The Current Reality

We are currently living in an age of hyper-digitization and constant internet connectivity, in which every online and increasingly physical action we take creates digital traces in the form of data; data about us. Whilst the use of this data brings with it many novel solutions to societal problems and is certainly increasing efficiency and efficacy in the realms of business, governance and many more, there is an enormous trade-off that many are simply not aware of, or fully understand the gravitas of. This trade-off is multi-faceted but can be broken down into the core concepts of privacy and security.

We are all being watched. Every second of every day state and non-state actors are engaged in the practice of mass surveillance, consistently and ubiquitously collecting, processing and retaining our personal data on the permanent record. This trend, dubiously justified under ‘national-security’ and crime prevention grounds; or plainly for the profit of a slew of multi-billion and trillion dollar corporations engaging in “Surveillance Capitalism”, is not going anywhere anytime soon.

Cyber-criminals, leveraging the nature of our hyper-digitized society and the burgeoning ‘internet-of-things’, in which everything from mobile phones to basic household appliances are embedded with sensors and online connectivity, exploit technical and human security vulnerabilities to steal, defraud and cost lives, amounting to the loss of trillions globally. This acute and ever-present threat is magnified by signals intelligence (SIGINT) attacks on web standards, encryption and security in an effort to ‘stockpile’ vulnerabilities, known as ‘zero-days’, for offensive purposes, with the result of making us all less safe online.

Legislatures, with some notable exceptions such as the European Union (barring recent legislative proposals that raise alarms), are either asleep at the wheel, complicit in the growing state of surveillance or unable to effectively regulate private and public surveillance activities. Intelligence agencies flagrantly violate the law suffering little to no consequences or oversight ensuring such practices continue, lie to democratically elected representatives and the public and over-classify their surveillance activities eroding public trust in state institutions. Whistle-blowers, acting in the public interest and exposing these hidden activities, are criminalized under antiquated espionage laws, with no ability to raise a public-interest defense, threatening press-freedoms globally. While many of the examples cited refer to the USA’s National Security Agency (NSA), the modern surveillance state extends far beyond any one nation state or selection of corporations.

While public sentiment has shifted, with a majority of Americans and Europeans gauging personal privacy as highly important, most individuals do not know how to effectively protect their online data and privacy from public and private entities. This is exasperated by big tech companies that hold an effective oligopoly over the hardware and software that we all use having user surveillance as a core monetization strategy. They mislead consumers and users about the extent that they protect their privacy and in many cases are party to (as seen below), an effective arm and intrinsically linked to SIGINT intelligence efforts, being actors in what can only be described as the ‘surveillance-industrial complex’.

PRISM

“Majorities [referring to the U.S.A] think their personal data is less secure now, that data collection poses more risks than benefits, and believe it is not possible to go through daily life without being tracked” - Pew Research Center, November 15 2019

One just has to look at the prevalence of the “FBI Agent” internet gag to see that pervasive surveillance and the death of online privacy has been normalized and is accepted as part and parcel of everyday online life.

How This Impacts Us All

The modern news cycle is filled to the brim with examples of rampant SIGINT state abuse and overreach as well as near constant corporate data breaches and hacks that affect your most personal data, far more than can possibly be covered in any single article or blog post. What can be said is that the trend is clear. When operating in secret, protected by classification and under the cloak of ‘national security’ and other broad and vague public-interest justifications, executive branch intelligence agencies run amok with their intelligence gathering powers. No greater indictment is needed than from the NSA itself, with its internal motto at the time of the 2013 mass surveillance disclosures: “sniff it all, know it all, collect it all, process it all, exploit it all and partner it all.”

NSA Collection Posture

This has extremely dangerous implications for Democracy, the rule of law and our fundamental rights, liberties and freedoms that the majority of readers undoubtedly benefit from. It is common to hear variations of “I have nothing to hide, so nothing to fear” when discourse on mass surveillance practices by for-profit corporations and mainly state agencies is had. This premise, at first glance, appears reasonable. If the intended targets of the bulk-collection of our data are terrorists, criminals and others seeking to inflict harm to society, surely the innocent need not worry. However, there are a plethora of flaws in this argument’s underlying reasoning.

Such an argument presupposes that privacy, a civil and political right that you are entitled to, recognized in international law, across the European Union and Europe as a whole, in the United States of America and various other states is something reserved only for criminals. This is wrong. Ordinary, law abiding individuals have many legitimate reasons to want to keep elements of their lives private, whether it be their political affiliations, health data or financial records. Recent developments in the USA surrounding abortion rights, regardless of personal views on the legality of abortion, showcases that today’s law abiding individuals can turn into tomorrow’s ‘criminals’ overnight and that digital privacy can act as a shield for those in need of protection.

