A National DNA Registry IS sound public Policy

 Background

              The United States currently maintains a DNA database, called the Combined DNA Index System (CODIS) which host the National DNA Index System (NDIS). NDIS includes DNA profiles from federal, state, and local investigations.[1] DNA submitted to NDIS must fulfill strict regulatory requirements. For instance, the government is only authorized to collect DNA samples from sex offenders or those committed of major crimes.

While the US has restrictive standards for DNA collection, the United Kingdom maintains a significantly broader DNA database, called the National DNA Database (NDNAD). With over 3 million DNA profiles, "5.2% of the UK population is on the Database, compared with… 0.5% in the USA."[2] The UK has found many benefits from this larger database. In this blog post, I will argue that the creation of a database with the mandatory collection of DNA from every American citizen is good public policy.

Argument #1: Better crime fighting

              With a national DNA registry, law enforcement's ability to solve crimes would increase significantly. In the US, less than 25% of all violent crimes and only 7% of all property crimes are solved.[3] That is absurdly low. A national DNA registry that includes DNA from all citizens, however, could play a huge role in solving these crimes. DNA is powerful. In 2018, the Golden State Killer was caught after investigators searched a database which contained several of the killer's distant relatives.[4] When DNA has been added to criminal investigations: "More than twice as many suspects were identified… [and] arrested."[5]

Not only would a national DNA registry assist in solving crimes, but it may also reduce the number of crimes that are committed. Studies have found that "DNA profiling makes violent offenders 17% less likely to reoffend, and makes property offenders 6% less likely to reoffend."[6] With a national DNA registry, we could achieve a reduction in first offenses as well.

Argument #2: A national DNA database would reduce discrimination

              Another potential benefit of a national DNA database is that it could reduce racial discrimination. It could accomplish this in two primary ways. First, it would create a more racially representative DNA database. While only 13% of Americans are black, up to 49% of CODIS DNA profiles are from black people.[7] As a result, the DNA system we currently use is more likely to contain the DNA of a black person than of a white person, and thus more likely to lead to additional arrests of black people. With a national DNA registry, DNA analysis would not be disproportionately likely to implicate racial minorities.

              Second, a national DNA registry would provide evidence necessary for the exoneration of many wrongfully imprisoned individuals. Unfortunately, there is evidence that black people are wrongfully convicted at disproportionate rates, as 50% of exonerees are black.[8] Thus, by providing a more representative database and by facilitating the exoneration of many individuals, a national DNA registry would reduce the discrimination that continues to plague our criminal justice system.

Argument #3: Non-crime benefits

              While a national DNA registry would be useful in solving crimes, it is important to consider the other potential benefits. For instance, a massive database of DNA could aid further research in genetics. It could also be used to "define paternity… and identify victims of crime, disasters, and war."[9]

Rebuttal: But a national DNA registry is a huge invasion of privacy

              This is a totally reasonable concern. However, I think the benefits of a national DNA registry supersede the privacy risks. If giving up my genetic profile means that I get to live in a society that is safer, more equitable, and more likely to catch criminals, then I would be willing to make that trade. At the same time, I think there are reasonable steps we could take that would decrease the privacy risk associated with a national DNA registry. For instance, we could require that, except in extreme cases, the DNA database could only be used to confirm, rather than to find, a suspect.

Conclusion

              There are many benefits to a national DNA registry. With the creation of a DNA profile of every American citizen, law enforcement would be better equipped to fight crimes, criminal activity would decrease, discrimination in arrests would decrease, and many wrongfully convicted individuals would be exonerated. Obviously, such a database has inherent privacy concerns. While it is reasonable to be concerned about the collection of one's DNA, the resulting benefits are well worth the costs. The creation of a national DNA registry is good public policy.

---

[1] https://www.fbi.gov/services/laboratory/biometric-analysis/codis/codis-and-ndis-fact-sheet

[2] https://webarchive.nationalarchives.gov.uk/ukgwa/20081023094216/http://www.homeoffice.gov.uk/documents/DNAExpansion.pdf

[3] https://www.pewresearch.org/fact-tank/2017/03/01/most-violent-and-property-crimes-in-the-u-s-go-unsolved/

[4] https://www.science.org/content/article/we-will-find-you-dna-search-used-nab-golden-state-killer-can-home-about-60-white

[5] https://www.ojp.gov/pdffiles1/nij/224084.pdf

[6] https://www.forbes.com/sites/quora/2017/05/16/can-dna-databases-reduce-crime-rates/?sh=378f48ef5712

[7] https://blog.petrieflom.law.harvard.edu/2019/01/14/ethical-concerns-of-dna-databases-used-for-crime-control/

