Last week was not a good week for digital media users concerned about their privacy.
First, the Conservative government of Canada introduced legislation that will significantly broaden police and security agency powers to eavesdrop on citizens, without the need for warrants and the limited judicial oversight they now provide.
Then, in an article published February 15th, Bloomberg investigated some of the largely-unknown powers hardware and content providers like Apple and Amazon reserve for themselves, without the explicit consent of their customers.
And on Sunday the 19th, PC World reported on Google’s intransigence in the face of user lawsuits over alleged privacy violations.
Any of these stories is alone sufficient to raise the antennae of privacy watchdogs. Taken together, they emphasize the continuing — and growing — intrusion of government and commercial interests into the details of what we do online.
Of course, we’re not talking about the Great Firewall of China or the control Iran and other super-paternalistic regimes exercise over the lives of their citizens, both on- and offline. Not yet, anyway.
But while data collection by governments and corporations is nothing new, these and other recent news stories highlight just how much privacy we may be ceding when we enter the virtual world.
The Conservative government characterized the Canadian legislation that was introduced last week as a necessary addition to police weapons in their “war” on child pornographers. In fact, the biggest media stir over the bill followed a statement by Minister of Public Safety Vic Toews that a Liberal critic “can either stand with us or with the child pornographers.”
But there’s nothing in the proposed legislation that in any way restricts official scrutiny of online activity to child pornography targets. Critics of the legislation charged that the bill extends police surveillance powers far more generally and far more intrusively than would be needed for the limited purpose of monitoring kiddie porn.
The bill’s provisions (pending amendment, which is likely in response to a storm of criticism, some of it from within the Conservative government caucus) would greatly expand police powers to intrude into our digital lives.
As reported by CBC analyst Terry Mileski, “the bill requires ISPs to install surveillance technology and software to enable monitoring of phone and internet traffic.” According to Section 33, “The Minister may designate persons or classes of persons as inspectors for the purposes of the administration and enforcement of this Act.” That’s anyone the Minister chooses. There’s no requirement for these “inspectors” to be police officers, nor is there any requirement that these eavesdroppers be part of any officially-constituted, even nominally-reviewable organization or group. In theory, the Minister’s office staff could oversee your internet activity legally, and without notice, oversight, or outside review.
Mileski highlights Section 34 of the act:
The inspectors may “enter any place owned by, or under the control of, any telecommunications service provider in which the inspector has reasonable grounds to believe there is any document, information, transmission apparatus, telecommunications facility or any other thing to which this Act applies.”
And, once he or she is in, anything goes.
The inspector, says the bill, may “examine any document, information or thing found in the place and open or cause to be opened any container or other thing.” He or she may also “use, or cause to be used, any computer system in the place to search and examine any information contained in or available to the system.”
And even worse, the “all-encompassing searches require no warrant, and don’t even have to be in the context of a criminal investigation.” Mileski makes the obvious connection, calling the most intrusive sections of the legislation “Orwellian.”
Even this kind of government power to monitor online activity is nothing compared to the powers that equipment and service providers afford themselves. Bloomberg‘s article characterizes the control Google and others exercise over the devices we buy from them “a benevolent dictatorship,” thanks to a little-known but ubiquitous “kill switch,” which allows providers to purge content from our Kindles, iPhones, iPads, Android phones, and Windows-running hardware.
The article reports:
Google, Apple Inc. (AAPL) and Microsoft Corp. (MSFT) have with little fanfare embraced technology that lets technicians instantly and remotely purge unauthorized content from users’ machines. So- called kill switches are standard on Android handsets and iPhones, the smartphone leaders. The capability will soon become more widespread with the release of Microsoft’s Windows 8 software for tablets and computers.
While their stated use is for the removal of harmful content, there’s no standard definition of what that means, and companies aren’t required to disclose when and how the tools are employed. The technology could be harnessed by a hacker to unleash a virus, a company to pry into a user’s private information or a government body to repress free speech, said Eric Goldman, director of the High Tech Law Institute at Santa Clara University’s law school.
In an echo of the new Canadian anti-privacy law, Bloomberg reports the concern of Chris Wysopal, co-founder of Veracode Inc., a security firm in Burlington, Massachusetts, that “If you build a control into a device that the manufacturer and carrier can control, it will be used by governments.”
And with considerable irony, as the article reports, one of the best examples of arbitrary corporate action was Amazon’s “use of the feature to delete some copies of George Orwell’s 1984 and Animal Farm novels from Kindle devices in 2009 after discovering a publisher had sold them without the necessary rights.” That’s correct. Amazon reached out to customers’ Kindles and deleted copies of 1984. As the saying goes, you couldn’t make this stuff up. And note that these books had been bought and paid for by the customers whose Kindles, also bought and paid for, were raided by Amazon. So much for private property, and all that.
The PCWorld article chronicles a series of new ways that Google tries to track the weblife of users, and the lawsuits and other counter-measures concerned consumers are using to attempt to thwart the deep data collection that supplies Google with the information it needs to keep its targeted advertising business progressing. As one of the comments on the article points out, the online user is not the customer, but the product. The advertiser is the customer. This has always been true of “free” media like network television, but until the internet era there was no sophisticated way to track users. A Nielsen rating is one thing; knowing not only which sites a user visits but details such as how many seconds each page is viewed is quite another.
What can we do to slow our headlong rush into George Orwell’s future?
As long as we’re willing to trade our privacy for online convenience, there’s not much we can really do to stop others from finding out more about us than we would be willing to disclose to a new acquaintance over coffee.