Privacy and Mass Surveillance of Terrorism through Big Data

In this paper, I will analyze the different theories proposed to ensure the protection of privacy and the the use of big data surveillance. For this purpose, I will briefly set the scene by recalling the Snowden revelations and clarifying what is meant by "big data" (when using the word "terrorism" I refer to its American legal definition). I will then analyze the US legal framework and discuss the proportionnality of the massive surveillance.

Tere are many definitions of "[Big Data". The three elements that are classically associated with Big data are the three "V"s, namely, Volume, Velocity and Variety. This means that Big Data involves the processing of an important amount of data (volume), that such data includes different kind of data (vareity) and that big data is characterized by the rapidity of the processing (velocity). Through using Big Data, it is possible to determine patterns of conducts and to make predictive deductions due to the correlation of these patterns. In the recent years, surveillance through Big Data is very often associated to the prosecution and prevention of terrorrism. The Snowden revelation showed that the NSA is collecting huge amount of data and that it monitors online communication through the collaboration with private companies. In the recent years, we have seen examples of how Big data has been used by intelligence services in suspected terrorism case. If this paper will focus on the collection of information by the NSA, it is worth noting that this use of Big Data is not limited to the American intelligence services.

Under the actual legal situation, there are very few situations in which the fourth amendement will apply to the situaiton described above. In the online world, the presence of intermediaries to provide the communication triggers the application of the third party doctrine,(resulting from the famouse case Smith V. Maryland), thereby excluding expectations of privacy on most of the online information. In my opinion, this doctrine should be modified to better fit the reality of today's society: just because and information is shared with an intermediary to transfer information to a third party does not mean that the communicants have no expectations of privacy with regard to this information.

Part of the collection of data under the PRISM program was subject to the section 702 of the Foreign Intelligence Surveillance act. To summarize, this section of the act intends to facilitate the surveillance of non-US citizens reasonnably believed to be located outside of the United States. THis provision does not allow to "intentionally" target US persons or Non-US persons known to be located in the United States. This provision is the legal basis for the PRISM program. A FISA court decided that the NSA could use information relating to US persons that were "inadvertently" collected. In an interview conducted by John Oliver (and mixing journalism with comedy, in order to raise awareness of the public), Edward Snowden mentioned that, in practice, this meant that if information relating to US persons were temporarily stored as a back up in Europe, the information will be processed by the NSA. This raises questions. How can the law create a distinction based on categories of persons (i.e. more or less corresponding to US citizens) when the functioning of the internet is so international? I wonder to which extent it is technically possible to distinguish communication on the basis of their sender/reciever. THe protection of privacy requires ecological measures, because privacy is an environment that we all share. On this assumption it seems complicated to distinguish which kind of person has a right to breath a better air than another.

The collection of domestic metadata relating to ponecalls were also conducted by the NSA pursuant to section 215 of the USA PAtriot Act. It is interesting to note that the data collected consisted in metadata. According to a long established idea, metadata is less intrusive upon one's privacy thant content. However, as I have shown abouve, throught he use of Big Data it is posible to deduct a series of correlations, which can result in discovering the content. This idea that metadata is less intrusive upon one's privacy does not entirely correspond to today's technologies.

Mass surveillance : proportionality?

The above shows that the regulatory framework of surveillance should stop or should be reformed. In my opinion the costs to human privacy are too high compared to the advantages. In most cases, massive surveillance is justified by the need for security.Even though there are counterexamples where the authorities succeeded to stop the attacks before they occur, it is worth noting that in some of the recent attacks, the perpetrators were already listed as potentially dangerous and were known by the authorities (it was the case for the Paris and Brussels attacks, but also for the attacks in Orlando, where the terrorist had already been interviewed several times by the FBI).

Even more recently, the attacks were perpetrated by so called "lone wolfs", namely individuals that more or less suddenly decide on their own to commit terrorist attacks, without having previous links with a terrorist cell. This was for example the case of the attacks in Nice. According to witnesses, the terrorist got radicalized very quickly. These new kinds of terrorists raise new questions for enforcement authorities: they are difficult/impossible to detect and to prevent.

Finally, masive surveillance does not prevent terrorists from using encryption making it harder for massive surveillance to be really effective(which does not mean encryption should be regulated). Some argue that the above flaws in the security offered by massive surveillance are the proof that more surveillance should be carried out. Surveillance through data mining of online behaviors could show a correlation between certain behaviors and terrorists' behaviors, and therefore give a more or less reliable indication that a person is about to commit an attack.

In my opinion, this would imply that the entire population gives up most of its rights to privacy and of free speech, in exchange for a tool that I believe would be much less efficient than prevention campaigns, education and social policies aiming at inclusion and diversity.