[8] https://innocenceproject.org/how-racial-bias-contributes-to-wrongful-conviction/

[9] https://www.hudsonalpha.org/forensics-and-dna-how-genetics-can-help-solve-crimes/

A National DNA Registry is NOT sound public policy

 Introduction

A national DNA database would collect data from millions of citizens across the country and store each individual’s genetic sequencing in an online registry for various purposes. There have been debates about whether or not a DNA registry with access to every citizens’ DNA should be implemented.  Many nations across the world already store some form of DNA, such as fingerprints, iris scans, etc.  For example, the United Kingdom has one of the largest DNA databases in the world and collects data from anyone who has been convicted.  The collected DNA information is also stored in the system permanently.  However, if one has only been arrested and not convicted, their information remains in the database for a minimum of 6 years, which is renewable on subsequent arrests [1]. As this technology grows, the government wants to expand the reach of the DNA registry and the information it holds.   “In the last ten years alone we have gone from collecting DNA only from convicted sex offenders to now including people who have been arrested but never convicted of a crime.” [2]. The creation of a national DNA database consisting of DNA from every citizen collected through a mandatory collection program is not good public policy because it contains sensitive information, infringes on our 4th amendment rights, and can lead to false incarcerations of suspects.

Data Collection Risks

DNA that has been collected for a database doesn’t expire, meaning it can be stored for an infinite amount of time (if it is not manually deleted).  They contain sensitive information such as family relations, susceptibility to disease (including hereditary), and even behavioral tendencies [3].  This capability for indefinite storage and unlimited sharing creates a huge privacy risk.  There is also the issue of people not wanting to participate in this mandatory DNA collection program.  What would happen to individuals that don’t want the government to have their DNA?  Would they be arrested, restricted, or targeted in any way? People should have the right to choose whether or not they want to distribute their DNA and its confidentiality instead of forcibly giving it to the government for a national database.  Some may consider this an infringement of our 4th amendment rights if the police are able to access the database without a search warrant.  The national database is also at risk from hackers which have the capability of leaking millions of people’s data online.  The company MyHeritage is an example of such hacking where over 92 million accounts were hacked, resulting in emails and passwords being exposed.  Despite DNA data not being breached, this type of hacking is definitely cause for concern [4].  A national DNA database would be a huge risk because of the sensitive information that our DNA contains, hacking threats, and the possibility it is unrightfully accessed by law enforcement.

Contamination Concerns

DNA evidence can be contaminated when DNA from another source gets mixed with DNA relevant to the case.  During an investigation, the contamination of DNA can occur when it is collected, transported, or stored.  DNA analysis can also be inaccurate and unreliable.  In 2015, news about a San Francisco Police Department lab had several “irregularities” or missing gaps in the DNA, which were then filled in by an analyst to complete.  The lab went ahead with this poor DNA to search the database to identify potential suspects [5].  This procedure was a violation of the rules implemented by California state laws (as only good quality DNA samples can be sent for analysis) and it’s projected that this misconduct affected as many as 1,400 cases [6].  If DNA samples collected from crime scenes are not being properly processed, it leads to the false incarceration of a suspect.  This instance is an example of why there needs to be more restrictions put in place to ensure that DNA is properly handled, processed, and investigated before it is cross referenced with other DNA samples.  If every single person’s DNA is in a database, then the probability of more incorrect matches and false prosecutions would increase drastically.

Conclusion

I support a database that collects DNA of convicted criminals, members of the military (for identification purposes), missing persons, and other select cases.  However, I do not support the move towards collecting every person’s DNA because it is too invasive.  Collecting the DNA information of every citizen is a privacy risk where the ends do not justify the means.  The possibility of hackers breaching the data of millions and exposing their DNA profiles is too risky.  If the data is stored indefinitely then that makes even more profiles subject to harm or breaches.  Police departments with access to the registry may try and access it without following proper protocols, either violating 4th amendment rights or state laws in an attempt to match suspects with poor DNA.  It is for these reasons that a DNA registry that collects the data of every civilian should not be implemented and is poor public policy.

