The past twelve months have seen intense debates on the matter of internet privacy. In what was one of the biggest news stories of 2013, documents leaked by Edward Snowden reveal the massive extent of internet surveillance by the Five Eyes (USA, UK, Canada, Australia, and New Zealand). While most recently, lawsuits have been filed against Facebook because of its alleged breaches of various laws regarding the usage of user data.
Although these two incidents refer to similar issues, there is an important distinction to be made. One is the secret, systematic invasion of privacy by government agencies and the other is a company making alleged illicit use of its users’ data.
It’s safe to say that over the past two decades, the way that humans communicate has been revolutionised. Before the mass proliferation of internet-usage, communication was relatively private and secure.
It was possible to intercept phone calls, but expensive and difficult, often prohibitively so. Exchanging documents by post meant that unless a letter was completely repackaged, it would be easy to notice if it had been tampered with. Faxing was relatively insecure, but it was fairly difficult to tap without specialist equipment.
Email changed all of this, and when companies like Google, Microsoft, and Yahoo started providing free email addresses it became very easy to start communicating this way.
There is a lack of an international statement on the limits of privacy, the closest being Article 12 of the Universal Declaration of Human Rights, which states ‘No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence.’ There are similar provisions in the European Charter of Human Rights and the International Covenant on Civil and Political Rights.
The legal test for privacy in the US, UK and European Courts is whether you had a reasonable expectation of privacy. This can more easily distinguished when the situation you are considering is a journalist taking a picture of you in your garden using a long-range lens. However, on the internet the distinction between public and private is often blurred.
Ad-supported businesses, like social networks and email, rely on access to user data to allow them to present relevant ads to users. Serving targeted advertising is the only way companies can expect to make a profit from these kinds of enterprises without some subscription fee.
The latest issue for Facebook is the accusation that it analysed users’ private messages in a bid to serve more relevant ads. Facebook is a free to use service, it costs Facebook money for a person to use it, so naturally Facebook is going to try and make money via advertising. However, people generally expect their private messages to remain private.
Is it reasonable to expect this sort of privacy on a social network? The main question is what you sign up for when you agree to the Terms of Service agreement. Gmail analyses your messages and what you mark as spam in order to serve you ads. Very reasonably, Google offers an opt-out of this.
Facebook does too, however, it consists solely of not using Facebook. Because you theoretically have the choice not to use Facebook, does this mean you consent to having any data you put on the site used for advertising?
It’s no secret that people, by and large, don’t like targeted advertising because it is invasive. A famous example of the inherently creepy nature of this behaviour monitoring is an American father who learned that his teenage daughter was pregnant as a result of targeted advertising.
His daughter discovered she was pregnant and started looking at baby related items on the website of a popular retailer. An algorithm calculated that there was a high chance that she was pregnant and a catalogue and coupons for baby related items was dispatched to her, which led to questions and the eventual discovery of her pregnancy.
What about where the data is not used to make a profit, but to stop terrorist attacks? The Snowden leaks revealed the incomprehensible amounts of data being collected and analysed by government organisations globally. The NSA ran the most famous of these operations called PRISM, which in part involved secret court hearings that forced companies into providing the NSA with data that was related to court approved search terms.
The British Agency GCHQ also ran a program called Tempora, which intercepted massive amounts of British internet traffic. These programs, and the others that have been revealed, systematically invade the privacy of users of the internet.
We live in a terror-obsessed, post 9-11 world where the protection of basic human rights comes second to the protection of national security. The real question we need to ask ourselves is if we think privacy is an important right which requires protection. If so, where does privacy begin and end?
Should the government be allowed to see who you called? Can they download the data you put on your Facebook wall, or look at who you email? Can they look at the contents of your email? At what point do we say enough?
Despite these overwhelming invasions into the privacy of internet users and the initial uproar as a result, there’s no indicators that there has been any real mass change in online behaviour.
People still use Gmail, Facebook and Amazon. Privacy might be a human right, but it seems to only be a serious concern for people if their daily lives are actually being altered as with airport security checks rather than being watched. Judging from our behaviour, we seem to care very little about privacy.