The video below is the slideshow of my presentation this morning at the Society of Legal Scholars conference in Nottingham – and what follows it are some brief notes to support it. Some of this is speculative and some of it is contentious – particularly in relation to the relative importance of corporate and governmental surveillance – and this is an early stage of this research, though it builds on the work in my book, Internet Privacy Rights. I should also note that this is a development of the paper I gave at BILETA earlier this year: ‘who killed privacy?’
The Resurrection of Privacy?
In 1999, Scott McNealy, then CEO of Sun Microsystems, famously said:
“You have zero privacy anyway. Get over it.”
Events and developments since 1999 have hardly improved the prospects for privacy: the growth of social networking, technological developments like smartphones, geo-location, business ideas such as behavioural tracking and, most recently, the revelations from Edward Snowden about the near universal surveillance systems of the NSA, GCHQ and others. If privacy was in trouble in 1999, the argument that it is at least close to death in 2014 is much stronger.
That brings two questions:
- If privacy is dead, who killed it? Did we kill it ourselves? Is it the activities of government agencies like the NSA and GCHQ, or of businesses like Google and Facebook?
- If if privacy is in fact dead, is there a possible route towards its resurrection?
Suspect 1: us!
On the face of it, it might appear as though we ourselves have simply given up on privacy. We’ve killed it ourselves by embracing all the privacy-invasive technology that’s offered to us, by failing even to read privacy policies, by allowing the intelligence services to do whatever they want, with barely a murmur of protest. More than a billion of us have joined Facebook, for example, a service based at least in some ways on giving up on privacy, sharing our most intimate information.
That, however, is not the whole story. In many ways it appears that what we have done has been through a lack of awareness rather than by deliberate decisions. The extent to which people understand how systems like Facebook work is hard to gauge – but the surprise that people show when bad things happen suggests that there isn’t a great deal of awareness. It also appears that people are becoming more aware – and as they become more aware, they’re making more privacy-based decisions, taking control of their privacy settings and so forth.
Further, when we’re given the chance to see how intelligence agencies work, we don’t seem to be happy about it – though less, it has to be acknowledged, in the UK than in many other countries. Even so, when the Communications Data Bill was put under full scrutiny, it was rejected – in part because of the public reaction. Further, studies show that people don’t like behavioural advertising – and dislike it more when they learn more about how it works.
All this suggests that we aren’t really the key to the death of privacy: we’re more like unwitting accomplices.
Suspect 2: the NSA and GCHQ
The revelations of Edward Snowden about the surveillance activities sent shockwaves through the internet. Many people had already believed that the NSA, GCHQ and other agencies performed surveillance on the internet – Snowden’s revelations seemed to prove it, and to suggest that the level of surveillance was greater even than that feared by the more extreme of conspiracy theorists. Not just had they been gathering telephony and internet data and building (in the US) massive data centres, but they’d been accessing the servers of the big commercial internet providers, tapping into undersea cables, intercepting traffic between server sites and undermining encryption systems – and much more. The level of privacy invasion is extreme.
However, until Edward Snowden revealed all of this, the agencies were working largely in secret – and while this still constitutes a major invasion of privacy, the impact on people’s behaviour is much smaller. If we don’t know we’re being watched, our actions aren’t chilled – and our beliefs about privacy are not changed. Moreover, the kind of harms done to people by surveillance by the NSA and GCHQ are indirect, at least for most people. Finally, and most importantly, if it were not for the commercial operators’ surveillance, the NSA and GCHQ would have far less to ‘feed’ on.
All this is not to dismiss the role of the intelligence services or indeed the impact of their surveillance activities – they should be resisted with the utmost vigour – but in terms of the death of privacy, they can be seen more as opportunist accomplices, rather than instigators.
Suspect 3: businesses like Facebook and Google
The role of the commercial operators on the internet, on the other hand, is both deeper and more significant either than is often believed or than the role of governments and government agencies on their own. The commercial entities have contributed to the decline of privacy in three kinds of ways:
- Systematic – commercial entities have undermined privacy both in technological and business model senses, developing technologies to invade privacy and business models that depend on systematic and essentially covert gathering of personal data. Businesses have also lobbied strongly to reduce the effectiveness of legal privacy protection. In Europe they have done their best to undermine and weaken data protection – including the on-going reform process. They continue to do so, for example in relation to the right to be forgotten. In the US, they have contributed to the effective scuppering of the Do Not Track initiative.