Sources

[1] https://www.legislation.gov.uk/ukpga/2010/17/crossheading/retention-destruction-and-use-of-fingerprints-and-samples-etc/enacted

[2] https://www.aclu.org/press-releases/dna-databases-hold-more-dangers-meet-eye-aclu-says

[3]  https://www.theguardian.com/science/2008/apr/27/genetics.cancer 

[4]https://us.norton.com/internetsecurity-emerging-threats-myheritage-data-breach-exposes-info-of-more-than-92-million-user.html

[5]https://www.sfgate.com/crime/article/DNA-lab-irregularities-may-endanger-hundreds-of-6165643.php

[6]https://www.eff.org/cases/dna-collection

Week 9 Takeaways 

University Privacy Discussion

Surveillance System Administrators Committee SSAC -- Representatives of many different branches of the U that help edit guidelines about surveillance - staff, faculty, some students

Where does the policy apply

• Anywhere on University property
• Inside and outside buildings
• Research Park
• 3 U Hospitals and 7 Clinics in the greater Salt Lake Valley
• Covers: University internal computer network and parking and transportation management

Privacy Safeguards

• No audio surveillance
• Certain areas are surveillance free
• Data is retained for minimum periods
• Access to data is restricted
• Use limited to investigating / preventing crime
• No location monitoring except in limited circumstances
• Reasonable notice of surveillance
• No routine facial recognition ‘

Anonymity Apps

YikYak

- Big anonymous posting site meant for college students, can lead to bullying, criminal activity, hate crimes, etc. and was shut down in 2017 and restarted in 2021

- Prevention / identification of criminals, terrorism

- Threatening language warning when posting using certain offensive words 

- Safety Center for posting guidelines

Fizz

- Requires university email registration, anonymous posting

Exercise 2 Takeaways

1. Most surprised by sheer volume and amount of data collected with time frame
2. Extent and detail of location information was surprising
3. Inaccurate information
4. Both sites collect and store personal info about you that they obtained from other sources

Discussion Points

- Should there be audio recordings in public spaces at the U or not?

- What counts as someone's reasonable expectation of privacy on campus - when other people can hear/not hear discriminatory things

- Should jurisdiction on social media and privacy depend on whether an institution is public or private? 

- When should the University take action on social media posts when it comes to 

1. Threats of violence
2. Racist/gender offensive posts causing substantial class disruption
3. Racist/gender offensive posts causing substantial controversy on campus
4. Racist/gender offensive posts causing violating University policies without causing disruption
5. Politically/Socially sensitive posts that do not cause substantial disruption

A lot voted for 1, only about 2-5 voted for 2 and 3,  almost everyone voted 4, and (almost?) no one voted for 5. Depending on the intensity of violence, it should be investigated and the individual should be identified, but for 2 and 3, many people thought that this came down to some free speech where they may be offensive and just unethical, but it's not the University's problem. But when it violates a policy that is contracted and agreed upon by students of the university, that is when universities really should take action. Lastly, with no disruption, politically sensitive posts are totally covered by free speech. 

Group Hypothetical Scenario 

Junior high school hands out iPads for academics and allows students to take them home to do homework and assignments, but John uses the iPad during and after school hours to bully Sally through Snapchat messages, posting on her FaceBook, and threatening her on Twitter. Sally's parents don't know, and other students are aware but don't report it either. Sally brings a gun to the school and commits suicide in the cafeteria during lunch posting on FaceBook that she "can't take the bullying any more." Who should bear the responsibility of this tragedy?

Group 1                           To Blame                                    Group 2

50%                                  John                                            40%

0%                                    John's Parents                            20%

0%                                    Sally                                           0%

0%                                    Sally's Parents                            10%

10%                                  Other students                            0%    

40%                                  The School                                 30%

Lots of factors went into these decisions, but both groups put majority of responsibility on John and the school. John is the one who did all of the bullying, so he received the most blame of course, but the school does hold a lot of legal responsibility because they weren't tracking the iPads, which are their property and are meant for strictly educational purposes. John shouldn't have even been able to access those sites, and they should've caught it earlier through monitoring. Group 2 put blame on the parents because John's parents should've raised him better and checked up on his activity, and Sally's parents were neglectful in letting Sally get to the point of suicide without noticing and allowing easy access for her to get a gun. Group 1 also thought that the students should have some blame because they knew and didn't tell anyone, but Group 2 saw that more of a moral "recommendation" as opposed to an obligation. 

Question of the Week No. 9

 Cyber bullying, student violence at school and teenage suicide is a growing concern in grades K-12 in schools across the nation.  Some schools are monitoring the social media posts of students in an effort to combat these problems and require students to disclose their social network passwords to school officials.  Many students and parents oppose such monitoring, citing an invasion of student privacy. 

Is such monitoring sound public policy in today’s digital world? 

The University of Utah Surveillance Policy

  

 The University of Utah surveillance policy is found under Policy 3-234: Building Access and Surveillance Systems. It was last revised March 12, 2019. The document will be linked below.

Provisions of the Surveillance Policy

The purpose of the U of U surveillance policy is to “ … regulate the installation and maintenance of … area surveillance systems in buildings and outdoor areas owned or controlled by the University of Utah, and regulate the collection, storage, disposal, access, and use of surveillance data from those systems.” This policy is overseen by the Surveillance System Administrators Committee, or SSAC, which is composed of representatives of some of the numerous branches that constitute the managing body at the U.

