Having just read Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier it seemed like a good time to write about a topic I’ve been meaning to discuss for a while, privacy. In the wake of the revelations revealed in the documents leaked by Edward Snowden we now know a great deal about how the US National Security Agency (NSA) has been monitoring practically all global communications in the wake of the September 11th attacks. In addition to mass government surveillance, there is another source of mass data collection that is not discussed quite as much, but is also a major topic in the book and that is corporate surveillance, both through the data we voluntarily give to corporations in our everyday dealings with them, and data that they trade amongst themselves to attempt to build a complete picture of us. Schneier illustrates the problem with this type of information sharing, saying:
News stories about mass surveillance are generally framed in terms of data collection, but miss the story about data correlation: the linking of identities across different data sets to draw inferences from the combined data. … It’s also the ability to correlate that identification with numerous other databases, and the ability to store all that data indefinitely. Ubiquitous surveillance is the result of multiple streams of mass surveillance tied together.
There are companies whose sole purpose is to gather data from all of the disparate sources where it is collected, and compile it together in an attempt to build a profile of us. They then take this profile, group it together with similar profiles and sell the data to other companies who are looking to target particular groups of people. This all goes on without our knowledge and perhaps even indirectly with our consent, as we typically agree to it in those privacy policies that nobody reads.
Most websites on the Internet provide their services, seemingly, for free, although there is the implicit agreement that you will view advertisements on the site in exchange for the service it is providing. The companies that provide the ads have a great interest in knowing as much about you as they can, as that knowledge allows them to better target ads for you and make their money. As the saying goes, “If you’re not paying, you’re the product.” Often we’ll agree to this bargain without giving it a second thought and without considering what personal data we might be giving up in exchange for the service.
We frequently give out our personal information,with the assumption that it will only be used by those we are giving it to, without considering any potential privacy impacts. For the most part, we don’t actively recognize when we even have privacy, and therefore, do not value it properly, as Schneier explains:
The costs of insecurity are real and visceral, even in the abstract; the costs of privacy loss are nebulous in the abstract, and only become tangible when someone is faced with their aftereffects. This is why we undervalue privacy when we have it, and only recognize its true value when we don’t. This is also why we often hear that no one wants to pay for privacy and that therefore security trumps privacy absolutely.
It is only through the loss of our privacy that we really notice that we had any privacy in the first place. I was reminded of a similar idea expressed by Julia Angwin in her book Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance where she says:
In essence, when you don’t have privacy, you feel less pain from losing it. Instead, you feel the pain of having to “buy back” privacy. This inability to accurately assign value to our data is one reason that most products that are sold to protect privacy fail. And it’s one reason that turning personal data into a currency–without any enabling legislation to make personal data scarce, and thus more valuable–could just enable and legitimize ubiquitous surveillance.
There are very few protections on what companies can do with our data, with the exceptions of health and financial data, they are pretty much free to do whatever they want with it, governed only by their own privacy policies.
One of the things I found most striking in Angwin’s book was her look at the beginnings of modern mass surveillance, she said:
In my quest to understand the history and origins of mass surveillance, I kept returning to the year 2001. Not only was it the year of the devastating terrorist attacks on the United States, but it was also the year that the technology industry was left reeling from the bursting of the dot-com bubble. These two seemingly unrelated events each set in motion a chain of events that created the legal and technical underpinnings of today’s dragnets. For the U.S. government, the terrorist attacks showed that its traditional methods of intelligence gathering weren’t working. And for Silicon Valley, the crash showed that it needed to find a new way to make money. Both arrived at the same answer to their disparate problems: collecting and analyzing vast quantities of personal data.
It’s not entirely coincidental that both government and corporate surveillance really took off at the same time, as they’ve developed a symbiotic relationship in which government collects data about us, which it sells to businesses, which then combine it with other data they accumulate about us, which they then sell back to the government.
Once we are aware of the shear amount of attempts to track us and collect our data going on, there are some steps we can take to work to reduce the amount of data being collected about us. Perhaps one of the easiest things we can do is change the search engine we use to one that does not track its users, such as DuckDuckGo. We tell a search engine more about us than we likely tell anyone, all of which could potentially be saved, possibly forever. By carefully selecting the companies whose services we use, and choosing those that place a clear value on protecting user privacy, we can try to ensure that at least some of our personal data remains private.