The Conversation: Susan Landau on Surveillance Technology

Francis Ford Coppola’s 1974 film THE CONVERSATION stars Gene Hackman as a masterful engineer of surveillance technologies. In 1974, these technologies were analogue machines. Now, devices from computers to televisions contain software that collects data. Science & Film spoke with engineer and cybersecurity expert Dr. Susan Landau following a screening of the film at the Museum of the Moving Image.

Science & Film: Is surveillance more common now than when THE CONVERSATION was made in 1974?

Susan Landau: What struck me about the film is how much simpler it is to surveil now than it was then. [Gene Hackman’s character Harry’s] devices are large and physical, as opposed to using a piece of software to do the same thing.

There is much more collection now. We walk around with cell phones; the cell phone is on and cell towers pick up where we are and track users. When you use a metro card on the subway, the data of where you used the card is available. Some of that data is collected by private companies and is available to law enforcement and the government under subpoena–that just means that it has to be relevant to an ongoing investigation. If law enforcement wants content, like the content of a phone conversation, it needs a wiretap warrant and a much higher level of probable cause in order to start recording phone calls.

I live outside of the city half the week. When I walk my dog in the morning I am in the woods, I don’t have my phone, and I’m not next to any electronic devices that are picking up anything I’m saying or doing. But during the week I have my cell phone with me, I take public transportation, I may swipe my ID card to get into the mailroom at work, and there are many ways that I’m leaving electronic trails.

S&F: What sorts of policy discussions were happening at the time Coppola made the film?

SL: In the 1970s there was a lot of concern about computer collection of data. With computers, in the 1960s, banks started to use information sharing and became much more capable of learning which borrowers had defaulted on loans at other banks. The Fair Credit Reporting Act was passed in 1970, which says that banks can collect and share data with other banks but not without consumer permission. This was a very important law not just for the rights it gives individuals, but also because it established the idea of controlling the use of data.

There were a set of Fair Information Practice Principles [proposed in 1973] that included giving the consumer or user notice that their information was being collected, and giving them a choice about whether that information could be used. Fast-forward to now and it’s much harder to do that for a lot of reasons.

First of all, information is being collected from all different devices including every time a user browses the internet, every time they use a metro card. Asking users each and every step of the way is not functional. In 2014, the President’s Council of Advisors on Science and Technology issued a report that essentially said: notice and choice are dead and what we need instead are control and use. That is exactly what the Fair Credit and Reporting Act from 1970 does; it controls the use of the data. Another type of law that does that is GINA, the Genetic Information Nondiscrimination Act [from 2008], that says a person’s genomic data cannot be used as a basis for discrimination by health insurance companies. But it doesn’t say anything about prohibiting the use of that data to discriminate against members of her family who may share that same gene.

Today, people haven’t analyzed use cases carefully yet. It’s much easier to have one broad principal like notice and choice than to look at this or that use case. So although the 2014 report is very good, we certainly haven’t followed through with laws.

S&F: It seems very unclear what the rules for use of information are.

SL: I wouldn’t say that. I think it’s very clear that, with few exceptions, there aren’t rules controlling use.

S&F: Is that something that concerns you?

SL: Very much. I’m cautious. Probably not as cautious as I should be but I am cautious about what services I use, where I put my data. There is lots of information being collected in a number of different ways. Finding out all those ways is very expensive and hard, so often the way to control that is to opt out. But you can’t really opt out. Suppose you don’t want Google to have your email: you don’t have to have a Gmail address but many of the people you correspond with do. That means that your emails to and from them are at Google.

So yes, we do need better laws, more laws, and I think this is a situation where figuring out what the right rules are is hard. The U.S. has always gone for an ex-post-facto way of handling such problems; that is, after we see a problem we regulate technology. The Europeans tend to regulate technology first and while it can solve some problems it also hampers the development of new technology.

S&F: Why should people care about the privacy of their information or communications?

SL: There are all sorts of things we do in private. There are different things you say at home than at work. And we say all sorts of things that we do not want people to keep records about. You don’t stand in front of a window and get undressed–you close your shades.

When pieces of information leak they can present us in ways we do not want to be seen.

When emails were taken from the Climate Research Unit at the University of East Anglia in the U.K. in 2009 and quoted out of context, they made it look like the scientists were producing data that was incorrect. You can quote anything out of context.

THE CONVERSATION is available to stream on Amazon and iTunes. The film is written and directed by Francis Ford Coppola, and stars Gene Hackman, John Cazale, Allen Garfield, Cindy Williams, Teri Garr, Harrison Ford, and Michael Higgins.

Susan Landau is a professor in the Fletcher School of Law and Diplomacy and the School of Engineering, Department of Computer Science, at Tufts University. She is the author of multiple books, most recently Listening In: Cybersecurity in an Insecure Age, which was just published by Yale University Press. Dr. Landau is in the Cybersecurity Hall of Fame, and is a fellow of the American Association for the Advancement of Science and the Association for Computing Machinery.