Back in 1999, Scott McNealy, then CEO of Sun Microsystems, told journalists that privacy was dead.
“You have zero privacy anyway,” he said, “Get over it.”
In internet terms, 1999 was a very long time ago. It was before Facebook even existed. Before the iPhone was even a glint in Steve Jobs’ eye. Google was barely a year old. And yet even then, serious people in the computer industry had already given up on privacy.
The reactions of many politicians around the world – and particularly in the US – to the revelations of the activities of the NSA, GCHQ and others has echoed this sentiment. Privacy was already dead, many of them seem to be assuming, the only problem here is transparency. ‘We should have told you what we were doing’ seems to be one of the most common lines, ‘and we’ll find a way to be more open about it in the future’. The big companies echo that line, wanting to be allowed to say more about when they’ve given over information, about how many requests for data there have been and so forth – rather than calling for anything stronger, rather than saying that they in any way resisted the authorities desire for surveillance. Indeed, the suspicion of many observers from outside the industry is that rather than resisting government agencies’ surveillance plans, some of these companies were actively cooperative or even complicit.
It’s not just about transparency
For me, that’s not enough. This shouldn’t be an issue of transparency – because it’s not just transparency over surveillance and privacy that matters, it’s the surveillance itself. At the Society of Legal Scholars conference in Edinburgh yesterday, I listened to Neil Richards talk about the dangers of surveillance (his written paper can be found here) and found myself in total agreement. Surveillance in itself is harmful to people, in a number of ways – it can chill action and even thought, it creates and exacerbates power imbalances, it allows for sorting and discrimination, and it can and often is misused for personal or inappropriate reasons.
There are benefits to surveillance too – and reasons that surveillance is sometimes necessary – but the kind of total and generally secret surveillance that seems to be being performed by both government agencies (and the NSA in particular) and corporations seems to be totally out of balance – and it seems to be based, to some degree, on the assumption that privacy is dead anyway. For many, the only question seems to be how they can convince people to ‘get over it’. That is not enough. Yes, privacy may be dead – but if it is, we need to resurrect it. It may take a miracle – but it still needs to be done.
Can privacy be resurrected?
In an excellent article in the Guardian, Bruce Schneier talks about the role of engineers in the process. As he puts it:
“By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards.
This is not the internet the world needs, or the internet its creators envisioned. We need to take it back.
And by we, I mean the engineering community.”
Schneier knows what he is talking about – he is one of the real experts in the subject – and his piece is both compelling and surprisingly hopeful. Effectively he suggests – and I think he’s right – that there could be a way to re-engineer the internet, to take out the back doors, to rebuild the infrastructure of the internet so that surveillance is no longer the paradigm.
Schneier’s piece outlines what might be a technical route to the resurrection of privacy – but that resurrection needs more than just the technical possibility. It needs action from more than just the engineering community – it needs a political will, and that means that it needs action from a whole lot of us. It needs lawyers, advocates and academics to continue to challenge the legal justification for this kind of surveillance – the defeat last year of the Communications Data Bill (the UK’s ‘Snoopers’ Charter’) demonstrates that this kind of thing is possible. It needs journalists and bloggers to keep on writing about the subject – to make sure that surveillance and privacy isn’t just of passing interest, forgotten after a few weeks.
It needs ordinary people to keep taking an interest – because, ordinary people can and do make a difference. They make a difference to the companies who operate on the internet – Microsoft’s recent advertising campaign’s strap-line was ‘your privacy is out priority’, demonstrating that they at least thought that the idea of privacy could be a selling point, even if their complicity in the PRISM programme has made the words seem pretty hollow. Ordinary people matter to politicians, at least when election time comes around – and it’s worth noting that in the presidential debate in the German elections happening right now, the candidates were asked specifically about NSA surveillance. There IS public and political interest in this subject. The more there is, the more chance there is of action.
