Privacy, Confidentiality and Security in Intelligence-Collection
Author: Seumas Miller
US National Security Agency (NSA) documents leaked by Edward Snowden, the former NSA private contractor, have catapulted the ethics and accountability of intelligence gathering to the front pages of most major newspapers and media outlets. Here there are a range of interconnected ethical issues in need of analysis. Perhaps the most obvious is the privacy rights of US and other citizens. Moreover, there is the issue of the ethics of whistle-blowing in this area; in the light of national security needs and NSA secrecy provisions, should Snowden have leaked these documents and should the media have disseminated selected material leaked to them?
Snowden’s activities are a major, indeed stunning, breach of institutional confidentiality and were enabled by ICT and, specifically, the existence of vast amounts of communicable, searchable, analyzable, stored data on a computer linked to a network. Given the importance of compliance with confidentiality requirements to the integrity of security agencies, and given the large volume of confidential data released, Snowden’s actions surely did considerable institutional damage to the NSA, in particular. It is a further question whether the leaks substantially harmed US national security, for example by alerting terrorists to US intelligence-gathering methods.
Nevertheless, perhaps release of some of this data to the press was morally justified by the public’s right to know, for example the public’s right to know that the NSA was engaged in an extremely large scale collection process of the metadata of US and other citizens. Certainly, Verizon and PRISM raise important privacy concerns pertaining both to security agencies’ collecting and analyzing metadata on their own citizens (Verizon) and their interception of the content of communications between their citizens and foreign citizens, and between foreign citizens (PRISM). I note that metadata enables the construction of a detailed profile of a person (for example of the person’s associates and activities), especially when combined with financial and other data, and enables, also, the tracking of a person’s movements. Accordingly, it is not necessarily innocuous from a right to privacy perspective.
In so far as such metadata and content collection and analysis has targeted the confidential data and communications of the personnel of foreign governments and their security agencies for US national security purposes, it is perhaps best understood as cyber-espionage. In so far as the target has been the data and communications of terrorists it is perhaps best thought of as cyber-based law enforcement, since terrorism is a crime (including in the context of armed conflict). In so far as such metadata and content collection and analysis has targeted the private data and communication of ordinary citizens (both domestic and foreign), it constitutes an infringement (and in some case, evidently, a violation) of their privacy rights.
The body of this paper is in two sections. In sections 1 and 2, respectively, I provide analyses of the key notions of privacy (and, relatedly, confidentiality) and security (bearing in mind the variety of security contexts, for example counter-terrorism versus ordinary law enforcement).
The notion of privacy has proven to be a difficult one to explicate adequately. Nevertheless, there are a number of general points that can be made. First, privacy is a moral right that a person has in relation to other persons with respect to: (a) the possession of information about him/herself by other persons, or; (b) the observation/perceiving of him/herself – including of a person’s movements, relationships and so on – by other persons.
Second, the right to privacy is closely related to the more fundamental moral value of autonomy. Roughly speaking, the notion of privacy delimits an area, viz. the inner self; however, the moral right to decide what to think and do is the right to autonomy, and the moral right to decide who to exclude and who not to, is an element of the right to autonomy. So the right to privacy consists of the right to exclude others (right to autonomy) from the inner self (the private sphere).
Third, a measure of privacy is necessary simply in order for a person to pursue his or her projects, whatever those projects might be. For one thing, reflection is necessary for planning, and reflection requires a degree of freedom from the intrusions of others, that is a degree of privacy. For another, knowledge of someone else’s plans can enable those plans to be thwarted. Autonomy – including the exercise of autonomy in the public sphere – requires a measure of privacy.
In the light of the above analysis of privacy, and especially its close relationships to autonomy, we are entitled to conclude that an extent of some kinds of privacy is a constitutive human good. As such, there is a presumption against infringements of privacy. That said, privacy can reasonably be overridden by security considerations under some circumstances such as when lives are at risk. After all, the right to life is, in general, a weightier moral right than the right to privacy. Thus accessing the financial records of a suspected terrorist, if conducted under warrant, is surely morally justified. Let us now turn to some notions that are closely related to privacy, namely, anonymity, confidentiality and secrecy.
Individual privacy is sometimes confused with anonymity but these are distinct notions. Anonymity is preserved when a person’s identity in one context is not known in another. Consider the case of Jones, a respectable married man. In another context, Jones might be the anonymous client of a prostitute. Of course, Jones is ‘known’ to the prostitute, indeed, intimately known. However, the prostitute does not know Jones in his home or work contexts and, likewise, his family and work colleagues do not know Jones in the context of the brothel. Again, consider Smith, a wealthy businessman. In another context, Smith might be an anonymous donor.
Anonymity can be a means to privacy, (for example Smith wants to avoid publicity,) or to avoid harm to oneself, (for example the reputational damage that Jones might suffer if his visits to the brothel became known.) Indeed, anonymity is vital in some situations, for example an anonymous ‘tip-off’ to police regarding a violent criminal who would kill such an informant if he knew their identity.
These examples demonstrate that sometimes anonymity is an instrumental good. But they equally reveal that it is not a constitutive human good. In this respect anonymity is quite different from privacy. What of confidentiality?
The sphere of individual’s privacy can be widened to include other individuals who stand in a professional relationship to the first individual, for example a person’s lawyer or doctor. Moreover, morally legitimate institutional purposes give rise to confidentiality requirements with respect to information for example committees, tender applications.
Law enforcement operations give rise to stringent confidentiality requirements, given what is often at stake, for example harm to informants, the possibility that important investigations might be compromised. Military operations also give rise to stringent confidentiality requirements, such as ‘need to know’ principles and legal prohibitions under the Official Secrets Act; again, the stringency of these requirements can be justified given what is often at stake, for example harm to one’s own combatants, the possibility that military missions might be compromised.