In Section 3C1 of the policy, the U clearly defines itself as committed to the privacy of those on campus grounds, stating, “... it is a fundamental principle that the University recognizes and respects the rights of privacy of individual persons who enter various areas of the University campus to participate in University activities…” It then defines itself as also committed to the safety of those same persons, “It is also fundamental that the University seeks to ensure for all such persons a campus environment that is safe from criminal activity and other causes of harm …”  Therefore, the University of Utah sets up the dichotomy between safety and privacy, and commits to find the balance between the two. As a final note of this section, the U declares that all surveillance data gathered by the University is held as the sole property of the University, and not that of any contractor or employee.

The policy declares specific rules for the collection of surveillance data. Unless exigent circumstances exists, all surveillance devices must have appropriate notice of their use, cannot be used in private areas (including restrooms, showers, individual offices of faculty members, and more), and cannot record audio if that audio is capable of recording “discernable human voices.” Furthermore, the policy states that “The University may ordinarily access and use surveillance data only for the limited purposes of deterring, detecting, or investigating criminal activity…” Any exception to this must be approved by SSAC, and the surveillance data is limited to only what is pertinent to the investigation in the exceptive case and only for a “reasonable” time. The few instances in which this is possible is where one has reason to believe that serious harm has happened to an individual, where an employee may be leaving their patient to harm, and where employee location must be tracked in regards to sensitive information. 

The policy states that footage will only be retained on a secured server for a time declared by the SSAC in a University Procedure, and after that time the data shall be erased. The data may be transferred to local, state, and federal law services pursuant to a warrant or other law, or Utah’s GRAMA law. 

Privacy Issues Found within the Policy

There are several notable privacy issues contained within the policy. These issues fall under the themes of use of facial recognition and access to footage.

 Firstly, facial recognition is mentioned only once throughout the Policy. “The University will not use facial recognition computer software or equivalent information technology to process video surveillance data to track the presence at a campus location of a particular person for any purpose other than addressing criminal activity which presents a substantial risk of serious harm to the University or an individual,” which implies that the U is capable of the use of facial recognition technology for tracking, and leaves the definition of what constitutes its use slightly subjective. 

Secondly, ‘surveillance system operators’ can be instituted by any Department Head or higher, regardless of membership of SSAC. The policy is vague on the power and capabilities of these ‘surveillance system operators’ as it gives no definition to their role. The policy does further state that, “Access to surveillance data shall be granted only to University employees so authorized by the SSAC, and only for purposes approved in accord with this Policy.” It is unclear whether that provision applies to these ‘surveillance system operators’, which seem as though they would be redundant should there not be reason to be consistently monitoring a surveillance system on campus.

The Balance Between Privacy and Safety

Personally, I believe that the University of Utah has struck an amazing balance between privacy and safety. A large amount of personal privacy rights are reserved, while extremes may be taken when the safety of an individual is in question. 

For instance, the U cannot, per the policy, record audio in which a human voice is discernible. This greatly protects freedom of speech on the campus, as well as possibly preventing biases through discrimination on voice, should footage ever be reviewed. Furthermore, it is unlikely that facial recognition should ever be used in University surveillance. Although it is defined in subjective terms, the example given within the policy is that of “a credible threat of a terrorist attack,” so it is unlikely that one should ever have that policy leveraged against them. Moreso, the University protects the individual at the same time, as it is permissible for cameras to be swept in order to find someone who is believed to be at harm, or to review instances in which someone may be discriminating against another through writing or imagery.

What is your opinion on this balance?

Source

Policy 3-234: Building Access and Surveillance Systems. Policy-3-234: Building Access and Surveillance Systems - Regulations Library - The University of Utah. (n.d.). Retrieved March 24, 2023, from https://regulations.utah.edu/administration/3-234.php 

Question of the Week No. 8

 The Food & Drug Administration has required all TV advertisements for prescription drugs to list possible side effects.  Should the Federal Trade Commission require all TV advertisements for “smart devices” to list possible privacy and security risks?

