Big Tech giants powered by the overlay of Surveillance Capitalism have tossed user privacy and data protection by the wayside.
In a curious twist, rather than being customers to serve, we’re attractively packaged and on the menu. These companies publicly pat themselves on the backs as heroes of privacy while surreptitiously slurping up our data and selling it to the highest bidders.
How Can We Better Catch Online Abuse?
More robust reporting capabilities in apps, encrypted or not, would be the most effective step toward protecting children and adults alike online.
Why Data Privacy Regulations Struggle to Keep Up
In the late 20th and early 21st centuries, the invention of the Web and social media created a whole new world of challenges for privacy. The world is different.
The old ideals of privacy have been shredded. Our personal computers, cellphones, cell towers, smart TVs, Alexa and cameras everywhere (including our own) efficiently spy on us better than any human could. Yet, paradoxically, we’re also able to anonymously bully others, post and share outrageous content and otherwise act online as derelict global citizens.
Can regulations help? Several important privacy laws and regulations have been established over the years to protect individuals’ privacy rights and ensure that companies and organizations are held accountable for how they handle personal information.
These include the Health Insurance Portability and Accountability Act (HIPAA), passed in 1996; the Children’s Online Privacy Protection Act (COPPA), passed in 1998; and the General Data Protection Regulation (GDPR), which went into effect in 2018 in Europe. More recently, the bipartisan American Privacy Rights Act (APRA) was introduced in April. In July, the Senate approved The Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0).
While these and other legislative efforts take steps in the right direction, the reality is that regulations are famously slow to keep up with technology — especially the Web and social media. It’s an unfair race between high-tech cheetahs and bureaucratic tortoises. Because of lagging laws, regular Web users and the free market can and must lead the way.
How Encryption Protects Our Digital Privacy
While our privacy has been significantly eroded in today’s brave new digital world, there remains one last refuge. End-to-end encrypted messaging, offered by services like Signal, Telegram, iMessage and WhatsApp (either by default or via upgrades), is the final stronghold of personal privacy.
Collectively used by billions of people worldwide, encryption enables messages, images, videos and other content to be viewed solely by the sender and recipient. It is impossible for even the service providers to access.
Private, encrypted messaging is critical across the board. It safeguards communications for journalists and their sources; doctors and their patients; government and military; banking; human rights activists; political dissidents; and ordinary citizens who wish to protect themselves against surveillance and data breaches.
Even if most of us are not journalists, activists or political dissidents risking the wrath of government authorities, we still all benefit from the work those people do. It’s essential that we collectively protect their efforts and their ability to communicate safely in private.
Now, some policymakers in the United States, Europe and around the world are working overtime to conquer this final frontier of privacy. We are witnessing a global push for new laws that compel companies to monitor all user content, including encrypted private messages. The proposed implementation is via “client-side scanning.”
In effect, this would mean that all messages sent, encrypted or otherwise, by billions of users would be scanned and monitored by your phone, computer, tablet, etc. Anything flagged would be reported upstream to tech companies, authorities, etc.
Can you say, “adios encryption”?
Encryption Bans: Well-Meaning but Harmful
One impetus behind this is wholly understandable. The National Center for Missing and Exploited Children received 29 million reports of suspected child exploitation material online in 2022. Much of this material is encrypted. Notably, Meta was responsible for nearly 95 percent of these reports.
While these efforts to ban encryption are well-intentioned, paradoxically such a ban may cause greater harm to kids. As stated by Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory, encryption
helps to protect people (children included) from the harms that happen when their personal information and private conversations fall into the wrong hands: data breaches, hacking, cybercrime, snooping by hostile foreign governments, stalkers and domestic abusers, and so on.
Additionally, the scanning technology that would be mandated by these anti-encryption laws is often problematic. For instance, a 2022 report by the New York Times showed that CSAM scanners used by Google falsely accused two innocent fathers of sharing child pornography.
Even after both men were exonerated, Google kept their accounts shut down.
In the United States, there’s also a question of whether such legislation is even constitutional. Academics at Stanford sent a letter to the U.S. Senate expressing concerns that compelled scanning could infringe on the Fourth Amendment’s prohibition against unreasonable searches and seizures.
There’s also the case of Bernstein v. the U.S. Department of State, which advanced the idea that encryption is a form of free speech and thus protected by the First Amendment.
How to Protect Our Privacy While Fighting Abuse
But we’ve got to protect kids worldwide. How can we best currently do this? There are alternative approaches.
As reported by the Center for Internet and Society at Stanford Law School, when it comes to detecting online abuse of both kids and adults, “user reporting was deemed more useful than any other technique.”
One good solution is to implement more robust in-app reporting systems for any post, encrypted or otherwise. For instance, if someone sees suspected CSAM within an encrypted chat, they will have the ability to easily flag and report CSAM.
In a double-down, this reports it to the site’s Trust and Safety Team and to the National Center for Missing & Exploited Children’s CyberTipline (a reputable reporting mechanism used by online platforms for such cases). This ensures proper investigations and whenever appropriate, bringing in law enforcement.
For privacy’s sake, we must keep its final stronghold — encryption — fully intact. Extinction is not an option. At the same time, we’ve got to protect kids worldwide with measures that work.
Excerpted with permission from the publisher, Wiley, from Restoring Our Sanity Online: A Revolutionary Social Framework by Mark Weinstein. Copyright © 2024 by John Wiley & Sons, Inc. All rights reserved. This book is available wherever books and eBooks are sold.
