Privacy has take on a whole new meaning in the age of the internet. Yet, the creeping erosion of our privacy appears to have taken us all by surprise. We need a privacy governance framework, and soon.
The article How We Killed Privacy -- in 4 Easy Steps adeptly points out how the erosion isn’t just about government, but everything we touch, read and then share.
Four distinct factors have interacted to kill electronic privacy: a legal framework that has remained largely static since the 1970s, significant changes in our use of rapidly evolving technology, commercial providers' increasingly intrusive tracking of our every online habit, and a growth in non-state threats that has made governments the world over obsess about uncovering these dangers. Only by understanding the interaction between these factors can we begin the necessary discussion about what privacy means in the 21st century -- and how to forge a new social compact to address the issue.
If the rules that govern official behavior are weak, the rules that govern commercial behavior are non-existent at a time when everyone is generating (and unwittingly sharing) massive amounts of digital dust...and there is probably too much money at stake to ever see Congress (which does not understand the issues) craft legislation that makes affords Americans any reasonable degree of protection.
As the authors pointed out in How We Killed Privacy, there are advantages to treating personal data as a commodity. Companies can provide remarkable services at no cost to the user. Google, Facebook, and similar companies could certainly command subscription fees if they chose that route, but the fact is that the companies make more money by getting to know their users -- understanding their interests, their aspirations, their likes and dislikes -- than they would by charging users twenty or thirty dollars a year.
The intelligence community is facing a new paradigm of information sharing vs information collection. You can blame it on this generation or that technology, but the fact exists that we are being conditioned to over-share. Classified information is not immune to this new way of thinking or how it’s dispensed. Information sharing might be our new way of connecting in lieu of the physical community we once had when we were less transient.
But another immediate matter is not getting the attention it deserves under the guise of government domestic surveillance. The NSA is an information collector that disseminates the intelligence to various Agencies according to classification and the legal framework governing privacy. In other words, the ‘action arm’ varies and how that information is used is the crux of the issue. Charlie Simpson’s tumblr post highlighted:
“The FBI’s current relationship with the NSA (and the role of their “warrants” in this process) has not be fully explored. There are many reasons to support elements of our post-9/11 surveillance regime. But the abuses revealed over the last few weeks are the kinds of things that previously yielded the Church Commission.”
The counterterrorism mission necessarily blurred the line between foreign and domestic collection and operations. The challenge is that the policies that seem to be governing the blurred lines --particularly in terms of inter agency cooperation between a foreign intelligence-focused SIGINT shop and a domestic law enforcement agency--seem to be immature to the point of non-existent.
The crux of the issue is how the information is acted upon. The problem is that the strictures are not clear and they vary from organization to mission. How each Agency uses the information that is given to them by the NSA depends on their mandate. Of recent particular concern -- domestic surveillance and how such information will be used against/for/with Americans. Majority of the collected domestic intelligence is for domestic law enforcement e.g. FBI, DHS, Customs, DEA, etc. In the aftermath of 2001, more robust collection seemed distasteful, but necessary. In the context of the current allegations (in terms of scope, scale, and absence of meaningful oversight), it is an abysmal failure to not have a clear direction and communication to what is collected and how it’s used. The weak governance structure is to blame.
Our privacy is being violated the second we connect to the internet. The NYTimes ran a story called, A Data Broker Offers a Peek Behind the Curtain, wherein the CEO explains how they collect and use private data scraped from the internet. In essence, they are building a profile of each individual at the most intimate level and mapping that information for marketing and sales. This is unsettling for a variety of reasons not least of which that their data could be compromised at some point and individual profiles exploited. On top of the fact that it’s uncomfortable knowing someone is building your profile based on searches like ‘toenail fungus’.
Governments around the world have been acting like data brokers sharing classified intelligence in exchange for more intelligence or achieving foreign policy objectives for over a century, at least. It's time to establish a broader governance framework for how your data is used in both the private and government sector. Because let’s face it, your data is being collected.