The Internet Of Things

Figure 1, Guru99

The Internet of Things

The Internet of Things (IOT) describes the network of devices that have imbedded sensors, software, and electronics that enable them to collect data and transfer it over the internet. The IOT typically refers to “smart” objects such as thermostats, toasters, vacuums, and other devices that don’t usually connect to the internet, but are able to offer more or better services by doing so [1]. The IOT offers the benefit of automation, convenience, and optimization. Users of smart devices can turn off lights or play music with a voice command. They can remotely lock doors, monitor children, or start their car by using an app on their phone. By analyzing the data collected, devices can help users to track health or sleep patterns, or to identify a problem in their home such as an inefficient device. “Smart cities” can utilize devices to monitor traffic patterns or to reallocate resources [1,2]. Medical care can also be improved by the IOT because more robust data can be collected from medical devices that send real-time data, and patients can monitor their own vital signs at home [2,3].

There is a tradeoff with these benefits. The IOT poses a great risk to privacy unless devices are developed with security in mind, and there is regulation on what data is collected and stored. Some states have privacy regulations in place that companies will have to comply with, such as the California Consumer Privacy Act, but there is no comprehensive federal privacy legislation to provide this regulation [4]. In 2015 the Federal Trade Commission (FTC) issued a report where they recommended that “strong, flexible, and technology-neutral federal legislation” be enacted [2]. The question is this: Is federal regulation necessary? Or would it be better to allow industry to self-regulate?

Concerns of Government Regulation

Those who oppose government regulation argue that premature legislation will stifle innovation at a time when there is great potential for the industry to grow [2]. Legislation that is too strict could prevent certain technologies from fully developing. Many IOT devices incorporate AI, so that the device can learn to accomplish a task more efficiently. In order to do this, a neural network needs to be trained with large amounts of data. Many of the devices also need to react quickly to stimuli such as temperature change or motion detection. This means that they need to be collecting data about the environment often. So, if legislation places restrictions on the data that can be collected, capabilities could be limited [5]. It is also difficult to impose regulation on the IOT because it spans so many different industries with devices for all different purposes. Some of the devices will need more data than others to function, and some will deal with far more sensitive data. It is also difficult to enforce legislation requiring consent because most of the devices are always running in the background and can’t gather consent from every person that might be affected [5,6].

Privacy Concerns

The IOT raises many privacy concerns due to the vast amount of data that is being sent through it, often without encryption. Kashmir Hill and Surya Mattu conducted an experiment where they “hacked” Hill’s smart home and found that her smart devices were constantly communicating with their manufacturers, even when no one was home. They also found that information such as the shows she watched on Hulu were sent unencrypted, while data that was encrypted still revealed information about her habits through the metadata [6]. All of the data that is sent over the internet has the potential to be intercepted, and even after that data is stored by a company it can still be vulnerable to data breaches, especially if it is known that a company stores lots of sensitive data. Even if it doesn’t seem like the data being collected is that sensitive, “the collection of personal information, habits, locations, and physical conditions over time may allow an entity that has not directly collected sensitive information to infer it” [2]. It has also been shown that even when data is depersonalized, if it is robust enough, individuals can be reidentified [4]. Smart devices are creating a more detailed picture of people’s private lives than they might realize.

While smart devices often have the same privacy risks as using the internet on a traditional device, there are some unique qualities of the IOT that increase concerns. Because the majority of smart devices are made ready to use out of the box, and because they are passive devices, most people don’t change the default settings. They don’t think about what data is being sent over the internet, and they don’t consider checking the privacy settings [5]. Many smart devices are also made to work together to form a whole network of shared data. Some devices are more secure than others though, and the more devices connected, the greater security risk. If one device is hacked, then the whole network can become compromised [1,2]. Unlike traditional hardware, manufactures of smart devices often maintain a lot of control; they decide when to update, what features are available, and how often data is transferred [5]. If users try to take control, for example refusing an update, they might find that they lose functionality.

The concern has also been raised that if the use of data collected by the IOT isn’t regulated than companies will take advantage of it. Data collected on a user might factor into decisions about their credit, their employment, or their insurance, which opens the door to discrimination [2]. Patients who use smart medical devices could be monitored by their insurance company who might then deny access to insurance if they deem the patient isn’t making enough effort towards recovery or isn’t using the device correctly [3]. Data could also be used for targeted advertisement, or potentially used by law enforcement.

Conclusion

I think that the FTC should adopt regulations about the collection, storage, protection, and use of information by the IOT. Even though each device is different, and they require different levels of data collection and protection, I do think there should be a baseline of what is acceptable. Companies should only collect as much information as is reasonable for the function of their device. They should also limit who has access to the data within the company and should have security protocols in place such as encryption. They should also only store the data for as long as it is in use and only request more data from the devices as often as is required for them to function.

