If an e-mail lies on a hard drive, does it make a sound?
In attempting to expand my thoughts on what we imagine surveillers might do recently, I considered starting with the question: if an e-mail lies on a hard drive, does it make a sound? My purpose was to challenge the centrality of data collection in debates about privacy and surveillance. If data about someone is collected on a computer, but no human ever looks at it, is that person's privacy invaded?
I happened to be reading Steve Talbott's Devices of the Soul (2006) this week, which gives an answer in a chapter entitled Privacy in an Age of Data. Talbott argues that privacy is properly conceived as being a property possessed by a person, and that the privacy of data is therefore meaningless or at least beside the point. He goes on to say that
the ideal of privacy gains substance only in those primary contexts where we know each other well enough to care (p. 233; emphasis in original).Read in the context of the question above, I take this as a "no".
Talbott takes a somewhat mystical view of humanity, and elsewhere lambasts scientific materialists like Richard Dawkins and Rodney Brooks as "reductionists" for holding that humans are made up of chemicals. In this view, maybe machines can never invade privacy because they don't "care". But, shorn of any mysticism, I take the point to be that privacy only has meaning amongst entities that interact with each other and can make choices about the relationship. Mere knowledge of someone else, without any capacity to have an effect on that person, is simply data.
This tallies with what I experience when I read sordid news stories. Given that I've never met the people involved, and nor am I likely to, I simply take on board the information that people did the things that they're reported to have done. Not because I'm a machine (even if Rodney Brooks et al. are right), but because I have no relationship with those people and no direct capacity to either influence them or be influenced by them. But I doubt that I would react the same way if someone I knew was involved in the same sorts of activities.
But do the subjects of sordid news stories, being on the other side of the experience, feel the same way? I read in the Sydney Morning Herald this weekend that Britain's Prince William and Kate Middleton have accused two photographers of "surveilling" their son (Paparazzi warned off pursuing George, 4 October 2014, p. 26). Prince George presumably isn't involved in anything more sordid than dirty nappies, but his parents clearly aren't happy with some of the attention he's been getting.
I'm not a royal-watcher and I can't speak for what kind of relationship royal-watchers think they're in with the family. The royals themselves, I suppose, are in some sort of relationship with the public or at least the media, and perhaps this relationship is the source of their frustration. They are, after all, affected by the public's and the media's treatment of them. (I've often wondered what I'd feel like upon reading about myself in the news but have never had the opportunity to find out.)
Getting back to my hypothetical e-mail, one can imagine a computer system that collects e-mails but takes no action unless a human explicitly asks for it. In fact, traditional e-mail systems work something like this, and I've never heard anyone complain that their privacy has been invaded by an SMTP or IMAP server. I doubt that even Google or the NSA pays human voyeurs to dig through the stuff that they collect.
Of course Google and other ad-supported services do take action on the data they collect; they use it to select the advertisements to be shown to each user. Intelligence agencies use selected information to pursue investigations and make arrests. I'm nonetheless pretty sure that the computer systems involved don't "care" in any human sense, but I'm also sure that critics would say that this is not the point. So does my e-mail make a sound?
On fighting discrimination with secrecy
Mark Rix opens a recent Conversation article on Australia's proposed metadata retention laws with a couple of paragraphs asserting that "privacy and individuals' ability to remain anonymous are important protections against persecution, bullying, intimidation and retaliation." As I understand it, the idea here is that privacy and anonymity provide a kind of first line of defence against unfair discrimination by depriving would-be discriminators of the knowledge on which their discrimination is based. Such an approach seems superficially appealling, and I'm sure I've used it myself when don't-ask don't-tell seems like the easiest way of avoiding an unpleasant confrontation.
When I think it through more carefully, however, I see a number of problems with this view. For a start, there are many situations in which it seems hopelessly impractical: is anyone likely to suggest, for example, that we defeat racial discrimination by donning ninja costumes or applying make-up that obscures the colour of our skin?
