22 Thinkers Working to Combat Our Increasingly Terrifying Surveillance State
The following is excerpted from the forward to the new book Privacy in the Modern Age: The Search For Solutions by Julia Horowitz and Jeramie Scott. Edited by Marc Rotenberg (The New Press, 2015).
Few issues today are more widely debated than the impact of technology on privacy. Edward Snowden has kept news organizations busy since his decision to reveal the surveillance capabilities of the National Security Agency. The NSA has gathered up the telephone records of every American, as well as the personal communications of foreign leaders and the Internet browsing records of their citizens. So extraordinary is the data-gathering capability of the NSA that the agency has budgeted millions of dollars just for air-conditioning to keep cool its giant supercomputers.
But it is not only a spy agency that inspires headlines. Target lost the credit card records of 40 million American consumers in a data security breach. Home Depot beat that record and lost 56 million records. Advertising software tracks users across the Internet. Detailed medical records are available for sale. Students are subject to endless testing that generates data subject to endless review. Travelers to the United States are fingerprinted. Small robots patrol schoolyards. And we have still ahead data breaches that involve biometric identifiers, surveillance systems that massively identify people in a crowd, and firms that have leapt from the Internet to track people in physical space and record activities in their homes.
There is a temptation when confronted with these stories to utter some version of “Privacy is dead. Get over it.” Popular variants include, “You have no reasonable expectation of privacy,” “What did you expect? You posted it on the Internet,” and “Hey, it’s free. If you don’t like it, you don’t have to use it.” [But the following 22 thinkers have put] fatalism aside and instead of simply describing problems, set out solutions; they [take] seriously the dictum of Thomas Edison: “What man creates with his hand, he should control with his head.” It’s a new approach to the privacy debate, one that assumes privacy is worth protecting and that there are meaningful policy responses to pursue.
The [thinkers] share another common attribute. They are also associated with the Electronic Privacy Information Center (EPIC), specifically tasked with focusing public attention on emerging privacy and civil liberties issues. Together with the other advisory board members and the EPIC staff, they have pursued the common purpose of working to safeguard privacy in the modern age.
1. Open government advocate Steven Aftergood takes on the classic paradox of privacy in his contribution to Privacy in the Modern Age: The Search For Solutions—the critical role of transparency in ensuring accountability. Aftergood notes, “Transparency alone cannot dictate or imply what the outcome of a particular privacy or national security debate ought to be. But disclosure of the basic facts of government operations is what makes it possible for the debate to take place.” In openness, there is greater protection for privacy.
2. Computer scientist Ross Anderson views the U.S. debate from across the Atlantic and asks what the U.S. legacy will be when others look back at the technologically dominant superpower in the early part of the twenty-first century. It is not just a matter of legacy. “How the U.S. treats foreigners now will not just set the tone for our generation, but will shape how the world works and the way people are treated in future generations— once U.S. supremacy has passed the way of the British empire, the Spanish empire, and the Roman empire.”
3. Christine L. Borgman and her coauthors, experts in information policy and educational institutions, took on the practical challenge of developing a privacy framework for the largest university system in the United States. As they explain, “Today’s research universities face a plethora of competing challenges in the privacy arena.” The outcome is a remarkable blend of privacy principles, institutional structures, formal responsibilities, and public accountability.
4. Ryan Calo, a leading researcher in the field of robotics, thinks it is already time to pass laws and to create an agency to monitor our mechanized friends. As he writes, “Society should look to this issue now, as we stand knee-deep in waters that will only rise.”
5. Danielle Citron, a law professor who explores issues of gender, combines several threads of privacy culture when she points to growing concerns about “revenge porn.” Her proposal is clear. “The law needs updating again to combat destructive invasions of sexual privacy facilitated by networked technologies.”
6. Leading privacy campaigner Simon Davies focuses on recent developments in Europe, where the Snowden revelations have given way to massive calls to update privacy laws and limit data flows to America. Davies suggests that even a fractured Europe is likely to unite in this effort.
7. A. Michael Froomkin, one of the forefathers of cyberlaw, considers the policy nuts and bolts of identity management. At its core, the challenge is to allow individuals to disclose to others only that which is required in a technological environment where almost everything is transferred by default. The solution is subtle but profound. “In its most robust form, we would have true untraceable pseudonymity powered by payer-anonymous digital cash.”
8. Deborah Hurley, writer, lecturer, and policy adviser, traces the development of modern human rights instruments concerning privacy and notes the leadership role of the United States, beginning with the Universal Declaration of Human Rights in 1948. But she also finds that in recent years, the United States has lost its way and urges it to adopt comprehensive federal legislation to protect personal data and privacy.
9. From a European perspective, Kristina Irion looks at the safeguards and accountability of mass surveillance in Europe and the United States and how these affect transatlantic relations. Irion points “to asymmetries between countries that are precisely at the core of the transatlantic rift over mass surveillance.” Jeff Jonas, a designer of analytic software systems with privacy safeguards, takes as a given that “surveillance society is inevitable and irreversible” as well as “irresistible.” So, what is to be done? Jonas proposes several techniques—transfer accountability, attribute anonymization, data expiration, and audit trails—that could help reduce privacy risks.
