Privacy may soon be obsolete—but at what cost?

Digital technology has allowed us the ease and comfort of getting what we want almost instantaneously. All we have to do is go online and gain access to endless services, downloadable content, and a multitude of social media platforms. Of course, doing so means skipping past those ubiquitous terms and conditions outlining data collection, usage, and other stakes in our private information. Almost all of us end up accepting the potential consequences of clicking “I Agree,” whether we read through—much less understand—the legalese or not, and therefore, we accept the deluge of ads curated “Because of your interest in,” in all its iterations.  

Where once there may have been outrage, there is now simply indifference. For many, after a collective shrugging of their virtual shoulders, there is the willingness to do more of the same with the next site or app. Agree, Engage, Receive Ads. Repeat. 

Does this mean that our attitudes towards privacy—and how we value our personal information—have changed, particularly to those who are more plugged in to the digital world? The 2016 Pew Report on Privacy and Information indicates that while a majority of Americans prefer to not have their information used for other purposes, they also see it as a necessary consequence of online access. 

This does not even account for those who are not only willing to have their personal information available, but are also in fact actively sharing their own stories on personal sites, blogs, or social media platforms.  

As digital becomes a more integral part of our lives, the line that delineates personal space and public information is becoming more blurred—and this is why some believe that the debate between privacy and surveillance is over, and that giving up personal information is a foregone conclusion. 

But do people really not mind, or are they just unaware of what happens because of this abdication of their rights? Have we truly considered the consequences of allowing our personal information to be shared? 

Or should the debate between privacy and surveillance be over? 

Convenience for Privacy: The Willing Trade-off 

For Reg Harnish, CEO of GreyCastle Security, a New York-based cybersecurity services provider, the concept of privacy as originally envisioned is already gone. He says, “in 10-15 years, we’ll be talking about privacy like we currently talk about rotary phones—we won’t.” The concept of privacy has been completely revolutionized.  

He maintains that there are actually benefits to a world without our current concept of privacy as we know it. To him, “much of our data and metadata is already being mined and shared among governments and organizations like the NSA. Large sums of data in the hands of only a few can be dangerous, but a world that democratically shares that information helps eliminate that danger…and imagine a world where scientists or medical researchers can tap into –and share—the medical records of billions of people…medical breakthroughs and discoveries would come at unprecedented rates.”  

Harnish believes that this trade-off is simply another manifestation of society’s historical willingness to give up something for wealth or convenience. He says, “the advent of the Internet gave us access to more convenience than ever before, and the price for that is a certain level of privacy. Society, which includes every single one of us, will in the end dictate whether or not we are willing to sign off on it, and I bet that we all will.” As more and more people accept less personal privacy, those values will be absorbed into the zeitgeist. 

Instead of condemning how information is so easily accessible, he believes that the focus should be on risk management and protecting what we consider valuable information. Resources should be devoted to identifying these assets and enforcing security measures. This change in attitude simply means that we should be more aware of what we share, and what we keep private. 

As an advocate for online privacy and security, August Brice begs to disagree. She believes that we really don’t know what we’re sharing and how much we’re sharing. And maybe more importantly, that we have no control once we give up that data. She says, “many don’t know what they are potentially exposing about themselves, and how this can happen. When Facebook’s privacy policy declares it can collect information that you ‘create or share, and message or communicate’… this means that any posts created but not shared can still be collected.” She points to how posts on Facebook, or drafts in Google Mail can theoretically still be accessed—and therefore used—even if we never posted or sent the content.  

While conceding that society is indeed voluntarily exchanging privacy for convenience, what is ultimately more harmful, Brice says, is being unaware of the consequences of these concessions. She cautions that this goes beyond logging on to a website or downloading an app, and that even Smart TVs, Personal Assistants, or Wi-Fi routers are unobtrusively but actively collecting information about us. Brice asks, “what if everything about you has been digitally collected and exposed, not just what you published online, but even your thoughts or your considerations? We should protect our children from that danger.” She fears for a future where someone can actually have an entire dossier available online. 

Is All Surveillance Bad?  

Ben Epstein, a senior advisor for the Defense Advanced Research Projects Agency (DARPA), contends that a better answer is that as technology and services change, the debate will likewise reinvent itself. He recognizes the changing attitude that “younger people do not seem to care about sharing their information, much less being ‘surveilled’ by anybody. The billions of users of Snapchat, Facebook, Instagram, etc. are more than willing to share their every thought and every word.” 

Epstein maintains that society has fewer qualms about having information available, which also resulted in a change of business model for many providers. He says, “for practical purposes, no one reads the disclaimers anyway. People now expect the Internet to be ‘free’ or at a ‘low cost,’ so now the collection and marketing of personal information becomes much more valuable than just payment for access or service.”  

Epstein also works in the realm of ‘lawful interception,’ which allows duly recognized authorities the legal right to track the communication of criminal suspects. As Chief Strategy Officer of a company that provides lawful interception services throughout the world, he believes that in the 21st century, this is an essential component for maintaining law and order. He understands the concerns over governments spying on their citizens, but maintains the necessity of being able to effectively track criminal activity. He says, “most Western governments understand that privacy is the expected norm, but at the same time the means to conduct (lawful) surveillance to assure public safety must not be diminished as modes of communication change. Warrants authorizing lawful surveillance involve many steps in justifying its issuance, but is well worth it to prevent bad actors from disrupting networks, engaging in theft or even inducing terror.”  

Michael Geist is a Professor of Law for the University of Ottawa, the Canada Research Chair in Internet and E-commerce Law, and one of Canada’s pre-eminent experts on online privacy and surveillance. He believes that the debate should be far from over, because public concern over the privacy of their information must remain a major issue. And Professor Geist disagrees with the perception that society is getting used to sharing and surveillance as a mere cost of doing business, and he offers as proof the most recent Privacy Commission report where complaints versus financial institutions remain at the top of the list. 

More importantly, Geist says a distinction must be made between information sharing and surveillance. He points out the “big difference between information sharing, which involves voluntary disclosure of information, and surveillance, where information is collected without consent by responsible organizations like the government…and while information sharing for security purposes may be acceptable in appropriate circumstances, the public remains less enthused about tracking (of personal data) by companies.” 

Because of the rapid advances in digital technology, most of the existing privacy laws are seen as outdated or inapplicable. The irony is that many of the applications or services themselves are actually protected from lawful interception. Mobile devices and apps have encryption services that secure user data very well, which have led to well-documented conflicts. Epstein thinks that governments may end up imposing more stringent—and perhaps controversial—laws that can facilitate surveillance in the interest of preventing crime.  

Like Epstein, Geist believes that striking a balance between privacy and responsible surveillance is essential, and this will continue to be an important issue going forward. He says, “governments need to establish effective oversight over surveillance activities to ensure no abuse, whether in the forms of warrants for access, or reviews of this access by trusted third parties…and there should be transparency reporting so that the public knows how this (gathered) information is being used.” 

Even if the Internet supposedly knows no boundaries, the reality is that geography still matters, and we are still subject to existing laws within physical domains. “If privacy rules can differ across different countries,” Geist asks, “we should ask how these domestic choices are honoured or respected by global or multi-national companies.” Jurisdictions are challenging how these choices have been subverted, proof that not only is the debate far from over, but also more nuanced than that simple trade-off.