Who killed privacy?

Here are the slides from my presentation at BILETA 2014: ‘Who killed privacy?’

In 1999, Scott McNealy, then CEO of Sun Microsystems, famously said:

“You have zero privacy anyway. Get over it.”

Events and developments since 1999 have hardly improved the prospects for privacy: the growth of social networking, technological developments like smartphones, geo-location, business ideas such as behavioural tracking and, most recently, the revelations from Edward Snowden about the near universal surveillance systems of the NSA, GCHQ and others. If privacy was in trouble in 1999, the argument that it is at least close to death in 2014 is much stronger.

That brings the question: if privacy is dead, who killed it? Is it the activities of government agencies like the NSA and GCHQ, or of businesses like Google and Facebook? Further, if privacy is in fact dead, is there a route towards its resurrection?

There are three immediately obvious suspects. Us – did we kill our own privacy, largely for what can loosely be described as convenience? The authorities – and in particular the NSA and GCHQ. Did they kill privacy so as to pursue their own agenda, whether it be the ostensible agenda of security or some kind of empire-building or power grabbing? Or, was it the commercial operators on the internet – the Facebooks and Googles – that killed privacy for their own financial benefit?

As the video above shows, the conclusions that I draw are that ‘we’ are most like unwitting accomplices, the NSA and GCHQ are mostly opportunist accomplices – and that the most guilty suspects are the corporate, commercial operators on the internet.

Their role is both deeper and more significant either than is often believed or than the role of governments and government agencies on their own. They have operated in a wide range of different ways in which commercial entities to contribute to the decline of privacy:

1. Systematic – they have undermined privacy both in technological and business model senses, developing technologies to invade privacy and business models that depend on systematic and essentially covert gathering of personal data.They have systematically lobbied to reduce the effectiveness of legal privacy protection on both sides of the Atlantic.
2. Cooperative – they have been working with governments, sometimes willingly, sometimes unwillingly, sometimes knowingly and sometimes unknowingly.
3. Normative – they have been attempting to undermine the idea that privacy is something to value and something of importance. Mark Zuckerberg’s suggestion that ‘privacy is no longer a social norm’ is reflected not just words but actions, encouraging people to ‘share’ information of all kinds rather than consider the privacy impact.

The positions taken by business in the post-Snowden environment, in particular the more ‘pro-privacy’ stance demonstrated by businesses at least in words might be a starting point, if it means anything more than words.

If we wish to bring about the resurrection of privacy,the three roles noted above – systematic, cooperative and normative – would need to be reversed.

1. Systematic – could businesses play a part by building more robust technology and more privacy-friendly business models?
2. Resistant – could businesses not just be more transparent in their dealings with governments but act as a barrier and protection for their users in their dealings with governments?
3. Normative – could businesses play a part in changing the message so that it becomes clearer that privacy is a social norm?

As well as reversing the corporate role, we need to rein in and control the authorities – and though the recent declaration that the Data Retention Directive is invalid is a very good sign, it would still probably take a miracle to rein in the authorities properly. We also need the public to become more active, more enraged and more engaged in the struggle to reassert our right to privacy. I can see some signs… but we need much more than signs!