- Cooperative – businesses have been working with governments, sometimes willingly, sometimes unwillingly, sometimes knowingly and sometimes unknowingly. The extent of this cooperation and the extent to which is has been willing is unclear – though recent statements from the NSA have suggested that they did know about it and did cooperate willingly. Further, they kept this cooperation secret – until it was revealed by the Snowden leaks.
- Normative – businesses have been attempting to undermine the idea that privacy is something to value and something of importance. Mark Zuckerberg’s suggestion that ‘privacy is no longer a social norm’ is reflected not just words but actions, encouraging people to ‘share’ information of all kinds rather than consider the privacy impact. Further, they continue to develop technologies that invade privacy inherently – from geo-technology to wearable health monitoring and things like Google Glass.
All this combines to make the role of the businesses look most significant – if anyone is guilty of killing privacy, it is Facebook and Google rather than the NSA and GCHQ. Moreover, the harms to most people possible from corporate surveillance are both tangible and more likely than harms from the NSA and GCHQ: impact on things like insurance, credit ratings, employability, relationships and so forth are not just theoretical.
As Bruce Schneier put it:
“The NSA didn’t wake up and say, ‘Let’s just spy on everybody.’ They looked up and said, ‘Wow, corporations are spying on everybody. Let’s get ourselves a copy.’”
And as Timothy Garton Ash said when considering the Stasi:
“…the Minister for State Security observed that the results achieved by his ministry ‘would be unthinkable without the energetic help and support of the citizens of our country’. ‘For once,’ I comment, ‘what the Minister says is true.’”
Where the Stasi needs the citizen informers, the new surveillance programmes need the ISPs and the internet giants – the Googles, Facebooks, Microsofts, Yahoo!s, Apples and so forth. That is what makes their role in the reverse so important.
The resurrection of privacy
In the post-Snowden environment, at least on the surface, businesses have started to take a more ‘pro-privacy’ stance. Whether that meaningful, or they are just paying lip service to it, has yet to be seen. Their role, however, is crucial.
Reversing the three roles noted above – systematic, cooperative and normative – could produce a positive impact for privacy, effectively being a part of the ‘resurrection’ of privacy:
- Systematic – businesses could play a part by building more robust technology and developing more privacy-friendly business models
- Cooperative – and Resistant. Businesses could cooperate more with civil society and academia in working towards privacy – and could do more to resist being co-opted by governments, not just being more transparent in their dealings with governments but acting as a barrier and protection for their users in their dealings with governments.
- Normative – businesses could play a part in changing the message so that it becomes clearer that privacy is a social norm.
At the moment it seems unlikely that businesses will do very much of this – but there are a few signs that are positive. Real names policies have been relaxed on Google +, and even Facebook has shown some moves in that direction. All the big companies are doing more to secure their systems – encryption is more common, both in the infrastructure and in user systems. Google does at least seem to be making some attempt to cooperate with the right to be forgotten – though whether these attempts are being done in good faith has yet to be seen.
It will probably take a miracle – resurrections generally do – but miracles do sometimes happen.
Paul Bernal's Blog 
Reblogged this on Supporting UK Justice: For the Defence! by a layman and commented:
Here is Paul Bernal a well known Legal Scholar on ‘The Resurrection of Privacy’.
FB is trying to force me to fill in Sections I don’t want to fill.
Google has taken over Youtube filling them with Suggestions.
Predictive Analytics, Disruptive Social Media has removed the internet I once knew which was people driven.
Perhaps the Internet is a the most challenging power to try to usurp and overturn Neoliberalism.
Taking away the NHS, Legal Aid, Access to the Courts, Higher Education, Anarchic activity, Social Care, from the people and taxing the poor/lower middle classes to the limit. A regime that is forcing costs on people.
People can’t buy their own homes forced to be Generation Rent.
Graduates graduate with massive debts that need to be repaid.
