Tao Sheng
January 19, 2021; Revised version February 15, 2021
In this piece I explore the shocking reality of American data privacy in the 21st century. Data privacy violation is a topic that despite not getting enough attention and seriousness, should be treated by all Americans as a threat to our very way of life. This piece will offer insight to various issues: why privacy matters in the first place; why data privacy matters; and what might happen to the American ideals of freedom, liberty, and the pursuit of happiness if we, at large, remain complacent. Although the path to returning data privacy privileges back to its rightful owners will be difficult, there is promising legislation already on the way. However, if we want to truly take these matters in our own hands, we must take agency over protecting ourselves.
In 2013, the World Privacy Forum discovered a list of rape victims, AIDS patients, drug and alcohol abusers was being sold by data brokers to online marketers.[1] In 2009, then Google CEO Eric Schimdt, when asked about privacy concerns with Google, explained that “if you’re doing something that you don’t want other people to know, maybe you shouldn’t be doing it in the first place.”[2] In 2010, Mark Zuckerberg announced that “privacy is no longer a social norm.”[3]
In 1949, English novelist George Orwell published his famous novel Nineteen Eighty-Four. While Orwell envisioned a totalitarian state that uses mass surveillance and social control techniques, today the main threat may instead be rooted in the private sector. In fact, the most appalling dangers to American privacy lie with the companies to whom we have willingly and unwillingly sacrificed our data to.
In September of 2020, the social media platform owned by Mark Zuckerberg’s Facebook Inc., was accused of spying on Instagram users through their front camera – unsolicited. Just three months later, Instagram issued a controversial new term of service that prompted backlash from even the names of American pop singer Madonna. “Instagram’s new cyber surveillance policies allow Mark Zuckerberg to spy on you and your family, steal your most intimate secrets and monitor your compliance with government mandates through all your devices – including your television – and sell your data to government and industry or punish you for disobedience.”[4] Indeed, Madonna may not be a leading cybersecurity expert, but her argument carries tremendous weight. She is not the first public figure to speak out about these issues, and she certainly will not be the last. Unfortunately, it is upon us to strive towards a more transparent future regarding data privacy, and to take agency to protect our precious data. This piece will explore the fundamentals of privacy, why it informs our very way of life, and why all Americans must begin to take data privacy more seriously.
First and foremost, why does privacy matter? Should we surrender some of our privacy for convenience or security, would we devolve into an Orwellian society? Many Americans, those who are not involved in “bad behavior,” would say that privacy concerns are not important. I believe there is danger in believing in the false binary – that only bad people ought to be worried about privacy, and that good people have “nothing to hide.” Moreover, we must always ask the next question of: who exactly decides what is “bad behavior,” and what degree of oversight do the American people get on this decision? It can be argued that there is no “objective truth,” rather, “right” and “wrong” are completely subjective. In this case, it will be the everyday American that has relinquished absolute control over their morality and thinking.
Furthermore, how will individuality, a core aspect of the American principles of freedom and liberty, stand up to a constant watchful entity? A few psychological studies indicate that when people are knowingly watched, the behavior they engage in is increasingly more conformant in nature. Though this may seem beneficial if an entity had the ability to selectively reward “good” behaviors, the ability of any unchecked entity to condition citizens’ behaviors, is already too dangerous. I believe the very nature of enforced conformity is anti-progressive, anti-innovative, and anti-freedom. There has not been a historical thought revolution without being labeled as “radical” at the time. Even the ideas of “freedom of the press, of speech, and of assembly” was a foreign idea just a few centuries ago. Going even further back, the act of believing in the idea that the Earth rotated around the Sun, even if it agreed with current “scientific literature”, was punishable by the Church. Bruce Schneier, a fellow and lecturer at Harvard’s Kennedy School of public policy and board member of the Electric Frontier Foundation, once stated back in 2009 that,
“For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that – either now or in the uncertain future – patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.”[5]
On a lower level, privacy is a part of human nature itself. The definition of being free and fulfilled lies in the ability to engage with life’s activities completely void of any outside spectators. All humans have things to hide, not just the “bad guys.” There is a reason we voluntarily publish our opinions online, a reason why we do not act upon all our thoughts, and very simply, a reason why we keep certain things to ourselves.
