Achieving even a degree of digital privacy can feel like a Sisyphean task — or a rigged game of whack-a-mole.
Innovations like so-called privacy-first web browsers and encrypted message services solve specific challenges, but they come alongside the proliferation of facial recognition and big-data harvesting for highly targeted advertising.
“With data-collection technology, everybody is using this probably very personal information to effectively build billboards outside your house. If your doctor or lawyer or accountant did that, we would burn their office down,” said former Central Intelligence Agency employee and National Security Agency whistleblower Edward Snowden during a panel discussion on Wednesday, as part of the Electronic Frontier Foundation’s (EFF’s) 30th anniversary event, EFF at 30.
Snowden was joined by Alexis Hancock, EFF director of engineering for Certbot, and Matthew Guariglia, an EFF policy analyst, for the conversation, which considered the legal, technical and political challenges involved in resisting digital over-surveillance.
Check out a few key takeaways and watch the full discussion below. Find more EFF at 30 events here.
Surveillance Has Shot Up. So Has Awareness.
The most important change related to technology and privacy since 2013, when Snowden leaked classified information revealing the scope of government surveillance and corporate cooperation, is that awareness has risen, he said.
“There was a time when people didn’t understand that everything that you did online was watched to the degree we know is true today,” Snowden said.
With that broader recognition, “we can start to respond, bit by bit, and it takes a long time,” he added.
“There was a time when people didn’t understand that everything that you did online was watched to the degree we know is true today.”
There have been some clear gains in that time. Hancock noted that some 95 percent of webpage traffic is now encrypted. (Hancock leads development of Certbot, the EFF’s software that automatically certifies that websites are following security standards.)
Still, even relatively small degrees of protection against things like data collection and surveillance require a person to be tech savvy on a level that eludes much of the public. You have to know which apps mine the most data, be aware of more private, non-SMS messaging services and understand how telco infrastructure relates to location-spotting, for instance.
“What about everybody who’s not a specialist?” Snowden said. “This is where there are still so many problems, and we’re still fighting to fix them. But we’re not there yet.”
Digital Surveillance Perpetuates More Surveillance
Nowhere is digital surveillance more fraught than when it intersects with law enforcement, where it can reinforce systemic discrimination. Greater surveillance on a given community leads to more ticketing, which leads to the appearance of higher crime statistics — which perpetuates the seeming need for further surveillance, Guariglia said.
The cycle is facilitated by the prevalence of what the EFF calls “street-level surveillance” — including automated license plate readers and private and public security cameras, whose ubiquity and ease of access and use for law enforcement compounds the issue, he added.
Another problematic technology, according to Guariglia, is ShotSpotter, a gunshot detection system contracted with many police departments. Eighty-six percent of notifications from the system lead officers to respond to empty calls, according to recent analysis.
Legal Protection Beats Technical Changes
The push and pull between convenience and privacy is real.
For instance, even if a person disables GPS, Wi-Fi, Bluetooth and all location services on their phone, the cell network still essentially knows that person’s location, because that phone continues to register to the nearest cell phone towers, Snowden pointed out. “Your phone is constantly screaming out, ‘Here I am,’” he said. That information can then be shared upstream.
“Fundamentally, we need legal protection.”
But, moderator and EFF executive director Cindy Cohn countered, that’s also what makes the technology valuable, in a sense. “Technically, I want my phone to ring no matter where I am,” she said.
“So that’s an area where rather than technical [solutions] — there may be some technical things we could do — but fundamentally, we need legal protection,” she added.
Beware Pandemic-Related ‘Scope Creep’
In the wake of 9/11, a host of measures and even entire institutions — such as the Department of Homeland Security and the U.S. Immigration and Customs Enforcement — were built, and many became permanent. A similar dynamic could play out with the pandemic, Hancock warned. The panelists called that subtle broadening of surveillance measures “scope creep.”
For instance, scope creep in the context of digital vaccine documentation could expand from contexts already deemed acceptable — universities, traveling — to more murky contexts, like grocery stores and public services, she said.
“What exactly are we trying to solve here?” she said. “And are we actually creating more barriers for people to access everyday services?”