Supposing that secrecy is feasible, however, is hiding beneath it really the ideal outcome in the long run? Many years ago, I read a newspaper article (whose citation I sadly forget) making the point that many of our modern freedoms have been won by people who stood up against being driven underground. Would homosexuality, say, be as widely accepted as it is in liberal democracies today if the homosexuals of yesteryear had simply remained out of sight? I'm sure it wasn't easy for those people who did speak out — but the secrecy solution would have them even now cowering in anonymity instead of finding social acceptance.
Words like "discrimination" and others used in Rix's assertion are often used in a pejorative sense to refer to unjust discrimination on the basis of race, gender, etc., but a broader interpretation shows that secrecy in fact cuts both ways. Law enforcement agencies want access to metadata among other things precisely because our law "discriminates" against drugs, violence, money laundering and other activities deemed harmful by lawmakers and the people who vote for them. To law enforcement agencies, secrecy is just an impediment to carrying out the discrimination delineated by the law. The real question is not whether or not to discriminate, but what ought to be discriminated against.
The main reason that I don't feel threatened by my government or anyone else isn't that I'm secure in the knowledge that the police can never find me — they probably can — it's that I'm fortunate enough to live in a country that respects a broad range of views amongst its citizens, and will punish anyone who refuses to respect them likewise. If the government decides to start rounding up computer scientists, mediaeval re-enactors, or bearded men, well, I'll have a problem — not because I don't have a ninja costume and batcave in which to hide, but because my government has ceased to respect my personal choices. And if the government ever decided to do such a thing, would I be best served by going into hiding, or by standing up for my choices?
"Feels free" and the data collection business
Ashlin Lee and Peta Cook contributed another article on surveillance to The Conversation this week, this one highlighting what they see as the inadequacies of the Reset the Net campaign. They say that "while the campaign is laudable in its efforts to raise the issue of surveillance, there are some glaring oversights present", mainly because the campaign neglects the huge amount of data collection undertaken by non-government actors, including some of the campaign's own supporters.
All this drew the usual cluster of comments bemoaning the surveillance society in which we supposedly live. The trouble is, as I saw it, the targeted advertising for which this data collection is essential is what enables all the "free" services that are so popular with Internet users. Consequently, avoiding or eliminating it is not so straightforward as naïve anti-surveillance commenters (and, indeed, Reset the Net) seem to suppose.
George Burns followed up with a suggestion that early "cypherpunks" and academic free-content advocates provided the foundation for the present dominance of corporate advertising by insisting that content be provided free of charge. It's hard to say whether or not cypherpunks and academics in particular were responsible for the preponderance of advertising on the Internet, but the widespread expectation that Internet services be provided free of charge is surely a major contributor to it.
Working in copyright and technology, I occassionally heard someone suggest that music retailers could combat copyright infringement with a business model that "feels free", which I supposed to mean some sort of comes-with-music or ad-supported approach in which buyers don't pay for individual tracks. There may be some merit in such models, and "feeling free" certainly works well for Google even if its success in many other endeavours might be debatable. But "feels free" implies "ignorant of the cost", leaving Google and Facebook users acting surprised and offended whenever the data collection activities of these services are mentioned.
I've previously contemplated re-badging so-called "free content" as "ad-enabled content" to more accurately reflect the mechanism by which it is resourced. A harsher critic might suggest that "surveillance-enabled services" would make the message even balder. Either way, it's hard to see how data collection, corporate messaging and other annoyances can be addressed without confronting the business models by which the services in question are delivered.
The bad guys are the enemy of the good guys, and vice versa
Recent articles on surveillance and privacy from Ashlin Lee and Peta Cook on The Conversation and John Leyden (quoting Art Coviello) on the The Register provoked some fairly predictable responses from anti-surveillance commenters. Said commenters insist that surveillance is self-evidently something that Big Bad Government does and should be stopped, and seem confused that anyone else would think otherwise.
Lee and Cook's argument, as I understand it, is that many of us like displaying certain aspects of ourselves to others, including people who we do not know beforehand, and that we therefore cannot simply reject all surveillance out-of-hand as "Orwellian". This idea, however, seems to be incomprehensible to commenters like Ben Marshall and Damien Hayden, who attempt to define the problem out of existence by insisting that "surveillance" refers only to watching someone without that person's permission, and that such a thing is self-evidently bad. We could, indeed, reserve the word "surveillance" only for whatever kinds of watching we don't like. But this won't eliminate our desire to express ourselves by exhibiting chosen characteristics, with the implication that we actually want people to pay attention to us when we do so.
