Each week David Souter comments on an important issue for APC members and others concerned about the Information Society. This week’s blog is about how the possibility of privacy is changing in the digital age.
Privacy, say many people, is the human right most threatened by the Internet – and more generally by ICTs. I agree – so much so that I think we need to change the way we think about it. Before I come to why, and how, we need to ask three questions: What is privacy? Who threatens it? And what’s the Information Society doing to it?
What is privacy?
‘No one shall be subjected to arbitrary or unlawful interference with his privacy,’ proclaims the International Covenant on Civil and Political Rights, but it doesn’t offer any definition. So what privacy means has been open to interpretation – by the Human Rights Council, by governments, by rights activists and others.
This post’s about privacy in general, not legal, terms, so here’s the definition Wikipedia offers. ‘Privacy,’ it says, ‘is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively.’
That suggests one reason why defining it, in terms of rights, is difficult. Most of us know the extent of privacy/seclusion we want for ourselves, but our friends, families, neighbours and those in other countries may have different views – about their own privacy and ours. That we don’t share a common viewpoint on this struck me forcibly last year when I took part in a debate about national identity cards. The scope of those accepted with little opposition in, say, Estonia and India goes far beyond what would be considered acceptable in Britain or in Germany.
Who threatens privacy?
Two themes have dominated discussion about privacy around the Internet and ICTs. Both are due to changes in the way data are gathered, held and analysed.
First, rights and Internet activists alike are concerned about increased surveillance by governments and those acting for them. Governments are able to monitor communications traffic, and much more, in ways that they weren’t able to before. That power can be used in different ways which have different implications for rights and for societies – to monitor criminals, for example, and/or to monitor political opponents. How’s it’s used varies between countries.
Second, rights and Internet activists are concerned about the way that data are retained and used by online businesses. As readers of this blog know well, the platforms that dominate Internet use today are free to use because they exploit people’s data to market products and services more effectively than traditional advertising media can do. Those platforms know much more about us than our governments, our partners or, indeed, ourselves.
Our changing attitudes to privacy
These are the threats that are most discussed by Internet professionals, but what about our own behaviour?
Most users of the Internet are keen to use free platforms, and more than ready to share information with the businesses that offer them. They don’t feel threatened by the exploitation of their data by Facebook, Google and the like. Rather, they welcome the focusing of search results and newsfeeds on their own needs and interests.
Most users of the Internet are not political. They see the risk of government surveillance affecting others, not themselves.
Most users of the Internet are unskilled in protecting information. They’re as open with their Facebook friends as with their face-to-face ones. They don’t realise how public what they put on social media becomes. They’re more relaxed about their passwords, even where money’s concerned, than they ought to be. Protecting privacy from fraud and criminality requires more vigilance and more effort than they think’s required.
When so much information is available, on so many people, in so many ways, it’s very vulnerable. Businesses, governments and others that hold data legitimately are tussling endlessly with those who want access to those data for criminal or other purposes. Privacy is also, therefore, an issue for cybersecurity, and vice versa.
How has the Information Society changed privacy?
This is familiar ground, but most discussion of it seems to me to miss one crucial point. The reason threats to privacy are growing is a simple but profound change in how information’s gathered in the digital age – one which I’d say requires us to think about privacy differently from how we’ve thought about it up to now.
In the past, information that was held about us had to be consciously created and stored by those who wanted to make use of it, for our benefit or theirs. Governments, businesses and other organisations had to seek information from us and, with some exceptions, we gave it to them if we chose to do so. Data gathering and retention were labour and resource intensive, so only data that were obviously important were gathered and retained. This gave us significant control over the data that were gathered and retained about us.
Today, we’ve very little such control; and tomorrow we’ll have even less. Now, by contrast with the past, everything we do online – and much we do offline – is digitally recorded by default. It’s gathered automatically. No one has to ask for it, and we no longer choose whether we provide it. The costs of data retention and analysis are also falling all the time. It’s becoming simpler and cheaper to keep all of the data that’s recorded than to sift it for potential relevance.
The central question about data management and privacy, therefore, is no longer whether data’s gathered but how it’s used – which is a very different question. And, as with many other aspects of the Information Society, the Internet of Things and artificial intelligence will exacerbate this change, each new device we use gathering and retaining data on our daily lives. To take an obvious example, driverless cars will record our movements, whether we want them to or not, far more effectively than the CCTV cameras that rights activists are so concerned about today.
Changing our approach to privacy
I’d say this transition from active data-gathering to data-gathering by default profoundly changes the nature and the possibility of privacy. Instead of expecting most of our activities online and offline to remain known only to ourselves, in the digital age, we have to recognise that they’re recorded and therefore can, and likely will, easily be known by others. (The implications of a world in which ‘All that happens must be known’, in which privacy is past, are explored in Dave Eggers’ dystopian satire of the Internet, The Circle. Read, think and worry.)
The central question for us, where the right of privacy’s concerned, is therefore no longer about what information is recorded but about what’s done with information which has been recorded. Who has access to it; what uses can be made of it; with what constraints? And how much say do we have about what happens to information about ourselves?
This isn’t just about governments and government surveillance. It’s also about businesses and the terms on which they share, retain and use our data, which are set by the service contracts that are signed, almost always unread, by users – with, in some countries, some constraints from data protection laws.
And it’s about changing attitudes of mind. We’re living in an age in which technology has made surveillance and data retention much easier than they were before, and in which people have become more accepting of intrusion. We’re approaching one in which far more of what we do can and will be recorded as it happens, not to facilitate surveillance but simply because that is how tech works. Our old ways of maintaining privacy and protecting data aren’t going to be sufficient. We need to rethink, from first principles, what privacy means in the digital age and how we can protect it. Or, in Eggers’ terms, how we can square The Circle?
Next week’s blog post will look at the impact of ICTs on the environment.