There is a lot of international conversation around digital privacy these days as hacks, breaches, and privacy-related lawsuits increase in number and prominence. It might seem like a distant issue for Sri Lankans but ICT development is a high priority for the Government, which aims at increasing internet penetration from its current 21.8% to 50% to grow the economy. Combining this with recent compromises in security such as the hack of the President’s website and the all-encompassing digitisation of National Identity Cards, Sri Lankan citizens have cause to be more wary about their digital security and privacy.
A Leaked Affair
About this time last year, media was swamped with the news that Ashley Madison, a major adult content site encouraging extramarital affairs, had been hacked, leaking personal details by the thousands. The hackers claimed to be against the core business motive of encouraging adultery but also – in an ironic twist of privacy – the requirement to pay an additional fee to erase personal information. Even if the vigilante justice aspect of this story is debatable, this event highlights the core issue about digital privacy: the personal information we give away consensually in exchange for a digital product or service is vulnerable to unspecified third parties. This is the same issue at the core of recent outcries against information acquisition for advertising purposes.
‘If You Didn’t Pay For It, You’re Probably The Product’
When Facebook took over WhatsApp two years ago, CEO Jan Koum released a personal statement on the WhatsApp blog setting the record straight about its continued commitment to privacy. He highlighted the importance of privacy to himself personally and to WhatsApp’s core values by recounting his experiences of security-breached communications in the occupied Ukraine of his youth. Yet, just last month, it was revealed that WhatsApp had been configured to link a user’s information (such as phone number) with the parent company, Facebook, for advertising accuracy. This was done automatically and one had to ‘opt out’ rather than consensually agree from the get-go.* This ‘opt-in’ form of consent is a legal obligation for Facebook, following a lawsuit filed by privacy rights groups and the consequent 2012 settlement dealt by the U.S. Federal Trade Commission. Rights groups are hence referring back to this obligation to battle this new breach of privacy.
What Can I Do To Protect Myself?
One extreme reaction might be to delete oneself entirely from the internet. Alternatively, one could follow the ethos of the Tactical Technology Collective, a digital and information technology activist group that advocates informed, educated management of our daily online interactions. They avow that the Internet Age and social media are unavoidable facets of our current lives and, if anything, can be harnessed as powerful tools for social justice if used appropriately.
Managing The Black Mirror
Tactical Technology Collective participated at the recent Cinnamon Colomboscope. Their installation, the Data Detox Bar, was part of their wider exhibition, The White Room, which resembled an Apple-esque showroom where ‘sales reps’ were available to take you through what is available in store. However, instead of corporate products or services, the viewer was given ‘a practical encounter with our everyday devices; with our digital shadows and data aggregates’. The aim was to show just how much information about ourselves we unwittingly give away. Through various visual displays, the Collective demonstrated how our movements, our family details, our workplaces, and many other micro details could be gathered or inferred from the information that we consent to release in exchange for products or services.
Part of the installation was an introduction to their App Centre which provided guides and alternative apps to enhance privacy online and help you gain better control of your digital shadow. There are also other simple ways – physical ways – to guard your digital traces, such as placing a sticker across your webcam in case of a remote hack, or turning off location services when they are unnecessary.
Is it really so bad?
Let’s face it: we are bound to just keep clicking the ‘I agree’ to End User Licence Agreements and unwittingly signing away our first-borns, and (dis)agreeing to the use of cookies on sites without ever really understanding what that means. Instead, we trust that these big companies are not really out there to compromise our security on purpose. One could view companies such as Apple, Google, Microsoft, and other tech giants as big brother-type megaliths out to make megabucks out of our information. However, it is these very same companies that are at the frontline of pro-privacy battles. Currently, Microsoft (along with 80 other major signatories including Apple, Google, LinkedIn, and Amazon) are fighting against the U.S. Government to notify users when their data may be the subject of a federal search. They claim this ‘gag order’ – or non-notification of the subject of the search – is unconstitutional as it violates citizen protection from unreasonable searches and seizures. This decision will, of course, have broad, international consequences.
Testing Grounds
The title for Colomboscope captures what is really of concern for a country like Sri Lanka: we are a ‘Testing Grounds’. Despite the rhetoric of development and progress that may be churned out by decision-makers, the fact remains that untested programmes such as Google Loon and Internet.org (launched in Zambia in 2014) are bound to take place in developing countries where the sound of economic development drowns out concerns over security, privacy, safety, and so on. Moreover, strategies towards e-governance may seem progressive but would only be so if democratic rights were in turn assured towards its citizens. For instance, a system implemented in Belgium ensures that any citizen can track when and from where their personal information has been accessed by a government official. For developing countries, however, these citizen assurances do not seem to make the budget. In the face of these broad choices made on our behalf as a democracy, we are left to our own devices (pun!) to carefully manage our digital experience.
*You have until September 25, 2016 to de-couple Whatsapp and Facebook, instructions found here.
Featured image courtesy digitaltrends.com