Down the Digital Rabbit Hole: Public Expectations of Internet Privacy

black_laptop_spy_watching_500_clr_4398By way of an introduction, HBO’s Last Week Tonight with John Oliver pulled off quite a coup when bringing the issue of state surveillance back to America’s attention. Oliver appropriately highlighted the public’s waning interest regarding the NSA’s sweeping information program PRISM and its analogues, revelations that came to light when an NSA sub-contractor’s employee, Edward Snowden, fled the US with thousands of classified documents which he has illegally disclosed to journalists around the world. Using the format of ‘streeter’ interviews, we are afforded a glimpse of relative unfamiliarity with the subject by a sampling of people on the streets of New York City. However, as has become expected of HBO’s humourous current events show, Last Week Tonight takes the opportunity to drive forward from a simple satirical piece and had its host, John Oliver, travel to Moscow to meet with Snowden to discuss the impact of his actions two years on. Here’s the interview as broadcast on HBO:

In the interests of full disclosure, I am a huge fan of John Oliver, and this piece reinforced my position. Unlike a number of appearances by Snowden in the media in the past, Oliver packed in some serious questions and assertions that have been absent in those other interviews. Perhaps most provocative on a personal level was when the previous streeter footage was shown to Snowden with, amongst other errata, some wrongly identifying him as Julian Assange, the WikiLeaks founder currently under asylum in the Ecuadorian embassy in London.

However, this post is not necessarily a shot-for-shot analysis of Snowden’s statements or world view, nor is it a review of Oliver’s penetrating questioning of, as he puts it, “the most famous hero and/or traitor in recent American history”. The interview is simply the beginning of a more complex issue facing Americans and the rest of the world: What is the relationship between the technology of the internet, the ability of states to intercept information, and the public (civilian) expectations that they may communicate without unlawful interference?

The Internet as a Communication Medium

Snowden rightly states that it is difficult to synthesize the complexity of the technology into a few seconds that fit nicely into a sound bite. Indeed it is: the internet is nothing short of a silicon marvel that has exponentially moved the global human condition closer together. The good, the bad, the in between. The same network of fibre optics and microprocessors deliver your ‘like’ on an old primary school friend’s Facebook post, connect your Skype call with your parents in another country, and allows us all to get news of world events in near-real time – whether through conventional or new (social) media. The international exchange of information has never been faster, wider or convenient.

Now for the inevitable truth: the internet is a tool. Any moral evaluation of its social value is more appropriately a statement of the user. A similar albeit more difficult question exists about nuclear technology, a conversation also mentioned in Sunday’s LWT with regard to ongoing negotiations with Iran over its nuclear ambitions. Nonetheless, the internet has no inherent value but that for which it is utilised. For the most part, human usage of the internet is relatively innocuous and banal. In the present context, included in that is what may be considered low level domestic criminal activities that may lie outside the scope of legitimate national security interests.

However, the internet has the capacity to provide a means of communication for individuals and groups in coordinating and carrying out acts of terror and international criminal activities. Some of these include logistical support to groups like al Qaeda and Islamic State, or may be used by states to conduct illegal actions, such as the current conflict in Ukraine. It does not help that the sheer volume of data flowing throughout the internet masks the trail left by these subjects, making detection increasingly more difficult and prevention of action more so. It would also be salient to consider the novel means of use that are constantly being employed – in certain circumstances, free email accounts are set up and messages relayed using drafts in order to avoid actually sending a message between two people. Some terrorist groups even utilise the increasingly-prevalent VoIP technology used for in-game voice chat for popular video games as means to communicate via the internet. As access to and use of the internet spreads into every conceivable corner of our lives, those wishing to use this tool for violent acts of terror and criminality will develop new and innovate methods to thwart detection by intelligence and law enforcement agencies.

The Physical Nature of the Internet

I will endeavour to keep this brief: the internet is not a metaphysical concept – it is a physical object consisting of fibre optic cables, computer hardware and various languages of coded software. This reality is psychologically juxtaposed by nature of individual interactions by users of the network – whereas you would previously had to leave your house or invite others in to interact with people, the internet now provides the means of ‘telecommuting’ to work and socialising in 1s and 0s. Moreover, the actual technology we use now to connect obscures the nature of the internet. No more must you be seated in front of a great big desktop tower and screen using dial-up connections over the phone line, as 4G mobile data and WiFi have literally cut the physical cord from our digital devices. In fact, recent statistics have shown that more people access the internet now from their smartphone or tablet device than from a traditional laptop or desktop computer.

