Marko Polojärvi

Thought Works

Privacy And Why It Really Matters

privacy |ˈprɪvəsi, ˈprʌɪ-|
noun [ mass noun ]
• a state in which one is not observed or disturbed by other people
• the state of being free from public attention

unsuspecting victimTo me privacy is about trust. It's not about whether I've got something to hide, like former Google CEO Eric Schmidt insinuated. It's about me having control over what I want to share. It's about the fact that if you somehow obtain information about me that I hold private, whether via analyzing my actions or directly, you have violated my fundamental rights. To me that's unforgivable.

There has been a very worrying trend caused by the online advertising industry that it's somehow okay to mine and probe into the information you put online without your explicit permission. I'm not counting 38-page-long terms of service agreements as explicit permission. To me this behaviour is morally and ethically wrong, no matter how lawful it is. In the light of recent news it seems that certain countries have escalated data harvesting even further and are collecting every action you do online without any legal warrant.

There's a place for analytics and information processing but as soon as you cross the boundary of building profiles of individuals without those individuals’ supervision, you go straight to the dark side and the consequences can be unpredictable.

For people who think they've got nothing to hide and that they're not that interesting it can be hard to comprehend why some people like me are so hell-bent on maintaining privacy.

The issue that worries me the most is that a lot of people don't seem to realize the full consequences when you give up your privacy, and how exactly it happens.

In this "thought work" I want to discuss about companies who have commercialised privacy violations, the more sinister side of losing privacy, and the hidden consequences of losing the battle for control.

How to lose your privacy

There's two things you can do right now to lose most of your privacy. Share everything that comes to mind on Facebook and search everything that comes to mind on Google. I don't want to single out Google or Facebook but they're the best representatives of two common ways for online companies to commercialise you. There is no free lunch - if you're not paying for the service, you're the product. These companies are doing everything they can from firing slogans at you to deceptive user interfaces to hide the fact that you're the product.

The first way to sell you forward is to know what you want - from your search and surfing behaviour Google knows what your intentions are. Another way is to leech into your relationships and see what your friends are buying - Facebook knows who you know and what you like (or “Like”). Both of these companies are making their bottom line by watching your every move and finding the right triggers that make you click ads you wouldn't click without manipulation. Of course in their terms this is called "optimising the user experience".

Let's set aside for a second the fact that both Google and Facebook are US companies bound by US legislation to share all their stored and analysed data about you with the US government, and let's focus on what happens to your privacy without any court orders or secret deals.

dragnet webIt's important to understand that Google's dragnet tracking is not limited to your searches on Google offers various "free" services to webmasters like Google Analytics. The webmaster installs a piece of code on the website and that code sends your unique tracking data to Google every time you visit that website. The same applies to Google Fonts that webmasters can use to make their site look nicer, embedded Google Maps to show a nice map where your office is located and of course embedded Youtube videos. I'm probably missing a few services but I trust you get the point. Your actions on a site that uses one of these services is now tied into your Google Profile that Google will then sell to their advertisers. The only defense you have are browser extensions like Ghostery that block such spyware from loading. Without extra protection, no matter what you do online – Google has their eyes on you. Sometimes I see people marvelling how awesome Google is to offer these free services - now you know better. As a webmaster by using these services you're literally selling out your visitors (and for zero profit) and contributing to the problem.

Facebook is a different kind of beast. Facebook is a service built around relationships between people and Facebook itself doesn't produce any value to its users - it's all user-generated content. The only value Facebook produces is solely for the advertisers. Facebook has introduced several schemes to dig out seemingly innocent bits of valuable information about you. You can like something, friend someone, subscribe to someone/thing and write status updates to your or your friend's page. And companies are falling into the trap and driving people into Facebook without realising that Facebook's profit comes from selling this new valuable Like and Page visit data to the company's competitors who are looking to buy access to people interested in the company. The company who is after Likes pays for the traffic to Facebook and Facebook sells the resulting data to competitors - it's win-win, for Facebook.

Piece by piece Facebook gobbles your updates, likes and private messages with various sets of algorithms and creates a target profile out of you which gets more accurate the more you use Facebook. The secret sauce is in the prediction algorithms. They can even predict whether your relationship with your partner is heading for a break-up - great time to sell you to some marriage counselling services. Facebook has also created a dragnet tracking by offering Like buttons and Facebook Connect login to webmasters.

Both of these companies store your information forever. To hammer this point home, the information you submit to Google and Facebook will be around for the highest bidder as long as you live. Even if these companies anonymised their data sufficiently (which isn't the case with IP address anonymisation that Google practices), third party companies and governments who get their hands on the data are not bound by Google's/Facebook's "privacy policy".

You might say I'm being harsh on these companies but I'm not. This is what's happening in reality when you strip out all the buzz words, niceties and PR crap. You are being analysed and sold to the highest bidder 24/7/365. You don't even need to use their services - it's enough that you step into their dragnet land mines enough times for them to build a targeting profile, off it goes to the highest bidder and suddenly you start to see much more "targeted" banner ads all over the web.

