The first of the revelations of Edward Snowden happened a year ago today. At the time, I was in California, at the Privacy Law Scholars’ Conference in Berkeley – and there could have been no more appropriate place. For privacy scholars, Snowden’s revelations changed the world – and is changing the world still. Much of what he revealed many of us already suspected – but we were often thought of as conspiracy theorists for it, and looked down on or sidelined as a result. That’s no longer true – and that’s one of the things that for me, we should thank Edward Snowden for.
I’m not going to write much now – there will be many people far more expert than me writing about what Snowden’s revelations mean – but I just want to say a few words about the good, bad and ugly things that have emerged over the last year. There’s much more to come, I think – we still know very little about what is going on. I hope that we manage to keep privacy and surveillance near the top of the agenda for a long time to come, because the changes that I think we need to have happen have not yet happened in any real way. Snowden gave us a great opportunity – we have not yet taken it.
The best thing to come out of the Snowden revelations, for me, is that we now understand, at least to some extent, quite how much surveillance is going on. We don’t know the detail, and may indeed never know the detail, but what we do know is enough to make it a fair assumption that pretty much all of our internet activity is being monitored – or at least the data is gathered or gatherable – pretty much all of the time. Not just our classical ‘communications’ – email messages etc – but our every activity. Our social networking, our online chat, our web-browsing, our telephone calls, mobile calls, SMSs, the music we listen to, pictures we view and upload. Everything. Knowing that, rather than vaguely fearing that it might happen, changes a great deal – and puts us in a far stronger bargaining position in our dealings with the authorities.
Surveillance – and privacy – has had its profile raised significantly. That has had consequences. It has had an impact in law – in the UK, for example, stopping the Communications Data Bill (the ‘Snoopers’ Charter) from re-emerging, despite attempts from advocates of ‘security’. It has, arguably, emboldened the courts – and in particular the European Courts. They might not admit it publicly, but it seems very likely that the Snowden revelations played a part in strengthening the resolve of the European Court of Justice in producing two of the strongest, most ‘privacy-friendly’ and in some ways most surprising judgments of recent years, first of all declaring the Data Retention Directive invalid, then, most recently, effectively declaring that there is a ‘right to be forgotten’. Neither of these rulings were expected – but both emphasise the idea that privacy really matters.
The Snowden revelations have also meant that privacy ‘stories’ of all kinds get a lot more attention – and that has meant that not just the authorities but businesses have been forced to react. Sometimes it’s just lip-service, but there’s been a lot more discussion of privacy by companies which in the past have been almost dismissive of it as an issue. The internet giants – Facebook and Google in particular – are talking more and more about privacy. They’re making a point of distancing themselves from the authorities, trying to force more transparency, claiming that they don’t cooperate with authorities willingly, bringing in more ‘privacy-friendly’ services and so forth. Facebook has even allowed a degree of pseudonymity, and Google hasn’t fought against the right to be forgotten as aggressively as they might have, for example. All these moves should be viewed with a distinctly cynical eye, however… which brings me to the bad side of what has happened in the last year.
Well, the worst thing is that nothing has really changed. The surveillance is still going on, and the political concessions worldwide have been largely superficial. The US’s political changes, which for a moment looked as though they might be meaningful, have been emasculated. In the UK…. well, more of that later.
The next worst thing about the reaction to the Snowden revelations, for me at least, has been the way that many people still seem to think that corporate and governmental surveillance are somehow disconnected and should be treated very differently. For many, it seems that government surveillance is hideously bad, and corporate surveillance largely harmless or irrelevant. For me, however, one of the main lessons to learn from what Snowden revealed was the closeness of the links between the two. To a great degree, governments piggy-back on corporate surveillance – if the corporates didn’t gather so much data about us, encourage us to reveal so much about ourselves, share so much that we really don’t need to share and so forth – then the authorities wouldn’t have so much to feed on. If the corporates didn’t build systems to gather data and monitor our activities and develop profiling systems to reveal even more, governments wouldn’t be able to use backdoors into those systems or use those same profiling systems in their own ways.
We still don’t know – and probably will never know – how much the corporates collaborated with the authorities, and how willingly, but in some ways that really doesn’t matter: the systems are intrinsically and perhaps inextricably linked. We still don’t seem to have taken this on board, and still seem to be allowing the corporates pretty much free rein. I’m a little disappointed that this is still happening.
The third, and perhaps equally unsurprising, bad thing for me about what has happened in the year since Snowden’s revelations first came out, is how little we in the UK have reacted. The level of debate here is still very poor, the extent to which we in the UK still simply accept what we’re told by our lords and masters, is very disappointing. The two main political parties remain fully behind surveillance – their only concessions have been to a little more accountability and transparency. The Liberal Democrats – and my own MP, Julian Huppert – have been the one bright light, but as their party is in near terminal decline, that doesn’t help very much. The overall quality of political debate on the subject has been appalling, and shows little sign of improving. I still have hopes, but it doesn’t look good…
The worst thing, for me, has been the way in which the enemies of Snowden, Glenn Greenwald and others have tried to make this personal, and attack their motives, their personalities, and so forth. Similarly, in the UK, large elements of the press tried to portray the Guardian as somehow enemies of the state – traitors, whose editor should be jailed and who are putting the entire nation at risk. At times this has got very ugly.
I don’t know Snowden or Greenwald. I don’t know their motivations. I don’t know what kind of people they are – and frankly, I don’t really care. I’m not going to suggest that they’re saints or even heroes – but the attempts that have been made to assassinate the characters of the people involved, to cast them as traitors, as spies and so forth, seems very ugly indeed. It’s as though some people think that by casting aspersions on the people they can make the information they have provided somehow less valid. I don’t think it can. Shooting the messenger doesn’t make the message any less valuable.
What matters, to me at least, is the message. The information that they have provided to us. That information has been crucial in changing the way that we look at how the internet works, and has helped to put us in a position where we can at least try to build a more positive, more privacy-friendly future for the internet. That matters. It matters a lot.