Early this month, Hayley Tsukuyama was talking to an American legislator about digital privacy. Its one of the main topics of concern for the Electronic Frontier Foundation (EFF), where she works as a legislative activist.
The unnamed legislator was eager not just to learn more about threats to privacy, but to share a disturbing story.
This article is part of CoinDesk's Privacy Week series.
The lawmaker had recently heard that Target, by using data gathered about the shopping habits of a teenage customer, had determined that she was pregnant. Target then sent flyers and coupons for maternity goods to the girls home where her parents were shocked to learn the joyful news from a massive corporate retailer.
To many, this will sound more unlucky than strange. For better or worse, weve gotten used to both massive, omnipresent data gathering and the swirl of uncanny targeted advertising from social media companies, online retailers and assorted attention merchants.
But heres the most notable thing about the Target story that so scandalized that lawmaker: It happened a full decade ago.
Tsukuyamas conversation encapsulates our slow awakening to the challenges and risks of digital surveillance: Were finally catching on to a problem that has been with us for a long time.
When Charles Duhig of the New York Times unmasked Targets newfangled data analytics methods in 2012, they still seemed mysterious, novel, maybe even exciting. Tech companies like Facebook were enjoying a public honeymoon period, celebrated as the Next Big Thing in the American economy.
But that nave optimism has been largely washed away by a slowly mounting techlash, as one controversy after another reveals just how much privacy weve lost to digital surveillance. An early turning point came in 2013, when Edward Snowden disclosed the National Security Agencys illegal spying program. The outrage that followed showed that Americans were no longer fully on board for the antidemocratic government security measures that prevailed for the decade after 9/11.
Story continues
Government spying wasnt the only problem, and maybe not even the biggest one. Expert warnings about online surveillance date back as far as the mid-2000s one of my own mentors, Mark Andrejevic, published an entire book on the subject in 2007. But the issue was abstract for many Americans until the presidential election in 2016.
Cambridge Analytica served as a wakeup call and crystallized a lot of inchoate discontent, said Jay Stanley, a privacy expert with the American Civil Liberties Union (ACLU). The U.K. firm allegedly misused Facebook data and systems on behalf of then-candidate Donald Trump.
The fact that it was tied to the 2016 election was a shock, Stanley continues. It was a demonstration of how much actual power and potential power big tech companies have, and just how sloppy they can be with our privacy.
The idea that Facebook helped hand the presidency to Trump was always something of a convenient dodge for the feckless Democratic Party but it also drew attention to real problems that the company, a half-decade later, still hasnt convincingly addressed. In fact, subsequent reporting only added to public outrage, for instance with findings that Facebook targeted users with negative content to drive clicks, despite its own research on the mental health harms of those practices.
Meanwhile, psychologists, sociologists and journalists have been uncovering even broader fallouts from the dizzying cocktail of surveillance and targeted advertising. Jean Twenge has documented the grim psychological effects digital echo chambers are having on teenagers. The Age of Surveillance Capitalism, written by no less an establishment figure than Harvard Business School professor Shoshana Zuboff, has become a touchstone for critics of platforms exploitative data hoarding.
This wave of revelations has sharpened public distrust of internet companies that collect user data. In 2014, 24% of Americans still believed they could be securely anonymous online, according to Pew Research Center. By 2019, fully 62% believed they could not escape monitoring by private companies, not just online, but in their broader daily lives.
In a December 2021 poll by the Washington Post, a whopping 72% of U.S. internet users said they trusted Facebook not much or not at all to handle their data responsibly. (Those sentiments help explain why Facebooks parent company recently rebranded itself Meta Platforms, an evasion I try to avoid reinforcing.) Even Apple and Amazon, which performed best out of the companies in the survey, were distrusted by 40% of respondents.
Theres another index of privacy fears that is particularly emblematic of our era: the rise of conspiracy theories about digital surveillance. Tsukuyama of the EFF says she frequently talks to people certain that their smartphones or other devices are actively listening to their conversations and then delivering ads based on that spying. Tsukuyama and other third-party experts say thats not true but just because youre paranoid, it doesnt mean theyre not after you.
