Online Extra: Surveillance Society: The Experts Speak

BW asked top names in the security and privacy fields about how much monitoring is necessary and what can be done to prevent abuses

The continued threat of terrorism guarantees that the U.S. will be adopting ever more sophisticated surveillance technologies -- from smart cameras to iris identification -- to combat the elusive enemy. Market research firm Frost & Sullivan predicts that biometrics will become a healthy $4.7 billion industry in 2009, up from just $675 million in 2003, and video surveillance software will reach $642 million in sales from a mere $147 million in 2004.

But how will those technologies change our free society? BusinessWeek correspondent Catherine Yang spoke to many privacy and security experts on the dangers of a surveillance society and potential solutions. Here are edited excerpts from those conversations.

Q: Is the tradeoff of privacy for security worth it?

Bruce Schneier, founder and Chief Technology Officer of Counterpane Internet Security:

A lot of security measures are very much of a feel-good nature. They're not effective but are meant to look effective. We demand our public officials do something, even if it does no good.

My prediction is, absent serious soul-searching and a Congress that will put principles over politics, long term there will probably be some sort of popular backlash. We feel more secure because of laws requiring the police to get warrants. To throw them away because the police need more powers to investigate terrorism opens us up to a police state. I wouldn't feel safe in police state. We get most of our security from liberty.

Q: Are there costs to a surveillance society besides the potential loss of personal freedoms?

Kim Taipale, executive director of the Center for Advanced Studies in Science & Technology Policy:

Yes, closed systems impose high overhead costs -- not just the actual cost of the security measures, which can be thought of as a kind of security tax -- but also friction and barriers to entry imposed on functionality itself.

For example, Michael Chertoff [the Secretary of the Department of Homeland Security] has called for security envelopes for international trade and travel within which -- with the right security vetting and tracking -- goods and people could move easily without being stopped at every point for rechecking.

But these vetting procedures could themselves become impediments to free trade. If the developed nations -- say the G-8 -- determine who is allowed in the envelopes, then other countries or new entrants -- either without sufficient resources or otherwise disfavored -- may be kept out. This could entrench existing power structures and impede free movement of goods or people.

The real reason we beat the Soviet Union is that their closed system had such high relative overhead costs and internal friction that they bankrupted themselves competing with us. Osama bin Laden has stated that among his aims is to bleed America "to the point of bankruptcy." We need to be careful that in designing security systems we are not helping him achieve his goal by imposing intolerable burdens on functionality. Open systems respond better to unforeseen events by allowing new ideas, new entrants, and innovation to emerge through free markets.

Q: What are the downsides of specific surveillance technologies, such as camera monitoring?

Deirdre Mulligan, director of the Samuelson Law, Technology & Public Policy Center at the University of California at Berkeley:

It's not surprising the legislation to curb abuses of cell-phone cams, tiny video cams, and webcams is about people looking at women [e.g., up their skirts]. It's not surprising that it's "upskirt" legislation and not "down-pants" legislation.

Those with external characteristics that suggest you're different -- whether you wear a turban or a veil -- are watched more than the rest of us. Just because the technology watches everybody, the fact of the matter is that different people are watched differently.

Q: Is the power of databases a growing threat, and how can we curb it?

Lee Tien, senior staff attorney at the Electronic Frontier Foundation in San Francisco:

Data, whether from biometrics or tracking devices or purchasing records, are tributaries flowing into one giant river of databases. Up until the last 10 years, it would sit in one company's computers and wouldn't be aggregated with [other data] to complete a profile. The prize was to correlate and put the information together. We're seeing the little obstacles that used to protect privacy eroding with increased information sharing.

If databases had a basic level of encryption, you would be less worried about how the data is handled. It's premised on government and companies taking elementary precautions to make sure the front door is locked. But even that isn't happening.

Q: What legal protections exist to curb misuse of personal information by the government and private sector?

Chris Hoofnagle, West Coast Director of the Electronic Privacy Information Center:

In the 1974 Privacy Act, if a government employee intentionally gives out the personal information of another, he or she can be tried criminally. That's to prevent leaking for political retribution. If the government is breaking the law, you can also sue for civil injunction. Or if you can show you've been damaged, you can sue for damages and attorney's fees.

If the private sector could be covered by the 1974 Act, that law would deal with many problems by limiting the amount of information those entities can collect, giving free access to individuals to their files, and requiring security standards [to protect those files]. The Privacy Act also has a prohibition against the government from selling lists, so it could just end that practice in the private sector, also.

Q: Is it more important to protect against privacy abuses by the government or by the private sector?


Public- and private-sector databases present different risks. Government databases present a Big Brother risk. Private-sector databases raise fraud and identity-protection questions. Both are important interests, but they need to be protected differently.

Law enforcement's arguments are compelling and justify the creation of databases. I argue that [private-database companies such as] ChoicePoint should exist to help law enforcement. The difference is there should be better rules to protect people.

When it comes to the database-marketing side, the interests of commerce are weaker. People should be able to opt out and stay out of databases if they want to.

Q: Are there technology protections that can be put in place to protect privacy?

James Dempsey, executive director of the Center for Democracy & Technology:

We shouldn't forget the design process. Designers need to think about social implications. You can build these things -- like location technology -- in user-controlled ways that minimize the collection and storage of information or allow people to turn the features on and off, so the location is generated only when you call 911 or otherwise invoke the location service.

Far too often, technologists' attitude is: "This is neat, but I'll let others figure out its implications." It's still not part of the geek mindset.

Edited by Patricia O'Connell

Before it's here, it's on the Bloomberg Terminal.