surveys of American consumers show reactions closer to yawns than outrage.

A couple of months ago, I was involved in a research project where we interviewed lots of physicians. One of the questions involved a service where the physicians would get instant E-mail and IM alerts when anything major happened that impacted any of the drugs they routinely prescribed. The same age split that exists for retail consumers held true for the doctors, but in the reverse. Younger physicians resisted the program because they didn’t want to risk such information getting to pharmaceutical companies, which would bombard them with pitches. But the more experienced physicians had few objections, mostly because they assumed the pharmaceuticals already had such data.

In the current case, USA Today recently reported that BellSouth, AT&T and Verizon had turned over their phone records to the government–without court orders. On Tues., May 16, BellSouth, which didn’t object to the initial USA Today report, issued a statement saying it had not provided “bulk customer calling records to the NSA.” A BellSouth spokesman later clarified to the newspaper that “We are not providing any information to the NSA, period.”

For the moment, let’s assume that BellSouth isn’t playing coy and that it provided the data to the Defense Department of The White House or some other government agency. BellSouth suggested that the documents weren’t turned over because the White House never asked for them.

This scenario differs materially from Qwest, which maintains that it was asked and refused the government’s request.

Beyond setting itself up for a great TV campaign (“We protected your data from a warrantless search. Hey, it’s more than those other guys did, so cut us some slack here, OK?”), the Qwest move–if true–showed impressive guts. Telecom companies today are still very dependent on the government, and refusing any request that even has the faintest whiff of national security claims is not something they are going to take lightly. Like the classic line from the original Godfather film said, “A refusal is not the act of a friend.”

This telecom data sharing isn’t limited to landlines. One of the major cellphone carriers has improved its hardware to the point where it can do–and has done–real-time location tracking of customers at whim. It can even defeat that time-honored gangster tactic of removing the SIM card to make the phone untraceable when the bandit calls the police to taunt them.

The company has decided to not reveal such capabilities because it routinely shares this data–without warrants–with law-enforcement agents. The agents know the drill. Say the phrases “terrorism connection” and “possibly in progress,” and the information is immediately released.

The carrier has also decided to not reveal its capabilities because the bad guys would quickly decide to purchase any phone other than this brand. In addition, the privacy backlash could be severe. But then again, maybe not.

This news is shocking to everyone other than the most popular cell phone segment: young consumers. The tracing capabilities can be–and have been–used for good, such as locating lost customers stranded on a mountain.

The government says that domestic calls are not being monitored without a warrant; rather, the phone numbers dialed are merely being handed over. Somehow, that distinction is of little comfort. The numbers are the most sensitive part and, besides, a secretive government is not likely to volunteer if it was listening to the calls themselves. Lastly, it’s not like the secret anti-terrorism court involved–called FISA, for the 1978 Foreign Intelligence Surveillance Act that created it–is especially hesitant to approve wiretaps.

Count me among the cynical people who assume that everything I do and say is being recorded and will be made public. I covered courts for years and quickly learned to think (“How would I feel if I had to testify about this someday?”) before I took any controversial action. It may be paranoid, but it’s kept me on a fairly boring and mostly legal life path. See? Cynicism has its advantages.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.