It is obvious to most people that we live in an age of mass surveillance. The proliferation of digital technologies and the gadgets that keep us constantly networked have enabled more communication than ever. But these same technologies and gadgets have also enabled powerful corporations and governments to collect increasingly intimate information in increasingly greater quantities. One only need read Shoshana Zuboff’s The Age of Surveillance Capitalism (2019) to understand the depth and the scope of the data that corporations collect on our everyday thoughts and behaviors. And one only need read Glenn Greenwald’s No Place to Hide (2014) to understand the totality of the United States government’s surveillance powers. In the twenty-first century, every person everywhere should assume that all of the most powerful institutions in the world have the power to know almost everything about you.
These mass surveillance capabilities inherently threaten our modern conception of privacy, which is essential to the well-being of human beings that exist in western societies. In Privacy and Freedom, a ground-breaking 1967 study of surveillance technologies and privacy law in the United States, sociologist Alan F. Westin argues that privacy serves four essential functions in regard to the human self. First, privacy enables personal autonomy in that it protects an interior space inside the self that is free from external manipulation or control, a space where the individual can keep their secrets, hopes, and dreams. Second, privacy enables emotional release from the otherwise constant pressure to conform to social norms and the expectations of others. Third, privacy enables self-evaluation, the practice of reflecting on one’s own behaviors and values and to assess both past and future decisions. Fourth, privacy enables limited and protected communication, which allows the individual to decide which parts of herself to reveal to others based on the nature of her relationship with them—intimate, associative, professional, and so on.
As Westin suggests, without privacy, there can be no self as we know it. Though some people will dismiss the importance of privacy for the formation of the self, claiming they have “nothing to hide,” Zuboff compellingly retorts: if you have nothing to hide, you are nothing.
If mass surveillance is a threat to privacy and privacy is essential to the existence of the self, then we must protect privacy from mass surveillance—the question is how. In his 1983 book The Rise of the Computer State, David Burnham identified several possible types of solutions to the growing threat of mass surveillance, including legal solutions, institutional solutions, and technical solutions. The first two solutions—the legal and the institutional—together constitute what I will call here The Political View, which argues that democracy is the only means (or at least the best means) for limiting the harmful use of technologies like surveillance technologies. A version of the third solution—the technological—constitutes what I will call here The Cypherpunk View, which argues that citizens must have the technological capabilities to defend themselves from surveillance because even so-called democratic governments cannot always be trusted to protect their citizens from corporations, much less from the government itself.
The Political View holds that we need to use democratic government to reign in the dangerous excesses of both corporate and government mass surveillance. At the conclusion of her sustained critique of surveillance capitalism, for instance, Zuboff argues that big tech surveillance companies thrived because the government failed to properly regulate them, and she argues that such regulation is the only (or best) solution to threat of massive corporate surveillance. Similarly, The Political View also holds that we need new laws, tighter regulations, and better oversight of government surveillance.
The Political View is, however, unrealistic because there is no evidence that the United States government is willing to regulate surveillance, whether conducted by big tech corporations or by its own spy agencies. On the one hand, there are several federal laws that regulate individuals’ data in specific contexts—education, healthcare, finance, and even for children under thirteen years old—but there are no comprehensive federal privacy laws that would apply to large surveillance corporations. States like California—where the California Consumer Privacy Act and its successor, the California Privacy Rights Act, provide citizens the right to access, control, and even delete certain data collected by companies—have led the way in comprehensive privacy legislation. But even if Congress passed comprehensive federal legislation modeled on state laws like those in California, a privacy law is not the same thing as anti-surveillance law.
On the other hand, the United States government has a remarkably embarrassing track record of failing to reign in federal spy agencies. The National Security Agency (NSA)— created by a secret presidential order, not by legislative authority—is perhaps the world’s most powerful surveillance institution. From the time of its creation in 1952 until its surveillance practices were exposed in the political scandals of the mid-1970s, the NSA operated with no legislative oversight, often collaborating with American corporations to spy on citizens domestically. In 1978, Congress passed the Foreign Intelligence Surveillance Act (FISA), which established the highly-secretive Foreign Intelligence Surveillance Court (FISC) to oversee and limit the domestic surveillance activities of the NSA. Yet, as journalist James Bamford reported in The Puzzle Palace just four years after FISA was passed, the law and its court were obvious failures. Not only did the law contain so many loopholes so as to render regulation ineffective, the FISC essentially become a rubber-stamping office because it had granted every surveillance warrant requested by the NSA.
What’s more, it’s not just that the United States government fails to prevent mass surveillance; it also protects the purveyors of mass surveillance once their lawlessness has been revealed. In 2005, The New York Times revealed that major telecommunications companies had been collaborating with the NSA, allowing the surveillance agency unfettered access to its networks. The Electronic Frontier Foundation (EFF) and other entities filed dozens of class action lawsuits against AT&T and other telecom companies for participating in the NSA’s unlawful mass surveillance. These lawsuits were all dismissed after Congress passed the 2008 FISA Amendments Act, which granted retroactive immunity to the telecom companies.