Much as a letter in the post sent to another country would travel through multiple locations on its way, the data we send from our phones, tablets, and computers traverses numerous jurisdictions before reaching its destination. In most instances, people cannot state where their information has gone even if they can identify to whom that information was sent. I recall visiting the House of Lords (‘HoL’ – the upper chamber of the UK Parliament) in law school and witnessing a debate over the posting of sensitive information about UK police officers on Facebook. Though I winced more than once at the concept of the internet being misconstrued by HoL peers, I was immediately impressed when one Lord stated that a legislative debate in the UK was pointless as the computer servers hosting the data for Facebook were all located in California, USA.

Therein lies the conundrum.

We may think of the internet as an unbridled worldwide information revolution, but as a physical network it is very much subject to the jurisdiction and governance of domestic laws. However, as data flows from jurisdiction to jurisdiction, there exists the possibility of unknowingly breaking the law of a particular country merely by sending an email via Google.

Consider the Turkish Penal Code Article 301 that has been used repeatedly against any persons suggesting that Turkey’s killing of 30,000 Kurds and more than a million Armenians was a genocide. As such, academic historians, sociologists and lawyers have been banned from Turkey for making reference to the event as a genocide. If I send my genocide conference footage via YouTube to a colleague in Ankara, and that video is routed through a server in Turkey, my next trip to Istanbul may be considerably longer than I may have planned. (The maximum sentence under this law is four years.) Other European countries have similar laws (Italy, Poland, Spain, Germany and Denmark) and collectively there have been over 550 convictions. I may not have intended to cause ‘public denigration’ in any of those nations, but if my communication were relayed through these jurisdictions, my actions may have contravened these laws.

As a general operating principle when using the internet, consider where you are sending your information as much as you might consider what and to whom you are sending material.

What do you consider to be private?

There is an irony to groups like WikiLeaks (who provide an outlet for leaking information) and Anonymous (a group who obtains digital information) in that they actually take advantage of an overwhelming general ignorance towards digital security and utilise it to impose their views as to what the internet should be. I’m sure both started out with the best of intentions, but it would be remiss to not consider the rather large Robin Hood complex that allows each to commit lesser crimes supposedly to prevent greater crimes. (It should be noted that in certain narrowly construed circumstances, this is a legitimate defence at law – the so-called choice-of-evils or general defence of necessity.)

So let us ask the question: what is greater crime prevented? In the context of the United States, most of the legal debate surrounds the Fourth Amendment that protects citizens against unreasonable searches by the government. Just over a year ago, the US Supreme Court declined to hear a case (Klayman v Obama) after a federal court justice had ruled that the NSA’s surveillance programme may infringe on the constitutional right. Other courts have come to different conclusions, and as such the question remains open.

What is essential to understand is the nature of such surveillance – the likes of WikiLeaks and Snowden are preoccupied by the state’s ability to collect information on its citizens. What is rarely talked about however is how much information is voluntarily made available by people using the internet. Between 2008 and 2014, Facebook saw the number of subscribers go from 100 million to 1.4 billion users – with most everybody providing a lot of personal data on a day-to-day basis.

Statistic: Number of monthly active Facebook users worldwide as of 4th quarter 2014 (in millions) | Statista
Find more statistics at Statista

As for the 140-character medium of Twitter, their user base grew from 30 million in 2010 to 288 million in 2014 (that’s more users than the US population over 15 years old).

Statistic: Number of monthly active Twitter users worldwide from 1st quarter 2010 to 4th quarter 2014 (in millions) | Statista
Find more statistics at Statista

All you need to do is to check your feed from either of these services to see your friends and acquaintances posting photographs and comments about events that would have previously remained private. Despite Facebook and Twitter offering varying degrees of protection and privacy, most users are either not aware of these tools, not able to locate them in the interface, or not bothered about what they post. The rise in popularity of people who have massive numbers of followers on Twitter virtually encourages others to open themselves up to the voyeurism of the masses. The ‘next big thing’ is usually touted as being found in social media. The most infamous of unfortunate Canadian exports, Justin Bieber, was discovered on the video-sharing site YouTube at the age of 13 – an age that breaches the terms and conditions (‘T&C’) for YouTube’s usage. (Section 2.3 of the Terms of Service)

