Highest Rated Comments


PrivacyIntl320 karma

This is the classic 'nothing to hide, nothing to fear' question. We get asked that a lot. It remains the core question - indeed, a deeply philosophical question - about the balance of power between the individual and the state. There is not one single answer to the question, but a whole set of things we would say:

    - We might think we having nothing to hide or fear, but we don't really get to decide whether we have anything to hide or fear. Governments change and they can become more authoritarian or repressive. So something you said or did today that you think is fine might not be fine tomorrow. We can't base our laws only on our trust in the government of today. Our laws and protections have to be strong enough so that even as political winds and social mores change, we maintain our personal privacy and autonomy.

    - Even if we trust our government of today (and I'm drawing here from lawyer Ben Wizner, who was drawing from security expert Bruce Schneier), the perfect enforcement of our laws, which is enabled by surveillance, would stifle social change. One prominent example is to consider the movement for LGBT rights. Until recently, sexual relations between people of the same sex was illegal in the US (and remains so in many places around the world). The perfect enforcement of those laws, which would have resulted in a blanket prohibition on this activity, would have forestalled the later movement to recognize these rights.

    - In truth, we all hide things, and there's nothing wrong with that. Governments conflate privacy with secrecy and then conflate secrecy with criminality. But isn't the state of your health, or the state of your bank balance, something you might keep not only from the government, but from many others? Does hiding those things mean that you have a dark secret? Does the government have the right to know these things about you? Do companies? How do you feel about your health insurance premiums going up based on nothing more than online searches you have carried out about certain health conditions? The more you think about the whole idea of 'hiding' things, the more we hope people realise that not only do we all have things we want to hide, but also that such information falling into the wrong hands is something we should fear.

    - The point above also gets to a final point about privacy and surveillance. We sometimes think only of the intelligence agent analysing our communications. But surveillance can affect us in many subtler, but insidious ways. It can mean your health premiums going up. It can mean not getting that job interview. It can mean a denial of government benefits. Or placement on a government watch list. All of these decisions are shrouded in secrecy, which means that we cannot meaningfully challenge them (if we even know that they have occurred). And that's why we say that privacy is fundamentally about the balance of power between the individual and the state (or companies).

PrivacyIntl258 karma

We try to avoid getting into detailed guidance about what you can do to protect yourself online, for a few reasons. 

  1. Because it’s a bit like victim-blaming (‘if you don’t do X, Y and Z, then it's your own fault if your data is compromised' etc) 

  2. But also because our focus is on ensuring that privacy is built into the design of products and services. You shouldn't have to work for your privacy - you should have it by default.

  3. Also, perhaps most worryingly, is that even if you were to follow every last piece of advice a tech genius was to give you to protect yourself (and I'm no tech genius), there's no guarantee that your devices or your data couldn't still be compromised.

With all those caveats in mind, here are some resources that might be able to help:

https://www.johnscottrailton.com/jsrs-digital-security-low-hanging-fruit/

https://ssd.eff.org/en

https://tacticaltech.org/themes/digital-security/

https://www.frontlinedefenders.org/en/resource-publication/digital-security-privacy-human-rights-defenders

And thanks for the question about movies! 

You know, I work on state surveillance issues, so of course I’m gonna take the opportunity to list a bunch of dystopian movies. Blade Runner is up there. A Clockwork Orange. Minority Report.

Our Executive Director Gus Hosein gave a great talk last week all about dystopias at Free Word’s ’This is Private’ festival in London. You can watch it on YouTube here https://www.youtube.com/watch?v=SoTSe416VyI

Btw, movies that glamourise spies don’t make it into my faves list I’m afraid. Sorry Mr Bond.

PrivacyIntl56 karma

UK spy agency GCHQ has the extraordinary powers to hack into your phone and computer, enabling them to download all content, log keystrokes, and even switch on your mic and camera - all secretly and totally imperceptibly.

Thanks for your question. First of all, the government explicitly avowed these powers in our case, so it's not just an assertion we're making, but one that the government has itself confirmed. You can find these avowals in the Investigatory Powers Tribunal judgment in our underlying case (para. 5): https://privacyinternational.org/sites/default/files/2018-03/2016.02.12%20Hacking%20Judgment.pdf. For more details on these powers and the evidence for our original assertions in our case, I would recommend you look at the witness statements that we submitted in the case, particularly from our former Deputy Director and a security expert (here: https://privacyinternational.org/sites/default/files/2018-03/2015.10.05%20Witness_Statement_Of_Eric_King.pdf and here: https://privacyinternational.org/sites/default/files/2018-03/2015.09.30%20Anderson_IPT_Expert_Report_2015_Final.pdf)). 

Second, the UK government has now authorized a wide range of government authorities to hack in the Investigatory Powers Act 2016. The relevant parts of the Act are Part 5, and Chapter 2, Part 5 (on "equipment interference"): http://www.legislation.gov.uk/ukpga/2016/25/contents. For the government's description of the equipment interference powers, there is also the Equipment Interference Code of Practice, available here: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/715479/Equipment_Interference_Code_of_Practice.pdf.

