Everybody has information about everybody.
As outlined in our 10 Trends for 2014 and Beyond report, we’re reaching The End of Anonymity—it’s becoming nearly impossible to remain unobserved and untracked by corporations and governments alike. One of the experts we talked to about this topic was journalist Julia Angwin, whose new book, Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance, is out this week. Angwin has been delving into these issues for some time; at The Wall Street Journal, she led a team that chronicled the decline of online privacy in the award-winning series “What They Know.” Angwin talked to us about her own attempt to go off the radar, the potential harms of widespread data collection and how the privacy stakes will be raised in 2014.
Can you talk a bit about the thesis of your book and what you’re examining?
It used to be that companies or governments would need a reason to devote the resources to tracking an individual. With a company, for instance, if you’re a customer, they might have a little file about you. Or the government might have some records about you at the IRS, but your local police station likely wouldn’t have anything unless you were a suspect that they had at one time tracked. That is now flipped—everybody has information about everybody.
My book is about the rise of what I call indiscriminate surveillance, or dragnets, which is just collecting vast quantities of personal data about people, whether or not they are a suspect or if there’s any reason to. The technology is now available, and people are looking for insights and sweeping up vast amount of data. The questions I ask are, Why does this matter, and what can we do about it? I argue that there’s a lot of good that can come from surveillance—we can learn things, and knowing you’re watched causes people to often behave better. But it also can be extremely repressive. People can be afraid to say things and to express their views, and a democracy with vibrant debate is important. That is something we should take very seriously.
Then I talk about what should we do about it. I tried out a bunch of techniques to try to protect myself from indiscriminate tracking, ranging from using a burner phone to creating fake identities for online accounts, and doing all sorts of things using software to protect myself when I’m browsing the web. What I find is that I’m moderately successful at blocking some of it, but then I’m in an arms race I’m not going to win. Meaning, any time I make an advance, the people who are tracking me are going to have more money and more sophisticated tools to circumvent whatever it is I use to block it. I raise the question, is this a fair situation for individuals to be in if we can never get out of it?
What was your biggest challenge in trying to avoid any tracking?
The cell phone was probably the most challenging thing. If you want to use a phone, it’s always going to be in contact with the cell phone towers, and it’s going to be in contact with your cell phone provider, and Apple or Google. It’s communicating even when you’re not using it. People can snatch those communications, or those companies might be using those to analyze things or they might be giving them to the government. That’s what we learned with Snowden.
I tried a burner phone or a fake name, and that provided some level of anonymity, but the problem is that because the people I call are the same—it’s still my husband, it’s still my best friend—it’s not actually that hard to link that identity to myself. So, a very thin layer of protection. But then I found myself sticking my phone inside a bag called a Faraday bag, which blocks the signals. I would only take it out when I needed to use it, but the problem is, you can’t use it when it’s in the bag. So what’s the point of carrying the thing around? I also put anonymizing software on it so I could have encrypted calls and encrypted this and that, but the cell phone carrier, AT&T, still knows where I am. So once again it was just a limited amount of protection.
What’s driving the rise of what you call indiscriminate surveillance?
We have a couple of forces at work. First, technology is getting faster, cheaper, more powerful. So my phone is faster, cheaper and more powerful than the one I had five years ago. At the same time, so is the technology of the people who are scooping up all this data. So we’re in a period of really rapid innovation on the technology front, and then, since 9/11, we’ve been in a heightened-security situation, which the government has used to justify collecting more and more information. And we have a whole crop of Internet companies whose business model is built around scooping up vast amounts of personal information and trying to monetize it.
It’s a time where surveillance is everywhere. And pretty soon we’re all going to be wearing Google Glass and surveilling each other on the street, also.
Things have already changed a lot and then with innovations like Google Glass, how is that going to change the privacy situation further?
Bruce Schneier, who is a computer security expert, says that we’re living in a unique 10-year period where we can see the cameras, but soon they are going to be too small and everywhere, and we’re not going to be able to see them anymore. If we don’t set some limits on what are appropriate uses of data now, it’s going to be too late, because the technology will be too ubiquitous and too pervasive and too powerful.
Do you think we’ll see more legislation limiting what businesses can do as far as privacy and tracking?
We will see a combination of things, which is, one, probably some legislation. For instance, there’s already at least a dozen states that have passed legislation limiting the use of drones. A bunch of states have passed legislation limiting the use of DNA to identify people. Legislation will probably continue to be enacted as we as a society decide where we want to draw the line and what’s the limit we want to set.
I think our social norms are going to also change. Certainly people have become more aware of privacy the more they use Facebook, and that is probably going to change people’s willingness to agree to terms of services that are too invasive. And then the technology will change. There’s an emerging market of companies that are trying to sell privacy as a service. I imagine that might become a real market. Right now it’s a very small niche.
Have people have been pretty slow to understand the privacy implications of a lot of technology that they’ve embraced, like phones or social media?
People have been, I wouldn’t say slow, it’s just a difficult concept to grasp. The truth is, you’re getting something for free. You get Google search or you get an email for free. That seems really great. That seems like technology is bringing you a lot. We’re just now starting to see what are the costs you’re paying for that. You’re not paying in dollars, you’re paying in a different way, which is that you don’t really control your information. For some people that’s going to be more upsetting than for others.