Benefits Claimants are treated as dirt and not given the help they need to find Benefit freeing work and at their age everything is against them.
The Media is an exercise in the manufacture of popular consent (Chomsky).
Costs are put onto workers who are forced to launder uniforms at home,
Amazon markets kindle eitions but removes the right to own books though paid a good price for them and convenient.
The Electorate is forced to adopt hard copy with its space and volume considerations in order to get reading privacy.
The Work life balance is designed to favour Corporates and it fucks up the marriage work life balance and relationship formation anyway as people are forced into a zero hours contract slave economy.
Prices of Basic goods rent food bills go up up up and those responsible whine if their their demands aren’t met.
Long live Snowden.
Long live Law however fucked up at the moment.
Long Live Lawyers, Legilisation, Lets think out of the box to solve this one!!
#saveukjustice
#privacyanddatamining
This is an area I am actively engaged in.
I have commented elsewhere on this blog about whether privacy solutions can be developed at no cost.
I said then that the main cost would be that we will have to think more about what we are doing, would we be willing to do so?
This is not the whole story though because at the moment there is huge infrastructure that is supported by the big players who contribute to it. Whether or not a Cisco router has a back door, who pays for its upgrade?
More likely Google (or similar) dollars than not.
In other words us through advertising.
So there is a problem with the revenue model, a problem that suits advertisers.
Now, were a solution (or solutions) to be developed that offered far greater privacy control who might get in the way?
I suspect it would be a little bit the social media companies who might be obstreperous about different specifications, and similarly NSA/GCHQ & co, but they are a different case.
Mainly though, I think they would take it on the chin and let the market decide if there is any uptake (translates to unleash what ever powers of persuasion they have to make their offerings seems the most desirable, and here no one would expect different of them).
There is a big difference to developing a solution that will have a small take up to developing a solution that a majority of users would want.
Now there is the issue of privacy. What exactly do we mean?
There are many people who do not know how to be private. Privacy is a sort of fiction, in my opinion a very valuable one.
For some it is a talking out loud that, in one way or another, allows them to remove themselves from their own more immediate problems.
I don’t think we are just talking about privacy in the context of the internet, we are also talking about the impulse to be private, and how that is used by an individual, whether or not it is valued by them.
Without that there is little impulse to protect internet privacy. Further, I think this is a vulnerability of people that is being exploited, I do think it potentially has a very dangerous side to it.
Some of those dangers we already experience, the most significant one being the fragmentation of voice, some we have yet to experience, these would be issues to do with mass manipulation and control.
The fragmentation of voice seems to me something like divide and conquer writ large, if everyone speaks no one speaks.A perfect ground for manipulation.
These are all very difficult issues. All worth pursuing and thinking about. For instance there has been anxiety about being exposed to corrupting influences since the development of the printing press (or before, but this is the beginning of mass communication). And those books did try, successfully, to influence people. Nothing new here.
What is new are the mechanisms available which can be used for subliminal influence, however, what do we mean by subliminal, perhaps when it came to TV there was a definition, but now?
There are many debates to be had.
I should point out that I saw the development of the technologies that are now used on a massive scale originating in the commercial sector. I can’t be certain, but it seems that the technological imagination started here, as opposed to with the military.
One persistent point for me, though, is that it is very possible that these same techniques (some part of them) could be used to benefit people and that the current arrangement, that of a tie between commercial and military interests, is impeding, perhaps imperiling, progress.
The area I am interested in would not be available to social media to explore (Facebook etc) either ethically or, I suspect, legally.
This argues for the emergence of other alternative platforms, more sophisticated and far more in the control of users.
When thinking about these things we should be careful to distinguish different levels.
Do we want to, and do we think we can, defeat the surveillance capability of the state with regard some of our own communications? If so how and why? After all, in this post I am openly myself, and I don’t expect many people think that an alias would take them far into the realm of anonymity with regard the state.
But why want that? People who work for state security watch TV too. It’s public.
More at issue seems to me to be what we might mean by public and private and when we want to be either.
Again, these are issues of finer grained control (controls that may or may not prevent state snooping, but that is another story).
Reblogged this on John D Turner.