This summer’s crop of blockbuster films brings with it the long-awaited return of the "Bourne" series. Robert Ludlum’s latest tale crafts a compelling and timely depiction of one of today’s hottest legal topics — the intersection of technological progress and data privacy— and takes a trip down (recent) memory lane as it meanders through a land filled with Edward Snowden, government access to data, and the Apple encryption debate. But just how much of the legal tale is true, and how concerned should the average citizen be when it comes to privacy protection?

Existing American legal precedent provides a film backdrop rich with controversy. U.S. privacy laws have long enjoyed the basic freedom which come with negative liberties; broadly speaking, domestic entities are allowed to act freely unless expressly forbidden by law or regulation. The U.S. data protection system is thus based on a sectorial approach wherein a series of statutes afford data collection protocols and governance in limited areas; children are protected via the Children’s Online Privacy Protection Act, and health information retained by insurance providers is protected via the Health Insurance Portability and Accountability Act. For any sector not governed, limited, or forbidden to collect data by statute, entities are allowed to generally collect any data they want. As technology has progressed, so too has data collection and analysis. This is especially true in regards to national security, long among the top priorities for the U.S. government, which has been helped by emerging legislation that not only authorized such collection of data, but shielded it from public questioning. Perhaps the most notable example is the Foreign Intelligence Surveillance Act, passed in 1978. With the passage of the Act came the creation of the Foreign Intelligence Surveillance Court, which provided ex parte courtroom settings for the government to request electronic surveillance allowances and whose rulings were automatically top secret.  

As with all Bourne films, the story unfolds as our protagonist is chased by the suits at Langley through a series of foreign countries. In "Jason Bourne," the latest concern is that Bourne has come into possession of internal, top-secret CIA and NSA documents, and may intend to make them public. The filmmakers are obvious in acknowledging the reference to Edward Snowden, who exploded onto the world the full extent of U.S. intelligence gathering activities and pushed into the mind of the average citizen an understanding of unfettered data collection at a level not before imagined. 

At the center of "Bourne" is a fictional company named Deep Dream, a thinly-veiled reference to both Facebook and Google that has secretly held the hands of the NSA while assuring its masses of customers that their data will be kept private. The parallel is clear to the NSA Prism program, also made public by Snowden’s releases. Prism called for the collection of data from online providers including email, chat services, videos, photos, stored data, file transfers, and video conferencing, to be aggregated and accessible by the NSA. A number of America’s largest internet service provider companies (Google, Facebook, Yahoo!) were named by Snowden’s NSA slides as participants in the program. Media accusations claimed such participation might even include open access by the NSA to all such data at any time and without a warrant. (When asked by The New York Times for a response, several companies responded that they did not allow the government “open-ended access to their services” but noted they did comply with lawful requests.)

Several scenes in the movie offer opportunities for the filmmakers to weigh in on the debate between tech and privacy advocates. The presence of Scott Shepherd as Director of National Intelligence Edwin Russell gives a mouthpiece to the side of government, and brings to mind the 2013 testimony of James Clapper (then-U.S. Director of National Intelligence) as he defended to Congress the NSA program BOUNDLESS INFORMANT, designed to quantify the agency’s daily surveillance activities with exactitude. Clapper testified that the NSA did not collect any type of data at all on millions (or hundreds of millions) of Americans. He was soon thereafter proved to have knowledge that in a 30-day period surveyed and ending in February 2013, one unit within the NSA collected more than three billion pieces of communication data from U.S. communication systems alone.

Privacy and security advocates alike will take pleasure in the scene set at a restaurant which plays out between CIA Director Robert Dewey (Tommy Lee Jones) and head of Deep Dream Aaron Kalloor (Riz Ahmed). The actors frame the ultimate debate at this table: Should we be more concerned with privacy, or with security? Jones as the archetypical bureaucrat and Kalloor as the stereotyped tech wonder kid argue each side in turn; yes, the pressing security needs of a political superpower cannot be underestimated, and data is a weapon in our protection. At the same time, personal autonomy and privacy have never been more precarious, and a U.S. citizen’s basic rights (including the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures) have been promised. While it’s encouraging that the filmmakers have paid homage to this popular debate, bringing the dinner table discussion to the big screen, the scene ends all too abruptly, without really exploring the nuances of the issue. (What have we lost already, and what have we learned already? What are our sister nations doing to address this concern? What does the average citizen know, or not know, about their own data and their own rights?)

Returning to reality, the moviegoer will inevitably leave the theater reminded that these two opposing views form the tectonic plates of our digital world in 2016. Both sides must be acknowledged. Moreover, an international lens is helpful: there is no doubt that other nations and regions of economic cooperation elect to prioritize data protection differently. (e.g.: the EU prizes grants of privacy powers that reflect a preservation of personal dignity, especially as it applies to protection of one’s own personal image; Europeans are given a right to access the information collected about them, and are assured both the proportionality of data collected and a purpose-driven limitation in the gathering of that data). Post-Snowden updates have brought a series of tightened protocols to U.S. data collection practices and helped align its own data protection policies with foreign models.

The world has changed greatly in the 14 years since Jason Bourne first bobbed to the surface off the coast of Marseilles, and his latest adventure captures well the pulse of one of the defining issues of our age. The world is still sorting and re-sorting these issues, as can be seen in the legislation, regulation, and pending case law which unfolds each day in the data privacy sector. If it’s good enough for Hollywood, it must mean it’s a great time to be a privacy professional.

Just remember to bring your own popcorn.