We talk a lot about privacy on the net nowadays. Some claim that privacy is dead, and you just have to cope with it. Some are slightly less pessimistic. But all agree that our new cyber-society will redefine and reduce what we once knew as personal privacy.
The privacy threat is not monolithic. There are actually many different kinds of privacy threats and they are sometimes mixed up. So let’s set this straight and have a look at the three major classes of privacy.
This is about controlling what data you share with your family, spouse, friends, colleagues etc. Tools for doing this are passwords on web accounts, computers and mobile devices, as well as your privacy settings in Facebook and other social media.
This is the fundamental level of privacy that most of us are aware of already. When this kind of privacy is discussed, it is usually about Facebook privacy settings and how to protect your on-line accounts against hackers. Yes, protection against hacking is actually a sort of privacy issue too.
Who knows most about your life? You, your spouse or Facebook? Chances are that the service providers you use have the most comprehensive profile on you. At least if we only count data that is stored in an organized and searchable way. This profile may be a lot wider than what you have shared yourself. Google knows what you Google for and your surfing habits are tracked and blended into the profile. The big data companies also try to include as much as possible of your non-digital life. Credit card data, for example, is low-hanging fruit that tells a lot about us.
But what exactly are they doing with that data? It’s said that if you aren’t paying for the product, then you ARE the product. The multitude of free services on the net is made possible by business models that utilize the huge database. Marketing on the service provider’s own page is the first step. Then they sell data to other marketing companies or run embedded marketing. And it gets scary when they start to sell data to other companies too. Like someone who consider employing you or who need to figure out if you’re a high-risk insurance customer.
The main problem with provider privacy is that there aren’t any simple tools to guard you. The service provider can use data in their systems freely no matter what kind of password you use to keep outsiders out. The only way to master this is to control what data they get on you, and your own behavior is what matters here. But it is hard to live a normal cyber-life and fight the big-data companies. I have posted some advice about Facebook and plan to come back to other aspects of the issue in later posts.
The security and privacy of Internet is to a large extent enforced by legislation and trust, not by technical methods like encryption. But don’t expect the law to protect you if you do a crime. Authorities can break your privacy if there is a justified need for it. This can be a good compromise that guards both our privacy and security, as long as the authorities are trustworthy.
But what happens if they aren’t? Transparency and control are after all things that make the work harder for authorities, so they don’t like it. And a big threat, like terrorism for example, can easily be misused to expand their powers far beyond what’s reasonable. Authority privacy really becomes an issue when the working mode changes from requesting data on selected targets to siphoning up a broad stream of data and storing it for future use. There has been plenty of revelations recently showing that this is exactly what has happened in the US.
There can be many problems because of this. It is, first of all, apparent that data collected by US is misused. The European Union and United Nations are probably not very dangerous terrorist organizations, but still they rank high on the target list. Data collected by authorities is also supposed to be guarded well and used for our own good only. But keep in mind that a single person, Edward Snowden, could walk out with gigabytes of top secret data. He did the right thing and spoke out when his own ethics couldn’t take it anymore, and that’s why we know about him. But how many secret Snowdens have there been before him? More selfish persons who have exchanged data for a luxury life in some other country without going public. Maybe your data? Are you sure China, Russia or Iran don’t have some of the data that the US authorities have collected about you?
And let’s finally play a little game to remind us about how volatile the world is. Imagine that today’s Internet and computer technology was available in 1920. The Weimar republic, also known as Germany, was blooming in the golden twenties. But Europe was not too steady. The authorities had Word War I in fresh memory and wanted to protect the citizens against external threats. They set up a petabyte-datacenter and stored all mails, Facebook updates, cloud files etc. This was widely accepted as some criminal cases had been solved using the data, and the police was proud to present the cases in media. The twenties passed and the thirties brought depression and new rulers. The datacenter proved to be very useful once again, as it was possible to track everybody who had been in contact with Jews and communists. It also brought a benefit in the war to come because many significant services were located in Germany and foreign companies and state persons had been careless enough to use them. The world map might look different today if this imaginary scenario really had happened.