Your phones not listening to you, Tsukuyama says. But whats scary is that [companies] dont have to listen. They can infer who youre hanging out with, time of day, if youre looking for stuff, your age, all these kinds of things, from your search history.
They dont need to listen to you they just know anyway.
The EFF, ACLU and other organizations and activists have continued the hard democratic work of enshrining stronger privacy into law. But over the past few months, these fears have also bloomed into something Americans tend to be more enthusiastic about than major legal reform: a money-making pitch. This one is christened Web 3.
Web 3 is still ill-defined, capable of standing for almost any fantasy of the digital future. But a foundational pillar is the idea that blockchain-backed assets and decentralized data systems can help users regain control from big platforms like Facebook or YouTube.
Its still unclear exactly how that might work, and figures like Twitter founder and Block CEO Jack Dorsey have alleged Web 3 is just a hollow catch phrase promoted by venture capitalists. But however vague, the promises have generated a flood of media coverage and seized the attention of techies.
Even before Web 3, investment in privacy technology was rising steadily. According to Crunchbase, venture capital investments in privacy and security startups more than quintupled between 2011 and 2019, from $1.7 to $9.9 billion.
Those numbers exclude blockchain and crypto projects, but money is flowing into them, too - witness the recent $400 million infusion to the privacy-focused Secret Network. Crunchbase lists 207 privacy startups with $3.5 billion in funding raised, and an average founding date of October 2015. That makes them much younger than the average social media startup, founded in April 2009.
And there are strong signs of genuine user interest in privacy-oriented digital products and features.
DuckDuckGo, the search engine whose primary pitch is that it doesnt track users, now reportedly has larger market share on mobile than Microsofts Bing (a low bar, but still). Interest in the decentralized and open-source social media network Mastodon has grown steadily in recent years, though actual user numbers are hard to come by.
Perhaps most notably, encrypted messaging apps Telegram and Signal grew dramatically in 2021.
Rising anxiety about data tracking may portend a similar shift on an issue more obviously relevant to blockchain and crypto projects: financial privacy.
Some fintech startups have helped to erode peoples financial privacy (Im looking at you, Venmo). But the federal government has also been a major culprit, dating back at least to new international banking rules after 9/11.
And the Biden administration has accelerated the financial monitoring agenda to Ludicrous Speed.
In the summer of 2021, for instance, we saw a clumsy attempt to broaden reporting requirements for crypto wallet transactions, which generated such controversy that it briefly threatened Bidens first big spending bill. That provision was rumored to have been promoted behind the scenes by Treasury Secretary Janet Yellen.
Yellens Treasury Department was behind an even more extreme proposal, which would have granted the Internal Revenue Service the right to monitor individual bank accounts with more than $600 in transfers per year. The universal surveillance measure was rationalized as a way to increase tax revenue, despite the fact that the wealthiest 1% of Americans are responsible for a vastly disproportionate share of missing revenue (and are unlikely to use personal U.S. bank accounts to hide their wealth). The provisions threshold was raised to $10,000 in the face of pushback from Republicans and banks and was then ultimately withdrawn.
To its credit, the Biden administration did drop a sweeping proposal from its predecessor that would have required crypto exchanges to verify the identities behind crypto wallets their customers transacted with. Still, Yellens recurring case of legislative foot-in-mouth disease betrays a strange and disturbing openness to testing the boundaries of the right to privacy enshrined in the Fourth Amendment of the U.S. Constitution. Similar impulses have gone even further outside the U.S., as with Indias campaign to eradicate cash and Chinas heavily surveilled digital yuan.
These top-down efforts to reduce the freedom to transact could end with the same kind of backlash to mainstream finance that has permanently tarred Facebook. It is tempting to argue that this is already underway that the huge inflow of capital to cryptocurrency over the past two years was driven by real anxiety over rising financial controls.
But we all know that interpretation would be self-indulgent. While still potentially enhancing privacy for informed users, crypto has become largely unmoored from one of its clearest real applications, eroded by wave after wave of speculative manias in which rising numbers are all that really matter. Whether some of those speculators will pick up actual insights about data privacy as they throw a quadruple-leveraged long on Floki Inu Coin is, at best, uncertain.
