Privacy, me, and the NSA?

I wrote a piece back in 2011 about how I had first become interested in internet privacy – I reproduce it below (and the original online version is here). The essence of the post is simple. I became interested in internet privacy after I had a chilling experience: writing an email (to a friend) in the immediate aftermath of the invasion of Afghanistan that was critical of US foreign policy – and having my email account almost immediately cancelled. As I wrote back in 2011, I never discovered the real reason for the cancellation – but it started me becoming interested in internet privacy, an interest that changed my whole career.

The PRISM revelations have given me a moment’s pause: perhaps I wasn’t such a conspiracy theorist at all in thinking that my critical email was responsible for the cancellation of my email account. Perhaps I was one of the early victims of the NSA’s full scale email trawling. The email account I had was a Hotmail account, run by Microsoft, one of those companies directly implicated in the PRISM affair, if Snowden’s revelations are to be taken seriously. Of course this is still very much tin-foil hat territory, but the possibilities seem just a touch more likely than they did before.

Anyway, this is what I wrote back in October 2011: privacy is personal!


My real interest in privacy – and specifically internet privacy – arose a little over ten years ago. Something happened to me that change the way I thought about the whole issue – something personal, something direct. Up until that point I hadn’t really thought much about privacy, though I’d been involved with the online world from a very early stage, setting up projects to provide rural communities with access to information, and trying to provide online education to housebound children in the mid 1990s – not exactly cutting edge stuff, but not too far from it. I’d also been involved in human rights work – most directly children’s rights – but I’d never thought much about privacy. To me, then, just as to many people now, it just didn’t feel important, particularly compared to the problems happening all over the world. 911 had just happened, and war was in the air.

I was living in New Zealand when the US invaded Afghanistan – and I was deeply concerned about the consequences of that action. I wrote about my concern in an email to a friend, also in New Zealand, and in that email I was at least partially critical of US foreign policy. I even mentioned Israel at one point. Some time over the next three hours, my email account became inaccessible.

At the time I was using a free email account – one of the big ones – that I had set up whilst in the US a few years earlier. A ‘.com’ email account. As I was living in a very isolated part of New Zealand, this email account was one of my few links to the outside world. It had all my contacts’ details, and all the messages I had sent and received for a long time – and I had been foolish enough not to keep written records elsewhere of a lot of the details. At first I thought it was just a blip, an accident – and I set up another email account and wrote to the service provider asking what had happened to my account, whether the password had been accidentally reset or something else. I was met with terse replies saying that the account had been terminated for a breach of contract terms. Friends told me to give up, and go with the new account – but I’m not that kind of person. I kept on badgering them, trying to find out what was going on. I hadn’t yet thought that it might be connected with the email that I’d sent. Eventually I got a message saying that I had been using the email for commercial purposes, which is why it had been cancelled – which was absurd, as anyone who knew my financial position at the time would know. Then, about six months later, they reinstated the account, minus all the content, contacts and so forth.

Now of course I have no evidence to prove that the account was cancelled because of that particular email – it may indeed just have been a mistake, the account may even have been hacked into (though such things were much rarer in those days), but even the suspicion was enough to disturb me enormously, and set me on the path that I’m still on today. I started asking how it could have happened, what happens to emails, how easily they can be read, how my privacy might have been invaded. The more I investigated, the more I uncovered, the more interested I became – and it ended up changing my whole life. The perceived invasion of privacy – in a sense it doesn’t even matter if it was real – was so personal that it cut me to the quick.

Back then I had had very little to do with the law – my degree was in mathematics, I qualified as an accountant and worked with technology, not the law. Now, as a result of following this path, I’m a lecturer in a law school at a good university, have published research and submitted a PhD on the subject of data privacy – and it seems even more relevant than it did ten years ago, as the online world has expanded and become more and more intrinsically linked with everything we do. Invasions of privacy do matter – whatever the likes of Mark Zuckerberg might think – and they matter because they’re deeply personal, and touch the parts of us that we really care about.