On the death of privacy

Well, this is a little scary:

UK surveillance bill includes powers to limit end-to-end encryption


This bill started gathering considerable momentum during the time of the Brexit vote and is now poised to cast a catastrophic spanner into the legality of, and the right to, privacy. Privacy is defined as a basic human right by the United Nations Universal Declaration of Human Rights:

Article 12.

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.


So why doesn’t the death of privacy feel like the scandal it should be? Sadly, I think the simple answer is; no one cares.


The private sphere began to dissolve long before the age of the internet. The 20th Century, war weary and desperate for social change, argued that we’d never be able to create equality if we didn’t bring emotional, un-rational and previously private discussions into the public sphere. Civilised it might not be, but social change on gender, sexual orientation, race and human rights could hardly accelerate without it. And we liked it. We loved it. We globally became addicted to social media; to its conversations, its hate, its heartache and its fur babies. We annihilated the line between the public and private sphere.


We also knighted ourselves with a double-edged sword. On one hand we dismissed any need for our own privacy and traded it for our addiction to other people’s privacy. And on the other, we used privacy and anonymity to explore the darkest recesses of our human soul. In the same way that you can wield private sphere concepts to enlighten the discourse, you also solidify terrifying ideas of hatred and violence. That’s the free speech dilemma.


(Ironically perhaps) the founder of 4chan and now Google employee, m00t, puts it succinctly:

We’re moving towards persistent identity. We’re moving towards, you know, a lack of privacy, really. We’re sacrificing a lot of that, and I think in doing so, moving towards those things, we’re losing something valuable.

Christopher “moot” Poole: The case for anonymity online (2010)


So what does it mean to be private?

  • Protecting private communications; public suspicion of your deepest feelings, commoditisation of your deepest needs
  • Identifiable images; intimiate images
  • Browsing history; your curiosity and your perversions become public domain
  • Personally Identifiable Information; who you are, where you are, what you are doing, what your credit card number is, piecing together… you
  • Your banal shopping habits; it matters if a travel company hike prices because they know I’m looking for a holiday
  • Your cause; your right to free thought and expression without prosecution


And, why did we just shrug that off?


First, how can you really visualise the concept of loss of privacy? Most social movements have less than 50 years to look back and revisit in living memory the consequences of racism, sexism, poverty, war and sexual discrimination. Privacy has little tangibility. No iconic imagery. And what do we have now? Just some clumsily targeted advertising as the only real indicator that your data is out for sale.


Secondly, there’s no public demand for information about privacy violation when it’s just another angle to our obsession with the infallibility of those that we worship. Even when there is some social justice to expose, privacy violations are treated — and accepted — as a scandal generator.  We don’t really want people to learn from the mistakes of the exposed because then there wouldn’t be as much to gossip about. At the time, I had to dig really hard to find out how the Panama papers hack happened because it was largely the story of who, not how. But I found it interesting that a known security vulnerability in a WordPress plugin had been used to access the servers because;

  1.  Of its simplicity. Hacking is exactly like house robbery; it’s more likely if you have a nice house in a shit area, don’t lock your door and the thief happens to be strolling by. There will always be targeted attacks, but these are not the majority. It is opportunistic, and takes advantage of obvious mistakes. 
  2. Of the blind reliance on the security of the software that we use and the people who build it. Security is everyone’s responsibility but nevertheless we put huge faith in tech companies alone to play catch up with new technology, techniques and advancements that are constant spinning security vulnerabilities into reality. Point being, we should all care more about our own security more than we care about Jennifer Lawrence’s leaked nudes; her vulnerability is her vulnerability, not ours. She won’t care when your bank account gets drained.


Thirdly, its terrifyingly easy to bury the whistleblowers. Again, when the magnitude of the problem isn’t obvious, and the solution isn’t obvious, then they are not obvious heroes.


Fourthly, there’s a lot of money in private information collection. Facebook just posted revenue of $6.24bn for Q22016 thanks to ad revenue. Advertisers don’t buy ads because they feel like it, they buy on Facebook’s legendary ability to target relevant users. It works because we give them the data. Adblocking is hardly your saviour either. While the publishers struggle to provide alternative ways to fund their content as they watch $27bn a year float away, and the advertisers wash their hands of shit-ad responsibility, the adblocking firms begin to resell the data they collect by providing the ad blocking, like some sort of snake-y Robin Hood. After all, advertising is a $600bn industry. Who has principles in the face of that much revenue?


Finally, and most prescient for the bill that will likely soon be passed, data collection is political currency. Evolving private data gathering from emergency situations to par for the course government practice is a huge leap in reassessing civil liberties. It’s not always easy to see the side you stand on — one person’s revolutionary is another person’s terrorist — but state-wide suspicion seems excessive.

Passive acceptance of a loss of privacy can be catastrophic. In the words of Mikko Hypponen:

Now when we think deeper about things like these, the obvious response from people should be that, “Okay, that sounds bad, but that doesn’t really affect me because I’m a legal citizen. Why should I worry? Because I have nothing to hide.” And this is an argument, which doesn’t make sense. Privacy is implied.Privacy is not up for discussion. This is not a question between privacy against security. It’s a question of freedom against control. And while we might trust our governments right now, right here in 2011, any right we give away will be given away for good. And do we trust, do we blindly trust, any future government, a government we might have 50 years from now? And these are the questions that we have to worry about for the next 50 years.

Mikko Hypponen: Three types of online attack (2011)


Also published on Medium.