Ethics@Work: Big Bot is watching you

The European Union Data Retention Directive threatens customers' privacy.

asher meir 88 (photo credit: )
asher meir 88
(photo credit: )
When we were in yeshiva studying the Talmudic rule that an invasion of privacy is considered a type of damage, our teacher, Rabbi Lichtenstein, challenged us to consider whether the damage in question was the embarrassment of being observed or rather the inconvenience of having to avoid private activities and to think of possible practical distinctions. Perhaps our rabbi was thinking of the new European Union Data Retention Directive. The European Union Data Retention Directive obligates service providers in EU countries to keep certain confidential customer data on file for a period of months in case it may be needed by law enforcement officials, particularly for fighting terror. Typically they want to know whom you call and e-mail. Some countries are drafting even stricter local laws, which would preserve not only when calls were made and to whom but also where. Privacy watchdog groups complain that this is "surveillance," but is it? Only the computer is watching you; an actual human being can extract the data only with a court order. Perhaps it depends on Rabbi Lichtenstein's distinction? The point is that before we can decide on the appropriate balance between the right to privacy and the need to fight terror, or in the words of the Directive "everyone has the right to respect for his private life and his correspondence," yet "retention of data has proved to be such a necessary and effective investigative tool for law enforcement," we have to decide exactly what the right to privacy is meant to provide. If privacy is meant to prevent us from the feeling that we are being constantly watched, then the new directive is not very threatening. The data in question is already being stored; the directive only requires it to be kept a bit longer and perhaps organized a bit better. If privacy is meant to ensure freedom of action, then privacy is restricted by the new directive. In fact, the directive is specifically intended to forestall certain hostile actions by increasing the chance they will be detected. The question is then to what extent the Directive and its various local extensions will restrict and chill legitimate activities. One claim often made in defense of statutes limiting privacy, for example requiring identity cards, is that only criminals have to fear them: law abiding citizens have nothing to hide and therefore no reason to object to being tracked. I believe this argument has limited validity, for two reasons. First of all, criminality and wrongdoing are not the same. (I have written about this before.) One hallmark of a free society is that it places limits on law enforcement that make it difficult to enforce unjust laws. If we have laws limiting privacy, only criminals will have to fear them, but laws could more easily be passed that would turn innocent people into criminals. Second, effectively outlawing an antisocial activity almost invariably has a chilling effect on legitimate activities. To take a contemporary example, many American groups, particularly church groups, are opposed to cracking down on illegal immigrants. First of all, they believe that many immigrants should be welcomed. They welcome ineffective enforcement since, in their opinion, it prevents carrying out unjust laws. Second of all, these laws may create hardships for even legal immigrants, since anyone with the wrong accent or mannerisms may become a suspect. All in all, I think the Directive is relatively harmless. The data it regulates are being stored in any case; I don't think any law-abiding citizen has anything to fear if carriers hold on to the data a few more months. But some of the local legislation, such as a German proposal that might outlaw anonymous e-mail addresses or anonymous pre-paid cell phones, is quite far reaching. Another problem with the German proposal is that the restrictions are so easily evaded that far from inconveniencing only the guilty they would in practice inconvenience only the innocent. A possible compromise would be an explicit provision that data could be obtained by law enforcement officials only for a particular class of crimes. If the motivation for the restriction is combating terrorism, then perhaps it could be written into the law that warrants can be given only for violent crime, or a few other violations often associated with terrorists such as money laundering. This could sidestep some of the chilling potential of the legislation with minimal interference in its main intended justification of helping to track down terrorists. The writer is research director at the Business Ethics Center of Jerusalem (, an independent institute in the Jerusalem college of Technology.