PrivacyIntl31 karma

I don't think the answers are mutually exclusive. In other words, there can be many companies whose entire business model is built on collecting and selling personal data but that doesn't necessarily mean that the entire market is skewed against users' right to privacy. To be sure, companies that subscribe to the "surveillance capitalism" model are many and some are incredibly powerful. For that reason, we have a whole area of our work dedicated to exposing the ways in which these companies not only exploit our data, but also interfere with our rights in the process. We also believe it leads to a general and dangerous imbalance of power between ordinary users and companies and we fight for ways to try and redress that imbalance. 

I think it's also important to acknowledge that there is a strong relationship between government and corporate surveillance. Many companies are forcing us to generate more and more data about ourselves. They are storing this data, analysing it to make predictions and decisions about us (yet another form of data about us) and sharing it with numerous third parties. Governments are hungry for this data, by virtue of its mere existence. Governments also rely on companies in important ways to access this data.

That being said, there are certainly companies that care more about user privacy than others, it's an explicit part of their business model. And when considering the orientation of a company in relation to data exploitation, one general principle is to understand your role vis-a-vis the company. Google and Facebook offer services to us, but we're not really their customers. Their real customers are those purchasing ads on their platforms (or rather purchasing a slice of our attention). By contrast, companies that build our hardware, like our actual phones and computers, may be somewhat more inclined to care about our privacy, because we are actually their customers. Of course, it's not that cut and dry. Some companies sell our attention and build phones and laptops too. Some companies that build our phones and laptops don't actually care about our privacy.

Privacy can be a difficult concept to grasp because on its own, it can seem abstract and nebulous. It's not as concretized, for example, as the right to freedom from torture or from arbitrary arrest. Before Privacy International, I worked on detention issues, so I sometimes draw analogies from that work to explain why I think privacy is so fundamentally important. In the detention context, prisons are black boxes and prisoners are subjected to total state control - there are less meaningful checks on state behavior. In that sense, prisons are like a relatively pure manifestation of state power and a state's treatment of prisoners is sometimes considered a barometer for a state's true respect for civil liberties. I think a state's treatment of privacy can act as a similar barometer. Surveillance is conducted in secret - we are increasingly not informed about surveillance and lack the opportunity to question this activity. Surveillance can also present a state with opportunities to completely disempower citizens, particularly because the erosion of privacy has an incredible knock-on effect to other fundamental rights. Without the space to think and speak without judgment, we cannot exercise the right to free expression/opinion or free religion. Without privacy, we can be subjected to data mining and categorisation techniques that can result in discrimination on criteria such as race, gender and religion.

PrivacyIntl29 karma

On promising laws, I should start by saying that our position is that governments haven't really made the case that they should be hacking and so we're wary of any new laws that introduce these powers, regardless of what safeguards they may contain. But if you do look at new laws emerging across a number of different countries, it's unfortunate, but many of them lack what we think are the minimum safeguards necessary if a government is going to insist on hacking. If you're interested in seeing what kinds of safeguards we think are necessary at a minimum to constrain government hacking, check out our guide here: https://privacyinternational.org/sites/default/files/2018-08/2018.01.17%20Government%20Hacking%20and%20Surveillance.pdf. There is no country to date that has enacted a law that meets these safeguards as we've articulated them (and are grounded in the international human rights framework).

On lack of awareness, I think you're probably right. The Snowden revelations back in 2013 brought enormous attention to this issue and public awareness about the extent of state surveillance (by the US and UK in particular) increased massively. But as important as Snowden's revelations were, I don't think it means that the public now fully understand their right to privacy and how much governments interfere with that right through surveillance. But that's not the fault of the public. The US and UK governments, and many other governments around the world, are keen to downplay the reach and intrusiveness of what they do. For example, no government has ever admitted 'yes, we carry out mass surveillance' - rather, they will describe it in other terms, like that even though they intercept everything coming off a fiber-optic cable, they don't have the capacity to look at all that traffic. So we and others work hard to counter government narratives and say to the public that yes, this s*** is real. For instance, we've been at the Supreme Court of the UK over the last two days arguing with the British government about their mass hacking powers and it was only when we brought our case back in 2014 that the government finally avowed that it had these capabilities.

When I was a law student, I don't think there was a single class on privacy law or any related area of the law (e.g. cybersecurity, data protection, etc.). I think legal curricula have changed a lot since then, so if you do decide to go to law school and are interested in these areas, you should obviously explore what relevant classes are on offer. I think, however, that the best way to pursue your interest is to gain practical experience. Depending on where you're from, your law school education may include the opportunity for internships and you could explore opportunities at organisations that work on these issues. Privacy International, for example, has a volunteer program, where we have taken on law students in the past (https://privacyinternational.org/type-resource/opportunities)).