Article

Regulating Mass Surveillance As Privacy Pollution

Learning From Environmental Impact Statements

Encroachments on privacy through mass surveillance greatly resemble the pollution crisis in that they can be understood as imposing an externality on the surveilled. This Article argues that this resemblance also suggests a solution: requiring those conducting mass surveillancein and through public spaces to disclose their plans publicly via an updated form of environmental impact statement, thus requiring an impact analysis and triggering a more informed public conversation about privacy. The Article first explains how mass surveillance is polluting public privacy and surveys the limited and inadequate doctrinal tools available to respond to mass surveillance technologies. Then, it provides a quick summary of the Privacy Impact Notices (“PINs”) proposal to make a case in principle for the utility and validity of PINs. Next, the Article explains how environmental law responded to a similar set problems (taking the form of physical harms to the environment) with the National Environmental Policy Act of 1969 (“NEPA”), requiring Environmental Impact Statement (“EIS”) requirements for environmentally sensitive projects. Given the limitations of the current federal privacy impact analysis requirement, the Article offers an initial sketch of what a PIN proposal would cover and its application to classic public spaces, as well as virtual spaces such as Facebook and Twitter. The Article also proposes that PINs apply to private and public data collection—including the NSA’s surveillance of communications. By recasting privacy harms as a form of pollution and invoking a familiar (if not entirely uncontroversial) domestic regulatory solution either directly or by analogy, the PINs proposal seeks to present a domesticated form of regulation with the potential to ignite a regulatory dynamic by collecting information about the privacy costs of previously unregulated activities that should, in the end, lead to significant results without running afoul of potential U.S. constitutional limits that may constrain data retention and use policies. Finally, the Article addresses three counterarguments focusing on the First Amendment right to data collection, the inadequacy of EISs, and the supposed worthlessness of notice-basedregimes.

The full text of this Article is available to download as a PDF.