At least in the case of security agencies, such as police, military and intelligence agencies, a degree of compliance with principles of confidentiality is a constitutive institutional good in the sense that security agencies could not successfully operate without a high degree of confidentiality.
The other related notion of interest to us here is secrecy. Secret information is not necessarily based on the moral right to privacy or on the principle of confidentiality. For unlike privacy and confidentiality, secrecy is a morally neutral or even pejorative notion. Thus person A can have a moral right to know person B’s secrets and B have no grounds for non-disclosure, as might be the case if A is a police officer and B is an offender. Here B has a secret but it has no moral weight qua secret.
Secrecy implies that someone possessed of information does not want that information disclosed and that someone else has an interest in finding out the secret information. Secrecy is at home in contexts of conflict and fierce competition for example wars, organised criminality, market based companies. More generally, secrecy is at home in contexts of security (see next section).
Excessive secrecy undermines operational effectiveness for example the1980 helicopter incursion by US into Iran to rescue hostages failed because secrecy prevented various helicopter crews from coordinating their activities. Moreover, high levels of secrecy can mask incompetence, for example WMDs falsely thought to be possessed by Saddam Hussein. High levels of secrecy can also mask corruption, illegality and human rights abuses, for example in authoritarian regimes. Accordingly, by contrast with confidentiality, secrecy is not a constitutive institutional good.
I have distinguished privacy, anonymity, confidentiality and secrecy, and argued that whereas privacy is a constitutive human good and confidentiality a constitutive institutional good, neither anonymity nor secrecy are constitutitive goods. A final point concerns the relative moral weight of privacy and confidentiality. Here we make the point that sometimes confidentiality requirements can be overridden by the right to privacy, and sometimes the reverse is the case. The NSA leaks conveniently exemplify this tension. While the activities of the NSA were an infringement, if not a violation, of the privacy rights of individual US citizens and others, it is also the case that the Snowden leaks and subsequent publication in the media were an infringement, if not a violation, of the confidentiality rights of the NSA. Let us now turn to the notion of security.
The notion of security is a somewhat vague one. Sometimes it is used to refer to a variety of forms of collective security, for example national security (in the face of external military aggression), community security (in the face of disruptions to law and order), organisational security (in the face of fraud, breaches of confidentiality and other forms of misconduct and criminality). Other times it is used to refer to personal physical security. Physical security in this sense is security in the face of threats to one’s life, freedom or personal property; the latter being goods to which one has a human right. Threats to physical security obviously include murder, rape, assault, and torture.
Personal (physical) security is a more fundamental notion than collective security; indeed, collective security in its various forms is in large part derived from personal security. Thus terrorism, for example, is principally a threat to national security precisely because it threatens the lives of innocent citizens. However, collective security is not simply to be identified with aggregate personal (physical) security. For example, terrorism might be a threat to the stability of a government and, as such, a national security threat an example of which can be seen with the Islamic State’s occupation of large parts of Iraq and Syria..
Aside from questions of the scope of security, for example personal, organisational, national, there is the matter of the type of security. Here a distinction between informational and non-informational security might be helpful. Informational security is self-explanatory and basically consists of ensuring that privacy rights are respected and confidentiality requirements are being met.
Non-informational security pertains to physical or psychological harm to human beings, damage to physical objects, and certain forms of harm to institutional processes or purposes, for example by means of corruption. Non-informational security is both a constitutive human good and a constitutive institutional good. After all, the lack of non-informational security evidently implies harm to persons and/or institutions.
It is widely accepted that both privacy rights and confidentiality requirements can be overridden by the needs of non-informational security. After all the latter may involve saving lives while the former might only involve some relatively unimportant disclosure of (private or confidential) information. It is perhaps less widely recognized that non-informational security can be overridden by privacy rights and confidentiality considerations. Examples here include ones such as intrusive surveillance of a suspected petty thief or accessing the details of location of person under witness protection to interview him for a past minor crime.
Aside from the scope and types of security there are various contexts of security. These include domestic law enforcement, international organised crime, counter-terrorism, war, cyberwar, trade ‘wars’, and so on. These different contexts involve a variety of security concerns of differential moral weight; winning the Second World War was obviously of far greater importance than Australian farmers winning a commercial contract to supply live cattle to China. Intelligence-gathering needs to be understood in these various different contexts and the stringency of privacy rights and confidentiality requirements relativised to them. In domestic law enforcement, for example, there is, as we saw above, a strong presumption in favour of the privacy rights of citizens, albeit these can be overridden in certain circumstances under judicial warrant. By contrast, in wartime military intelligence gathering is largely unfettered and the privacy rights of citizens curtailed under emergency powers. Moreover, the confidentiality rights of security agencies are increased under a ‘cloak of secrecy’ and the privacy and confidentiality rights of the enemy suspended until cessation of hostilities. Counter-terrorist operations and so-called covert operations against hostile states with which one is not at war provide an additional problematic set of contexts. We return to some of these issues in section 5 below.
In the light of this discussion of security what are we to make of the NSA leaks? Speaking generally, these leaks were a breach of security in the sense that they infringed NSA confidentiality requirements and, indeed, US secrecy laws. However, the larger question is whether they undermined collective security in the stronger sense, for example they put the lives of security personnel and, ultimately, citizens at risk. Moreover, as already mentioned, these leaks involved two main categories of electronic data collection of interest to us here, namely, wire-taps (involving the access of communicative content) such as phone taps and email interceptions, and metadata collection.
 This material is extracted from the first two sections of “NSA, Snowden and the Ethics and Accountability of Intelligence Gathering “ in (ed.) Jai Galliott and Warren Reed Ethics and the Future of Spying: Technology, Intelligence Collection and National Security (Routledge, 2016)