Privacy, Security, and the Legacy of 9/11

A UConn privacy law expert discusses how legal and policy changes after the terrorist attacks of 9/11 have affected personal privacy in the U.S.

The American flag merged with a keyboard. (iStock Image)

The American flag merged with a keyboard. (iStock Image)

The American flag merged with a keyboard. (iStock Image)

Fourteen years ago, on Sept. 11, 2001, coordinated attacks on the World Trade Center and the Pentagon shocked the nation and triggered sweeping changes in American opinion, policy, and law. Some of the most immediate and extensive changes involved laws concerning how government agencies may conduct electronic monitoring and surveillance of Americans. UConn Today asked Daniel J. Klau, a practicing attorney who teaches privacy law as an adjunct professor at UConn School of Law, to describe the effect of those changes on personal privacy in the United States.

Q. What happened to legal concepts of personal privacy in the United States after the 9/11 terrorist attacks?

A. Throughout our nation’s history, the balance between security and privacy has always changed through time. That is particularly true in times of war, when the balance almost always tips towards security.

Consistent with that history, within moments of the terrorist attacks on 9/11, the security/privacy pendulum began to swing wildly toward security and away from personal privacy. The USA PATRIOT Act is perhaps the clearest example of how legal concepts of personal privacy changed after 9/11.

There are many components to the USA PATRIOT Act, but it consists in large part of amendments to the Foreign Intelligence Surveillance Act (which governs surveillance for foreign intelligence purposes) and the Electronic Communications Privacy Act (which governs surveillance for domestic law enforcement purposes). The amendments the USA PATRIOT ACT made to those two acts, particularly as they relate to government surveillance of individuals suspected of having some connection to terrorism, significantly reduced legal protections for personal privacy.

Q. Edward Snowden’s revelations about the NSA mass surveillance program that collected metadata on Americans’ telephone communication generated plenty of outrage, but did anything change?

A. It’s still too early to tell whether Snowden’s revelations will lead to long-term, permanent changes in laws, like the USA PATRIOT Act, that prioritize national security over personal privacy. Let’s have this conversation five years from now, and I’ll have a better answer.

What is clear, however, is that Snowden’s revelations have sparked a national conversation about the proper balance between security and privacy. I think that conversation will continue, and will lead to at least incremental changes over time. Most people, including our elected officials in Washington, had no idea that our government was collecting so much information about us.

One area of the law in which I do see positive change is in Fourth Amendment jurisprudence, especially with respect to something known as the “third-party doctrine” and the application of the Fourth Amendment to cell phone searches and GPS tracking devices. The third-party doctrine basically provides that once a person shares information with a third party, the person no longer has a “reasonable expectation of privacy in that information,” which means that the government can obtain that information without a search warrant. Recent Fourth Amendment decisions reveal a Supreme Court that is increasingly uncomfortable with the doctrine. The decisions in the cell phone search and GPS tracking cases also suggest to me that the justices – all of whom own cell phones and understand how easy it is for the government to stick a GPS tracker on anyone’s car, including their own – finally appreciate the importance of providing Fourth Amendment protection against such searches.

Q. The other provisions of the USA PATRIOT Act were renewed in June, through 2019. Do the remaining sections threaten personal privacy, and are they likely ever to be allowed to expire?

A. Section 702 authorizes the collection of internet communications that have at least one destination outside the United States. The NSA cites section 702 as authority for a number of programs that Edward Snowden reveals, with names like MYSTIC and PRISM. I think these programs will continue to be the subject of debate.

Q. You also teach Freedom of Information law. As the government has sought more data about individual Americans has it also provided more data about its own operations?

A. Not of its own volition. But for Edward Snowden’s revelations, I doubt that the world would know about the NSA’s massive database and other surveillance programs. The more information the government wants to collect about individual Americans (not to mention foreigners), the harder it works to keep the existence of those information collection programs secret.

This is bad for our democracy, which cannot function without an informed citizenry. The government constantly “over-classifies” information, and then says it needs to keep things secret in the name of national security. Of course there are matters that our government should keep secret. In my opinion, however, the Snowden revelations have revealed that we can’t trust the Executive Branch (regardless of who leads it at any given point in time) to entrust members of Congress with enough information to provide meaningful oversight of surveillance programs and activities. At a bare minimum, I hope that the Snowden revelations embolden our elected representatives to demand more information from the Executive Branch so that Congress can perform its oversight functions meaningfully.

Q. You’ve been teaching privacy law at UConn School of Law since 2003. Have you seen a change in the way your students view their privacy rights?

A. At the beginning of the first class of each semester, I begin by telling my students, “Welcome to the Right of Privacy. We will spend the next 15 weeks studying that which you do not have.” I used to smile when I made that little joke. I don’t anymore. I also begin the first class by asking my students to think about whether privacy is an absolute or relative value. The purpose of this exercise is to demonstrate that most people are willing to trade away their privacy for something else of value. We give out personal financial information when we buy something we want on the Internet; we reveal highly personal information about our bodies to doctors so that they can make proper diagnoses, etc. The question is whether we can trust the people and entities with whom we share this information to protect it.

When I started teaching in 2003, Facebook was in its infancy and YouTube, Instagram, Snapchat, and Twitter did not even exist. Social media has fundamentally transformed the way the youth of the 21st century think about and value individual privacy. They share so much information about themselves, and they do so via platforms that make that shared information accessible to thousands, if not millions, of people.

So, to answer your question directly, have I seen a change in the way my students view their privacy rights? Oh yea. You betcha.