This is part of Life After Privacy, a four-part series on the risks, challenges and opportunities for citizens and consumers posed by a world where your private information is widely available to governments and corporations. Read part one on Big Data and part two on spy agencies.
Are hackers, long considered a threat, now the best defence we’ve got?
For years, since the emergence of Wikileaks as a media sensation, we’ve been aware of a group of digital activists who have warned us, often in apocalyptic language, about the scope and scale of digital surveillance — and we’ve largely dismissed them. But in the wake of Edward Snowden’s whistleblowing on spy agencies that are prepared to monitor and collect our personal information, we’re finding out that those activist were, in many cases, accurate in their warnings.
So who are these people, and now that we know they’re more than just a bunch of conspiracy theorists, do we have a responsibility to listen to and act on their warnings? How did we get to a state where, even as this new generation of “hacktivisits” is making all kinds of noise about digital privacy and data security, data breaches and leaks continue to be a near-daily occurrence? Do we want to protect ourselves and our governments from the hackers, or do the hackers have something important to teach us?
Omar El Akkad: For years, we’ve seen activists raise the alarm about the growing scope of digital surveillance — and yet, as a society, we've done relatively little about it. Perhaps my experience is an anomaly, but I know of very few people who have ditched Windows for a more secure operating system, or started to use encryption when they otherwise wouldn't have.
With the latest revelations from the Snowden documents (and the growing realization that those activists might have been right all along in their warnings), are you getting any sense that the average person is starting to catch on the importance of protecting themselves from digital surveillance, or will this always be an abstract issue for all but the most digitally sophisticated users?
Ronald Deibert: It is true that most users do not think much about their Internet experiences beyond the screen in front of them. For most it is a special kind of magic that just works.
In a way, this situation is paradoxical: as never before are we surrounded by so much technology and yet as never before we know so little about what goes on “inside” the technology. This lack of transparency and awareness has meant that governments and corporations have been able quietly to build out enormous surveillance capabilities of extraordinary scale and scope essentially behind the backs of, and largely with the acquiescence of, of citizens and users.
The Snowden revelations have begun to peel back the curtains on this subterranean world, and many people are now for the first time hearing about the extent to which their digital emissions and online habits can be a source of insecurity and loss of privacy. Many in the engineering and computer-science communities are escalating efforts in the wake of these revelations to build out new systems that provide security and privacy by design. I believe innovations in these areas will be important and should be encouraged. The reality, however, is that no matter how diligently one applies technological solutions, we can never likely find a single “silver bullet” that protects us from surveillance, or keeps our communications entirely private. Our lives are simply too technologically saturated.
That is why I believe the answer ultimately lies not solely in technological, but in political checks and balances. We need to restore independent oversight in liberal democratic societies, oversight that has been stripped away in the aftermath of the Sept. 11 attacks.
And we need to innovate new forms of distributed oversight, so that agencies of power — meaning primarily governments and the private sector — are watched, checked, and balanced from as many different centres throughout civil society as possible.
Mornay Walters: Digital surveillance has been around us for a number of years. Most of us know about it, yet we choose to ignore it.
The question is, why do we choose to ignore it? Is it because we feel we have nothing to lose and will only act when we have lost something, or is it we don't feel threatened by the fact that we have nothing to lose? So many times I hear people say, “I don't have anything to hide and I don't care if they listen to my calls.”
In my opinion, the status quo around digital surveillance, which is slowly reaching the awareness stage thanks to whistleblowers such as Edward Snowden, will remain as is and not much will change in the way consumers interact with digital technology.
The reason for this is simple. We, as a global society, do not act proactively even if we are faced with the facts of the issue. Two global issues of similar proportions come to mind, that of HIV/AIDS and climate change. In both cases, we as a society have been presented with the full facts of these problems, yet the decision to act on these problems was hindered by all kinds of agendas and excuses.
While people are slowly waking up to the issue of a less private world, most people will not take note of the problem until they have been a victim. For technology developers the challenge to overcome is to fuse top-level security practices with commonly used and requested user functions. Many of the popular applications that exist on the market have been designed to hook customers easily with little to no regard for their security or privacy. As the market matures and more technology developers include better security practices, users may start to differentiate between those products that offer security and privacy and those that don't.
For now, the users that will act proactively on these problems will remain restricted to government and federal employees, employees and customers of corporate organizations, and a small group of informed end-users that understand the threat landscape.
Omar El Akkad: One of the ideas that comes up in this sort of discussion, and is certainly present in your responses here, is that of the overwhelmed or under-informed end-user – one who has become reliant on the pervasive technology available to them, and as a result is resigned to the idea that snooping may be taking place (as Mornay puts it, the notion that, if I have nothing to hide, I have nothing to fear).
But beyond the harm this sort of mindset is likely to do to the foundations of a liberal democracy (as Ron points out), it leaves me at a loss for where a push-back to a surveillance society is likely to come from. Just this week we saw Apple scramble to fix a glaring security flaw in its software, and there's at least some evidence to suggest that 2013 was one of the worst years for consumer data leaks ever. If consumers are overwhelmed by or indifferent to the scale of surveillance and data privacy breaches, major tech firms have less than enough incentive to do anything about it, and government branches refuse to even acknowledge the issue until forced to by Snowden-type leaks, where will the impetus for real reform come from?
Ronald Deibert: Generally speaking, I am very pessimistic about the trends that you outline and, in fact, believe that the situation is going to get a lot worse rather than better in the short term.
One major factor that plays into this discussion is that the vast majority of Internet users are increasingly coming not from liberal democratic countries but from the global South.
