Clearing up a few myths about cyber-surveillance
The origins of cyber-surveillance date back to the mid-1990s; when the web began to be used for commercial purposes. Netscape’s development of cookies as a simple way for users to save information between navigation sessions presented a wide range of possibilities for monitoring that have become more sophisticated with the advance of technology, that have mainly been about advertising, access control, shopping carts, etc, and that have led us to where we are now.
But monitoring has taken on a very different meaning in the wake of Edward Snowden’s revelations, dating back to May 2013. The so-called post-Snowdon era we now live in is characterized by the belief that a government, and in particular that of the United States, is the main actor in cyber-surveillance. Now that we know the extent of the NSA’s activities, there are now two truths that have installed themselves in the collective imagination: that the main threat to our privacy comes from the NSA; and that the main problem is the US government’s abuse of the Patriot Act is leading to practices that would be impossible in other countries.
On the first issue, that of the extent of cyber-surveillance, there is no doubt. The increase in the NSA’s activities is little short of cancerous, a hideous metastasis that, to add insult to injury, coincides with the opening of a vast new monitoring complex in Utah. At the same time, we have been provided with irrefutable evidence of its activities, permitted and encouraged by a president who seemed to have a more open attitude toward technology, and that have now seem to have surpassed any reasonable measures to protect national security. But let’s not fool ourselves: the NSA is not the main threat to our privacy, nor has it collected the biggest amount of data collected on our activities; that dubious honor goes to private companies.
At the same time as the mounting body of evidence about the NSA’s cyber-spying has led more and more people to believe that these types of practices are “normal” or “what everybody does”, private companies are increasing their monitoring via device fingerprinting (collecting a wide range of data about the characteristics of our computers to create a somehow unique picture), or supercookies, which can follow a particular individual across all the devices he or she is using.
Rebecca MacKinnon writes about this in “The Consent of the Networked”—the Spanish edition of which I was privileged to write the epilogue to. She points out that cyber-surveillance is not the unique preserve of governments, but instead also involves private companies. One of the techniques used by governments is to permit the collection of data by private companies, only to demand access to it at a later date. In the future it is very possible that we will see governments allowed to collect data at the same time as political and civic pressure mounts for greater control over such activities, while increasing the demands on companies that collect data on us for commercial ends.
This leads us to our second myth: that the US government is, in some way, “a particular danger” to our privacy. The US government has been hit hard by the revelations of an Edward Snowden who worked for it, and not for some other country. The US government also seems especially motivated to exercise a greater level of vigilance as a result of the climate generated by the attacks of 9/11 and others since then. That said, there is a truth here that often remains hidden: at least there are mechanisms within the US government that allow for these types of activities, and which have been abused, but at least can be investigated.
The obligatory declassification of documents after a certain period of time, or the possibility for companies to put their case forward or to answer government requests for information means that what ever we might say about the United States, the threat to privacy is much greater from governments that do not respect human rights, as in the case of many in Europe, where businesses have no say when their governments demand access to customer data.
In countries such as Switzerland or Germany, which are usually considered guardians of the citizen’s privacy, companies are completely defenseless against government requests for information on their clients. In other cases, the law is confusing or often unknown, and the tendency is to simply cover such activities under the heading of official secrets. Yes, the US government has clearly abused its capacity for the cyber-surveillance of its population, as well as its potential to act as a channel for requests to a wide range of companies. But as users, we should be more concerned about the abuses of private companies and governments in our own countries, where there is every indication of laxer control than exists in the United States.
The reactions to the NSA scandal are absolutely logical, but should be accompanied by the corresponding requests and pressure on the companies that we happily hand over our data to, so that we can exercise control over it. We also need to make sure that we know what our governments are doing with this data. Simply being outraged by the activities of the NSA without thinking more deeply about the extent of cyber-surveillance is more likely to lead to complacency or resignation. Hidden surveillance is never good, because it serves no purpose: the “baddies” avoid it, and the people who end up being monitored are simply those who feel that they have no reason to avoid it. We should, therefore, be clear about who is doing what, and how much surveillance we are being subjected to by whomever, as well as defending our rights not just before the United States or the NSA, but also before any other relevant body. Sometimes, the real enemy is much closer than we think.