Secondly, why does data privacy matter? It may be startling for some to hear that it’s not so clear who exactly owns your data – after all, it is your data, so logically it seems you should be able to consent to who can have access to your data. Even among various restrictions on this issue from the American Federal Trade Commission (FTC), Facebook was still fined nearly $5B for breaking a 2012 privacy decree.[6] In all countries surveyed, the United States was the only country in which people voted that the individual was more responsible for protecting your data than the government was.[7]
It is quite uncommon to meet a person who has thoroughly examined a privacy terms and conditions nowadays, and this is understandable. Companies are encouraged to use misleading and overtly vague language to distract readers from fully understanding a company’s reach, in fact, not only for their own liability, but for their monetary gain. When data brokers were discovered to be handling sensitive information regarding AIDS patients and rape victims in 2013, an even scarier discovery was made in lucrative industries in which you, the presumed consumer, have become the product. Data brokers have since gained incredible influence. These are any individual who “aggregates information from a variety of sources; processes it to enrich, cleanse or analyze it; and licenses it to other organizations[8]. These are people responsible for “secret” scores that entities collect to characterize you – creditworthiness, among other highly private data. This occupation has now become a 200-billion-dollar industry.[9]
However, some people may acknowledge that behavioral data is not exactly telling of an individual’s motives, thoughts, or expressions. Every day, software engineers train machines to behave better than humans. These algorithms have incredible predicting power – ranging from predicting a student’s final grade based on their midterm performance to defeating Chess grandmasters.[10] What used to be a science fiction concept in the past is now an easily reproducible project for even students to do. Your data, behavior and habits are all key information that can be modeled to predict certain outcomes. This was especially the case in 2012 when a Target store had been intentionally getting purchasing data on its customers and used what products they were buying in increasing amounts to determine whether they were pregnant. If they caught on that a woman may be pregnant, they would send personalized advertisements for products that a new mother would need. The father had issued a complaint to the company outrageous at the fact that they were sending these advertisements for diapers. However, the father later rescinded his rage and told Target that in fact, his teen daughter was pregnant.[11]
If those models based on primitive data can predict an outcome with a reasonable success rate, then imagine the possibilities of a predicting algorithm if it were given even more telling data. Social media companies, though unclear whether they all actively engage in fishing for this information, have the technological capabilities to read your browser history, parse your personal information that you supply them, crosslink your purchasing behavior with your frequented locations, and analyze social circles you are involved in. Compared to Target’s limited data on purchasing decisions that made an accurate prediction on pregnancy status, what can a social media company do with that overwhelming amount of data? Whether you may agree that this data can be used for beneficial research and “personalized” advertisements that are more relevant for users, allow us to examine the possibilities that it leads to a more dangerous society. The scariest part is how people will use that data. I believe that it is in the realm of possibility that one could achieve a totalitarian, Orwellian surveillance state given that data. Powerful predictive models that are currently outside the realm of our understanding could easily reach further than calculating political affiliation into forecasting the utmost private and secretive thoughts. In this case, is it so much different than a future where Americans must constantly live under a watchful eye?
However, there exist individuals who would consent to trading equal portions of privacy for national security. Those individuals could argue that a surveillance state would identify threats before they evolve into actual harm. Many can cite the 2016 Orlando shooting, in which the shooter had previously pledged allegiance to ISIS, among other tragedies as prime examples.[12] However, I would disagree with the notion that privacy and security must be traded in equal proportions. I believe that the same loss in privacy will not result in an equal gain in security. When we consider improving national security, we ought to consider not only the “active” effects of such measures such as ongoing anti-terrorism measures, but also the potential effects. I foresee that it would be quite difficult to define a strict stopping point for any security measures, as any controlling entity may desire more and more power, to a degree in which its own or external checks and balances cannot maintain its overreach. Although this power can be used for “good,” it can just as easily be used for “bad.” In the end, the very ability for any entity to wield a power with that much “bad” potential (and “good”), is too powerful. While it is common to associate this with government, private companies may be able to use this data to inform decisions on the individual level. The first step to keep any unchecked entity from obtaining any such powers is to fight for our data privacy. Without the data and with increased transparency, we may be able to slow down or stop these atrocities. We must not even allow for the potential for extreme overreach, because there will never be a guarantee that it will not be used against the people.
There is a last hope for Americans that we can escape the current path towards a freedom-less surveillance sector. Since July 1, 2020, the California Consumer Privacy Act (CCPA) went into effect. California then passed Proposition 24 to further add protections for consumers on November 3, 2020. Starting in 2023, it will establish consumer data rights that include: the right to know what data companies are gathering on them, the right to have their data deleted, and the right to opt out from companies selling their data to third parties.[13] However, like much of American history, enforcing the law is the other half of the work. Consumer Reports had tasked data brokers, so-called experts in the field of data analytics in social media – their task: find the “Do Not Sell” button. When 42.5% of the group of three data brokers had at least one member unable to find the button, one can imagine the difficulty for an average consumer to find it. Further action is imperative if California is to enforce companies provide their consumers with a “clear and conspicuous link.” Among other concerns in the report13 are that 46% of the time, consumers were unclear whether their opting out was successful, some reported that they were forced to accept cookies (Cookies are text files with small pieces of data — like a username and password — that are used to identify your computer as you use a computer network. Data stored in a cookie is created by the server upon your connection. This data is labeled with an ID unique to you and your computer), some were required to provide a biometric identifier like a selfie, and some had red tape that involved downloading proprietary mobile software and setting up a separate account.