It has been the subject of many jokes that nobody has ever truly read the T&C for Apple’s iTunes. Eddie Izzard put it beautifully, “Nobody in the universe has ever read the terms and conditions…”

Despite our collective disdain for anything involving fine print, almost everybody using services on the internet have at some point just clicked ‘I have read and agree with the Terms and Conditions’ and considered the act an annoyance. Consumption of internet services is the very nature of the internet in the first place: it is an information provider and receiver, whether or not that information is true, public, private, salacious, provocative, or even illegal. We are so dependent on this service, it has changed the nature of human interaction irreversibly. Without concern, we post information about ourselves to the internet and then become concerned when strangers come to posses this information. (Ask anybody who has had somebody they met in 2012 reference that trip you took in 2004 in an over familiar way.)

Yet, the numbers of people signing up to social media and moving their memories and experiences online is ever-increasing. Most companies now conduct due diligence searches of employees, background searches of this ‘open information’ for clients, and require contract clauses referencing social media usage policies. All done in an effort to minimise the potential of embarrassing public spectacles, typically reinforced after similar PR disasters for others making the headlines.

It is this dependence on being socially connected with our on-line lives that makes programmes like the NSA’s PRISM both economically and practically feasible – we’re putting it out there, so why shouldn’t the government read what we’ve given freely?

Illegal Interference: When state surveillance goes beyond open-source collection

Certain information is collected by states that the average civilian has no access to – the NSA was collecting the meta-data (an unfortunately vague term for what it represents) of calls made by US citizens. What does the meta-data represent? Put simply, it means the number you call and the duration of the call. In some instances, intelligence agencies can obtain the name of the person or company you call. It should be stressed that the content of the call (the conversation itself) still requires a warrant for authorities to eavesdrop on the call.

However, a recent article regarding the FBI’s usage of a cell intercepting technology called StingRay has been made public after the organisation EPIC (Electronic Privacy Information Center) successfully obtained a FOIA disclosure on its usage, not just by federal authorities, but also local police services. What was concerning was the systematic support that the FBI provided local law enforcement in resisting disclosure of the technology – even going as far as to drop criminal charges rather that have this tool exposed for public scrutiny.

judge_with_robe_1600_clr_12812Where law enforcement circumvents the legal requirements of obtaining warrants (and thus having judicial oversight and accountability for ‘reasonable belief’), such procedural failures result in increased miscarriages of justice. Mere suspicion without reason is insufficient in most democracies to permit such intrusion into our private lives (e.g., listening in on conversations on the telephone, intercepting our communications). However, one must draw a distinction between law enforcement (in the USA, this would include the FBI) and their efforts to thwart criminal actions including terrorism, and the efforts of intelligence agencies in their remit to collect information both domestic and foreign in order to provide risk assessments and responses to national security risks.

How does this fit with the why the public feels aggravated (albeit temporarily…) by this intrusion into their online activities? It comes down to what the public expects the internet to be, both in terms of information provider and open means of communication.

Misconceived Expectations: Not-So-Anonymous?

Anonymity, or the perception that one is anonymous on the internet is more or less a common misconception that people have of their activities online. In fact, in order to access the internet in a manner that may conceal your identity, most people do not even know the first steps. There are tools out there to assist in this, touted to allow users to ‘browse the Web in confidence’ or to circumvent state-based censorship (e.g., the Great Firewall of China, etc.). This may be great if your concern is anybody discovering your love of cute kitten videos or Last Week Tonight’s YouTube postings. However, what if your intentions run significantly darker?

It's what you can't see that gets you...
It’s what you can’t see that gets you…

Most of the internet is obscured from search engines and metacrawlers that index the ‘entirety’ of the visible internet. Consider the metaphor of an iceberg: what you see on the surface cannot prepare you for the enormity of what you cannot see. It is here where criminals, drug dealers, killers-for-hire, terrorists, and their ilk come to ply their trade.

Earlier this year (2015.02.04), Ross Ulbricht, the founder of the Silk Road website – a sort of eBay for crime – was convicted on seven charges, including money laundering. Reflecting on the conviction, the Canadian CBC Radio show The Current interviewed Alex Winter (the director of an upcoming documentary film about Silk Road), as well as Ulbricht’s mother Lyn.