Leyden reports the view of Art Coviello, the executive chair of RSA Security, that "anonymity is the enemy of privacy". Such a statement, of course, makes no sense to the classical security technologist's view that privacy is about never revealing anything, and that privacy and anonymity go hand-in-hand in protecting computer users from interference. Coviello's argument, as it is described in Leyden's article, isn't completely clear to me, but seems to be something like: anonymous miscreants are able to attack security systems with impunity, thus revealing the private data protected by said systems. Perhaps Coviello meant to say that anonymity is the enemy of security, and allude to the well-known tension between freedom and security that appears in nearly all debates on law enforcement.
While working in information security myself, I came to the view that security technologies can be used both by the good guys to protect themselves from the bad guys, and by the bad guys to protect themselves from the good guys. I therefore don't see much sense in making sweeping statements about the moral or political merits of anonymisation technologies, surveillance technologies, and other such things without reference to the context in which they are used. The statement attributed to Coviello is an example, and is difficult to interpret for this reason. But sweeping anti-surveillance statements are no more enlightening: how many people dress in ninja costumes whenever they're outside the house, lest others "surveil" what kind of t-shirts and haircuts they like to wear? And if people like to express themselves off-line, why wouldn't they want to do it on-line as well?
Shadowy citizens vs shadowy governments
I've been reading quite a bit about Bitcoin and other anonymisation technologies over the past week or so, partly driven by the recent shut down of an anonymous marketplace known as Silk Road. David Glance has a bit to say about Bitcoin, Silk Road and Liberty Reserve on The Conversation, while Jonathon Levin discusses possible directions for Bitcoin and Nigel Phair ponders likely replacements for Silk Road in the same venue. G. Pascal Zachary comes at similar issues from the point of view of surveillance in the October 2013 issue of IEEE Spectrum (p. 8).
Levin opens with a statement about Bitcoin enthusiasts and libertarians being confused by the slow take-up of what, to them, is a tremendous advance in anonymity and freedom from Big Bad Government. I don't know which, if any, specific libertarians are being referred to by Levin, but Levin's statement certainly seems consistent with traditional cyberlibertarian thinking that anonymity and secrecy is the path to the protection of rights and freedom.
Non-libertarians, of course, probably think more like Nigel Phair and G. Pascal Zachary, who accept that there are certain behaviours deemed to be illegal for good reason, and that law enforcement agencies must therefore have some sort of power to detect and arrest those who engage in those behaviours. Assuming that the non-libertarians aren't doing any of these illegal things themselves, they perceive somewhat less need for anonymity. For that matter, even libertarians agree that the state should enforce property rights and contracts, and one wonders if even they would be pleased with a technology that allowed anonymous miscreants to steal property and dishonour contracts.
Anti-surveillance commentators love to mock the surveillers' defence that "you've got nothing to worry about if you're not doing anything wrong", but the surveillers may be perfectly correct if they're referring to what the surveillers consider wrong. Why waste time persecuting behaviour with which one has no problem, after all? The problem is, not everyone agrees with the surveillers' vision of wrongness, and anti-surveillers fear persecution for behaviours that they consider acceptable, but which the surveillers consider wrong.
The dealing of drugs, identities and violence alleged to be taking place on Silk Road and its like probably doesn't do much for the anti-surveillers' case. Apparently Silk Road users really do have something to hide under the law of most countries, and I doubt many people are shedding a tear for those poor old criminal gangs who've just lost one of their meeting places.
Hal Berghel's take on PRISM in the July 2013 issue of IEEE Computer asks that politicians do not take the "trust me" approach to defending government surveillance apparatus, in which politicians ask us to trust that said apparatus is only being used to apprehend genuine criminals. Simply hearing "trust me" is certainly dissatisfying. Said politicians need to prove their trustworthiness by demonstrating that, if you're not doing anything wrong, you really do have nothing to fear. But anti-surveillers have a similar problem: why accept a statement of "trust us" from a shadowy on-line marketplace any more than a statement of "trust us" from a shadowy government department?