Ultimately, we need to challenge the very assumptions that underlie the surveillance. We need to challenge the idea that the threat of ‘International Terrorism’ is so great that almost anything that can be done to fight it should be done without question or fetter. That’s necessary for more than just privacy, of course, as a vast array of our civil liberties have been curtailed in the name of counter-terrorism – but it is still necessary.
Is it all doomed to failure?
It might be that privacy really is dead. It might be that resurrecting it is effectively impossible – and it will certainly be incredibly difficult. The strength of the security lobby, the power of those in whose interests the surveillance is carried out, from the commercial to the governmental, is more than intimidating. The whole thing may be doomed to failure – but even if it is, it’s a fight worth fighting. There’s a huge amount at stake. And miracles do happen.
Paul Bernal's Blog 
The bright social future shining ahead of us in terms of a citizen renaissance empowered by peer-to-peer communication was always something we knew the State would attempt to crush, for plausible reasons, as a backdoor for its own dirty secret: ultimate controller of the population at all costs.
Snowden is more than a hero for democracy. His actions represent the beginning of a battle to maintain the internet as the brain of a new kind of civilisation which we have aspired to since the dawning of computation.
We have to force security and policing agencies to back off from extra-judicially probing our privacy, they must recognise that they have to just work harder, if that costs more then so be it, and return to a system of legal search warrants and due process, even if that means some criminals go free, and some sedition succeeds. It is a price worth paying for a brighter future.
Yes, they need to work harder and more intelligently, less indiscriminately, and more efficiently. It’s possible!
The internet came to me quite late in my life. I have come to think of it as the single most important entity to strike humanity for the last 50 years.
I have watched with sadness as it has been ripped apart by Governments and Corporations intent on using for their own agendas.
Will it ever be repaired? I’d like to think so, all the parts are still here.
But the question is how do we tackle the modern day Global Terrorism with out spying ?
The way we always have – with limited and targeted spying rather than universal spying. With conventional detective work and so forth. The main thing, though, is to stop exaggerating and using the threat – relative to many other threats and risks, the threat of terrorism is small. It’s dramatic, and hideous – but it’s not nearly so big as it is presented to us. That’s an unpopular view, I know, but if you look at the figures….
Another interesting post, thanks for this Paul. I’ve been wondering about privacy, like you and countless others, throughout the ongoing NSA, UKHQ and DEA revelations. Something that I’ve wondered about in particular is how these trajectories will intersect with wearable technologies in the very near future. I believe that privacy will no longer be reasonable to discuss, and that it is time we start asking questions about new technologically mediated ontologies that cost privacy in the name of virtual/physical omnipresence.
The vast majority of individuals, irrespective of their geography, will be wearing mobile technologies like Google Glass, Apple’s smartphone wrist watches and the countless others that are hitting the markets soon: Pebble, Galaxy Gear, COOKOO, Agent, et al. Although most of us are well aware, it is important to emphasize that these devices are and will continue to be epicentres for social media data mining. HTTP cookies and device fingerprinting techniques allow social media companies to target smart devices, in hand producing alarming revenue streams. Once wearable technologies become a norm, the ways in which our physical interactions intersect with the digital services provided by said companies will produce virtually endless profit for these companies. Most importantly, we voluntarily submit to these practices, and regularly. I’m sure you and many of your readers do not have enough fingers to count off how many people they know simply scroll past the User Agreement and Privacy Policy sections. Although many of the details of the practices indeed require more transparency, it is hard to argue that one cannot learn of how important their seemingly infinitesimal text messages, email subject lines, tweets and photos are to these companies. The point here is that we have agreed to use their services at the cost of the erasure of any sense of privacy whatsoever. Wearable technologies will be no different. Furthermore, with the increasing enlargement of free WiFi in major metropolitan areas, free WiFi in transportation terminals, as well as the increasing use of HotSpot hubs in our own devices, wearable technologies demarcate a Londoner’s virtually always-live two-way link with data farms in California, number crunchers across Russia, and surveillance centres in Utah.