Similarly, in 2013, The Guardian reported that telecom companies were once again secretly cooperating with NSA mass surveillance programs. This time, the NSA was in the hot seat for creating a massive database of telephony metadata—not the recorded content of phone calls but the records of which phones called which phones on which days and for how long. Two years later, Congress reformed FISA with the USA Freedom Act, which formally ended the NSA’s bulk collection of telephony metadata, but the reform bill did not place limits on the power of telecom companies to collect such data. Thanks to the Supreme Court’s third-party doctrine—which holds that customers have no reasonable expectation of privacy regarding data they share with companies (see Smith v. Maryland)—such metadata remains accessible to the NSA and other government agencies without the need to obtain a warrant.
Even in light of this brief sketch, it seems obvious that The Political View on privacy protection is insufficient, which is why The Cypherpunk View, with its emphasis on technological solutions rather than legal solutions, is so compelling.
The cypherpunk movement began in the early 1990s when a group of privacy advocates and cryptography hobbyists gathered in California to discuss the growing threat to privacy in the digital age. They realized that electronic communication networks are inherently insecure and that only encryption would secure communications following the proliferation of computers. At the time, however, cryptographic protocols were classified as munitions by the United States government, which means cryptography, the science that enables encryption, was essentially a classified science. Inspired by the independent cryptographic researchers of the 70s and 80s, the cypherpunks began a series of legal battles that ended in their favor, for courts ruled that “code is speech” and the government could not prohibit citizens from using cryptographic codes to secure their devices and the communications. Today, of course, most of our internet use and cell phone communications are encrypted, enabling everything from online commerce and banking to telehealth appointments with healthcare providers. The security of our digital world today is, in large part, a result of the cypherpunks’ efforts.
In Cypherpunks: Freedom and the Future of the Internet, four cypherpunks—Julian Assange, Andy Müller-Maguhn, Jérémie Zimmermann, and Jacob Appelbaum—argue that so-called democratic solutions are likely to fail because there are no incentives for politically and economically powerful actors to regulate themselves. “I think that the only effective defense against the coming surveillance dystopia is one where you take steps yourself to safeguard your privacy,” Assange insists, “because there’s no incentive for self-restraint by the people who have the capacity to intercept everything.”
Distinguishing between “the laws of man” and “the laws of physics,” they argue that the mathematics underlying encryption—such as prime factorization—is more effective than law and policy at protecting our data and our communications. After all, it is easy to break the law but it is often impossible to break very strong encryption. “So, there is a property of the universe that is on the side of privacy,” Assange explains, “because some encryption algorithms are impossible for any government to break, ever.” Furthermore, the cypherpunks argue that encryption programs must be open-source software so the security of the protocols can be inspected and tested by a worldwide community of experts. The NSA has a long history of sabotaging widely-used encryption protocols to weaken their security and thereby make it easier for the government to break into ostensibly secure networks and communications.
Of course, proponents of The Political View worry about The Cypherpunk View’s emphasis on technology while disregarding potential political solutions. It is neither normal nor acceptable, Zuboff argues at the end of The Age of Surveillance Capitalism, for young people to spend time comparing the latest tools that allow them to better hide in their own lives from the gigantic surveillance institutions that watch everything we do. Zuboff is certainly correct that human beings should not live in a state of constant trepidation that their actions, locations, and intimate values and beliefs are being observed, recorded, processed, and monetized. But Zuboff’s criticism of technologically-oriented perspectives misses the broader insights of the cypherpunks. First, cypherpunks advocate political solutions when they are feasible (especially the use of antitrust to break up large tech firms), but they remain skeptical about the efficacy of political solutions, even in so-called democracies. Second, for the cypherpunks, the use of encryption technology is a political solution, for like all technologies, encryption is laden with ethical and political values. As I argue in Cypherpunk Ethics: A Radical Ethics for the Digital Age, cypherpunks view encryption as a “convivial tool,” a kind of technology that facilitates the creation of societies in which humans can live and thrive together, freely and cooperatively.
Though the cypherpunk movement has expressed interesting philosophical ideas about ethics, politics, and technology, they also provide practical advice for the preservation of privacy. In “Of Cypherpunks and Sousveillance,” I argue that the cypherpunk slogan “privacy for the weak, transparency for the powerful” outlines the response citizens have in the face of massive corporate and government surveillance. Take, for example, Google and the NSA: two institutions that seek to collect as much information about outside entities while seeking to conceal as much information as possible about their own inner workings. Google and the NSA are information black holes, in a sense, because they suck in as much data as possible while trying not to leak any data.
The cypherpunk slogan “privacy for the weak, transparency for the powerful” suggests the only appropriate response to Google and the NSA: become a black hole yourself! On the one hand, individuals should take all necessary steps to obfuscate and restrict the data they emit—using Virtual Private Networks (VPNs), privacy-enhancing browsers (here, here, and here), privacy-friendly search engines (here), and browser extensions that block third-party trackers (here). On the other hand, individuals should do everything they can to learn about the inner workings of mass surveillance institutions—from reading the best books on the history and techniques of surveillance to supporting adversarial journalism and whistleblowing platforms.
The “digital age” and the “age of mass surveillance” are the same thing, and in this age, privacy—and by extension, the self—is under attack. We can and should pursue traditional political protections for privacy where possible, but when electoral politics and legislation fails, we must turn to technology. Encryption and other digital tools enable grassroots efforts toward non-violent direct action in defense of privacy and the self.
The post How to Preserve Privacy in the Age of Mass Surveillance: Democracy or Technology? first appeared on Blog of the APA.
Read the full article which is published on APA Online (external link)