But so what? You might be ok with seeing ads and you don't mind somebody has a profile of what you like or who you know. Now is a good time to talk about the aspects that go a bit deeper into how privacy is absolutely essential for anybody in the modern society, and why without it we're guaranteed to lose all our freedoms we've fought for over the last centuries.

devil with many faces

The cost of losing privacy

The cost of losing privacy isn't an obvious one. In online environments you don't even notice when your privacy has been violated because the effects aren't obvious. For example Facebook might put your face next to a lubricant ad just because you made a joke about lubricant in your status update. Or you start to see Google ads for various STD remedies all over the web because you're a nurse and regularly visit forums that among other topics also have information about STDs. This means that in your Google Profile there's a data point that says it's probable that you have an STD. That information is now associated with you permanently. This is the lowest and most innocent level of hidden selection.

As much as privacy is about one's ability to control what others know about one, it's also about protecting the freedom of the modern democratic society.

The processes that make our democratic and free society possible are built on transparent and fair decision-making. If you strip out transparency you end up with totalitarianism. The current practice of harvesting and analysing individual's private and public data jeopardises the whole system of fair decision-making.

The society which relies on harvested data in data-driven decision making is in the danger of turning into a tyranny, by machines. This starts happening as soon as the government applies automated systems that are working on selecting and sorting citizens. The reasoning behind these systems is usually that the amount of data is so large that humans can't process it in a reasonable amount of time. Suddenly you are now being selected without a clear selection criteria and without any "common sense". You've been condemned as being part of a group without any clear reason why. Eating burgers + speeding when driving + filing tax report late might result in you being in a particular group that pays more taxes because your data indicates you're a risk factor for society. Nevermind that you actually buy those burgers for your colleague because he always forgets to bring his wallet from the office and your tax papers are late because of your accountant, not you.

And you can't rely on human intervention because depending on the data, even the person responsible for "handling your case" might not know exactly why the system has selected you – "they're just doing their job" based on what the computer tells them to do. When everybody is exposed to hidden selection it will become impossible to compare what's the baseline because everybody has "personalised" and "fair" results.

If the selection algorithm is a "learning" one, it can be a complete black box. Data goes in and the result comes out but nobody, not even the designers, knows exactly what made the result. In November 2013 Google's engineers said that they don't know anymore how their 'deep learning' clusters work and arrive at the conclusions they output. If you're interested in how learning algorithms can go horribly wrong, read more about the US military's attempts to create an artificial tank spotter.

In the United States there are already reports of instances where an individual's financial transactions have been used to create "personalised" premium insurance pricing based on their eating habits. I'm all for sugar taxes, charging for extra seats if you're too "large" to fit into one, and generally nudging people into eating more healthily but it's a scary example of a hidden selection process based on unknown data affecting an individual's daily life. There is no reason why hidden selection could not be used for more sinister purposes in wartime. Hidden selection is nothing new but it hasn't been possible before to carry it out on such a large scale with such accuracy. Combine Google & Facebook and you have a complete history of someone's search queries and social connections.

A modern democratic society is built on the notion of elements of its members opposing the current state of affairs. The majority has throughout history sought to maintain the status quo while the opposing force has tried to change it. This is how democracy works - simple but effective.

There hasn't been a single serious development in the history of mankind that conservatives have initiated. By killing privacy you essentially kill democracy because now the game is rigged in favour of the defenders of status quo.

The above video is a chilling clip from the documentary Terms And Conditions May Apply. The British police used data obtained from "internet communications" to arrest around 50 potential royal wedding protestors based on predictions that they might cause annoyance. As I'm writing this there's also new legislation being passed in the UK that makes any behaviour perceived as potentially 'cause nuisance or annoyance' a criminal offence. The same law effectively removes freedom of assembly meaning that if you believe in an idea the government doesn't like it's a criminal offense to meet other people sharing the same ideas. It's important to notice that the bill frequently uses the word "likely". What this means in practice is that the police doesn't need any hard evidence, just a prediction that something is "likely" to happen is enough. Imagine what will happen when the UK government decides to use 'deep learning' systems to help identify potential threats.

What you're witnessing is the birth of Predictive Policing, and it's not just a movie plot anymore.

Arresting potential critics of the Royal Wedding is one thing, but the lack of privacy will also lead us into an era where you'll see many more actual terrorist acts that are not just US scare tactics. Look at what's happening in the Middle East where proper democratic political discourse can't be carried out. That is the future of the surveillance state and the real cost of losing privacy.

I want to be clear that my intention is not to scare you or spread fear, it's about getting you to understand what the real-life consequences are of voluntarily giving up your privacy.