In the end the problem we have as a society is we don’t yet know all the bad things that can happen as a result of that. It’s hard for us to tell whether it’s worth it. Is it really bad if the government is looking at all our email? Maybe it’s fine. But we need to see more evidence of what is happening to it and what kind of things might result from having your emails being surveilled. If it turns out that as a result you can’t get jobs or you are being discriminated against, we’re going to decide it’s bad. But if it turns out to be completely benign, maybe we’re going to decide it’s OK. The problem is, there’s not enough evidence. It’s too early.
Do you think people tend to fear the wrong things when it comes to privacy?
The problem is that the jury is out. If we knew the answer to that, we could adequately make decisions about what is scary. For instance, the census. The government has been doing the census forever, and it’s pretty benign. They just want to know who lives here, et cetera. Over history, the census data has been abused. It was used to locate Japanese people and put them in internment camps during World War II, and after 9/11 it was used to locate Arab Americans so the FBI could surveil them. So even very innocuous data sets can be abused, which is why we need to think about, What are the limits we want to set on the uses of this data?
It’s probably unrealistic to think we’re not going to have huge amounts of data in our technology-saturated world. But we do need to have some limits on what can be done with it.
Do you think more people are starting to think through the trade-offs so that they’re OK with giving away data if they get enough benefit?
It seems like the younger generation is thinking it through more. People always say that young people don’t care about privacy, but the studies show that young people are much savvier about their privacy settings. They’re the ones using these apps that make their texts disappear. I see evidence that the younger generation is becoming more savvy about choices they make with technology.
There’s a lot of conflicting studies where people on the one hand are creeped-out by certain practices and on the other hand welcome practices that involve getting discounts or benefits. Does it seem like people are of two minds here?
It’s really difficult for people to evaluate how their data may be used against them in the future. It’s very difficult to predict that. We’re just now starting to figure out how that might happen. Certainly once people realized that employers were looking on Facebook before hiring people, suddenly people who were in the job market started cleaning up their profiles. So once harm arises and people see it for what it is, they react to it. We’re in a period of time where we’re just going to learn more and more about all the ways things can go wrong.
So how can businesses respond—they’re more and more interested in collecting data, but at the same time people are getting more aware and nervous about it?
Businesses are in a hard situation. Their competitors are all doing it, so they need to get as much collection of data as possible. They see it as something they need to do for competitive advantage. At the same time, they’re concerned about stepping over the line. They don’t want to be the one that has a big article written about them.
There are some businesses, like Microsoft, that are pushing for legislation for baseline privacy protections because they want to even out the playing field. We’re the only Western nation without a baseline comprehensive privacy law. We have laws for health data like HIPAA, and we have laws for credit reporting, but we don’t have anything that basically says, Here is generally how any personal data has to be treated. Companies are at sea, and they’re looking for guidance in trying to figure out what’s the appropriate thing to do.
Are there any best practices businesses might start following?
The European nations that have these baseline privacy laws, you can see the data that the company holds about you, and if you want it back, you can get it. If you feel like that data has been used against you, you have a right to raise a claim. Those are the fundamental principles that underlie a lot of the advocacy for privacy legislation. So, access rights, ability to correct incorrect data and the ability to get some kind of redress if it’s been used against you.
We’re seeing more and more of these analytics companies that help retailers track customers in their store or restaurant. Do you think we’ll see people push back against that sort of thing?
Some retailers are using cell phone tracking—they can ping your cell phone and see how many people are in their store, where they’re moving, and this allows them to determine which aisles have more attractive displays and stuff like that. This is one of these classic examples: It seems rather innocuous in one way, because it’s anonymous and it’s just traffic patterns. But at the same time, it’s really invasive because it’s very personal—this is your movement in a store, and the information is tied to what is the equivalent of a serial number for your phone. Although it’s theoretically anonymous, it’s a number that’s associated with you and only you.
So the question this raises is whether this is too intrusive for the very marginal benefit it provides. I think the jury is out on that. There have been at least several cases where, once people found out this was happening, the outcry was such that the companies had to stop doing it. In London they put these little tracking things on some garbage cans in the street. People were like, “You don’t need to know when I’m walking by the garbage can.” I think that actually location tracking is one where people are more likely to draw the line—where you are is really sensitive.
For 2014, what are some of the things you think people will be talking about in terms of privacy?
I do think there’s an emerging market for privacy-protecting technology. It is just coming online. I see more and more companies that are offering privacy as part of their features or as their competitive advantage, and I think there’s going to be more and more of that. This is going to raise the stakes, because as individuals start trying to protect their privacy more, the companies that depend on scooping up vast amounts of data and the governments that are doing this are going to have to make a decision: Are they going to up their game and try to get around those people and subvert their wishes and still get their data, or are they going to not do that?
That’s going to be a tipping point, because up until now, Google and Facebook have argued, “Well, you guys agreed to this.” But if people started not agreeing, then they have to make a different argument. [Facebook is] losing younger users, and I believe that people are becoming more cautious about what they post. It may take a long time to play out, but it is changing.