Sources

[1] Williams, L. (2023, January 19). IOT tutorial: Introduction to internet of things (IOT basics). Guru99. Retrieved March 17, 2023, from https://www.guru99.com/iot-tutorial.html

[2] Federal Trade Commission. (2015, January). Internet of things: Privacy & security in a Connected World. Retrieved March 17, 2023, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[3] Asay, M. (2018, November 21). How IOT medical devices save your life and threaten your privacy. TechRepublic. Retrieved March 17, 2023, from https://www.techrepublic.com/article/how-iot-medical-devices-save-your-life-and-threaten-your-privacy/

[4] UNESCO. (2022, February 9).Data Privacy and the internet of things. Retrieved March 17, 2023, from https://en.unesco.org/inclusivepolicylab/analytics/data-privacy-and-internet-things

[5] Office of the Victorian Information Commissioner. (2022, October 6). Internet of things and privacy - issues and challenges. Retrieved March 17, 2023, from https://ovic.vic.gov.au/privacy/resources-for-organisations/internet-of-things-and-privacy-issues-and-challenges/

[6] Hill, K., & Mattu, S. (2018, February 7). The house that spied on me. Gizmodo. Retrieved March 17, 2023, from https://gizmodo.com/the-house-that-spied-on-me-1822429852

privacy vs. National Security

 This week's takeaway is "Privacy vs. National Security."

-Recent Privacy Developments: The legislature makes it a privacy crime to capture any data or characteristics of private property by using ground penetrating technology absent permission.

-Deeper Issues in Legislation: Privacy is essential for many legislators, especially regarding private property, and is at the forefront of their agendas.

-Failed Proposed Legislation: As discussed in class, an example of failed legislation was a proposed amendment to the Utah constitution that would declare privacy an inalienable right. In both years passed, it failed to address government surveillance.

-Blog Discussion Analysis and Recap: Edward Snowden, Hero or Traitor?

-Civil Disobedience: In class, we debated whether Edward Snowden could be compared to other great civil disobeyers such as MLK or Gandhi. 

-Chloe's Comments: Chloe believed that because Snowden was near the intelligence community, his inability to get more crowded involvement and form a coalition essentially made him a lone wolf.

-Jaskehar's Comments: Jaskehar believed he left a good lasting impact, but the impact differed from what MLK or Gandhi did.

-Kai's Comments: Kai believed that the most significant difference was that other historical figures were violating laws with real and serious implications, whereas Snowden evaded the consequences of the espionage act.

-Professor Dryer's comments: He believes in a higher law and that someone should be willing to accept the consequences.

-Federal Whistle Blower act: If an individual working for the government exposes it of wrongful conduct, they can protect their jobs and have significant protections enacted upon them by congress.

Can Snowden avail himself of that label?

Class Poll Results (Which option is best for the country to deal with Edward Snowden?)

-Stand Trial with whistleblower protections overwhelmingly won with 6

Thursday Recap:

-Ongoing Discussion: Aside from legislators, there is also an ongoing discussion about whether law enforcement should have access to one's phones.

-The Debate: 

-Privacy Advocates: Opponents of this idea believe that because law enforcement has many ways of tracking and attaining information about individuals, there is no point in accessing a phone. 

Search Warrant Advocates: It is incredibly costly to jailbreak a phone and not consistently successful. Thus, legislation has been filed in congress to have a backdoor for the phone, again only under a search warrant.

Flaws of this legislation: Terrorists may not store all the information on the phone or buy a different phone with an additional requirement in a foreign host country.

Established Legislation elsewhere:  In England, it is a crime if a suspect or defendant refuses to provide a password or encryption key when law enforcement has a search warrant to search a phone.

Should the 5th amendment allow the government that might be incriminating itself by giving them the password?

Class Opinion Poll Results: 6 individuals agreed that if a person is convicted of a crime such as murder or rape, they should be forced to comply with giving up their password; six others disagreed.

Question of the Week No. 7

 Should any designer of an operating system for a smartphone or tablet that is manufactured, leased or sold in the United States be legally required to ensure that data on such devices is accessible pursuant to a search warrant?

What should we do about Edward Snowden?

Image from ACLU

    

    Less than 2 months after the September 11th terrorist attacks on the world trade center the US congress passed The Patriot Act which broadly and vaguely expanded the authority of government agencies, like the NSA, to spy on ordinary citizens for the purpose of counter-terrorism. The extent to which this surveillance was being carried out would be revealed by multiple whistleblowers and news outlets in the years following. One such whistle blower was former intelligence contractor Edward Snowden who in 2013 leaked to The Guardian that the NSA was collecting phone records on a massive scale under section 215 of the patriot act. The fallout from these leaks resulted in huge changes in American surveillance policy, discussion around digital privacy, and the personal life of Snowden himself when it was revealed in June of 2013 that he was the source of the many leaks published by the Guardian and other news outlets. 

