How private is privacy?
Over the past few months, I have found myself fighting to reclaim what’s left of my online privacy, grimly aware of its impending end. It is no coincidence that my pessimism gained ground around the time Edward Snowden revealed to the world that virtually every byte of online information is being collected, saved, searched and analysed by the US government.
Even the discerning few who had suspected that online surveillance was afoot must be taken aback by the sheer reach of these systems. The implementation of online mass surveillance programs without any public dialogue on the powers and limitations of the executive makes a mockery of existing democratic processes. Ironically, these democratic values are those that India—and most certainly the US—takes pride in. Strangely, most citizens do not seem to care.
Nothing to hide, nothing to fear?
If you are not viewing child pornography or organising cyber attacks, what is the worry? Do you have something to hide? I suspect a good proportion of Britons are familiar with this rationale, having been fed this justification through clever government campaigns trying to sell the idea of Big Brother to its citizens.
Unfortunately, this is an oversimplification of the motives for wanting to keep certain information private. One of the most troubling facets of this debate is the tendency to conflate the notions of privacy and secrecy. Daniel Solove, who has worked on privacy and information technology, has debunked this theory by establishing that privacy is not about “hiding bad things”. Additionally, as security expert Bruce Schneier has explained, loss of privacy can inhibit such lawful activities as free speech, free association and other fundamental rights essential for democracy.
Whatever one’s political and philosophical leanings, it is hard to deny the debilitating impact of mass surveillance on society. Primo Levi, in his book Survival in Auschwitz, explains how solitude was more valuable than bread during his captivity in the concentration camp. Recently, Pamela Jones, the proprietor of Groklaw, an online repository of information for the open-source and open-access community, expressed anguish at the dehumanising effect of “forced exposure”, creating an environment in which it becomes difficult to operate even legitimate businesses. Jones shut down the service after the surveillance programs of the National Security Agency came to light.
I can think of at least two groups of professionals for whom privacy remains indispensable—journalists and lawyers. For the former, safeguarding the identity of an anonymous source is often vital for continued cooperation; for the latter, client-attorney privacy privilege lies at the heart of legal practice. Perhaps, one may take comfort in the inadmissibility of illegally retrieved information in a court proceeding. But jeopardising the safety of a trusted source or the potentially devastating consequences from the inadvertent disclosure of a client’s conduct will hang heavy on the conscience. The “passive acceptance” of such mass surveillance programmes by journalists and lawyers is a cause for concern, and John Naughton of The Guardian has rightly bemoaned their inaction.
More fundamentally, all of us have unique conceptions of “personal space” and varying expectations of anonymity in specific settings, as one slowly but surely learns to appreciate in the vast cobwebs of the Internet. To simply dismiss another individual’s desire to remain private by holding everyone to the same standard of openness appears to be a tad naive, if not overly insensitive. Quite simply, I may have nothing to hide, but I may also have nothing I particularly want to share.
It is also no compromise to say that blanket surveillance of every citizen should be permitted for certain types of information. Even seemingly disjointed bits of information can be combined to reveal uncomfortable truths—a user’s search for a wig followed by a book on cancer, for example. The fact that such information cannot be kept “secret” even though there is no criminality or moral turpitude involved is what is most upsetting about such Orwellian programmes. The need for oversight and due process in the collection of user information is deeply entrenched in our prevailing laws with the use of the phrase “lawful interception and monitoring”. Yet executive actions that go beyond these checks and balances can go unnoticed but for a vigilant civil society, including whistle-blowers like Edward Snowden.
There used to be a time when privacy could be ensured through obscurity. But modern day surveillance programmes have rendered such means ineffective. Information collection practices by the government have gained legitimacy by simply replicating the successful online advertising model of user-data collection and customer profiling, which has become an acceptable practice in the name of “service personalisation”. With the likes of Google and Facebook, one begins to realise that the use of such services is purely voluntary and that privacy is being traded for the convenience of a free online service—hence the aphorism “if you’re not paying for it, you are the product being sold”. But the trade-off between privacy and security is more complex and requires greater public discussion before the right balance can be achieved.
India’s surveillance baby
The most disappointing aspect of this episode is the relative apathy of Indians on issues of online privacy and government transparency. Many continue to remain oblivious to the Central Monitoring System (CMS), which is designed to analyse all telecommunications in India without any judicial oversight and is being implemented without a semblance of transparency. Some are aware of such proposals, but remain indifferent. At this point, it is hard to say which is worse.
By using CMS and appropriate data analysis tools, the Indian government could effortlessly produce a list of names of all Indian youth who have made political contributions to the Aam Aadmi Party or have criticised Narendra Modi on social networks in the past year. The misuse of such information to stifle political criticism does not lie outside the realm of possibility. Combine this with other sensitive personal information in the hands of the government from the expansive Aadhar project and the hypotheticals begin to get scary. All this, when there is still no privacy legislation in India to protect the rights of citizens.
While there is certainly a need for surveillance of online communications by law-enforcement officials and intelligence agencies, it is deeply unsettling to see that the government believes it has the right to collect every bit of information about citizens, with no reciprocal obligation to reveal the details of publicly funded programmes.
Although the overall apathy is discouraging, I am not willing to believe that privacy is dead just yet. There is a growing realisation that our digital footprints are being tracked, stored and analysed in massive databases at the behest of governments with diminishing credibility. This is certain to elicit a public reaction sooner than later. Else, we run the risk of being labelled the generation of geeks who invented the Internet, but carelessly tossed away our privacy rights.
Amlan Mohanty is a lawyer in Bengaluru