« Long Overdue? | Main | Do we need a third year of law school? »

Sunday, May 15, 2005

Security, Privacy, and Shark Bites

Recent discussions regarding the Real ID Act follow the same general path as many discussions about the trade-offs between security and privacy.  These discussions typically begin with taking a security proposal and then weighing it against its costs to privacy and civil liberties.  What is often not done, however, is to put the security proposal through meaningful scrutiny as an effective security measure.  Instead, it is often assumed that the security measure is worthwhile, and the only question is whether it is worth the trade-off in privacy and civil liberties. 

But what if security measures against terrorism were examined with a more critical eye?  I believe that the risk of terrorism is not being assessed in a rational way and is receiving a disproportionate amount of resources.  This can have grave consequences, probably resulting in significantly more loss of life than a major terrorist attack.

Consider the risk of death from terrorism on US soil.  Here are the statistics I could find:

-- 9/11 – 2749 fatalities

-- First WTC bombing – 6 fatalities

-- Oklahoma City bombing – 169 fatalities

-- Unabomber – 3 fatalities

-- Olympic Park bombing – 1 fatality

The total is 2928 fatalities.  This has occurred over the past 15 years.  That’s about 195 lives per year.   Now, consider other risks.  Flu deaths are estimated to be around 30,000 to 40,000 in a good year. Terrorism is nowhere near this danger level.   Another 40,000 die in auto accidents each year.  On the scale of things, dying from terrorism is a very tiny risk.   

Dramatic events and media attention can cloud a rational assessment of risk.  This reminds me of the summer of the shark bite, when a barrage of media coverage about shark bites lead to the perception that such attacks were on the rise.  This wasn’t the case at all.  Consider the following from a CNN article:

The media coverage was prompted by a bull shark biting off the arm of an 8-year-old boy on a Florida beach July 6, 2001. Overnight, shark bites and sightings became major international news, triggering countless TV news reports and front-page stories. . . .

Lost in the hoopla was the fact that in 2001 there were 13 fewer attacks worldwide than the year before, Burgess said. The same year, four human deaths were linked to shark bites compared with 13 in 2000, he added.

Certainly, we should guard against terrorism, but rarely do discussions about the sacrifice of civil liberties explain the corresponding security benefit, why such a benefit could not be achieved in other ways, and why such a security measure is the best and most rational one to take.

What is troubling is that the government could reduce many risks we face if it expended more resources to address these risks.  The government could do quite a lot to prevent flu deaths, such as subsidize more vaccines.  Instead of spending millions studying data mining, maybe that money could be used to study ways to better prevent motor vehicle deaths or injuries.  Instead, because terrorism is dramatic and gets lots of news coverage (like shark bites), it gets a disproportionate amount of attention.

Another risk that is not getting sufficient attention, in my opinion, is the risk from a pandemic of SARS or bird flu.  This could kill millions of people.  Consider the following from CNN:

Pandemics usually occur every 20 to 30 years when the genetic makeup of a flu strain changes so dramatically that people have little or no immunity built up from previous flu bouts.

"During the last 36 years, there has been no pandemic, and there is a conclusion now that we are closer to the next pandemic than we have ever been before," Stohr told reporters.

There are certainly grave risks from terrorism, and we should not ignore these risks.  But we must prioritize risks.  Even focusing on terrorism alone, we must recognize that not all terrorist risks are the same.  There’s only so much damage one can do by blowing up a plane.  In my view, the most serious risks of terrorism include nuclear or biological weapons.  Protecting against bioterrorism would involve many of the same measures to ready ourselves for a pandemic.  Regarding nuclear terrorism, it seems far from clear that increased identification or using databases to spy on people are a good way to address this risk.  Consider this Washington Post article about our response to nuclear terrorism:

The obvious effective way to combat nuclear terrorism seems to be preventing nuclear material from getting into the hands of terrorists.  Nevertheless, the government throws tons of money into identification requirements and into research into data mining, which have speculative benefits at best.  In the meantime, more obvious and effective security measures aren’t being undertaken.  Ironically, those who advocate for security should be just as outraged as the privacy advocates. 

But more than 3 1/2 years after the Sept. 11, 2001, attacks, the U.S. government has failed to adequately prepare first responders and the public for a nuclear strike, according to emergency preparedness and nuclear experts and federal reports. . . .

Security experts consider a terrorist nuclear strike highly unlikely because of the difficulty in obtaining fissionable material and constructing a bomb. But it is a conceivable scenario, especially in light of the lax security at many former Soviet nuclear facilities and the knowledge of atomic scientists in such places as Pakistan.

Posted by Daniel Solove on May 15, 2005 at 04:47 PM in Daniel Solove, Information and Technology | Permalink


TrackBack URL for this entry:

Listed below are links to weblogs that reference Security, Privacy, and Shark Bites :

» Rational Security vs. Symbolic Security from Concurring Opinions
So much for concurring opinions . . . I've been attacked by not only one co-blogger, but two. Earlier on, I posted a critique of the court's decision upholding the NYC subway searching policy against a Fourth Amendment challenge. Jason... [Read More]

Tracked on Dec 6, 2005 12:01:46 AM


I think you are basically correct that we ought to keep the risk of terrorism in context; but I don't think you frame the argument correctly.

Terrorism, even if it has caused relatively few deaths in the US over the past years, is unique as compared with the other risks you identify: the flu and auto accidents.

However high the risk of death by flu and auto accidents might be, I can take cheap measures to minimize those risks. I can get a flu vaccine; wash my hands; stay away from people with the flu; and so forth. I can drive very safely; wear my seatbelt; have a car with lots of safety features; minimize my driving; and so forth.

Of course, there are things I can do to minimize my risk of being a victim to terrorism. Mainly, I can choose not to live in an area that is a likely target of terrorism.

But, overall, whether I or my children will be victims is largely out of my control.

That's why we are all terrorized by terrorism, I think.

Posted by: amosanon1 | May 16, 2005 10:55:34 AM

The comments to this entry are closed.