In 2015, I was lucky enough to give an invited keynote at the 20th anniversary of the Ethicomp conference. I found that many of the issues up for discussion were ones in which the Internet Society also has a keen interest: for example — responsible innovation, the ethics of autonomous systems, and what do in the wake of Edward Snowden’s revelations about pervasive state monitoring of the Internet. The conference has now produced a special edition of the Journal of Information, Communication and Ethics in Society (JICES), specifically to report on a global set of surveys on the responses to Snowden. I was invited to write a paper for this special edition, to accompany the more traditional academic analyses of the surveys. My full article, “After Snowden – the evolving landscape of privacy and technology” is now available.
Writing the paper gave me a chance to step back and look at how the privacy advocacy community’s work has changed since Snowden – one of those rare moments in which the frog gets to hop out of the rapidly warming water and contemplate the saucepan. Here are a few of the trends I noted.
First, there has been a general shift in how we perceive the threat to online privacy. Pre-Snowden, the debate centred mainly on commercial entities – the– Googles, Facebooks, Ubers, and so on – and the monetisation of personal data. Since Snowden, there is a growing perception that governments can represent at least as great a threat to privacy as companies – though, as the surveys showed, people may well view the two different threats in very different ways.
Second, and continuing the theme of people reacting in different ways, the survey responses showed that cultural factors strongly influence the ways in which people react to evidence of government surveillance. For example, in one country respondents said “the government and police have my data, but I trust them not to misuse it. One can’t trust for-profit companies in the same way”. In another country, 20th century experience of authoritarian government had left citizens very wary, and protective of their legal and constitutional rights to their “honour, privacy and own image”.
Third, there are some specific challenges when it comes to law enforcement access to encrypted data – a debate that has lost none of its heat or relevance in the time between 2013 and now. Whether it’s a matter of mass interception of communications data, or the targeted recovery of data from a single smart phone, governments continue to press for the ability to decrypt data on demand.
From an Internet Society perspective, each of those trends suggests further action.
If there is a shift in the perception of governments as a threat to privacy, then we – collectively – need to respond with careful analysis and recommendations about how governance of the Internet should cope with that. The Internet Society was quick to support the Internet Architecture Board’s (IAB) statement on Internet confidentiality, stating that encryption should be the norm for Internet traffic, and that pervasive monitoring is a technical attack which should be mitigated in the design of IETF protocols where possible. We continue to call for governments to recognise the importance of secure and private communication as a foundation of vital societal functions such as a free press.
If public reactions to pervasive monitoring vary widely according to social and political context, then we – collectively – need to understand the resulting tensions, given that the Internet is inherently blind to national and jurisdictional boundaries. This is why the Internet Society is working with international bodies such as the Internet Governance Forum (IGF), the Organisation for Economic Co-operation and Development (OECD), the Council of Europe (CoE), the African Union Commission and elsewhere, where the goal is to agree how to resolve cross-border governance issues such as those of online privacy.
And, finally, if governments stress the importance of being able to access encrypted data on the basis of national security, for instance, we need to ensure that other national interests are given appropriate weight: factors such as our economic dependence on secure transactions, or the societal benefit of secure communication. We also need to ensure that the practical implications of deploying weakened encryption are clearly articulated and taken into account. This is why the Internet Society has consistently called for strong, reliable encryption to be the norm for Internet traffic.
You can find the JICES paper here at http://www.emeraldinsight.com/doi/full/10.1108/JICES-02-2017-0010. I hope you will find it useful and interesting, and that you will contribute to the discussion about online privacy via this blog.