The very fabric of American freedom, and the founding principles of freedom from an overarching government may quickly be overshadowed if we are to continue along this path towards privacy submission. As it turns out, the fight for privacy for all Americans wages on. When the American public at large decides that it is no longer acceptable to remain complacent in data stealing, that we decide what kind of society the future of America exists in, we may be able to change this trajectory. It will require an unprecedented, combined effort of all Americans to achieve this common goal – the protection of human rights to privacy and the protection of American ideals.
“If living unfreely but comfortably is something you’re willing to accept, and I think many of us are, it’s the human nature, you can get up every day, you can go to work, you can collect your large paycheck for relatively little work against the public interest and go to sleep at night after watching your shows. But if you realize that’s the world that you helped create, and it’s going to get worse with the next generation, and the next generation, who extend the capabilities of this sort of architecture of oppression, you realize that you might be willing to accept any risk, and it doesn’t matter what the outcome is, so long as the public gets to make their own decisions about how that’s applied.”[14]
Thank you to Dr. Michael Goodhart, PhD – University of Pittsburgh, Department of Political Science
[1] Hicken, Melanie. “Data Brokers Sell Lists of Rape Victims, AIDS Patients, Privacy Group Finds.” CNNMoney. Cable News Network, December 19, 2013. https://money.cnn.com/2013/12/18/pf/data-broker-lists/.
[2] Tsukayama, Hayley, Cindy Cohn, Cara Gagliano, Nathan Sheard, Bill Budington, Katitza Rodriguez, Matthew Guariglia, et al. “Deeplinks Blog.” Electronic Frontier Foundation, December 10, 2009. https://www.eff.org/deeplinks/2009/12/google-ceo-eric-schmidt-dismisses-privacy.
[3] Johnson, Bobbie. “Privacy No Longer a Social Norm, Says Facebook Founder.” The Guardian. Guardian News and Media, January 11, 2010. https://www.theguardian.com/technology/2010/jan/11/facebook-privacy.
[4] Bain, Ellissa. “Madonna Reacts to Instagram’s New Terms of Use – What Are the Updated Policies?” HITC. GRV Media Ltd, December 21, 2020. https://www.hitc.com/en-gb/2020/12/21/instagram-new-terms/.
[5] Schneier, Bruce. “My Reaction to Eric Schmidt.” Schneier on Security, December 9, 2009. https://www.schneier.com/blog/archives/2009/12/my_reaction_to.html.
[6] “FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook.” Federal Trade Commission, April 28, 2020. https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions.
[7] “Sponsored Post: Who’s Most Responsible for Your Data Privacy Protection? Government? Companies? You?” TechCrunch. Verizon Media, March 30, 2020. https://techcrunch.com/sponsor/nortonlifelock/whos-most-responsible-for-your-data-privacy-protection-government-companies-you/?guccounter=1.
[8] Gartner_Inc. “Definition of Data Broker – Gartner Information Technology Glossary.” Gartner. Accessed January 5, 2021. https://www.gartner.com/en/information-technology/glossary/data-broker.
[9] “Column: Shadowy Data Brokers Make the Most of Their Invisibility Cloak.” Los Angeles Times. Los Angeles Times, November 5, 2019. https://www.latimes.com/business/story/2019-11-05/column-data-brokers.
[10] Eschner, Kat. “Computers Are Great at Chess, But That Doesn’t Mean the Game Is ‘Solved’.” Smithsonian.com. Smithsonian Magazine, February 10, 2017. https://www.smithsonianmag.com/smart-news/what-first-man-lose-computer-said-about-chess-21st-century-180962046/.
[11] Hill, Kashmir. “How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did.” Forbes. Forbes Magazine, March 31, 2016. https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/?sh=4935d1446668.
[12] “Minnesota Mosque Attack: ‘White Rabbits’ Militiamen Plead Guilty.” BBC News. BBC, January 25, 2019. https://www.bbc.com/news/world-us-canada-46999849.
[13] “Consumers Looking to Opt Out of the Sale of Their Data Still Face Obstacles.” Data Dividend Project. Data Dividend Project, November 20, 2020. https://blog.datadividendproject.com/consumers-looking-to-opt-out-data-sale/.
[14] George Orwell, Nineteen Eighty-Four (Münster: Aschendorff, 1985), (my emphasis).
Policy & Political Review 