What killed both the Clipper Chip and crypto export controls were not demands for privacy from consumers. Rather, they were killed by the threat of foreign competition and demands from US industry. Electronic commerce needed strong cryptography, and even the FBI and the NSA could not stop its development and adoption.
GOVERNMENT SURVEILLANCE COSTS BUSINESS
Those of us who fought the crypto wars, as we call them, thought we had won them in the 1990s. What the Snowden documents have shown us is that instead of dropping the notion of getting backdoor government access, the NSA and FBI just kept doing it in secret. Now that this has become public, US companies are losing business overseas because their non-US customers don’t want their data collected by the US government.
NSA surveillance is costing US companies business in three different ways: people fleeing US cloud providers, people not buying US computer and networking equipment, and people not trusting US companies.
When the story about the NSA’s getting user data directly from US cloud providers—the PRISM program—broke in 2013, businesses involved faced a severe public relations backlash. Almost immediately, articles appeared noting that US cloud companies were losing business and their counterparts in countries perceived as neutral, such as Switzerland, were gaining. One survey of British and Canadian companies from 2014 found that 25% of them were moving their data outside the US, even if it meant decreased performance. Another survey of companies found that NSA revelations made executives much more concerned about where their data was being stored.
Estimates of how much business will be lost by US cloud providers vary. One 2013 study by the Information Technology and Innovation Foundation foresees the loss of revenue at $22 to $35 billion over three years; that’s 10% to 20% of US cloud providers’ foreign market share. The Internet analysis firm Forrester Research believes that’s low; it estimates three-year losses at $180 billion because some US companies will also move to foreign cloud providers.
US computer and networking companies are also taking severe hits. Cisco reported 2013 fourth quarter revenue declines of 8% to 10%. AT&T also reported earnings losses, and had problems with its European expansion plans. IBM lost sales in China. So did Qualcomm. Verizon lost a large German government contract. There’s more. I have attended private meetings where large US software companies complained about significant loss of foreign sales. Cisco’s CEO John Chambers wrote to the Obama administration, saying that NSA’s hacking of US equipment “will undermine confidence in our industry and in the ability of technology companies to deliver products globally.”
Chambers’s comments echo the third aspect of the competitiveness problem facing US companies in the wake of Snowden: they’re no longer trusted. The world now knows that US telcos give the NSA access to the Internet backbone and that US cloud providers give it access to user accounts. The world now knows that the NSA intercepts US-sold computer equipment in transit and surreptitiously installs monitoring hardware. The world knows that a secret court compels US companies to make themselves available for NSA eavesdropping, and then orders them to lie about it in public. Remember the Lavabit story from Chapter 5?
All of this mistrust was exacerbated by the Obama administration’s repeated reassurances that only non-Americans were the focus of most of the NSA’s efforts. More than half of the revenue of many cloud companies comes from outside the US. Facebook’s Mark Zuckerberg said it best in a 2013 interview: “The government response was, ‘Oh don’t worry, we’re not spying on any Americans.’ Oh, wonderful: that’s really helpful to companies trying to serve people around the world, and that’s really going to inspire confidence in American internet companies.”
To be fair, we don’t know how much of this backlash is a temporary blip because NSA surveillance was in the news, and how much of it will be permanent. We know that several countries—Germany is the big one—are trying to build a domestic cloud infrastructure to keep their national data out of the NSA’s hands. German courts have recently ruled against data collection practices by Google, Facebook, and Apple, and the German government is considering banning all US companies that cooperate with the NSA. Data privacy is shaping up to be the new public safety requirement for international commerce.
It’s also a new contractual requirement. Increasingly, large US companies are requiring their IT vendors to sign contracts warranting that there are no backdoors in their IT systems. More specifically, the contractual language requires the vendors to warrant that there is nothing that would allow a third party to access their corporate data. This makes it harder for IT companies to cooperate with the NSA or with any other government agency, because it exposes them to direct contractual liability to their biggest and most sophisticated customers. And to the extent they cannot sign such a guarantee, they’re going to lose business to companies who can.
We also don’t know what sort of increase to expect in competitive products and services from other countries around the world. Many firms in Europe, Asia, and South America are stepping in to take advantage of this new wariness. If the 1990s crypto wars are any guide, hundreds of non-US companies are going to provide IT products that are beyond the reach of US law: software products, cloud services, social networking sites, networking equipment, everything. Regardless of whether these new products are actually more secure—other countries are probably building backdoors in the products they can control—or even beyond the reach of the NSA, the cost of NSA surveillance to American business will be huge.
CORPORATE SURVEILLANCE COSTS BUSINESS
It’s been almost an axiom that no one will pay for privacy. This generalization may have been true once, but the attitudes are changing.