“History is littered with examples of how data gathered even under neutral or positive auspices can later be exploited for regrettable, and sometimes terrifying, ends. Censuses conducted in Europe in the early twentieth century that asked people to note their religious affiliation later helped the SS identify the largest pockets of Jews in each country they occupied during World War II” -Surveillance State: Inside China’s Quest to Launch a New Era of Social Control, Josh Chin and Liza Lin

This argument also inverts the presumption of innocence, a basic tenet of Democracy, due-process and the rule of law. The purpose of such a foundational principle is to check abuses of state power against the individual, but under what can be described as panopticon levels of surveillance this has been perverted, arguably leading to profound chilling effects on society. A chilling effect is, simply put, when people are aware that they are being watched, they act differently, something that has been quantitatively observed and verified.

“The state bears the burden of showing there is a good reason for suspicion, not the other way around. The refrain “nothing to hide” should not be a license for sweeping government surveillance… Living under the constant gaze of government surveillance can produce long-lasting social harm: if citizens are just a little more fearful, a little less likely to freely associate, a little less likely to dissent – the aggregate chilling effect can close what was once an open society.” -ACLU, You May Have ‘Nothing to Hide’ But You Still Have Something to Fear

My fear is that the “Architecture of Oppression” is, for the most part, silently and without broad public knowledge, being created across liberal democratic states. With the advent of complex artificial intelligence based surveillance tools, such an architecture for societal control and power has become unprecedented in it’s scope and ability to peer into the most intimate and minute details of all of our lives.

Today’s systems of surveillance in liberal democratic states are primarily used to pursue legitimate but broad aims such as national security and crime prevention or the generation of profits by private corporations (which comes with risks that will be discussed in later posts), rather than for oppressive tyrannical control as seen in the Peoples Republic of China. However, this is not a result of underlying differences in surveillance architecture but rather a difference in governance from those that hold power over said systems. It can be argued that systems of governance in liberal democracies would prevent such a dystopia from manifesting but I believe this to disregard the nature of power wielded without accountability and to be wholly naive.

Those who can be trusted to hold the reigns of power today may not hold them tomorrow. Governments can change but the underlying surveillance apparatus will not. Do we want such an immense source of power to be present at all in society, always bringing with it the threat of untold abuse? I end this point with a poignant quote from Edward Snowden, NSA whistle-blower and a catalyst for the 2013 mass surveillance disclosures.

“There is, simply, no way, to ignore privacy. Because a citizenry’s freedoms are interdependent, to surrender your own privacy is really to surrender everyone’s. You might choose to give it up out of convenience, or under the popular pretext that privacy is only required by those who have something to hide. But saying that you don’t need or want privacy because you have nothing to hide is to assume that no one should have, or could have to hide anything – including their immigration status, unemployment history, financial history, and health records. You’re assuming that no one, including yourself, might object to revealing to anyone information about their religious beliefs, political affiliations and sexual activities, as casually as some choose to reveal their movie and music tastes and reading preferences. Ultimately, saying that you don’t care about privacy because you have nothing to hide is no different from saying you don’t care about freedom of speech because you have nothing to say. Or that you don’t care about freedom of the press because you don’t like to read. Or that you don’t care about freedom of religion because you don’t believe in God. Or that you don’t care about the freedom to peaceably assemble because you’re a lazy, antisocial agoraphobe. Just because this or that freedom might not have meaning to you today doesn’t mean that that it doesn’t or won’t have meaning tomorrow, to you, or to your neighbor…” -Edward Snowden, Permanent Record

What Can Be Done?

The situation is not completely bleak and I would urge readers to not succumb to the fatalist idea that there is nothing to be done and that the future is one of minimal to no digital privacy and security. There are multiple courses of action individuals, you, can start doing right now:

  • You can write to your elected representatives stressing the need for effective regulation of the data-collection industry and real transparent oversight of state intelligence capabilities.

  • You can support and vote for political parties and politicians who raise concerns about the state of digital society and are committed as part of their platform to meaningful change.

  • You can support the work of non-profits fighting for transparency and accountability from public and private entities, whether it be a donation or simply keeping up to date on their work. A non-exhaustive list would be:

  • You can educate yourself on how to reclaim your digital privacy and improve your online security. A good starting point for anyone serious about implementing personal privacy and security protection strategies would be:

“Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. It is about choice, and having the power to control how you present yourself to the world.” -Bruce Schneier, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Disclaimer: I do not, by any means, claim to be an expert in matters relating to privacy, security and law or offer what can be construed as guaranteed fool-proof advice. What I do offer is an insight into these matters from someone who is highly invested in personal privacy/ security themselves and who is studying technology law at the level of higher education.