Veli Keskin
Do we have to give up our privacy for better security? This has long been debated on Capitol Hill [1]. The discussion stems from the mass surveillance methods deployed by a number of government agencies – actions that are performed in the name of national security purposes. Most of us were surprised by the Edward Snowden leaks, when we first heard about the true extent of the US’s global surveillance programs. Some even felt like Little Red Riding Hood when she exclaimed, “What big ears they have! What big eyes they have!” The old wolves of the three-letter agencies kept responding that they needed such big ears and eyes, “To better serve you with!” Mass surveillance by the government When several provisions within the PATRIOT ACT were set to expire, the new USA FREEDOM ACT (Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring Act) was signed into a law after months of discussion in both houses of Congress (June 2015). The argument used by political leaders was familiar: “This legislation is critical to keep Americans safe from terrorism and protect their civil liberties.”
However, many privacy advocacy groups are still not buying that claim. They believe the bill falls short of protecting civil liberties. The Electronic Frontier Foundation [2] stated, “We've been clear that we must end mass surveillance under all surveillance authorities. We're disappointed that this bill does not do more toward that end, but the new USA Freedom Act serves as a welcome first step and should be seen as such.” The American Civil Liberties Union [3] opposed an earlier, similar bill (the CISPA), stating that "It still permits companies to share sensitive and personal customer information with the government and allows the military to collect the internet records of everyday Americans ... We urge the members to vote 'no'."
Robin Koerner at WatchingAmerica.com argues that privacy vs. security is a false dichotomy anyway: “Either the math is wrong. Or the morality is wrong. Or both” [4]. He insists that the best strategy is not giving up any liberties – which stems from the frequently quoted Benjamin Franklin rule, “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” Corporate surveillance is even more invasive But new bills on the Hill are not the only issues threatening our privacy: there is the ongoing tradeoff between privacy and personalized commercial services. Even if we limit the government’s power, the corporate world is still collecting all kinds of personal information, supposedly to provide better service. (There is that “better service” argument again!) Moreover, thanks to the social media frenzy, most of us are willingly sharing all our personal information online. A 2013 survey by Visa security [5] shows that more than 58% of consumers have shared details over social media that put them at risk of fraud or identity theft.
When it comes to digital natives those numbers are even higher. A recent PEW Research survey [6] shows that more than 90% of teens share their real names and pictures, 80% share their birthdates, and 20% share their cell numbers and personal videos on the Internet. Considering this culture of sharing, and also the governmental and industrial mass collection of personal data, some argue there is no point in discussing this issue anymore, as privacy as we know it is already dead. It has been more than a decade since the CEO of Sun Microsystems famously said that, “You have zero privacy anyway… Get over it!” [7].
The renowned futurist David Houle argues the same in his short book, [8] where he explains that the definition of privacy changed over time, and we should accept the current reality: “It is hypocritical to complain about the lack of privacy if you post information on social media, use the GPS function of your smart phone, surf the Internet, or increasingly, drive on the toll ways and in the cities of America. Don’t complain if you are constantly letting convenience and the cool factor of technology trump concerns about privacy.” Is privacy already dead? Science magazine declared “The End of Privacy” in a special January, 2015, issue. The editorial concluded, “Meanwhile, how we think and feel about privacy isn't static. Already, younger people reveal much more about their lives on the Web than older people do, and our preferences about what we want to keep private can change depending on the context, the moment, or how we're nudged. Privacy as we have known it is ending, and we're only beginning to fathom the consequences” [9].
In “Risk of Exposure,” another article from the same special issue, Martin Enserink demonstrated with recent real life examples that “When new or dangerous infectious diseases strike, public health often trumps personal privacy.” He explained that, “Reigning in bloggers and Twitter users may not be easy, but even professional efforts to track outbreaks pose new threats to privacy. Information about specific patients – although anonymized – is now shared worldwide on public email lists for emerging diseases ...” [10].
In another article, “Hiding in Plain Sight,” the author concludes that, “In the end, human movements are often so predictable that they are hard to conceal. Location-hiding techniques are most valuable when you want to hide one-off trips… But when it comes to protecting the location of your home and workplace, you might as well give up on privacy” [11]. Hasan Elahi, an artist at the University of Maryland, seems to be taking this advice to heart. When the US Government mistakenly added his name to its terrorist watch list, he fought back by turning his life inside-out for the entire world to see [12]. He basically made his life an open book. He documented nearly every hour of his life, posted his debit card transactions, and used a GPS device in his pocket to report his real-time physical location. “If Big Brother was watching, Elahi would bore him to death” [13]. It might have worked for Elahi, but embracing such invasive surveillance raises a common sentiment: that there is nothing wrong with such invasiveness, and only the people who act bad or have something to hide care about privacy.
