Tuesday, July 2, 2013

Life in the Goldfish Bowl: Privacy in the Age of Government Surveillance


As each day goes by, there are new revelations of the scope and scale of government surveillance.  I had long known or suspected that all governments engage in secret surveillance, but the Snowden revelations are opening our collective eyes to how vast these operations have become.  The limits on government surveillance seem to be set less by law or ethics than by the limits of the technical infrastructure to collect, store and interpret data.  

The entire privacy profession needs to re-think its priorities in the Age of Government Surveillance.  How does our use and development of technology change if people come to feel (rightly or wrongly) that we are all just goldfish swimming in a bowl of government surveillance?  How do we ourselves change, in a basic sociological sense, if we think we're being watched?  Are we being watched?

The Snowden revelations are already having significant political impacts.  Already, European officials are threatening to abandon the proposed Europe-US Free Trade Agreement negotiations.  Already, people and institutions are re-assessing their trust in the US government.  

Over time, I think we'll see a few long-lasting global trends as a reaction to these revelations about government surveillance (regardless of whether any of these actually provide for enhanced privacy or not):
  • There will be more development and adoption of encryption technologies, in particular, end-to-end encryption, and other privacy-enhancing technologies.   
  • There may be a systemic decrease in trust and use of cloud-based services, like not trusting email with your sensitive communications. 
  • There will be a series of initiatives to demand local-data-storage and to restrict international data transfers for cloud services, just as there are already calls to rescind the EU-US Safe Harbor Agreement. 
  • There may be a series of trade-protectionist measures around the world in favor of local (i.e., non-US) companies.  
  • There will be a series of criminal prosecutions, around the world, against companies and individuals, who will be caught in classic conflict of laws scenarios:  testing whether their compliance with US legal obligations to comply with US government surveillance orders puts them in violation of other countries' privacy laws.
  • Finally, there will be citizen and civil society demands for increased government transparency and democratic control of surveillance programs,  Some governments will respond and some will not.
For those of us who have a deep love for a free and open Internet, and a deep love for transparent and democratic government, it's all sobering.  The ineluctable progress of technology means that the governments' abilities to capture, store, and analyze data will double roughly every 18 months, absent legal or political decisions to restrain it.    

Some government surveillance is necessary and appropriate for governments to carry out their responsibilities to protect and defend their national security, but there's a reason John F. Kennedy didn't say:  "Ich bin ein Ost-Berliner."

No comments: