Since the tragedy in Boston three weeks ago, there has been much talk in the media and political circles about technology that helped capture the suspects, the role of surveillance, and the critical issue of how privacy should be handled in the digital age. Yet the public facts known so far do not call for new governmental surveillance powers or tools.  Instead, the investigation supports the conclusion that the government’s current actions did not cross the Fourth Amendment line, and complying would not harm future terrorism investigations.

First, the familiar attempt to throw privacy out the window: The Mayor of New York City Michael Bloomberg led the way last week, saying that, despite privacy concerns, “our laws and our interpretation of the Constitution, I think, have to change.” NYPD chief Ray Kelly echoed Bloomberg,  saying, "I think the privacy issue has really been taken off the table," in reference to surveillance after the bombings in Boston.

Bloomberg said terrorists “want to take away our freedoms,” yet his solution seems to be the government should take our freedoms away first. This is folly, and the very reduction of privacy and freedom is what could give victory to terrorism. 

In an excellent and poignant column immediately after the bombing, security expert Bruce Schneier wrote in The Atlantic about the reaction we all should have: “When we react from fear, when we change our laws and policies to make our country less open, the terrorists succeed, even if their attacks fail.” He continued: “there's one thing we can do to render terrorism ineffective: Refuse to be terrorized.”

To Schneier’s point, the risk of terrorism is on the decline and has been since the 1970s, according to the Global Terrorism Database. And a report by the National Counterterrorism Center (NCTC) showed the risk of Americans being killed in terrorism attacks that occur worldwide is exceedingly low. Of the 13,288 people killed by terrorist attacks in 2011, 17 were private U.S. citizens—.001 percent. In fact, you are far more likely to be struck by lightning than be killed by a terrorist.

These calls for less privacy also tend to ignore the fact that we’ve already given away a tremendous amount of our privacy since 9/11, despite the relatively low risk of terrorism in comparison to all sorts of other crime and causes of death, and have little additional safety to show for it. The PATRIOT Act, the FISA Amendments Act, the NSA’s warrantless wiretapping, National Security Letters, or others were all implemented with the promise that giving up liberty would increase our safety.  The NYPD now has a “Domain Awareness System,” which “allows officers to tap into live video camera feeds, 911 calls, mapped crime statistics, and license plate readers” all at once—with little oversight. And those are just a few of the programs we know about.

While most of these programs are still tremendously secret, the information we do have indicates that they have been abused many times. The NYPD, for instance, has been widely criticized for its post-9/11 pervasive surveillance. Read the Associated Press’ Pulitzer Prize winning series for more.

Let’s focus on just two areas that the Boston bombing brought to the forefront. 

Government Surveillance Cameras

First, do the facts support a call for increased government surveillance cameras?  No, they do not.

There’s certainly been an epidemic of media support for cameras in the aftermath of the Boston attack.  We suspect that companies selling cameras are already lining up outside the doors of state and municipal officials hoping to snare some tax dollars from panicky officials.

But as many others have pointed out, it is important to remember, despite the fact that the bombers were surrounded by dozens of cameras, the cameras did not prevent the bombing.  This is consistent with what has occurred in other such attacks, including the attacks in the subway in camera-happy London.

Cameras were quite helpful, along with other evidence, including eye-witnesses, in identifying the suspects after the fact. But importantly, the footage that identified the suspects didn’t come from government cameras – it came from private ones, volunteered from businesses and individuals, and provided more than enough to identify two people in days. 

Why? Private cameras provide an informal check on government misuse. In a case like the Boston Marathon bombing, people wanted to help the government solve the heinous crime.  It wasn’t hard for the government to collect terabytes of volunteered information.  Yet private entities might be much more reticent to volunteer their photos and videos in the case where the government was overreaching or oppressive.  If the authorities still want those private photos and videos, they can seek it through legal process, but allowing people to decide in the first instance when to share their private videos and photos with the government can serve as an important check on governmental overreach.

Finally, unless there is an emergency, private photos and videos usually remain in private hands, even if sometimes publicly available on private websites. Government surveillance footage is increasingly being organized and combined with other government information and used in ways that we often have no knowledge of, much less control over. 

One of EFF’s longstanding concerns with untargeted, automatic government collection of information about people is the secondary uses. That is, the government desires to keep, correlate and analyze data about nonsuspect, innocent Americans—whether it’s surveillance cameras in public places, license plate readers or warrantless wiretapping—just in case you fall under criminal suspicion. 

Private photos and videos can also be collected and collated, of course, but the systemic governmental systems are more worrisome, and likely create more of a chilling effect on Americans in their exercise of their rights to free speech, than disparate, private photos and videos.

Cell Phone Tracking

Second example: the police use of cellphone tracking to follow the car hijacked by the Boston suspects. The owner of the car had left his cell phone in it after the hijacking and, with the owner’s permission, the police used it to locate the car.

Once again, no additional police powers were needed.  The private citizen, the carjacking victim said he gave the police permission to locate his phone, something that is not surprising given the situation.  But even if the police were seeking to locate the suspects' cell phones, this should not have been a problem. Even assuming they did not have enough information initially, once the carjacking victim had contacted the authorities, there was probably cause for a warrant due to the theft of the vehicle and—due to the suspects' confession to the victim—the MIT murder and bombing.

EFF has long been saying that the Fourth Amendment should require the police to get a warrant when tracking cellphones, as well as pushing for legislation  that would formalize this. Requiring the government to follow the warrant rules in seeking cell phone locations wouldn’t have hurt the Boston investigation, but it would protect many, many people. 

Last year alone, local, state and federal law enforcement agencies requested cell phone data a shocking 1.3 million times. Much of that time, it was location data without a warrant. In emergency situations like Boston it’s important for police to act quickly, but in the course of normal investigations the oversight and limits provided by the warrant requirement are just as paramount.

The capture of the Boston suspect was made possible by old-fashioned police work and the willingness of the public to help in such a trying time. Technology surely assisted in this effort, but it’s important to note where it was and was not helpful, and to ensure that we don’t let the few dramatic situations lead us to downgrade our own privacy in everyday law enforcement situations.