Everyone knows the difference between documented communication and casual conversation. Letters, contracts, electronic documents and e-mail are all understood to be forms of documented communication that may last beyond their original intent. Casual communication, however, has always carried an implied aura of privacy. A chat between friends on the street or a phone call to a colleague were thought to be private and beyond surveillance except in extraordinary situations. Unless an authority had a reason to believe you were part of some illegal activity, you could feel confident that most of your day to day interactions with others were private. Modern communication technologies, however, threaten to break this implied linkage between immediacy and privacy, and open up contentious issues related to civil liberties.
A number of high-profile court cases have brought the privacy issues surrounding instant messaging and cell phone text messaging into public awareness. These two technologies have blossomed precisely because of their immediate, conversational nature. Interactions are almost exclusively between just two people, usually social acquaintances but often work associates, and they share more characteristics with a phone call or a chat over coffee than with an email or a corporate memo. As a result, most users assume that when an instant message or text message exchange is over, it's gone. However, some law enforcement and legislative entities are taking the position that since the information is in text form and may still exist somewhere in the corporate network, then the content is fair game for review. Is this a proper assessment of data, or is it actually a form of retroactive wiretapping?
Before you answer, consider voice over IP. It doesn't take a lot of imagination to extrapolate the current situation with messaging to technologies such as VoIP. After all, at some point in a VoIP system, the packets are assembled to play the voice you hear on the receiver. That sound data resides in volatile memory somewhere in the system. Now, what if an information system, by design or legislative mandate, saves those sounds to nonvolatile memory or disk? Is that stored information now open to blanket review? Should we assume that all electronic communications have no privacy standing? Will our entire electronic lives be effectively turned into giant TiVo boxes, where authorities can rewind and replay our past at any point they deem appropriate? This technology is opening ambiguities in civil liberties laws that lower courts are currently dealing with in an ad hoc manner. And as is too often true, the law is sadly trailing in comprehending these issues.
This question is much more than just an exercise in civil liberties. If the authorities extend requirements like those of the Sarbanes-Oxley Act and Basel II to communications providers, the costs could literally be in the billions. Recent cases involving text messaging have already spurred US legislators to float bills that would require messaging system providers to archive the content of all messages for either a set period of time or upon notification by authorities that a crime involving text messaging may have occurred. Imagine the cost of building information systems to archive every text message or instant message or video chat. Now multiply that cost and complexity to cover not only the administration of such systems, but also the ability to respond to varied data requests from whatever national, trans-national or local authority deems it necessary.
It's irrational to assume that all electronic communications are immune to privacy considerations, just as it would be to think that all electronic communications are private. We have long possessed the technology to record every conversation from every phone in the country, but the costs are prohibitive, and the invasiveness seemed excessive. Why then shouldn't we question efforts at the digital equivalent of such Draconian measures?
Understanding and coming to a consensus on a middle ground in this issue will be more about behaviour than technology. At some point, information systems bear the fundamental characteristics that make them private conversations, and as such should be held as private unless there is prior judicial concurrence of surveillance. Let's hope that some broader debate can emerge on this topic before we have too many knee-jerk laws and regulations to unwind.
Christopher E. Getner is CEO and chief technology officer of Aaxis Technologies, a provider of data management and information processing services for US law firms, corporations and government agencies.