February 1, 2002

New technologies often come with potentially harmful uses. The reasonable policy response is to promote incentives, checks, and balances that encourage the benefits of new technology while minimizing harm. The unreasonable policy response is to attempt to ban the new technology.

People who want to regulate new technology by banning it often are referred to as Luddites. People who want to ban technology in the name of privacy should be called Privacy Luddites.

Luddites typically have laudable goals and valid concerns. However, banning a useful technology is rarely effective, and even if it could be effective it would be very costly. After all, banning the technology means foregoing the benefits as well as the potential risks.

By reacting in knee-jerk fashion, Luddites lower the quality of debate. They marginalize themselves and their cause, because in many cases the Luddite option does not deserve to be taken seriously.

Today, airport security gives us close to the worst of all possible worlds. It is not effective. It imposes huge costs, including the cost to passengers of waiting in line to be searched. And it is highly intrusive, with people having their personal belongings opened and inspected.

In deciding the level of screening to which to subject a passenger, our airport security system uses the following information:

1. the individual's answers to the infamous "Did you pack your bags yourself" family of questions
2. whether the individual is found carrying a sharp or flammable instrument, such as an eyebrow pencil sharpener or a book of matches

The following information is thrown out of the screening process:

1. how the individual purchased the ticket (cash or credit card)
2. whether the ticket is one way or a round trip
3. how many frequent flyer miles the purchaser has
4. whether or not the person is traveling with relatives, including children

The following information could be obtained easily for use in the screening process:

1. whether the individual has a foreign passport
2. whether the individual is sought by the FBI or the INS
3. whether the individual owns a home
4. whether the individual owns a car
5. the length of the individual's credit history relative to the individual's age
6. whether the individual is registered to vote
7. whether the individual has paid income taxes in the past few years

My guess is that using all of the factors listed above, one could come up with a very effective algorithm for handling airline safety. The overwhelming majority of passengers could be safely allowed on board without further scrutiny.

The algorithm would highlight those few passengers who fall into high risk classes. Those passengers could be interviewed (as El Al does with all passengers) to clarify their risk status, and only those very few who are not cleared by the interview would be subject to the sorts of invasive searches that are conducted at random today.

This sensible approach to airport security is anathema to privacy Luddites. In their view, once airline security agents can correlate data in this manner, our privacy and freedom from tyranny will be threatened.

Let me state clearly that I share the goals and concerns of people who I am calling privacy Luddites. In particular, I worry that

• organizations with access to data could use that data to take advantage of me
• government organizations with access to data could use that data to identify and punish dissidents

However, I believe that the best protection that I have against tyranny and abuse of my private information is a transparent and accountable government. For more on this point of view, read David Brin's The Transparent Society.

If databases are outlawed, then only outlaws will have databases. I am confident that there are government agents and private investigators somewhere who know how to correlate individual data in credit bureaus, banks, property tax records, INS records, and so forth. The question is whether these are going to be agencies shrouded in secrecy acting with no oversight or whether they are going to be agencies subject to checks and balances.

I would like to see even more data made available for evaluating the security risk of different individuals. In an earlier essay, I advocated ethical ratings for individuals, comparable to credit ratings. I would like to see such ratings used by government agencies and private firms responsible for security.

However, what I would also like to see is a high degree of accountability on the part of those engaged in the security system. Auditors should make sure that database access is controlled. They should make sure that the organizations with access to data have policies that clearly state how data will and will not be used. And of course the auditors should make sure that procedures are in place to prevent policies from being violated.

The best way to fight to preserve individual privacy and liberty is to promote open charters and strong accountability mechanisms for agencies that are involved in the security system. (Again, see The Transparent Society.) We will have to overcome the security organizations' passion for secrecy. But we also will have to overcome the knee-jerk response of privacy Luddites.