If government surveillance practices, notably those of the US, UK and Australia, continue to enlarge than the intimacy between ourselves, our mobile/wearable technologies and the social media companies reaches levels of intimacy that make it difficult to even comprehend what privacy is anymore. Not to mention that social media data mining is fuelling physical data mining practices as well. DataLogix, who had an office of merely 25 people four years ago, now has offices in New York, Michigan, Colarado, California and London. They provide physical purchasing information to social media companies. When Facebook went IPO last year, their shares rose to well beyond their initial $35USD mark that they maintained prior to their IPO release. The vast majority of this is due to their partnership with DataLogix.
Google Glass constantly uploads users’ GPS location, which network they are connected to, what apps the user is running, and can engage the user’s visual experience with digital overlays to produce navigation assistance, interactive advertisements at bus stops, and suggestions for wine choice depending upon what the user is looking at on their plate. Need I remind readers that we have and continue to voluntarily agree with these practices in the name of accessibility, interconnectivity and entertainment?
Whatever privacy is, I feel that we are holding onto it too tightly. It emerged in the home as a refuge for Christians from Roman persecution. It emerged by candle light as an individual reads a book with her/his door shut. It exists in the enclosure of a car as the materials of the vehicle insulate the occupants inside. I’ve read much many resources on the histories of privacy. The most compelling of which are via Richard Sennett’s Flesh and Stone, as well as his The Fall of Public Man. Two points he makes about privacy is that it is not simply a space of fixed enclosure, but that it is mobile. The car travels, for example. Secondly, privacy is an experience. There are ways in which the two MEMS microphones inside the iPhone 4S make sound perform inside of its copper capsules, but in completely contradictory ways. It allows the ASIC controller to privilege certain frequencies in the user’s voice, while the other MEMS microphone focuses on background noise so as to eliminate them from the phone call. My point is that mobile devices, and I will argue for wearable technologies as well, particularly their material parts, facilitate a mobile experience of privacy.
However, this mobile experience is constantly sanitized by the emerging and enlarging phenomena previously discussed. And so, I am wondering, perhaps it is time to start raising new questions about what is at stake with the notion of privacy. Furthermore, and perhaps most importantly, what other emerging modalities of being surround wearable technologies of the future? ICT artifacts allow us to exist neither here or there. We encode the Internet as much as ourselves (at the very least, our political constitution) when we interact with these artifacts. Given the rate at which we are constantly engaged with them, I believe more research needs to be invested in how the erasure of privacy is facilitating different ontologies that bridge incorporeality with corporeality. I don’t know what these ontologies entail, but I know that there are many logics provided by the likes of Arthur Kroker, Judith Butler, Donna Haraway, Katherine Hayles, et al. The notion of body drift, for example, is an excellent conceptual vehicle for articulating such modalities. The posthumanities are promising here.
I am a privacy advocate, so my radio listeners say. I believe in the fight that you are mentioning, of its merits in protecting some forms of the private. But I am not sure where those spaces and experiences are. What I do believe is that once we start strapping on wearable technologies regularly, the most significant spaces and experiences of privacy that we seem to be holding onto so tightly, may make it impossible to comprehend what it entails anymore.
Sorry for the longwinded note. I very much appreciate your interventions and reflections, as well as those of your readers, Paul. Cheers.
Thanks Thomas – lots of really good stuff in there! I’m not sure about whether we’re ‘holding onto it too tightly’ – rather, I think we need to come to a new understanding of what privacy is supposed to protect, and why it matters, because both of these are changing in the new environment. For me, the PRISM story gives us an opportunity to explore both those things. I think we do need privacy, and it does matter, but I know that many people don’t really get why. Now that it’s burst into the public domain, we have a chance to explain why it matters – and argue our corner. Right now, I think we generally protect the wrong aspects of privacy, and in many cases the privacy of the wrong people. Privacy matters for the ‘little’ people – but we generally protect the privacy of only the ‘big’ people. That, however, opens a whole new can of worms….
Thanks again!