Following is an article written by Prof. Zachary Wolfe, Esq., University Writing Program, George Washington University, as part of an academic project he is pursuing. It is not a project of the Party for Socialism and Liberation or Liberation News. We are posting it so that our readers have the opportunity to learn about it and participate if they are interested.
Between government officials condemning Google and Apple for their encryption systems and several technology companies making dramatic statements against government surveillance, a person could be forgiven for thinking that privacy can be secured through technology. The tech companies, of course, want their customers and potential customers to believe that the products and services they are offering will satisfy every desire, including for privacy. However, many serious threats to the kind of privacy we need for a functioning democracy are simply beyond either corporate interests in curtailing or technology’s ability to circumvent.
For the free exchange of ideas to work, people need to know that they at least have the option of exploring arguments and ideologies in private and discussing unsettling facts and dissident viewpoints among people they trust. Today, that development of ideas happens online. Of course, we may eventually choose to go online to express our views publicly and without any privacy expectations (posting articles or comments on open message boards under your own name, for example), but we will never develop such confidence in a new idea if we initially shied away from even exploring the concept out of fear of how that might look to the government. This means that things like browsing history, emails, private messages, and social media activity that is “shared only with friends” needs to be private.
News about tension between the government and tech companies is tantalizing, and some good may well come from it. But those measures (disclosures and encryption options) are limited and do not effectively answer the larger dragnet surveillance programs and therefore cannot substitute for a mass movement that demands privacy and changes in government policies and practices.
Tech company responses
Technology companies have been in the news about their efforts to release data on the use of National Security Letters. These letters are “a frequent tool of the FBI” to request information from tech companies, without court involvement. Another tool is subpoenas from the secretive Foreign Intelligence Surveillance Court. Both types of demands for information had been under a gag order, but because of an agreement with Google, Microsoft and others, all tech companies may now reveal the scope of requests, but only in large aggregated bands of numbers, e.g., “we received between 0 and 249 national security letters and FISA orders.”
After that agreement, Twitter (which was not part of the negotiations) sued to be able to disclose more precise numbers. That lawsuit repeatedly complains that Twitter may not tell customers that it received zero requests, even if that were true, but can only state that it received between zero and 249 requests in each reporting period. Because of the nature of Twitter, it likely may receive very few or no demands of certain kinds, and it obviously has a public relations interest in saying so.
In thinking about the value of these companies’ efforts to most people, it is certainly true that information is good and better information is better, but there is no avoiding the reality that a company’s interest is in telling customers, as convincingly as possible, that they shouldn’t worry about privacy when using the company’s services. That entails a selective focus and not calling attention to other privacy concerns, notably dragnet surveillance, which is not fully disclosed but appears to involve collection of massive amounts of data behind the scenes, without any requests to any company.
This is where encryption technology comes in, and presents itself as saving the day, in spite of government policy. The Electronic Frontier Foundation recently commented that “not a single legislation has been passed by Congress to curtail the dragnet surveillance of millions of innocent Americans and the only entities that have taken significant action to curtail mass surveillance on a national level have been private companies.” It was triumphing encryption technology, but the more important point is the lack of legal protection.
Encryption is not as good as privacy rights
Encryption is designed to prevent reading data without a password by first converting the email, photo, document, etc. into lines upon lines of seemingly random characters. This is what is sent electronically and stored, so even if intercepted, it theoretically can only be decrypted by the intended recipient. This is particularly useful for businesses, which invest in the technology and pay people to take the time to follow proper procedures to secure sensitive data. Individuals can do all this too, but doing so effectively can be difficult and most people will not accept the time and bother.
Encrypting stored data is considerably more user-friendly than protocols for exchanging encryption keys with others in order to send messages. Recently, Apple made it possible for users to encrypt all data on iOS smart devices. Because subpoenas and similar legal demands typically require the person or company to turn over everything in its “possession, custody, or control,” regardless of whose property it truly is, Apple now can respond by just saying “we don’t have it.” The change also has provided Apple with some positive press, especially after the government condemned the change.
To be sure, this is a positive development for users of the technology. The government can still get a court order for the data on your phone, but it has to access the phone itself and then either compel you to enter the password or somehow break the password, which gives you time to go to court and challenge the constitutional validity of the search. Most data coming and going from your phone, however, is not secure (although there are various options).
Most importantly, the kind of “security culture” needed to make encryption widespread and implemented meticulously enough to be effective is neither particularly likely nor healthy for democracy. Most communications simply aren’t going to be encrypted, and most of our online activity (searching, visiting websites, using social media) is going to be in formats that are vulnerable to snooping. (Even some formerly trusted methods for anonymous surfing are now being questioned, after the recently revealed FBI “Operation Onymous.”) And even if you were able and willing to use elaborate encryption protocols, going through all that is not exactly going to leave you with the sense of being free and living in an open society—and that cultural expectation is just as important. So while strong encryption technology has its place and can be very valuable in some settings, it is no replacement for a legal regime that prohibits such invasions of privacy.
Why we need privacy online
Confidence in the privacy of online activity is essential to a functioning democracy and the development and transmission of new ideas. Today, people explore new ideas online, sharing intriguing articles and partially formed ideas and exchanging comments. Sometimes, the expression is public, like a comment on an article posted directly on the news site. But other times, we intend to share our link or thoughts only with select people, such as those we have accepted as friends in that social media platform. If we want the internet to live up to its full potential as a place for exploring views and information, then we need to allow for privacy in the spaces where conversations are happening today that is akin to the privacy that past generations enjoyed during in-person conversations in dorm rooms and reading groups.
Some reflexively say that no online activity is worthy of protection simply because it is not technologically secure, but the law has long protected venues that are no more inherently secure. Catholics, for example, confess sinful (sometimes illegal) activity in a booth that any stranger might have just left and easily could have bugged, yet the courts (and all ethical people) treat this as an inviolable area of privacy, despite how easy it would be to monitor. Phones can be turned into microphones undetectably and with technical ease, but doing so in a doctor’s or lawyer’s office would be outrageous. Police can easily tap phone lines or look through your cell phone if you are arrested, but both types of searches require a warrant. (Infiltration of political meetings is an ongoing battle, but one well worth fighting and with at least some recognized restrictions on what the government may do.) These venues are closed to the government not because they are inherently more private than online spaces, but only because we have laws and policies in place that protect them regardless of how easy they would be to invade.
Social media and other online tools offer tremendous promise for supporting the exchange of ideas, exposing people to facts and ideologies that threaten powerful and unjust institutions. Sometimes, we use these tools to broadcast our views to anyone and everyone, but other times, we want to be more selective about who can listen. For people to be comfortable using those tools, especially when first tentatively engaging unfamiliar ideas, we need to recognize the social value of private online conversations and demand a legal regime that protects the right to form private communities online.
What has been your experience?
The notion that people need private spaces to explore new ideas among people they trust is well recognized in legal and democratic theory, but is it all just theoretical or an outdated doctrine? This article represents some thinking that is part of a much larger project, and the author would greatly appreciate hearing from the “social media generation”about your experiences in first becoming interested in leftist and other dissident ideas. Did you have any concerns about browsing or sharing articles that intrigued you or posting political thoughts that were not fully formed? How have you negotiated the many benefits of online social spaces with privacy concerns (or do you even think about privacy online)? If you are willing to share your thoughts and experiences, please get in touch.