    Now Snowden lives in Russia as a full citizen where he remains safe from extradition to the United States, where he is charged with violation of the 1917 espionage act and theft of government property. Many in the US view Snowden as a brave patriot who put his freedom at risk for the rights of ordinary citizens, others view him as a coward who carelessly put national security in jeopardy. Despite being 10 years ago the debate about what should be done about Edward Snowden remains, should he be pardoned and allowed to return home for bringing the invasive ways that the government spies on us to our attention, or should he be prosecuted for knowingly breaking the law?

    Snowden's intelligence work began in 2006 as an IT expert for the CIA where he would remain until 2012 after one of his supervisors had suspected him of trying to open classified files that he was not authorized to access. After leaving the CIA he found work at Dell as a contractor for the NSA with top-secret clearance, it would be in this position that Snowden would obtain some of the information that he would end up sharing with Guardian columnist Glenn Greenwald in 2013. Later in 2013 after his first anonymous leaks to the press he would leave Dell to work at a firm called Booz Allen Hamilton in order to find new information to leak, later that year he would be fired when the Guardian revealed him as the one behind the NSA leaks.

    The content of Snowden's leaks were primarily concerned with data mining done by the NSA which is the massive collection of private and public information of individuals in order to generate leads in counter-terrorism investigations. Data mining works by looking at the metadata of digital records which could be seen without opening or looking at the content of the records themselves. Things like timestamps, locations, file sizes, senders and recipients could all be looked at legally without a warrant and then sorted and analyzed by computer programs that could be shared with other government agencies such as the FBI, CIA, or DOD upon request and approval from a secret Foreign Intelligence Surveillance Judge.

    One method of data collection, known by its code name PRISM, gave the NSA access to the the servers of tech giants like Microsoft, Google, Apple, and Facebook and allowed the NSA to collect troves of content and metadata belonging to users for the purpose of data mining. This data collection was done with the assistance of these tech companies however when asked directly they were adamant that they had no involvement or knowledge of the program. PRISM was first made known to the public by the Guardian and the Washington Post who obtained a leaked slideshow that had been shared with them by Edward Snowden. Another, much more powerful and invasive system known as XKEYSCORE, also leaked by Snowden, works by intercepting internet traffic as it runs through fiber optic cables. This method allows the NSA to capture any data it seeks to collect in its entirety which essentially anything one user may send to another.

    The Snowden NSA leaks shocked many and shaped public discourse around digital privacy. Despite causing a shift in how the public viewed government surveillance the effects of Snowden's leaks on policy were nominal. Many challenges to the most invasive parts of the Patriot act and FISA were already being challenged in the courts before Snowden had leaked anything, ultimately the leaks created a spectacle that emboldened privacy activists and pressured the government to be more transparent with its surveillance methods.

    Edward Snowden did nothing wrong. He had the courage to sacrifice his well being because he believed the public was being spied on by the NSA without any meaningful checks on their power. Through hindsight we know that the leaks have caused no damage to national security, so why does he need to be punished in addition to being forced to flee the country? Since Snowden is now a full citizen of Russia it seems that any chance of him being allowed back in the United States without being instantly arrested is slim, but a pardon or commuted sentence for Snowden is not outside the realm of possibility either if we look at previous examples of notable whistleblowers such as Chelsea Manning. While this may sound pessimistic I don't think Edwards situation will change anytime soon, especially as the public discussion of digital privacy shifts from concerns over use by the government to use by tech companies.

Do Not Pardon Edward Snowden by Chloe Hagan

 

(Audible, N.D)

Who is Edward Snowden and What did he do?

Edward Snowden started working for the Central Intelligence Agency in 2006, where he worked as a security technician under diplomatic cover. This position meant he was given top secret clearance. He worked for the CIA until 2009, in which he switched to working as a private contractor that serviced the National Security Agency (NSA). The NSA is responsible for the US government’s communication and security intelligence. While servicing the NSA and having his security clearances, he obtained classified information about the NSA, specifically about U.S surveillance techniques. In May of 2013, Snowden left for Hong Kong on medical leave from his job and talked with The Guardian media reporters about NSA secrets. Snowden releases damning information about how the NSA “improperly collected phone call records of Americans”, with his leaking a series of documents including:

1. A court order that required Verizon to give meta data to the NSA (like phone numbers, numbers dialed, duration of calls, etc). 

2. A document that disclosed the existence of PRISM, a data mining program that gave the US Intelligence agencies “direct access” to major internet data corporations like Google, Facebook, Microsoft, and Apple. (Ray, 2022). 

3. Claimed the NSA had been hacking Chinese computers since 2009.

1. He painted this as the reason he decided to work as a contractor for the NSA and wanted to learn about secret NSA activities. 

