Why do we care so much about privacy?
Big Tech wants to exploit our personal data, and the government wants to keep tabs on us. But “privacy” isn’t what’s really at stake.
The reason you’ve been receiving a steady stream of privacy-policy updates from online services, some of which you may have forgotten you ever subscribed to, is that the European Union just enacted the General Data Protection Regulation, which gives users greater control over the information that online companies collect about them. Since the Internet is a global medium, many companies now need to adhere to the E.U. regulation.
How many of us are going to take the time to scroll through the new policies and change our data settings, though? We sign up to get the service, but we don’t give much thought to who might be storing our clicks or what they’re doing with our personal information. It is weird, at first, when our devices seem to “know” where we live or how old we are or what books we like or which brand of toothpaste we use. Then we grow to expect this familiarity, and even to like it. It makes the online world seem customized for us, and it cuts down on the time we need to map the route home or order something new to read. The machine anticipates what we want.
But, as it has become apparent in the past year, we don’t really know who is seeing our data or how they’re using it. Even the people whose business it is to know don’t know. When it came out that the consulting firm Cambridge Analytica had harvested the personal information of more than fifty million Facebook users and offered it to clients, including the Trump campaign, the Times’ lead consumer-technology writer published a column titled “I Downloaded the Information That Facebook Has on Me. Yikes.” He was astonished at how much of his personal data Facebook had stored and the long list of companies it had been sold to. Somehow, he had never thought to look into this before. How did he think Facebook became a five-hundred-and-sixty-billion-dollar company? It did so by devising the most successful system ever for compiling and purveying consumer data.
And data security wasn’t even an issue: Cambridge Analytica didn’t hack anyone. An academic researcher posted an online survey and invited people to participate by downloading an app. The app gave the researcher access not just to personal information in the participants’ Facebook accounts (which Facebook allows) but to the personal information of all their “friends” (which Facebook allowed at the time). Cambridge Analytica, which hired the researcher, was thus able to collect the personal data of Facebook users who had never downloaded the app. Facebook at first refused to characterize this as a security breach—all the information was legally accessed, although it was not supposed to be sold—and continues to insist that it has no plans to provide recompense.
Cambridge Analytica isn’t the only threat to digital privacy. The Supreme Court is set to decide the fate of Timothy Carpenter, who, in 2014, was convicted of participating in a series of armed robberies on the basis, in part, of records obtained by the police from his cell-phone company. These showed the location of the cell-phone towers his calls were routed through, and that information placed him near the scenes of the crimes. Carpenter was sentenced to a hundred and sixteen years in prison. The Court is being asked to rule on whether the collection of the cell-phone company’s records violated his constitutional rights.
The government’s position (argued before the Court last fall by Michael Dreeben, a Deputy Solicitor General, who is currently assisting the Mueller investigation) relies on what is known as the third-party doctrine. Police cannot listen in on your phone conversations without a warrant. But since Carpenter knowingly revealed his location to a third party, his cell-phone service provider, that information—called metadata—is not protected. It can be obtained with a court order, equivalent to a subpoena, which is served on the provider, not the customer. The third-party doctrine dates from a 1979 case, Smith v. Maryland, and it has been used to obtain, for example, suspects’ bank records.
The third-party doctrine is what made legal the use of a pen register, a device that records all outgoing and incoming calls, on the phones of Donald Trump’s lawyer Michael Cohen. Rather more consequentially, it was the legal justification for the National Security Agency’s collection of metadata for all the incoming and outgoing calls of every person in the United States between 2001 and 2015. You “gave” that information to your phone service, just as you gave your credit-card company information about where and when you bought your last iced latte and how much you paid for it. The government can obtain that information with minimal judicial oversight.
Meanwhile, of course, Alexa is listening. Last month, an Oregon couple’s domestic conversation (about hardwood floors, they said) was recorded by Echo, Amazon’s “smart speaker” for the home, which sent it as an audio file to one of the husband’s employees. Amazon called the event “an extremely rare occurrence”—that is, not a systemic security issue.
The good that is said to sit at the nexus of these developments in technology, commerce, and the law is privacy. “It’s private! ” kids are always yelling at their parents and siblings, which suggests that there is something primal about the need for privacy, for secrecy, for hiding places and personal space. These are things we seem to want. But do we have a right to them?
Original article published by Louis Menand