No, something like that could never happen today, you might be thinking. Well, I can’t predict the future but I bet a lot of people were saying the same in the twenties. So never take the current situation for granted. The world will change, often to the better but sometimes to the worse.
So lack of authority privacy is not something that will hurt you right away in your daily life. Your spouse or friends will not learn embarrassing details about you this way, and it will not drown you in spam. But the long term effect of the stored data is hard to predict and there are plenty of plausible harmful scenarios. This really means that proper privacy legislation and trustworthy authorities is of paramount importance for the Internet. A primary set of personal data is of course needed by the authorities to run society’s daily business. But data exceeding that should only be collected based on a justified suspicion, and not be kept any longer than needed. There need to be transparency and control of this handling to ensure it follows regulations, and to keep up peoples’ trust in the authorities.
So what can I do while waiting for the world to get its act together on authority privacy? Not much, I’m afraid. You could stop using a computer but that’s not convenient. Starting to use encryption extensively is another path, but that’s almost as inconvenient. Technology is not the optimal solution because this isn’t a technical problem. It’s a political problem. Political problems are supposed to be solved in the voting booth. It also helps to support organizations like EFF.
John Oliver -- the host of HBO's Last Week Tonight -- surprised the world on Sunday by punctuating a report on government surveillance with an exclusive interview of Edward Snowden taped in Moscow. But could the comedian's pointed attempt to focus attention on an issue of digital freedom that the public is largely ignoring actually influence policy? It's happened before. In a widely praised segment last June, Oliver helped spark a massive backlash to propose Federal Communication Commission guidelines that would have ended Net Neutrality as we know it. "Seize your moment, my lovely trolls," Oliver told his viewers, after directing them to the FCC site to offer their opinions on policies what would lead to preferential treatment of some data. "Turn on caps lock, and fly, my pretties!" Since then, the Obama Administration fully embraced Net Neutrality and the FCC followed by voting for a 400-page order that aims to "preserve the open internet." [youtube https://www.youtube.com/watch?v=XEVlyP4_11M] This weeks segment on the PATRIOT Act focused on Section 215, which has been used to justify bulk collection of electronic communication and is among the provisions of the law set to expire in June. Noting the consensus that the provision needs to be reformed, Oliver described what the law allows, "Section 215 says the government can ask for 'any tangible things' so long as it's for 'an investigation to protect against international terrorism.' That's basically a blank check." He went on to echo the pessimism our Security Advisor Sean Sullivan offered when he made "One Definitive Prediction" early this year. "Section 215 and Section 206 of the USA PATRIOT Act and Section 6001 of the Intelligence Reform and Terrorism Prevention Act will be reauthorized before their June 1, 2015 expiration date," Sean wrote. He added, "Don't expect reform in 2015. The violation of your digital freedom will continue." To show why this highly controversial provision was about to be rubber-stamped for five more years, Oliver showed interviews where random people in Times Square were asked to explain who Edward Snowden is. The closest someone got was to call him "the Wikileaks guy," who is actually Julian Assange. In Moscow, when Snowden lives in exile, Oliver attempted to explain to the former NSA contractor why his story -- which made international news in 2013 -- hadn't prompted any significant reforms in the US. The host explained that Americans don't care about foreign surveillance, but they do care about the government looking at their junk -- literally their private parts. "I guess I never thought about putting it in the context of your junk," Snowden said, after walking through a breakdown of National Security Agency initiatives like PRISM, MYSTIC and XKeyscore in the context of a picture of Oliver's junk. The Birmingham-born comic's unique brand of humorous deep dives into under-investigated news stories has been branded "investigative comedy" by some critics. But with his Net Neutrality story, Oliver veered toward "comedic activism." Unfortunately, Oliver didn't give his viewers an action to take at the end of the surveillance show. Perhaps shining a massive light on the story -- the show has already been viewed online more than 3 million times -- will be enough to influence lawmakers. But given the split in the American public's concerns between surveillance and worries about groups like ISIS, the chances for true reform seem dim. And that would make Sean very pessimistic. Because @iamjohnoliver is correct, if we can't get the USA to reform its own domestic surveillance… nothing will be reformed. — Sean Sullivan (@5ean5ullivan) April 7, 2015