An Abbreviated History of Privacy in the Digital World

Ever since the beginning of the digital era, and the propagation of consumer electronics, governments and other parties have attempted to surveil the populace, with ranging degrees of extremity and success. This paper aims to argue that, over time, the relative level of privacy available to the average user has decreased, and continues to trend in that direction. Relevant legislation will be listed and examined, asking the question of whether electronic privacy ever existed.

One thing that’s important to clarify when discussing the idea of “privacy” on the internet is that such a concept doesn’t simply include the specific examination of one’s personal information. Privacy on the internet also means being on a level playing field — that the traffic of a Jane Doe in Texas won’t be treated any differently from that of Netflix. This concept of equality is known as Net Neutrality, and is effectively a question of whether the Internet should be considered a public utility (similar to water, gas, electricity), or a privilege that’s only granted to those who can afford it (and further separated by amounts paid for it). In the summer of 2014, the FCC received approximately 3.7 million comments supporting the idea of Net Neutrality, and in early 2015, “reclassified broadband internet access as a telecommunications service, thus applying Title II of the Communications Act of 1934 and section 706 of the Telecommunications Act of 1996 to Internet Service Providers.” Shortly after, they also published the Open Internet Order, banning paid traffic prioritization, blocking of specific services, and throttling of speeds. Later that year, the United States Telecom Association sued, arguing that the reclassification was “an overreach on the part of the FCC.” In mid-2016, though, in an 184 page ruling, the earlier decision was upheld. However, in 2017, with the Trump Administration taking over, things started to change direction: In May, the FCC, under newly-appointed leader Ajit Pai, “voted to proceed with the motion to scale back the net neutrality protections put in place in 2015 under the Obama Administration.” Despite widespread public opposition to it, the motion seems to be continuing towards confirmation at the end of the year. Though somewhat susceptible to short-term changes, as it broke from the trend during the Obama Administration, like patterns in the stock market, the legislational direction seems to be correcting itself, resuming the long-term movement towards less privacy.

In general, when examining something (or a lack of it), it’s important to identify what preceded it. In this case, there was existing legislation on the subject of governmental ability to transcend conventional “privacy.” One of the most important predecessors to today’s rules about the internet is the Foreign Intelligence Surveillance Act (FISA) of 1978. The two most important elements of FISA are: no probable cause is required, and there is no compulsory notice of a search taking place. However, under FISA, the primary purpose of the investigation had to be the gathering of foreign intelligence, generally in regards to a national government, which is where the Patriot Act of 2001 comes in. The Patriot Act, which came just 45 days after the terrorist attacks at the World Trade Center on September 11th, “significantly broadens the scope of situations where FISA intelligence authority can be invoked.” The Patriot Act enabled the usage of FISA surveillance authority in even criminal investigations. In addition, the Patriot Act allows the government to obtain warrants (pen/trap orders) that allow access of calling and signaling information for anyone in contact with a suspect in an ongoing investigation, with no level of discretion permitted to the issuing judge. If such legislation existed prior to the widespread usage and adoption of the internet, it can be reasoned that privacy never truly existed on the electronic frontier. Any “new” statutes were simply clarifications of existing surveillance rules, adaptations to accommodate a new playing field.

As if to reaffirm the idea that legislation is simply “catching up,” recent months have seen a spurt of new rulings on internet privacy. The first, enacted in December of 2016, the Department of Justice was effectively granted the ability to hack into anyone’s computer, worldwide, through changes to Rule 41 of the Federal Rules of Criminal Procedure. The amendments to Rule 41, according to the official documents, gave “a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if: (A) the district where the media or information is located has been concealed through technological means…” To understand what this means, one has to understand who this implicates as a potential target, and the fact that, as nothing is explicitly stated, it gives the DOJ more freedom to interpret it differently in a range of situations. It’s believed that Tor and VPN users are the prime targets, but even those who use fabricated information on social networks could be targeted, with things like signing up for facebook with a spam email being technical violations. However, there’s no immediate evidence to suggest that the DOJ plans to use fake profiles as reasoning to obtain a warrant and hack indiscriminately into computers, but the fact that they intentionally gave themselves the potential to do so further indicates the trend away from “privacy” on the internet. The second was another correction to a break in the trendline, a reversal of rules enacted less than a year prior. Such rules, intended to protect the privacy of the average American, prevented Internet Service Providers from selling data and browsing history collected from their customers. To make this clear, it doesn’t actually change anything, it just reinforces the legality of ISPs breaching the “privacy” of their subscribers. In the past, the companies who provide home phone, TV, internet access, and in some cases, cell service, have made the most of their subscribers, most of whom have no choice when it comes to their provider. They’ve hijacked searches, redirecting search terms to a third party, who, if they’d been paid by the brand we were searching for, redirected traffic to their website, instead of showing the usual results. They’ve injected personalized ads into browsers, by recording history, using it to jam relevant advertisements into the websites customers viewed. They’ve pre-installed software on smartphones, using it to log even encrypted activity. They’ve injected undetectable, irremovable cookies into all of HTTP traffic, even when one selected privacy-specific options they offered, giving all of traffic a unique ID, enabling universally available tracking. They already sell data to marketers, and will continue to do so now that the FCC’s rules won’t be enacted, once again continuing the trend away from privacy.

Unless, in the future, society makes the collective decision that personal privacy should take priority over national safety and corporate monetary gain, the trend towards a complete elimination of “privacy” will continue. Though the idea is widely supported in concept, the truth is that, as a whole, civilization is unwilling to make the concessions necessary to achieve it. In response to the question of its actual existence in the first place, one might say that privacy never truly existed on the electronic frontier, save for the freedom that was enjoyed during the lull in which legislation caught up to technology.

Side Note: Once again, this is unedited/revised. This was done as a final project for AP US History, from Midnight to 3 AM on the night before it was due. One of the paragraphs is a mashup of two previous articles I wrote, with not much other than the tenses changed.