After seeing the title of this post, many readers have already judged what I am about to say. Perhaps after rolling their eyes, these readers imagine me wearing a tin foil hat, muttering to myself about “them” watching my every move, and writing this article on an internet-less computer running only MS-DOS. But in reality, I’m not a conspiracy theory-peddling recluse, and I use the same technology and apps that many people do. I haven’t even deleted my Facebook account in the wake of the Cambridge Analytica scandal! But, recently I’ve been increasingly concerned about my privacy rights–and there’s a good reason why everyone should.
While eating with friends in New York City recently, one expressed ambivalence toward the issue. “What do I care if the government or corporations can see the messages I send?” she bemusedly asked, “I don’t talk about anything that’s too private.” I respect my friend highly, and I think her feelings are shared by many people, but I think that’s a dangerous attitude. Before I get to the heart of the issue, we need to discuss how we frame privacy.
When people talk about privacy, they frequently discuss it in individual, not collective, terms. Privacy is talked about in relation to each user’s relation to it, but not as a right shared by society: “Why should I care about people reading my messages?” We need to move beyond this limited discourse.
Imagine talking about freedom of speech in the same way privacy is discussed: “I don’t go to protests, so why should I care about free speech?” Such a view would be dismissed for its myopia.
Not everyone is a political activist, a whistleblower, a journalist, or just someone with a controversial opinion, but we understand that protecting their rights means enshrining free speech as a universal right. Most people also appreciate having the ability to express their opinions, even if they’re not making particularly revolutionary points. The food blogger has just as much of a right to free speech as a human rights advocate.
Privacy should be viewed in a similar fashion: Not everyone will have the need to use it, but everyone will gain from having these safeguards. Perhaps some people truly don’t care about their privacy, but what about journalists and political activists whose professions require it? The food blogger might not need privacy, but the human rights advocate might depend on it.
Whenever a right must be protected, it’s useful to identify those who might be interested in abridging that right. People’s privacy is mainly threatened by three entities: hackers and scammers, corporations, and the government.
First, I used “hackers and scammers” as a catch-all term for rogue individuals who seek to gain illicit access to people’s information. This can be anything from social security or passport numbers, explicit pictures and videos, or private correspondences. People in the public eye are at greater risk for this than ordinary individuals, but everyone is still at risk.
People can take steps to prevent this by using complex passwords to make them harder to brute-force hack and browsing the internet in safe ways, such as not clicking on suspicious links. In 2016, Hillary Clinton aide John Podesta had his email account illicitly accessed after he clicked on a malicious link masquerading as an email from Google. A few weeks ago, I accidentally clicked on a link from a scammer pretending to be from Bank of America. Vigilance is key.
Many people are unaware of how much information they actually relay using electronic communication. How many people discuss medical information with their family or loved ones? Vent about a bad day at work or a bad boss? Talk about relationship or sexual issues? In fact, given that a study by the American Psychological Association found that 88% of respondents have sent or received “sexts”, I think a lot more people should cherish their privacy than they might publicly admit.
A lot of user information is at the mercy of corporations’ security protocols. In a high profile case, Equifax users even didn’t volunteer information or opt-into anything; Equifax collected their information independently, and then lost it to hackers. The entire catastrophe was entirely preventable. Businesses must be pressured to do better, both by consumer consciousness and by government regulation.
Next, corporations have a vested interest in subverting users’ privacy. Almost all purportedly free services online make money through advertising. A large part of this involves selling information about users to advertisers. Ever notice you shop for a certain product and then you start seeing ads for similar ones? That’s not a coincidence. Apple CEO Tim Cook once said, “when an online service is free, you’re not the customer, you’re the product.”
If people want to use social media sites, they need to be conscious of what information they are giving away. There’s nothing wrong with posting a selfie or checking in on Yelp, as long as you are know who will see it and how the data will be stored; this is an issue of consent. Unfortunately, as evidenced by the recent Cambridge Analytica scandal, it is usually impossible to know exactly what information is being tracked by these companies. Considering the monetary incentive to subvert users’ privacy, the government should impose regulations to protect users’ rights.
Last, government agencies have been vying to electronically spy on users for many years. In the United States, most of this surveillance was done under the guise of anti-terrorism or anti-crime measures, although the government has produced no evidence that this sort of invasive surveillance has prevented any large attacks. While there has been some limited reform over the past few years, advocates say that it does not go far enough. Prior abuses range in severity, but perhaps the most salient example was revealed by Edward Snowden, in which NSA employees would surreptitiously steal people’s explicit photos for the purposes of collecting and trading.
In the post-9/11 world, many people in the United States government believe that privacy rights can and should be waived without warrant or due process in the name of crime fighting. Some people believe that no personal device should be encrypted or that governments should have “master keys” to unlock them–even if doing so would make every device less secure. Given the sheer amount of personal information stored electronically, the government must be held accountable when it comes to accessing this information.
What does this look like in practice? Let me give an example: when two people send an ostensibly private message to one another on a social networking site, that message should remain private. Corporations should employ tools, such as end-to-end encryption, to make sure that their correspondence cannot be intercepted by ne’er-do-wells. In addition, these corporations need government regulations to prevent them from mishandling or selling user information without the users’ explicit consent. In the unlikely event that a user is accused of a serious crime, the government should at the very least have to get a warrant before obtaining otherwise private information held by a corporation.
Recently the American Civil Liberties Union has spearheaded an effort to push tech companies to back a “security pledge” focused on improving the situation:
- Limit the amount of data they collect in the first place, and give users control over how it is shared.
- Offer end-to-end encryption by default to ensure that users’ communications are protected from corporate and government surveillance
- Provide users with full transparency about what data is collected, how it is used, and what measures are in place to prevent it from being abused.
- Support legislation and policy reforms that limit government access to user data except with a warrant and judicial oversight.
As privacy rights are such an expansive topic, I like this list because it creates a good starting point.
While convincing tech corporations and legislators of the merits of privacy rights might be a difficult fight, advocates face a challenge in the court of public opinion, as well. Many people do not recognize privacy as an important right, or view it as a necessary sacrifice for security or convenience. Greedy corporate interests and unscrupulous governments have portrayed privacy advocates as conspiracy theorists or luddites in an effort to protect their own power. But in an increasingly technological world, privacy rights are becoming more important than ever. Protecting these rights only stands to improve products that have allowed so much advancement in such a relatively short amount of time.
In Post Notes, I add some additional thoughts or context to a blog post I’ve previously written. That can be found here.
Pingback: Post Note: “Why you should already care about privacy” | McNulty Memo - 맥널티 메모