United States President Barack Obama is tragically mistaken with his "we need to find a balance between security and privacy" rhetoric. Let me quote Benjamin Franklin who makes my point more eloquently than I ever could: "they who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety". President Obama, or anybody else for that matter, can't guarantee your safety - sadly nobody can. The only way to guarantee our safety is to find an equilibrium with foreign societies where they have no incentive to harm us. We have all the tools but the will is missing.

The state of online privacy

The state of online privacy at the moment is dismal. The United States was a pioneer in internet technology but during the last decade – starting with George W. Bush, and ratified by Barack Obama – it has worked tirelessly to destroy everything the fathers of the internet worked for.

honorable edward snowdenIn the United States all data gathered by any company is readily available to the government agencies like the NSA or the CIA. All data in this case means phone records & conversations, emails, internet traffic - in a nutshell all information they can get their hands on. Recent documents leaked by the honourable Edward Snowden have outlined several agency programs where companies like Facebook, Google, Microsoft, Apple, Dropbox and such are participating. While I'm writing this Mr. Snowden's gift still keeps on giving and we probably know a lot more by the time you're reading this.

What many Americans and a majority of foreigners don't know is that the NSA doesn't need the cooperation of any of those companies. Section 215 of the PATRIOT Act gives the US government the right to seize any data they want from US companies. The US constitution's 4th amendment doesn't apply because you've willingly surrendered your data to a 3rd party. This applies to any information. With a suppression order (gag order), the US government can prevent the company telling you about the government's actions against your data. Cooperation just makes everything a bit smoother for the company and government.

I'm not a citizen of the United States so none of that applies to me. Because none of the US legislation applies to me, my data is without any rights when it comes to US surveillance. Even if I don't use any US-based companies, my internet traffic is still being captured (and stored in NSA archives) if it routes through US soil, because the NSA intercepts the cables that carry all internet traffic. There's plenty of rumors that the NSA has seized control of foreign cables around the world as well but I've no actual evidence to back those claims.

The US has been very active in letting the world know about their fear of terrorism. For this reason they have ratified legislation like the PATRIOT Act. The PATRIOT Act has been a big part of how the NSA has been able to legally operate under rare inquiries from the US Congress. One would imagine that such a surveillance state would be highly effective in securing their territory. The NSA chief at the time, Gen. Keith Alexander, was questioned in June 2013 about the effectiveness of telephone surveillance and he told how they had foiled 54 terrorist plots. In a congressional hearing in October 2013, Mr. Alexander confessed that in reality the NSA's telephone surveillance had only helped in one, or maybe two cases. Two conclusions spring to mind. Either the NSA is doing a very poor job, or the fear of terrorism spread by the US is completely unfounded.

The USA is not of course the only country running such programs. Snowden documents have revealed "Five Eyes": the US, the United Kingdom, Canada, Australia and New Zealand. I've no doubt that countries like Russia have their own similar programs. China goes without saying.

However, as tempting as it is to start blaming countries for this, you have to remember that each country is only looking out for themselves. Most of them are democratic societies (or at least claim to be). I want to believe their goal is to protect their own citizens and not for the benefit of the current government, but here lies the problem: where’s the dividing line between the government knowing too much and the government knowing too little to provide the necessary functions for the society it serves? Does the government even remember that its job is to serve society, and not itself?

All the little things in your life

I'm sure you might have heard the term "internet of things". In a nutshell it means all devices from teapots to alarm clocks being connected to the internet. If all your devices are connected to the internet you can be sure that they will be of great interest to various criminals who wish to monitor you.

In November 2013 a British IT consultant discovered that LG's TVs are sending data about what viewers were watching back to LG. LG is using this data to profile each TV to sell ads. If you plug in a USB stick to an LG TV, it will send the filenames on the stick to LG. Combine predictive policing with the ability to monitor whether somebody is watching material the authority does not approve of. This is a yet another potential lethal weapon against the basic democracy.

If all the little things in your life that are connected to the internet you can rest assured that unless surveillance is made impossible you will be monitored. If the manufacturers don't co-operate and provide a convenient backdoor, the devices you use will be hacked. The biggest problem with the NSA's tactic of weakening security products and creating backdoors is that anybody in the world who knows about them is able to use them. Some might see the NSA's actions as the ultimate narcissism – as long as they get what they want they couldn't care less what happens to the victims.

Closing thoughts

Over the years we've escalated from harmless website visit tracking to a full-blown "all your traffic is stored forever" surveillance world. Some people are arguing that privacy is dead. I don't think so, not yet. It's true that most of what encompasses the average Joe's internet usage is now captured and stored forever. We still have technologies like encryption which, at least according to current knowledge, is still able to keep our data private if used correctly.

I firmly believe that we're living in a time where humans have to make a choice which will shape our future.

The question is: Are you willing to hand over control of your life to the men in the dark room that know everything about you?

Because I'm not.

P.S. I’m trying to reach more privacy-conscious people like you so please pass on the link, and thank you for helping. Maybe some day I can return the favour!