Growth rates in Sub-Saharan Africa, for example, are on the order of several thousand percent per annum. Some of the fastest growth rates are occurring among failed states, flawed democracies, and autocratic and authoritarian regimes. Even among those countries that are “democratic,” some have a recent history of military dictatorship.
Some countries that have gone through democratic transitions, such as Egypt, are sliding back into autocratic or repressive practices. This means that today and increasingly into the future, technological usage, innovation and development will be undertaken in political environments that are unfavourable to human rights, including privacy.
Decisions on standards and practices made there will rebound back and affect us here in Canada directly as we will increasingly communicate using technologies shaped in those contexts, and in settings over which we have little control.
The story of Blackberry and the security deals it has had to make to operate in countries like the United Arab Emirates, Saudi Arabia, and India is a case in point.
Where will the impetus for change come in these circumstances? It is hard to say as we are talking about the prospects for liberal democracy and human rights on a global scale -- prospects that are not that great by anyone's estimation for the foreseeable future. Security breaches may shake people out of their lethargy. Scandalous misuse of data-gathered surveillance may do so as well.
Whatever is the initial spark, I do believe that the only way to change the situation is to begin by focusing on what we can do here, to put our own house in order first, and to start creating a regulatory environment and a set of best practices that hopefully become attractive for foreign investors and ultimately users worldwide to adopt and imitate. We are a long way from that in Canada, but it's a starting point on a long road to remediating what is an increasingly urgent case of the degradation of information rights.
Mornay Walters: Awareness is the first step in fixing the problem. The second step is acknowledging that there is a problem and that we as a global society have to do something about it.
A simple example of one sector that has come of age around security is that of Internet payment mechanisms — which comply to information-security standards. That said, sites that collect personal information have nothing to follow and so most sites remain exposed and our information remains at risk.
As with everything, history taught us there will be a turning point some time in the future, but where the impetus will come from, we will have to wait and see. Popular debates on the subject will help raise the awareness level, just like debates around the issue of climate change were made popular by people like Al Gore.
The current debate around digital surveillance is quite frankly boring, and part of the problem is everybody is accusing governments of overstepping the mark, but we forget who made it possible for governments to become so invasive. To get awareness out there to the millions of users who join this interconnected world, we need people who really care, people who can convey the problem — we need a face that stands for online privacy.
Omar El Akkad: What sort of advice would you offer someone who's looking to insulate themselves from privacy leaks and surveillance? By this, I don't mean just hardware and software suggestions, such as the Tor network for anonymous Internet use, or secure firewalls and proxies, but also general computing habits. I suspect the gamut of user reactions to the Snowden revelations, taken in its entirety, probably runs from “Do nothing” to “Abandon the web entirely.”
Ronald Diebert: There are those who look upon the growing revelations of mass surveillance in the world of Big Data with increasing trepidation, and I have heard many remark that the only solution for them is to "unplug" or isolate themselves from the technologies that surround us. Back to pen and paper, or some Romantic isolationism in the woods.
Not only do I think that is impossible, I also believe it is wrongheaded. First, there is no going back to a pre-cyberspace world, and in the foreseeable future the trends that we are experiencing today — massive volumes of data shared with third parties on a regular basis as we go about our daily lives — are unlikely to slow down. In fact, they show only signs of increasing acceleration. Even for those who do not use social media, cloud computing or mobile devices, you are still immersed in data points and subject to incidental surveillance as you go about your daily lives.
Second, I do believe these technologies offer enormous potential. I would say that they are essential to the survival of the species. We face many shared problems on a global scale and if we are ever going to solve them, it is essential that we have something approximating an open and secure environment of seamless communications through which citizens can share ideas and debate with each other. To protect Planet Earth, we need to protect the Net.
Moreover, there are countless positive aspects of surveillance: surveillance of disease, of environmental degradation, of land usage, of humanitarian relief, and of traffic patterns. That is why solutions to concerns around privacy and surveillance cannot be solved by technical means alone; we need to put in place political safeguards that strictly limit what can be done with data that is collected, by whom, and under what conditions.
And alongside that, we need a rigorous and highly decentralized system of distributed oversight of the practices of governments, private companies and large institutions.
That said, there are still important steps individuals should take to protect themselves in cyberspace — a form of digital hygiene. Best practices are critical especially for those individuals who are “at risk” – human-rights groups, journalists, whistleblowers, lawyers, and marginalized groups. Digital hygiene requires extra effort. It requires not taking technology at face value. Not accepting it shrink-wrapped. Not blindly clicking “I accept” on the terms of service. Not trusting without verifying. It requires a civic ethic of experimentation and curiosity — what I have called “lifting the lid on the Internet” — that is best exemplified in the original "hacker ethic" — a term that is now hopelessly and unfortunately associated with breaking the law, but which originally had a much more positive connotation.
Mornay Walters: 2013 will go down as the year when it all started, but it will take years for the market to truly understand the nature of what was revealed around security and privacy issues.
While there are technology providers who can provide a fix to those who require a solution now, the fast growth of new users who are being exposed to mobility and Internet products – matched with products that pay little or no respect to privacy rights or security and personal apathy toward online privacy – will exacerbate the problem for a long time to come.
Future digital surveillance by agencies and organizations will not be limited to the mobile phone in your pocket or the browser on your computer but instead will expand into supermarkets through loyalty cards, into your motor vehicles that now boast smart on-board computers, and into home automation through a fast developing industry known as the Internet of things.
While we may never be liberated from the problem of digital surveillance, the solution to the problem starts with us. We as informed users can make use of the tools provided by companies that protect us against these invasive practises, but we must also take care what we do on the Internet and always assume somebody’s watching. Lastly, it's in everybody's interest to inform and educate those around us of the issues of this digital world, especially the younger generation so the message will travel.