People are now much more cognizant of who has access to their data, and for years there have been indications that they’re ready to pay for privacy. A 2000 study found that US Internet spending would increase by $6 billion a year if customers felt their privacy was being protected when they made purchases. And a 2007 study found that customers were willing to pay more to have their privacy protected: $0.60 per $15 item. Post-Snowden, many companies are advertising protection from government surveillance.
Most companies don’t offer privacy as a market differentiating feature, but there are exceptions. DuckDuckGo is a search engine whose business model revolves around not tracking its users. Wickr offers encrypted messaging. Ello is a social network that doesn’t track its users. These are nowhere near as big as their established competitors, but they’re viable businesses. And new ones are opening up shop all the time.
We are seeing the rising importance of customer and user privacy in the increasing number of corporations with chief privacy officers: senior executives responsible for managing the legal and reputational risk of the personal data the corporation holds. These executives have their own organization, the International Association of Privacy Professionals, and are establishing rules and regulations even in the absence of government impetus. They’re doing this because it’s good for business.
10
Privacy
The most common misconception about privacy is that it’s about having something to hide. “If you aren’t doing anything wrong, then you have nothing to hide,” the saying goes, with the obvious implication that privacy only aids wrongdoers.
If you think about it, though, this makes no sense. We do nothing wrong when we make love, go to the bathroom, or sing in the shower. We do nothing wrong when we search for a job without telling our current employer. We do nothing wrong when we seek out private places for reflection or conversation, when we choose not to talk about something emotional or personal, when we use envelopes for our mail, or when we confide in a friend and no one else.
Moreover, even those who say that don’t really believe it. In a 2009 interview, Google CEO Eric Schmidt put it this way: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” But in 2005, Schmidt banned employees from talking to rep
orters at CNET because a reporter disclosed personal details about Schmidt in an article. Facebook’s Mark Zuckerberg declared in 2010 that privacy is no longer a “social norm,” but bought the four houses abutting his Palo Alto home to help ensure his own privacy.
There are few secrets we don’t tell someone, and we continue to believe something is private even after we’ve told that person. We write intimate letters to lovers and friends, talk to our doctors about things we wouldn’t tell anyone else, and say things in business meetings we wouldn’t say in public. We use pseudonyms to separate our professional selves from our personal selves, or to safely try out something new.
Facebook’s CEO Mark Zuckerberg showed a remarkable naïveté when he stated, “You have one identity. The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly. Having two identities for yourself is an example of a lack of integrity.”
We’re not the same to everyone we know and meet. We act differently when we’re with our families, our friends, our work colleagues, and so on. We have different table manners at home and at a restaurant. We tell different stories to our children than to our drinking buddies. It’s not necessarily that we’re lying, although sometimes we do; it’s that we reveal different facets of ourselves to different people. This is something innately human. Privacy is what allows us to act appropriately in whatever setting we find ourselves. In the privacy of our home or bedroom, we can relax in a way that we can’t when someone else is around.
Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. It is about choice, and having the power to control how you present yourself to the world. Internet ethnographer danah boyd puts it this way: “Privacy doesn’t just depend on agency; being able to achieve privacy is an expression of agency.”
When we lose privacy, we lose control of how we present ourselves. We lose control when something we say on Facebook to one group of people gets accidentally shared with another, and we lose complete control when our data is collected by the government. “How did he know that?” we ask. How did I lose control of who knows about my traumatic childhood, my penchant for tasteless humor, or my vacation to the Dominican Republic? You may know this feeling: you felt it when your mother friended you on Facebook, or on any other social networking site that used to be just you and your friends. Privacy violations are intrusions.
There’s a strong physiological basis for privacy. Biologist Peter Watts makes the point that a desire for privacy is innate: mammals in particular don’t respond well to surveillance. We consider it a physical threat, because animals in the natural world are surveilled by predators. Surveillance makes us feel like prey, just as it makes the surveillors act like predators.
Psychologists, sociologists, philosophers, novelists, and technologists have all written about the effects of constant surveillance, or even just the perception of constant surveillance. Studies show that we are less healthy, both physically and emotionally. We have feelings of low self-esteem, depression, and anxiety. Surveillance strips us of our dignity. It threatens our very selves as individuals. It’s a dehumanizing tactic employed in prisons and detention camps around the world.
Violations of privacy are not all equal. Context matters. There’s a difference between a Transportation Security Administration (TSA) officer finding porn in your suitcase and your spouse finding it. There’s a difference between the police learning about your drug use and your friends learning about it. And violations of privacy aren’t all equally damaging. Those of us in marginal socioeconomic situations—and marginalized racial, political, ethnic, and religious groups—are affected more. Those of us in powerful positions who are subject to people’s continued approval are affected more. The lives of some of us depend on privacy.
