NOEL KING, HOST:
Michael Chertoff was secretary of Homeland Security during President George W. Bush's second term. Chertoff also helped write the Patriot Act, which many privacy advocates think of as a vast government overreach into private lives, so it may seem surprising that Chertoff is now out with a new book about privacy and the appropriate collection of data. I talked to him about the book. It's called "Exploding Data: Reclaiming Our Cyber Security In The Digital Age." And I asked him if he's changed his mind about the Patriot Act.
MICHAEL CHERTOFF: No, it's not a question of changing my mind. I think, first of all, people sometimes really misunderstand the Patriot Act. Much of what it did had to do with sharing of information the government already held but was restricted in sharing among different agencies, and some of it dealt with treating what was generated as communication over the Internet under the same standard as telephony.
But I will say this. I became aware of the enormous potential for good, but also of the risks involved in data collection. And as we went through various iterations of government collection of information, what we saw was, as people became concerned that maybe something was too generous to the government, it was tweaked, and it was maybe pulled back a little bit.
KING: What does that look like?
CHERTOFF: So a good example is this. There's a program that existed under the Patriot Act which allowed the government to basically collect what they call metadata. Metadata is who called who and how long. It does not involve the content of a conversation. People got concerned about that, so eventually, what happened under the Obama administration is, they changed the rule, and they said, OK, the government can't collect the metadata; it has to stay in the hands of the telephone or Internet companies until you get appropriate judicial permission to inspect it.
KING: We know about the metadata because of Edward Snowden's leaks, not because the government came out and said, you know, we've been doing this terrible thing. Do you really trust the government to monitor and police itself?
CHERTOFF: You know, actually, I do trust the government. First of all, the Congress knew about the collection of metadata, and the courts knew and approved of it. And although Snowden may not have liked it, it did comply with the law, and it was being regularly reviewed.
KING: But nothing changed - nothing changed until the leaks and until the public found out about it. If we didn't know, wouldn't this still be going on?
CHERTOFF: Well, I do - look; I think transparency - somewhat greater transparency would be a good thing because, frankly, I think if the government had made clear the scope of the program earlier and had released some of the judicial opinions, which were - eventually came out, people actually would've been, by and large, OK with it.
KING: All right. So you're saying that the government does adapt to people's concerns.
CHERTOFF: Remarkably, the government's much more adaptable than the private sector to issues about privacy.
KING: Why is that, do you think?
CHERTOFF: I think, frankly, it's the result of many, many years of battle scars. If you go back decades ago, you know, the government has been in - sometimes gotten in hot water over issues of collection. And so over time, the government has become sensitive. I think the private sector for a long time was viewed as the good guys. And I think what people have begun to recognize is that there is enormous value in personal data and that that is being harvested by the companies, and then that creates the risk of misuse.
KING: There's a section in your book where you sort of take a glimpse into the future, and you imagine a U.S. society where people know that their data is being collected and where they begin to feel as if they're always being watched, and then they change their behavior. Is that the future that you think we are headed towards?
CHERTOFF: I think it's a future we may be headed for if we don't take steps now. So look at all the data we generate now. If you have a personal exercise device, it generates data. Your credit card generates data about what you buy. You may be wearing a device that measures how you sleep. Someone could literally look at everything you do and make a judgment about whether you're living a healthy lifestyle or not-so-healthy lifestyle, and then your health insurer could decide they're going to raise your rates or lower your rates. And pretty soon, what would happen is you - every time you made a decision, you would say, hmm, am I being monitored?
KING: So I really want a BLT, but I know that my health insurance company is going to know that I'm eating bacon, and so I'm not going to have the BLT. I'm going to have a salad.
CHERTOFF: That may be one thing, but it may also mean you're not going to go certain places because you're worried a future employer may hold that against you, or you're not going to buy certain things because you're afraid a future employer may think that that shows your frame of mind is not good.
KING: Michael Chertoff is author of the new book "Exploding Data: Reclaiming Our Cyber Security In The Digital Age." Mr. Chertoff, thank you so much.
CHERTOFF: Thank you. Transcript provided by NPR, Copyright NPR.