Growing up in Iran, where state surveillance is widespread, it’s hard not to be cognizant of digital privacy. Though not unique to Iran, bloggers, journalists, and average citizens face the threat of arrest for what they write or share online. The Iranian state censors most social media platforms and the website to international news agencies–requiring people to use some form of a Proxy server or a virtual private network (VPN) to get around internet censorship. As a result, digital privacy and internet freedom are topics I’ve been exploring for over a decade.
Digital privacy isn’t just a nice thing to have; it’s our right as humans. According to Article 12 of the Universal Declaration of Human Rights:
“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
The internet is a space that was expected to liberate citizenry, but instead, it turned into an ecosystem for state and corporate surveillance. In 1996, late John Perry Barlow–the lyricist of The Grateful Dead and a world-renowned internet freedom advocate–wrote the Declaration of the Independence of Cyberspace. In it he writes:
“We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.
We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.”
Barlow ends the declaration stating:
“We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than the world your governments have made before.”
After the Steve Jackson Games raid by the secret service Barlow–along with Mitch Kapor, and John Gilmore–formed the Electronic Frontier Foundation (EFF) to protect digital privacy, digital security, free speech, creativity, and innovation. In the age of mass surveillance, the defeat of Net Neutrality, tailored algorithms for oppressive regimes, and the takeover of the web by FANG–Facebook, Amazon, Netflix, and Google–his vision and the mission of EFF are more important than ever before.
The revelations of Edward Snowden–PRISM, Boundless Informant, XKeyscore, and secret court orders, among other things–brought popular attention to the need for digital privacy to the masses. The recent reports on how social media platforms take advantage of user data for their benefit, knowing it violates the interests of their users (e.g., Facebook’s “project Atlas”) added even more interest to the topic of mass state and corporate surveillance on the population. As a result, there is increasingly more interest by people to protect their digital privacy.
Nevertheless, it’s still common to hear people say, “why does digital privacy matter if I have nothing to hide.” As Edward Snowden put it: “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” It’s also not true that you have nothing to hide, as James Duane, a professor at Regent Law School and former defense attorney notes:
“Estimates of the current size of the body of federal criminal law vary. It has been reported that the Congressional Research Service cannot even count the current number of federal crimes. These laws are scattered in over 50 titles of the United States Code, encompassing roughly 27,000 pages. Worse yet, the statutory code sections often incorporate, by reference, the provisions and sanctions of administrative regulations promulgated by various regulatory agencies under congressional authorization. Estimates of how many such regulations exist are even less well settled, but the ABA [American Bar Association] thinks there are nearly 10,000.”
When even the federal government doesn’t know how many laws there are, what are the chances that you as an individual have not violated one of them? In a popular statement Cardinal Richelieu is claimed to have said: “If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” A state can use all the data it has collected on citizenry–either directly or indirectly (e.g., FISA orders in the U.S.) to justify prosecuting or blackmailing its critics.
More importantly, we have no idea who will have access to our emails, messages, web searches, etc. within a decade. As I mentioned in an earlier essay on digital identity, if we can learn anything from the Yahoo, Equifax, Facebook, Google, and Target data breaches in the past few years, it’s that central repositories of data–honeypots–where companies store private records on millions of people, are vulnerable. Worse yet, ultimately, it’s the users, not the platforms who pay the highest cost for these vulnerabilities.
I Am Not a Bad Person
The idea that only bad people should fear state surveillance is another popular misguided statement that has proven to be inaccurate, unless you consider people such as civil rights, environmental, and animal rights activists to be bad people. In 2016, the ACLU reported that Facebook, Twitter, and Instagram shared its user’s information with Geofeedia, a company that law enforcement use to monitor and target activists. Soon after the report, these platforms suspended Geofeedia’s access, but there are numerous other platforms–Media Sonar, Dunami, and Dataminr–that have similar real-time geolocation features, and keyword filtering.
Facebook and Google are collecting as much data on us as they can get away with. In a recent article published by Wired, Issie Lapowsky wrote:
“The report [referring to a
TechCrunch report on Facebook’s ‘Project Atlas’] found that Facebook has been paying people as young as 13 years old to download an app that grants Facebook access to users’ entire phone and web history, including encrypted activity and private messages and emails. The app, called Research, allows Facebook to see how people’s friends, who have not consented to having their data collected, interact with those users, too.”
Social Networks, through the gathering of indiscriminate data on their users, know more about them than they know about themselves; much of which can easily be handed over to the state and other third parties — through ambiguous “privacy policies” that we agree to when we register. When a state can monitor its citizenry, control access to information, and has access to the tools to control dissent, that state has the capacity to be totalitarian.
There are those who blame the naïveté of people who share private data publicly and make themselves vulnerable as a result; however, it wouldn’t make much of a difference even if they didn’t. The revelations of Edward Snowden and our knowledge of programs such as PRISM, Boundless Informant, and FISA orders, leave little doubt that we are living under mass surveillance. If there is anything to be learned from the SIGINT Strategy 2012–2016, it’s that the NSA has goals for even more power.
The corporate state and private entities have access to years of information on our browsing habits, private information, and communications. It’s doublethink to care about freedom, justice, transparency, and democracy while being passive about digital privacy. As Bruce Schneier–one of the world’s most well-known security experts and cryptographers–put it: “Too many wrongly characterize the debate as ‘security versus privacy.’ The real choice is liberty versus control.”