The privacy crisis is a disaster of our own making – and now the tech firms who gathered our data are trying to make money out of privacy
The smog of personal data is the carbon dioxide of privacy. We’ve emitted far too much of it over the past decades, refusing to contemplate the consequences.
For privacy advocates, the Apple-FBI standoff over encryption is deja vu all over again.
In the early 1990s, they fought and won a pitched battle with the Clinton administration over the Clipper chip, a proposal to add mandatory backdoors to the encryption in telecommunications devices.
Soon after that battle was won, it moved overseas: in the UK, the Blair government brought in the Regulatory of Investigatory Powers Act (RIPA). Privacy advocates lost that fight: the bill passed in 2000, enabling the government to imprison people who refused to reveal their cryptographic keys.
The privacy fight never stopped. In the years since, a bewildering array of new fronts have opened up on the battlefield: social media, third-party cookies, NSA/GCHQ mass surveillance, corporate espionage, mass-scale breaches, the trade in zero-day vulnerabilities that governments weaponise to attack their adversaries, and Bullrun and Edgehill, the secret programmes of security sabotage revealed by whistleblower Edward Snowden.
Who really cares about surveillance?
The first line of defense for surveillance advocates – whether private sector or governmental – is to point out just how few people seem to care about privacy. What can it matter that the government is harvesting so much of our data through the backdoor, when so many of us are handing over all that and more through the front door, uploading it to Facebook and Google and Amazon and anyone who cares to set a third-party cookie on the pages we visit?
Why is it so hard to convince people to care about privacy?
Painting the pro-privacy side as out-of-step loonies, tinfoil-hatted throwbacks in the post-privacy era was a cheap and effective tactic. It made the pro-surveillance argument into a *pro-progress* one: “Society has moved on. Our data can do more good in big, aggregated piles than it can in atomized fragments on your device and mine. The private data we exhaust when we move through the digital world is a precious resource, not pollution.”
It’s a powerful argument. When companies that promise to monetize your surveillance beat companies that promise to protect your privacy, when people can’t even be bothered to tick the box to block tracking cookies, let alone install full-disk encryption and GPG to protect their email, the pro-surveillance camp can always argue that they’re doing something that no one minds very much.
From the perennial fights over national ID cards to the fights over data retention orders, the lack of any commercial success for privacy tech was a great way to shorthand: “Nothing to see here – just mountains being made from molehills.”
And then ... companies started selling privacy
But a funny thing happened on the way to the 21st century: we disclosed more and more of our information, or it was taken from us.
As that data could be used in ever-greater frauds, the giant databases storing our personal details became irresistible targets. Pranksters, criminals and spies broke the databases wide open and dumped them: the IRS, the Office of Personnel Management, Target and, of course, Ashley Madison. Then the full impact of the Snowden revelations set in, and people started to feel funny when they texted something intimate to a lover or typed a potentially embarrassing query into a search box.
Companies started to sell the idea of privacy. Apple and Microsoft sought to differentiate themselves from Facebook and Google by touting the importance of not data-mining to their bottom lines. Google started warning users when it looked like governments were trying to hack into their emails. Facebook set up a hidden service on Tor’s darknet. Everybody jumped on the two-factor authentication bandwagon, then the SSL bandwagon, then the full-disk encryption bandwagon.
The social proof of privacy’s irrelevance vanished, just like that. If Apple – the second most profitable company in the world – thinks that customers will buy its products because no one, not even Apple, can break into the data stored on them, what does it say about the privacy zeitgeist?
The privacy catastrophe has only just begun
Seamlessly, the US Department of Justice switched tacks: Apple’s encryption is a “marketing stunt”. The company has an obligation to backdoor its products to assist law enforcement. Please, let’s not dredge up the old argument about whether it’s OK to spy on everyone – we settled that argument already, by pointing out the fact that no one was making any money by making privacy promises. Now that someone is making money from privacy tech, they’re clearly up to no good.
The smog of personal data is the carbon dioxide of privacy. We’ve emitted far too much of it over the past decades, refusing to contemplate the consequences until the storms came. Now they’ve arrived, and they’ll only get worse, because the databases that haven’t breached yet are far bigger, and more sensitive than those that have.
Like climate change, the privacy catastrophes of the next two decades are already inevitable. The problem we face is preventing the much worse catastrophes of the following the decades.
And as computers are integrated into the buildings and vehicles and cities we inhabit, as they penetrate our bodies, the potential harms from breaches will become worse.