Why privacy still matters
In his TED talk, “Why Privacy Matters,” Glen Greenwald pointed out the hypocrisy of the social media moguls on the issue, for while these moguls pronounced that privacy is no longer a “social norm,” when it comes to their personal lives, they do their best to ensure to have a zone of privacy [14]. It is difficult to avoid all of these social media sites. For digital natives, having an online presence on Facebook, Twitter, or Instagram is an existential issue. But considering the pace and amount of data shared on these social media sites, a malicious person or corporation could easily connect the dots and draw a more complete picture of anyone than one would ever expect.
With the internet or smart TVs capable of listening to our conversations in our living rooms [15], we maybe already be living in an Orwellian world. Therefore, reading excerpts from the classic dystopia of George Orwell “1984,” Greenwald concluded his TED Talk by saying: ... a society in which people can be monitored at all times is a society that breeds conformity and obedience and submission, which is why every tyrant, the most overt to the most subtle, craves that system. Conversely, even more importantly, it is a realm of privacy, the ability to go somewhere where we can think and reason and interact and speak without the judgmental eyes of others being cast upon us, in which creativity and exploration and dissent exclusively reside, and that is the reason why, when we allow a society to exist in which we're subject to constant monitoring, we allow the essence of human freedom to be severely crippled. How do we protect our privacy? In the aforementioned special issue of Science, a recent book by the law professor and privacy expert Frank Pasquale was spotlighted [16].
In The Black Box Society, Pasquale argues that the classic remedy that requires informed consent from an individual does not work anymore. It “at best works for the rich, who can afford pricy lawyers and reputation managers to enforce their privacy rights...” The article continued Pasquale’s argument: In contrast, Pasquale argues for a fundamental shift in privacy protection, from a focus on notice and consent at the time of data collection to stringent regulation of the actual use of data by corporations and government agencies. His reasoning is sensible, and he is not alone; a growing number of privacy advocates are in favor of data use regulation. If such regulations were to be put in place, it would represent an epic change in how we aim to protect privacy in our society. Susan Landau, professor of cybersecurity policy at WPI, concluded similarly in her Science article – we must control the use of data to protect privacy [17]. "Controlling use is complex, but combining technology, policy, and law is the best way to control incursions from business and government."
References
[1] Thorp, F. (June 2, 2015), “Barack Obama signs ‘USA FREEDOM ACT’ to reform NSA Surveillance”, retrieved from http://www.nbcnews.com/storyline/nsa-snooping/senate-vote-measure-reform-nsa-surveillance-n368341
[2] Jaycox, M., Reitman, R. (2015), retrieved from https://www.eff.org/deeplinks/2015/04/new-usa-freedom-act-step-right-direction-more-must-be-done
[3] Boorstin, J. (2013) “Privacy vs. Cybersecurity: The Debate Heats Up”, retrieved from http://www.cnbc.com/id/100632315
[4] Koerner, R (2014), “Privacy vs. Security: A False Dichotomy”retrieved from http://www.huffingtonpost.com/robin-koerner/privacy-vs-security-a-fal_b_4698157.html
[5] http://www.visasecuritysense.com/en_US/fraud-news.jsp#OMG2muchinfo
[6] http://www.pewinternet.org/2013/05/21/what-teens-share-on-social-media-2/
[7] Sprenger, P(1999), “Sun on Privacy: Get over it!” http://archive.wired.com/politics/law/news/1999/01/17538 [8] Houle, David, “Is Privacy Dead? The Future of Privacy in the Digital Age” http://davidhoule.com/books/is-privacy-dead
[9]Special Issue on “The End of Privacy” (January 30, 2015), Science Magazine, http://www.sciencemag.org/site/special/privacy/
[10] Ensreink, M. (2015), “Risk of Exposure”, retrieved from http://www.sciencemag.org/content/347/6221/498
[11] You, J. (2015), “Hiding in Plain Sight”, retrieved from http://www.sciencemag.org/content/347/6221/500
[12] http://www.ted.com/talks/hasan_elahi
[13] Newman, Bruce. 2008. “I’m not a terrorist, says San Jose State professor who puts his life online,” The Mercury News.
[14] https://www.singularityweblog.com/glenn-greenwald-on-privacy/
[15] “Your Smart TV is eavesdropping on your private conversations” http://money.cnn.com/2015/02/09/technology/security/samsung-smart-tv-privacy/
[16] Mayer-Schonborger, V. (2015) “Connecting the Dots”, retrieved from http://www.sciencemag.org/content/347/6221/481
[17] Landau, S. (2015), “Control use of data to protect privacy”, retrieved from http://privacyink.org/pdf/Controlling_Use.pdf