Free flows of information [about someone else]
After the fuss surrounding PRISM last month, I was bemused to find the historical pages of the July 2013 issues of IEEE Computer reporting that, thirty-two years ago, "worldwide protectionist legislation is threatening the free flow of information across borders". This lament is attributed to W. Michael Blumenthal in the July 1981 issue of the same magazine (p. 115), who was then the chairman of the Burroughs Corporation (now part of Unisys).
How things change! I thought. In 1981, Blumenthal feared that governments might enact legislation preventing the free use of private data. In 2013, computer enthusiasts fear that governments themselves might be making free use of private data.
Reading the original article in its entirety, I realised that the two attitudes probably aren't as contradictory as they first seemed. I take Blumenthal to be referring to computer companies' ability to use data as they please, while modern critics of PRISM are referring to the government's ability to use data as it pleases. The two sentences in the previous paragraph are perfectly consistent when interpreted in the light of self-interest: the computer industry would like to do as it pleases with whatever data it can collect, while it has nothing to gain from law enforcement agencies' use of similar data. For law enforcement agencies, it's the other way around.
I think just about all credible systems of ethics, justice and law try to resolve this problem by demanding some variant of the Golden Rule: treat others as you would have them treat you. Or, that everyone is equal before the law. In a privacy context, I may not have anything immediate to gain from someone else's use of data, but it would be irrational (or at least egomaniacal) for me to deny someone else use of data in a way that I believe I'm entitled to do myself. If I think beyond my immediate self-interest, I see that I do have an interest in allowing other people to make use of data insofar as it provides a moral basis for my right to use data in the same way.
Computer companies and law enforcement agencies, though, differ markedly from individuals and from each other. Law enforcement agencies do plenty of things that would be regarded as vigilantism if I did them myself, and I have no conceivable need to sell customer information since I'm not an ad-supported business. Yet I appreciate enforcement of the rule of law and (sometimes) ad-supported services, so it's not so simple to say that I should treat them as I would have them treat me. So perhaps we need something a little more nuanced.
I was recently introduced to the work of John Rawls, who proposed that a "just" system of laws is one that would be agreed to by people with no knowledge of what social position they were going to be born into. I wonder if computer companies, law enforcement agencies and the rest of us could learn from similarly pondering how we would establish rules for the sharing of data without any knowledge of the industry in which we were to be engaged?
Imagining totalitarianism
The Conversation (amongst others) last week had plenty to say about "PRISM", with all of Philip Branch, Sean Rintel, Alan Woodward, Grant Blank, and Ashlin Lee and Peta Cook having something to say about the US National Security Agency's alleged programme to collect information from the servers of US Internet companies.
I found it curious that the criticisms levelled at this kind of surveillance are largely (though not completely) theoretical, in the sense that they don't much discuss actual instances of people suffering at the hands of such systems. A mention or two of Watergate seems to be about it, and that happened forty years ago.
Now, what constitutes "suffering" may be a matter of opinion. Does it do someone harm to be embarrassed? To be in the NSA's files? To be judged by information collected by Google and Facebook? And perhaps it's hard to find people suffering because such systems haven't been widely used in Western countries (though Lee and Cook's contribution suggests otherwise).
The orthodox view amongst those who write most about privacy seems to be that the collection of data is harmful in and of itself. The classical view amongst technologists, in particular, is that privacy consists of never telling anyone anything, and hence their fascination with technology like Tor and Bitcoin. It certainly seems sinister enough to imagine that there's some organisation watching one's every online move. After all, what good could such an organisation possibly do for the person being watched?
The answer is that, whatever conspiracy theorists might like to imagine, I don't think there are any organisations that collect data simply for the sake of it. Google, Facebook and the rest collect data in part to serve the immediate needs of their users and in part to meet their own business needs. The NSA and similar organisations collect data to serve what they perceive to be the public interest. To get worked up about the mere collection of data is to miss the point: the real question concerns the purpose the data is used for, and whether or not the benefits of this purpose outweigh the costs.
Making simple allusions to totalitarian states and Orwell doesn't answer this question. The problem with totalitarian dictators isn't so much that they spy on their citizens, it's that they persecute citizens who hold views disagreeable to the dictator. Indeed, any organisation that simply collected data for its own sake would just be a corporate variant of the oddballs that appear on Collectors.
