A giant government surveillance program has scooped up sensitive personal information on literally millions of Americans. The spying almost certainly includes the creation of digital dossiers on people. It is apparently conducted without minimization requirements, without court orders, or legislative oversight—indeed, without any publicly known rules. The dossiers include mental health information, individuals' alcohol and drug histories, and people's past criminal histories; they include intimate contacts, family networks and friends. They include social security numbers. It's everything civil libertarians and privacy activists have been warning about for years.
Yet the privacy community is virtually silent. Look on the websites of the major privacy groups and you'll see almost nothing about this program. Don't look for breathless coverage of it on the The Intercept either.
The reason? This giant surveillance program isn't being run by the United States government. It's being run against the U.S. government—by the Chinese government. And for some reason, even the grossest of privacy violations—in this case the pilfering of millions of background investigations and personnel records—just doesn't seem so bad when someone other than the United States is doing it.
For the record, I have no problem with the Chinese going after this kind of data. Espionage is a rough business and the Chinese owe as little to the privacy rights of our citizens as our intelligence services do to the employees of the Chinese government. It's our government's job to protect this material, knowing it could be used to compromise, threaten, or injure its people—not the job of the People's Liberation Army to forebear collection of material that may have real utility.
Yet I would have thought that privacy groups that take such strong views of the need to put limits on American collection, even American collection overseas against non-U.S. persons, would look a little askance at a foreign intelligence operation consisting of the bulk collection of the most highly-personal information—an operation involving not only government employees but also those close to them. You'd think this would raise someone's privacy hackles, if not mine.
Yet take a look at CDT's website. It's busy triumphing over the passage of the USA FREEDOM Act and, ironically enough, worrying about the privacy implications of pending cybersecurity legislation. The ACLU also responds to the news of the OPM breaches by criticizing cybersecurity legislation. EFF? Nope. That group doesn't seem to mention the OPM hacks at all. The Intercept has one good story, but you'd certainly never know how badly these hacks outmatch the NSA's most aggressive programs as threats to Americans' privacy from reading the publication founded to pick the Snowden scab.
Why the difference? I'm really not sure how to explain it. One possibility is simply that privacy advocates expect the Chinese to run roughshod over people's privacy, so they're not that outraged when the Chinese go and do it. Another possibility is that they have such totally inflated expectations of the moral purity of our own country's foreign intelligence activities that they become outraged when those agencies behave like, well, intelligence agencies. Still another possibility, I suppose, is that they would contend that this material, consisting of government records, is fair game. I could actually accept that argument, except that I don't believe the same privacy groups would sit still for the bulk collection by our own intelligence services of, say, all personnel records of the Chinese government.
To put the matter simply, there's a huge double-standard at play here. In the wake of this spate of revelations, I'd like to hear some privacy advocate explain why I should continue to regard the world's great threat to privacy as NSA.