In 2013, Edward Snowden unleashed an earthquake, of which aftershocks are still being felt. The revelation that spy agencies in the US, UK, Canada and Australia were working to undermine online encryption and had built backdoors in to the internet services we all use was shocking.
Until Snowden, most of us assumed our private online activity was private. But the disclosures – like that in which Skype had allowed collection of users’ video calls, for example – have shaken everyone’s faith in online anonymity.
We used to assume Terms & Conditions had our backs, that the legalese we have little choice but to click on would work in our interests, as well as our software makers’. But that assumption has turned out to be misplaced.
Is anyone fighting back?
Sometimes it takes a victim to act first. Brazil, whose own president was reportedly a target of NSA spying, last year passed an “internet constitution” limiting gathering and sharing of metadata about internet users by ISPs and other companies. Elsewhere, too, efforts are underway to put our privacy back under lock and key. Unfortunately, however, they are not going so well:
Last year, Tim Berners-Lee, credited with having “invented” the Web, called for “a global constitution, a bill of rights” for the internet. Berners-Lee is advocating a document like the Magna Carta , England’s “Great Charter” that was amongst the world’s first system of codified rights in the 13th century, and has forwarded his wish through a campaign, The Web We Want .
But the 800th anniversary of the Magna Carta passed in June with the initiative having gained barely a fraction of the traction of the Web he gave the world – and with good reason. Like John Perry Barlow’s seminal A Declaration Of Independence Of Cyberspace before it, nearly 20 years ago, the global push fails to take in to account that laws which could bring it about are national, not international in nature. Only politicians can bring about the change.
Europe is trying to write protections in to the laws of its members states. Having decided to write new guidelines to data protection and privacy to update the 20-year-old EU Data Protection Directive, the European Commission has tabled the so-called General Data Protection Regulation (GDPR).
These new rules would apply even to companies outside of Europe, requiring software ships with privacy settings on high by default and threatening companies that fall victim to data breaches with a fine of up to two percent of global revenue.
The whole thing is brilliant in theory but, after first being tabled in 2013, it is reckoned the regulation is stuck in lengthy discussions and is not expected to be implemented until at least 2017/18. This is too slow – a lag which means citizens’ privacy is still being abused today.
Bill Of Rights
There are opportunities for individual countries to act sooner. The UK government’s plan to scrap the Human Rights Act in favour of a British Bill Of Rights provides a chance to write in digital privacy protections. But the ruling Conservative party’s position on privacy is not a strong one, and the logic in abandoning the Human Rights Act at all is, itself, questionable.
Indeed, as it is governments themselves which are doing the digital snooping, there does not appear to be the motivation necessary to bring about pro-consumer change.
In other words, don’t go expecting your government to safeguard your rights any time soon.
In the space left by their inaction, we are now seeing corporate initiatives emerge. CEO Tim Cook has recently used keynote speeches to criticise rival companies’ policies of monetising user data for purposes like advertising. Through Apple’s “privacy built-in” initiative , Cook is stealing a march on the whole topic.
This should be a good thing. But it is hard to read Cook’s conviction as anything other than a cynical brand positioning exercise – differentiating Apple from Google and Facebook, whilst simultaneously appealing to civic-minded citizens in a post-Snowden world. Remember, this is the same Apple whose iPhone gives “total access” to the NSA , according to one security researcher and Snowden’s lawyer .
I’m not saying tech companies shouldn’t both act on a belief that their products should do a better job at safeguarding anonymity, and shout about the fact if and when they give that to us.
But we shouldn’t let one giant be seen as the sole, compliant arbiter of anonymity on the net. Consumers use scores of online services and technology gadgets. We should demand that every one of them bake anonymity and privacy in at their core.
In lieu of concerted action by either governments or the tech industry en masse, I think the road to anonymity lays in provision that exists in a middle ground. Imagine a common anonymity standard that is adopted by all developers and manufacturers, a simple system that could be signed up to by compliant companies who could proudly display a badge to indicate their offering.
It’s the kind of system already in place around the world to indicate food nutrition, restaurant cleanliness and the environmental credentials of white goods, for example.
If we look hard, we can already see the basis of just such a system coming in to view. In mobile operating systems, Android already does a great job of letting users know which permissions apps want to use and why, allowing them to block certain information – like location or contacts lists – from developers. And Apple is getting there with its latest iOS, too.
The future of digital privacy may lay in adopting a similar system – a commonly-understood framework for what constitutes anonymity and when – across all of our digital activities. But, to bring that future about, consumers are going to have to seek it out.