Security and Privacy in a Networked World/Privacy from different angles: watching the watchmen

Google in San Francisco, 2006
Proponents of cloud computing, e-society and ubiquitous computing have created compelling visions of the e-society of the future where connectivity is as universal and free as the air we breathe. At the first glance, Google wanted to take a step towards this future in 2006, when they proposed to cover the entire city of San Francisco with free wireless networks. The only small caveat - the company wanted to keep the right to collect information from the networks (about the activities and location of people) in order to offer 'context-based advertising'.

At first, the prospect of receiving a discount ad from the pizza bar nearby as soon as I sit down with my laptop in a public park is not bad at all. After all, advertisement is everywhere anyway, and if I occasionally find something useful with it, the better...

But again, there are two main concerns:
 * privacy - does anyone (which may soon become everyone!) need to know where I am at any given moment?
 * surveillance - security in such a network depends on constant surveying of the activities.

The San Francisco network project was not completed - but for reasons other than privacy: http://davisfreeberg.com/2006/10/18/san-francisco-local-politics-derail-free-wifi-project/.

Digging deeper (and waking the Balrog?)
Collecting information is increasingly easy in fully legal ways. It is possible to register even the smallest missteps, storing it is easy as well. Seemingly innocent cell phone pictures from a student party years ago may turn into a serious weapon in elections - even if at the time of the event, neither side could imagine becoming "somebody important" so soon. And sometimes, mere hinting of some compromising material is enough to derail the opponent - and the fact of hinting will be next to impossible to verify.

Data mining may have started as academic discipline, but has quickly bred "dark-side" applications too. In the hectic days of early 90s, the freshly independent Estonia had an urgent need for all kind of databases and registries (these were the golden days of IT students having mastered dBase and FoxPro). There was a young programmer who was employed by several institutions and companies, including banks, police, traffic authority etc. Predating official cross-institution databases by several years, he managed to compile a "super-database" containing various information (from car license plates to credit standing) about thousands of citizens. The bases were sold illegally for 30-50 thousand crowns (likely equal to a comparable sum in Euro nowadays) and were secretly used by many businesses. However, this was before the e-services and infrastructure of today - lots of what took shady connections and illegal information back then can now be done just by googling.

The File Effect
Note: The "file" is used here in the legal sense, i.e. a (paper) file containing documents.

As the computing power increases, processing and systematizing information becomes easier in increasing volumes. When in the old days, storing everything was out of question as both processing power and storage were expensive, today we see more and more detailed data collected "just in case". Customer databases of many companies get nearer in detail to court files - and the government is not innocent either (as exemplified by the recent NSA scandal - but similar activities do have a way longer history).

Privacy or comfort?
Perhaps the greatest threat to privacy and security is comfort. Locking a door, setting a car alarm, entering a computer password - all these are little nuisances. Most people do understand that they are necessary nuisances - but they often try to minimize the frustration (e.g. leaving a password or a PIN blank or keep the default one). And especially in the today's e-society, many not-that-secure technologies and practices have prevailed over better alternatives due to comfort:
 * any mobile phone (as a radio device) call can essentially be intercepted
 * laptops used by ignorant people are vulnerable in many ways
 * use of public computers (in a hotel or Internet cafe)
 * open or weakly secured wireless networks (note: properly maintained open WiFi can be rather safe to its owner - but not necessarily users)
 * a large share of social media (including Facebook)

Digital enclosure
The term was initially used by Mark Andrejevic, a scholar from the University of Iowa, US. He derived it from a historical process - enclosure of community land (commons) into private ownership in the 18th-century England. In the digital realm, a digital enclosure is an interactive space where every action also generates a transaction, or information about the action ("digital footprint"). Entering a digital enclosure implies a) disclosing (increasing amounts of) personal information and b) agreeing with some form of surveillance. And again, the problem is comfort - its owners strive to make entering a digital enclosure so easy that people give up thinking.

Mobile phones (in their different forms and technology) constantly position themselves. It has ethical, legitimate uses (e.g. finding an elderly woman lost in the woods by positioning her phone) as well as gray areas and rather "dark" ones (e.g. various sources suggest that Russia assassinated Chechen rebel general Dudayev by positioning his satellite phone, similar things are told about some events in Israel).

“Use the Force, Luke!”
The e-society does have both the Light and Dark side. Citizen democracy, e-inclusion of minorities etc are the former, while the latter have many faces:
 * massive surveillance
 * uncontrolled gathering of personal data
 * solipsism (self-centredness) and hedonism - promoted by many services online; this kind of person is very easy to manipulate both by businesses and state
 * impersonalization of relationships - both on human and business levels

And there are both the Jedi and the Sith online...

The Big Brother
The "mass society" (as defined by some sociologists) had a lots of issues, but it also had one advantage - it allowed to "fly below radar", hiding among the crowds. It is increasingly difficult today. Many of the modern hardware and software "calls home" (including all proprietary operating systems, but recently there was also a news story about TV-s made by LG). Getting and installing software used to be a private endeavour - not so anymore. Most of all in proprietary systems, but even many well-known free and open-source software systems have opted for central repositories and installations. Again, in the name of comfort...

Coming back to the Estonian "super-database" case - today, there is a number of large corporations (mostly in the U.S.) whose business model is exactly the same (examples include LexisNexis, Equifax, Acxiom and others). The personal information is turned into private property (trade secret) that is the more valuable the more detailed it is. See http://www.bigbrotherawards.org for some additional reading.

(An idea to think about - is there any information that would be rejected by the gatherers: "Sorry, this is of no interest for us."?)

Asymmetric loss of privacy
In "old-school" network communities (Usenet, mailing lists, talkers, MUDs...), surveillance existed too. However, it was generally transparent and rather symmetrical (when admins watched the community, they were also under the surveillance of commoners and gross misconduct would have likely resulted in punishment). Today, one of the core questions is "Who watches the watchmen?" - while commoners get more and more transparent (as most of their information becomes available online), different agencies and corporations guard their secrets more closely than ever.

As a kind of sad irony, there have also been attempts of community-based surveillance online - an example is checkmymate.com (2001-2007). Basically, people agreed to build a prison for themselves ("but hey, they invited us to participate!").

An interesting thing to watch is probably the most famous advertisement by Apple, launched during the U.S. SuperBowl 1984 - http://www.youtube.com/watch?v=HhsWzJo2sN4. It depicts overthrowing an Orwellian, totalitarian society with the help of Apple products...

Conclusion
One could say that the key is awareness without sinking into conspiracy theories. The best antidotes for digital enclosures and other unwelcome processes are
 * disclosure
 * discussion
 * people willing (and having time) to think

Some more reading:
http://epl.delfi.ee/news/arvamus/puhka-rahus-andmebaaside-virtuoos-imre-perli.d?id=50825984 (In Estonian - there seem to be no information available in English; this and some other Estonian online sources can hopefully be read to some extent using online translation services)
 * ANDREJEVIC, Mark. Surveillance in the Digital Enclosure. http://sspa.boisestate.edu/communication/files/2010/05/Andrejevic-Surveillance-in-the-Digital-Enclosure.pdf
 * Eesti Päevaleht, April 17, 2000. Puhka rahus, andmebaaside virtuoos Imre Perli!
 * BBC News, April 21, 1999. 'Dual attack' killed President. http://news.bbc.co.uk/2/hi/europe/325347.stm
 * PARENTI, Christian (2003). The Soft Cage: Surveillance in America - from Slave Passes to the War on Terror. Perseus Books.