Our privacy is under assault from constant surveillance. Understanding how this occurs is critical to understanding what’s at stake.
THE EPHEMERAL
Through most of history, our interactions and conversations have been ephemeral. It’s the way we naturally think about conversation. Exceptions were rare enough to be noteworthy: a preserved diary, a stenographer transcribing a courtroom proceeding, a political candidate making a recorded speech.
This has changed. Companies have fewer face-to-face meetings. Friends socialize online. My wife and I have intimate conversations by text message. We all behave as if these conversations were ephemeral, but they’re not. They’re saved in ways we have no control over.
On-the-record conversations are hard to delete. Oliver North learned this way back in 1987, when messages he thought he had deleted turned out to have been saved by the White House PROFS Notes system, an early form of e-mail. Bill Gates learned this a decade later, when his conversational e-mails were provided to opposing counsel as part of Microsoft’s antitrust litigation discovery process. And over 100 female celebrities learned it in 2014, when intimate self-portraits—some supposedly deleted—were stolen from their iCloud accounts and shared further and wider than they had ever intended.
It’s harder and harder to be ephemeral. Voice conversation is largely still unrecorded, but how long will that last? Retail store surveillance systems register our presence, even if we are doing nothing but browsing and even if we pay for everything in cash. Some bars record the IDs of everyone who enters. I can’t even buy a glass of wine on an airplane with cash anymore. Pervasive life recorders will make this much worse.
Science fiction writer Charles Stross described this as the end of prehistory. We won’t forget anything, because we’ll always be able to retrieve it from some computer’s memory. This is new to our species, and will be a boon to both future historians and those of us in the present who want better data for self-assessment and reflection.
Having everything recorded and permanently available will change us both individually and as a society. Our perceptions and memories aren’t nearly as sharp as we think they are. We fail to notice things, even important things. We misremember, even things we are sure we recall correctly. We forget important things we were certain we never would. People who keep diaries know this; old entries can read as if they were written by someone else. I have already noticed how having a record of all of my e-mail going back two decades makes a difference in how I think about my personal past.
One-fourth of American adults have criminal records. Even minor infractions can follow people forever and have a huge impact on their lives—this is why many governments have a process for expunging criminal records after some time has passed. Losing the ephemeral means that everything you say and do will be associated with you forever.
Having conversations that disappear as soon as they occur is a social norm that allows us to be more relaxed and comfortable, and to say things we might not say if a tape recorder were running. Over the longer term, forgetting—and misremembering—is how we process our history. Forgetting is an important enabler of forgiving. Individual and social memory fades, and past hurts become less sharp; this helps us forgive past wrongs. I’m not convinced that my marriage would be improved by the ability to produce transcripts of old arguments. Losing the ephemeral will be an enormous social and psychological change, and not one that I think our society is prepared for.
ALGORITHMIC SURVEILLANCE
One of the common defenses of mass surveillance is that it’s being done by algorithms and not people, so it doesn’t compromise our privacy. That’s just plain wrong.
The distinction between human and computer surveillance is politically important. Ever since Snowden provided reporters with a trove of top-secret documents, we’ve learned about all sorts of NSA word games. The word “collect” has a very special definition, according to the Department of Defense. It doesn’t mean collect; it means that a person looks at, or analyzes, the data. In 2013, Director of National Intelligence James Clapper likened the NSA’s trove of accumulated data to a library. All t
hose books are stored on the shelves, but very few are actually read. “So the task for us in the interest of preserving security and preserving civil liberties and privacy is to be as precise as we possibly can be when we go in that library and look for the books that we need to open up and actually read.”
Think of that friend of yours who has thousands of books in his house. According to this ridiculous definition, the only books he can claim to have collected are the ones he’s read.
This is why Clapper asserts he didn’t lie in a Senate hearing when he replied “no” to the question “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” From the military’s perspective, it’s not surveillance until a human being looks at the data, even if algorithms developed and implemented by defense personnel or contractors have analyzed it many times over.
This isn’t the first time we’ve heard this argument. It was central to Google’s defense of its context-sensitive advertising in the early days of Gmail. Google’s computers examine each individual e-mail and insert a content-related advertisement in the footer. But no human reads those Gmail messages, only a computer. As one Google executive told me privately in the early days of Gmail, “Worrying about a computer reading your e-mail is like worrying about your dog seeing you naked.”
But it’s not, and the dog example demonstrates why. When you’re watched by a dog, you’re not overly concerned, for three reasons. The dog can’t understand or process what he’s seeing in the same way another person can. The dog won’t remember or base future decisions on what he’s seeing in the same way another person can. And the dog isn’t able to tell anyone—not a person or another dog—what he’s seeing.
Data and Goliath Page 14