There is a broader problem with focusing on products and services that enhance privacy, whether were talking about cryptocurrency or a OnePassword subscription: Not everyone can afford them. Even as anxiety over privacy continues to rise, a purely market-based approach would likely create a world in which your access to privacy depends on your ability to pay for it.
Thats why were very much in favor of federal privacy legislation, said Samir Jain, policy director for the Center for Democracy and Technology (CDT) That legislation should have protections that dont involve paying money, but are basic rights applying to everyone regardless of your ability to pay.
The prospects for privacy legislation at the federal level are surprisingly bright, according to Jain, especially given the partisan dysfunction that has reigned in Washington for going on two decades. Its a rare topic where there is a lot of bipartisan agreement, he said. There are Republican and Democratic proposals.
At the state level, California, Colorado, and Virginia have enacted broad privacy regulations, some modeled on Europes data protection act, GDPR (General Data Protection Regulation). The appearance of a patchwork of state laws can sometimes make federal regulation nearly inevitable, as the regulated companies themselves eventually start wishing for simple uniformity. Unfortunately, according to many experts, companies often aim to subvert the process by proposing intentionally toothless legislation.
But there are models for effective federal regulation. At the minimum, good laws would limit what data companies can collect and retain to what they need for their operations and give the public the right to review data gathered about them. But there are more radical provisions on the table.
One of the most important would close a major loophole in data available to the federal government. There are, at least in theory, strict limits on the governments freedom to surveil its citizens. The protections against unreasonable search and seizure in the Fourth Amendment were expanded and clarified by a 1967 Supreme Court case to include electronic communications. The Privacy Act of 1974, passed partly in response to abuses by the Central Intelligence Agency during its campaign of terror against the civil rights movement, further narrowed what the U.S. government can do with data about citizens.
But the data brokers keep dossiers on everybody, and the government has contracts with the data brokers, the ACLUs Stanley said. So its a complete end run around privacy protections.
This end run is possible because of whats known as the third-party doctrine, a U.S. legal standard according to which citizens can claim no reasonable expectation of privacy regarding any data voluntarily turned over to a third party. That includes banks, internet service providers, social media companies or effectively any other nongovernmental entity. One effect of the doctrine is that government agencies have the right to freely buy data about citizens that they would be prohibited from gathering directly without a court-issued warrant.
This nightmarish loophole has led to a variety of abuses, such as police departments buying license plate camera surveillance data from private firms. In April, a large and bipartisan group of U.S. senators introduced The Fourth Amendment Is Not For Sale Act, a bill to close the loophole.
Thats a genuine bright spot, and theres more where that came from.
I think American legislators are pregnant with privacy regulations, Stanley said. Its not clear when theyll give birth or what those will look like.
But the truly nuclear solution to privacy is unlikely to ever catch on with Congress: banning targeted advertising.
Advertising is what makes data worth money, as Stanley succinctly puts it, what ultimately motivates much of the data gathering by private companies. Its why Facebook prioritizes outrage over more positive feelings and why Instagram pummels teen girls with alluring but psychically toxic imagery. But a legal ban on programmatic advertising, or even heavy regulation of it, is extremely unlikely to gain traction in the U.S., the home of the worlds biggest data monetizers.
That brings us back to Web 3 not the fantastical VC fable of infinite non-fungible token widgets, but a simpler and more grounded vision that merely integrates cheaper, automated, customizable payments into Web-based services.
In a best-case scenario, that would enable a much broader set of business models, instead of making so much of the web dependent on advertising and, in turn, user data. Its one scenario for the eventual decline of data hoarding as a business model.
However events unfold, Stanley said the rise of digital surveillance is a fast-moving land grab based on the ability of innovation to outpace regulation. If history is any lesson, norms and regulations will eventually catch up to this early wave of digital privacy looters.
We saw this in the 18th century, even in Europe, he says. It was common for the monarchies to be reading everyones mail, and there was a lot of pushback on that. Over the decades and centuries, nearly every European country stopped doing that.
It can be very slow moving, Stanley concluded. But theres a long arc towards privacy.
Link:
The Privacy Boom Is Going to Change Everything - Yahoo Finance