What struck me was the insistence by Lyn Ulbricht that “it is impossible to prove somebody’s identity online”. Ask anybody who works in forensic I.C.T. (I.T.) services, and you will quickly be dispelled of this popular myth. We all leave a digital footprint – it is only the degree of perseverence by an investigator that determines whether you remain anonymous or not. A number of countries are now introducing legislation to aide in combating on-line trolling and stalking, both typically being characterised as criminal harassment in nature. Most local police forces now have in-house experts in forensic I.T., and most regional/national police forces have dedicated task force units to deal with the digital side of crime.

To reiterate: none of us are truly anonymous on-line. Just because you’re holed up in your house in your bathrobe alone does not mean somebody somewhere can’t see what you’re doing, or trace your rants back to the very device you’re using right now.

Time for the Tin Foil Hats? Not quite…

The first step to really being safe on the internet is to understand what it is. Much like most of the modern world, the science behind how the internet works has taken on mythological attributes in place of insisting on its users actually understanding the technology. We do so only at our peril.

Secondly, though it may sound worse than a root canal at the dentist’s office, try reading the terms and conditions, as well as the privacy policies of the websites you use. Most of the populist bleatings of privacy infringement are reduced to a low din upon being informed that consent to disclose information was given at the time the aggrieved party joined the website. Pleading ignorance of such a consent is difficult: why do you think you had to tick the box declaring that you had actually read the T’s & C’s?

Finally, on the overall concern that the government is peeking at your ‘dick picks’ (you’re wishing you watched the LWT Interview at the beginning of this post now…), it’s extremely to remember something important: don’t do anything on-line you wouldn’t consider doing ‘IRL’ (in real life). Why? The internet is the real world, with real people and real consequences. Here are a couple of videos that make the point:

But the government spooks shouldn’t be snooping at photos of my junk! Indeed. Photos of ‘your junk’ are unlikely to trigger DEFCON 1, and there is virtually no reason that the CIA or the NSA should even take notice. They should be focussed on the ‘clear and present dangers’ that exist out there in cyberland. However, the digital toolset necessary for those agencies to prevent terrorism or cybercrime is always powerful enough to dip into your snapchats or vines. And, like any other workplace, there are a couple of people who will abuse their positions by keeping tabs on personal connections without cause. For those people, perhaps you should consider a more appropriate career hosting Jeremy Kyle or Jerry Springer-type shows on daytime TV – the responsibility of safeguarding any nation is clearly beyond your abilities.

However, rather than shouting down the government agencies for being efficient at collecting information that you have freely put out there for the world to see, we should all take a step back and consider how much privacy we have given up on-line in a desire to have the most friends or followers. As 1 June 2015 looms around the corner, and is the date on which the US Congress & President need to renew the PATRIOT Act (where most of the surveillance authority comes from), I welcome a reasoned debate on a point-for-point review of those powers. It is a balance that we must strike: not too much government surveillance, but also not such blind exposure of our personal lives. The government cannot invade your privacy at will, they require authority to do so (judicial or legislative). But you better believe what information you give away freely is infinitely harder to argue later should have remained private.

I’m off to go re-read the iTunes T’s and C’s for gazillionth time… they probably just inserted a comma, but that could make all the difference in the world.

iTunes Conditions have changed. Please review our new Terms and Conditions for Use before continuing...
iTunes Conditions have changed. Please review our new Terms and Conditions for Use before continuing…

Published by

George Revel, LL.B LL.M (PIL)

Engaging with contemporary international legal affairs that are challenging and complex in general, I am focused on researching statehood and international legal personality as well as international criminal law. I regularly consult with multiple NGOs and corporate interests, aiding in the development of policy and engagement strategies with a regard for international law and regulations. As a corollary to these advisory positions, I also engage in university teaching of international law (international criminal law, comparative constitutional law, public international law) at UK universities as an external lecturer. I frequently participate in related conferences and events throughout the UK and elsewhere, developing strong academic and professional networks. This has often resulted in my ability to connect individuals and groups who may be of particular interest to each other, as well as fostering a positive collaborative environment amongst my colleagues.

One thought on “Down the Digital Rabbit Hole: Public Expectations of Internet Privacy”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s