An interesting fact about Snowden’s case is that he willingly came forward in The Guardian and The Washington Post about his identity after publishing the information. He has become one of, if not, the most infamous whistleblower in US history. This begs the question, how should government agencies move forward with contractors in security clearances? This article had a quote from former deputy press secretary Tony Fratto, where he found that “We can name the 20 people or so over the past 10 years who've leaked 'top secret' information," and that  "Out of millions. ... The number of people who have divulged 'top secret' information is remarkably small”. (Fratto, 2013). 

What privacy concerns and laws are involved in his case? 

The fundamental issue that Snowden did was break United States law and endanger national security through his whistleblower status. Not only that, but the reveal to the general public that government surveillance was taking place without knowledge opened up a discussion that still occurs today, about if government and private entities have the right to collect data and use it for tracking/surveillance purposes. Snowden was charged on June 21st of 2013 with two counts of violating the Espionage Act of 1917 and theft of government property. The Espionage Act is a Federal law where it was made illegal to convey information with the intent of interfering with the US armed forces interests and projects or promoting the success of US enemies. The Espionage Act also criminalizes the publication of any information related to National Security without authorization. The theft charges pertain to the documents he released, as it counted as his stealing from the United States Government. He was in Hong Kong at the time of the charges being pressed, leading to questions of if he would need to be extradited by the Hong Kong Government to face trial in the United States. 

According to a 2012 report from the office of the director of national intelligence, more than 1.4 million people have “top-secret- security clearance”. This report concluded that more than 483,000 government contractors (like Snowden at the time when he worked for the National Security Agency (NSA)) were given “top secret” security clearances, with 582,000 having “confidential” or “secret clearance”. This paints the question, how many more leaks like this are going to occur with those who have clearance access, but decide to divulge this information?

The question of whether he should be pardoned or not.

Since this incident occurred during the Obama administration, there have been three standing presidents (including Obama) that have all decided to not pardon Snowden. Former President Obama was very firm in his position against Snowden, which can be seen in the video below.

https://youtu.be/wS9TXJqxkSQ

Former President Trump was more open to pardoning Snowden, but Biden remains the same in not addressing/not issuing a pardon for Snowden. 

Why he should not be pardoned 

https://youtu.be/F06n348V0f8

Even if you believe that Snowden did a good thing in releasing this information, the question of a pardon should be out of the question. I believe that Snowden should not be pardoned because although his actions were noble in releasing information to the American people, his actions clearly violated US federal law and compromised National Security. His past security clearances and record of divulging secret information makes him untrustworthy to come back to the US, as his actions could have put US citizen’s lives at risk by exposing information about US intelligence activities abroad, risking further involvement in our affairs by our enemies like China and Russia. Even if he is not a current threat with him losing his security clearance and never being able to work for the government again, he betrayed an agreement of secrecy he agreed to when working for the NSA and can never be trusted again. 

Fratto, the former Deputy Press Secretary I discussed earlier, had a great quote to illustrate this point.  

"The 'top secret' clearance is not a hall pass to go around rummaging for information. It absolutely puts a requirement and creates obligations for anybody who is looking at information," Fratto said. "Because of the 'top secret' clearance that they have, it places an obligation on them — a legal obligation — to treat that information responsibly."

Snowden being exiled in Russia also proves as an issue for a pardon, as his involvement with our most notorious enemy and his usefulness to the Russian Government for information (even if he does not disclose anything to them) would be a risk to national security and cannot risk a “double-agent” scenario. 

References

Bacon, J. (2019, June 26). NA improperly collected US phone call data after saying problem was fixed. https://www.theguardian.com/us-news/2020/sep/03/edward-snowden-nsa-surveillance-guardian-court-rules

Carafano, J. J. (2020, December 17). Edward Snowden should not get a pardon under any circumstances. https://www.heritage.org/homeland-security/commentary/edward-snowden-should-not-get-pardon-under-any-circumstances

Logiurato, B. (n.d.). How A GED-Holder Managed To Get 'Top Secret' Government Clearance. Retrieved June 10, 2019, from https://www.businessinsider.com/edward-snowden-top-secret-clearance-nsa-whistleblower-2013-6

Reuters. (2020, September 3). NSA surveillance exposed by Snowden was illegal, court rules seven years on. https://www.theguardian.com/us-news/2020/sep/03/edward-snowden-nsa-surveillance-guardian-court-rules

Snowden charged with 3 felonies. (2013, June 21). https://www.politico.com/story/2013/06/edward-snowden-charged-nsa-093179

(Edited after 9am due to technology issues- glitches from publishing with an iPad. The videos are now available to view).