10. Harry Lewis, an educator, computer scientist, and university administrator, makes the case for anonymous speech, but also cautions, “Among the responsibilities of civic life is to speak in our own voices when we can, and to take anonymous words seriously only if their anonymity is understandable.”
11. Anna Lysyanskaya, also a tech expert, makes the case for cryptography. In theory, the opportunities are boundless. In direct terms, Lysyanskaya explains that cryptography gives us “tools for getting the best of both worlds: accountability for wrongdoers and yet privacy for everyone else.”
12. Gary T. Marx, a pioneer in the field of technology and privacy, restates his challenges to the various techno-fallacies that often characterize contemporary discourse. He wisely concludes that “subjecting surveillance and privacy-hungry technologies to critical analysis . . . hardly guarantees a just and accountable society, but it is surely a necessary condition for one.”
13. Aleecia M. McDonald, a researcher and policy analyst, takes a close look at several of the current techniques for privacy protection, including DuckDuckGo, PGP, and Tor, and uncovers increasing interest in privacy-enhancing technologies after the Snowden disclosures.
14. Dr. Pablo G. Molina, an educational administrator and ethicist, looks squarely at the challenges academic institutions face. “Three major actors are responsible for these data leaks and organizational abuses: academic administrators, educational entrepreneurs, and hackers.” His solution is equally straightforward: “To ensure the privacy of educational information, we must influence the behavior of these three agents. We need better laws, better technologies, and better advocacy.”
15. Peter G. Neumann, a security researcher, describes the current state of network security as “abysmal.” Systems are riddled with vulnerabilities. They are inherently untrustworthy and fail by accident and by attack. Neumann recommends a “holistic approach that encompasses dramatic technological improvements, procedural efforts that are more than palliative best practices, legislation, . . . enforcement, and common sense. As usual,” he writes, “there are no easy answers.”
16. Helen Nissenbaum, a computer scientist and professor of media, culture, and communications, helped reframe the modern debate when she proposed that privacy was about “contextual integrity.” The concept received the backing of President Obama with the release of the Consumer Privacy Bill of Rights in 2012. In this essay, Nissenbaum revisits the claim, clarifying its purpose and arguing for an interpretation that places the interests of the individual above the design of technology.
17. Frank Pasquale, a law professor who studies corporate culture, points to deeper questions about the interplay between academic study and business research. Drawing on the Facebook emotional manipulation study, Pasquale warns that the “corporate ‘science’ of manipulation is a far cry from academic science’s ethics of openness and reproducibility.”
18. Dr. Deborah Peel, MD, the founder of Patient Privacy Rights, points with increasing urgency to the loss of individual control over medical record information. The reasons are many: the transition from paper to the digital world, the emergence of complex payment systems, and the collapse of barriers between health care providers and marketing firms. The solution, Peel believes, can emerge when the health care industry will “be as accountable and transparent with our health data as banks are with our money.”
19. Can free expression be preserved in the online world? Stephanie E. Perrin, an advocate for NGOs, speaks directly to the Internet Corporation for Assigned Names and Numbers (ICANN), the organization that governs the Internet, when she proposes, “The ability to have an anonymous domain registration would benefit those who exercise their rights of free speech in dangerous territories, or who are fleeing abuse and persecution.”
20. Noted copyright scholar Pamela Samuelson asked whether copyright might come to the rescue of privacy. Considering a recent series of decisions from federal courts, she notes a new strategy emerging, though also cautions about the possible impact on First Amendment interests.
21. Bruce Schneier has long been interested in the quality of the public debate about the future of privacy. What motivates us to act? What leaves us feeling powerless? He warns that “fear trumps privacy, because fear happens in a more primal part of our brain. And convenience trumps privacy, because convenience is real and immediate, while the harms from lack of privacy are more abstract and long-term.” But he also remains hopeful about reasoned debate. “We need to think about these issues now and decide what sort of society we want to live in, rather than letting these changes just happen to us without consideration.”
22. And Christopher Wolf, a leading attorney in the privacy field, is optimistic about how various privacy tools could help safeguard privacy even in our era of big data. Wolf concludes, “The prospects are good that thoughtful and concerned people will develop needed solutions with greater attention being paid to preserving privacy in our modern society.”
Adopted in 2009, the Madrid Privacy Declaration, a seminal articulation of privacy rights, emerging challenges, and possible solutions warns that “privacy law and privacy institutions have failed to take full account of new surveillance practices.” The experts and NGOs who authored this statement point to well-known international frameworks and new strategies to safeguard the fundamental right of privacy.
Taken as a whole, these thinkers and the declaration describe a range of new challenges and also, maybe, forthcoming calamities. If Mr. Snowden and Target kept news organizations busy over the last few years, no doubt many of our authors are identifying the problems that we will read about in the years ahead.
But if we continue to value the right to privacy, once described by Louis Brandeis as “the most comprehensive of all rights and the right most valued by a free people,” then we must get about the hard work of finding solutions.