Trading Privacy for Convenience

Ray Wang makes an important point about trust and our data:

This is the paradox. The companies contending to win our trust to manage our digital identities all seem to have complementary (or competing) business models that breach that trust by selling our data.

...and by turning it over to the government.

The current surveillance state is a result of a government/corporate partnership, and our willingness to give up privacy for convenience.

If the government demanded that we all carry tracking devices 24/7, we would rebel. Yet we all carry cell phones. If the government demanded that we deposit copies of all of our messages to each other with the police, we'd declare their actions unconstitutional. Yet we all use Gmail and Facebook messaging and SMS. If the government demanded that we give them access to all the photographs we take, and that we identify all of the people in them and tag them with locations, we'd refuse. Yet we do exactly that on Flickr and other sites.

Ray Ozzie is right when he said that we got what we asked for when we told the government we were scared and that they should do whatever they wanted to make us feel safer. But we also got what we asked for when we traded our privacy for convenience, trusting these corporations to look out for our best interests.

We're living in a world of feudal security. And if you watch Game of Thrones, you know that feudalism benefits the powerful -- at the expense of the peasants.

Last night, I was on All In with Chris Hayes (parts one and two). One of the things we talked about after the show was over is how technological solutions only work around the margins. That's not a cause for despair. Think about technological solutions to murder. Yes, they exist -- wearing a bullet-proof vest, for example -- but they're not really viable. The way we protect ourselves from murder is through laws. This is how we're also going to protect our privacy.

EDITED TO ADD (6/18): The Onion nailed it back in 2011.

Posted on June 13, 2013 at 4:06 PM • 32 Comments


Julien CouvreurJune 13, 2013 4:35 PM

While I don't want to underplay the power of firms, there is a big difference between market power and feudalism.
When lords battle it out (ie Game of Thrones), peasants and small folks lose.
When firms battle for market share, consumers typically gain (ie new features they care about, such a functionality, price, convenience, get better).

As a side note, your observation that laws protect us from murder is far from obvious or complete. Something to think about...

PeteJune 13, 2013 4:36 PM

"Yet we do exactly that"

Just because some people aren't very clever, doesn't mean we all are.

"You can fool some of the people all of the time, and those are the ones you want to concentrate on", purportedly.

One of the problems with privacy law is that it is determined by, and enforced by Governments that really don't care at all about privacy. Personal information is an asset that can be profitably stripped from you and sold (with or without your consent) creating a commercial incentive that too often trumps or corrupts law enforcement.

Ultimately protecting your privacy is about making some difficult personal choices about who you trust with your information, and penalising without mercy those who abuse your trust.

And not about hoping that law enforcement might protect you, especially after the fact. Which is a pity. I would much prefer to have my right to privacy respected and upheld.

Yet there will be a chilling economic impact on the economy if people can't trust the businesses they use.

SimonJune 13, 2013 4:41 PM

That brings up another big issue - what happened this past week was not merely the exposure of the extent of gov't surveillance. A lot of companies are complicit and I'm not referring to providers of service like AT&T and tGoogle. Do you know how many GSA suck-ups there are, how many companies sell stuff to the gov't to facilitate what you see? They're the same companies that dominate all the trade shows and conventions and command magazine reviews and sell common computing and networking and Fast-forward 10 years. If I'm right and there have been no more terrorist attacks, the fear preacher takes credit for keeping us safe. But if a terrorist attack has occurred, my government career is over. Even if the incidence of terrorism is as ridiculously low as it is today, there's no benefit for a politician to take my side of that gamble.
communication technology to you and me.

This was no boating accident.

PanchoJune 13, 2013 4:54 PM

No one is required to carry a cell phone; they do not have to be operating; no one is required to use their assigned cell phone; and they can be left in locations as desired. This episode of government "tyranny" seems to be largely voluntary.

Bruce SchneierJune 13, 2013 6:30 PM

"This episode of government 'tyranny' seems to be largely voluntary."

Many start out the way.

Many dictators are initially elected fairly. Many totalitarian movements have initial broad popular support.

Bruce SchneierJune 13, 2013 6:32 PM

"When firms battle for market share, consumers typically gain (ie new features they care about, such a functionality, price, convenience, get better)."

If the network effects are great enough, and lock-in strong enough, you can gain market share even while getting worse.

CraigJune 13, 2013 7:37 PM

"If the government demanded that we all carry tracking devices 24/7, we would rebel."

You're an optimist, or maybe just behind the times. As recently as the 1950s, there might have been a rebellion. Today, I doubt very many people would do anything but grumble.

Re-PeteJune 13, 2013 8:34 PM

"Yet there will be a chilling economic impact on the economy if people can't trust the businesses they use."

If you're trusting *any* company to do anything *but* make as much money as they can, you really don't understand what companies *do*.

(cue folksy acoustic guitar music)
"At Blah-Blah Corp, we just sit around waiting for you to come in and make our whole day brighter.
'Cause we're just FOLKS like you!"


Trevor StoneJune 13, 2013 10:44 PM

Companies that work directly with consumers, like Google and Facebook, are fairly upfront about what data they have and how it's used. And since their business models are fueled by users willingly (for the most part) providing them with data, they have an incentive to push back on government requests and invest heavily in security.

The companies I worry about most are the ones that I don't have a direct relationship with. Credit reporting companies, data brokers, and other companies have business models that rely on gathering personal data about consumers from businesses and then selling it to other businesses. They don't have a strong incentive to push back on government requests for my data and I generally can't ask them to delete my data, partly because I don't know who all of them are.

In our current sociopolitical scenario, I'm glad that we have some large consumer-aligned companies who can provide a counterweight to government power. Sometimes the governments get the issue right, but sometimes the corporations do.

(Full disclosure: I work for Google, in part because I like the stance they take on these matters. I'm not speaking on their behalf.)

GerryJune 14, 2013 3:10 AM

I liked your post so much that I almost clicked the Facebook "Like" button, but then stopped myself because of your article.

readerJune 14, 2013 4:21 AM

"we told the government we were scared and that they should do whatever they wanted to make us feel safer"

I never like that kind of assertion of what "we" did, as if "we" ALL really did do it and it's all our collective fault that we encouraged the government to spy on us.

Too bad the REST of us have to suffer because of those naive people who unfortunately told the government they were scared and that the government should do what whatever it wanted to make them feel better.

GweihirJune 14, 2013 5:22 AM

Laws offer only limited protection against murder. As always, laws are very limited in what they can do. The fundamental flaw in laws is that they require a rational, planning actor, i.e. a Homo oeconomicus. That model is deeply flawed and not even a bit representative for the behavior of the average person.

What protects us from murder by the average person is the ethics of said average person and making is reasonably difficult to commit murder. That is one reason, there are less murders in Switzerland than in the US (relatively to the population): While many men in Switzerland have an assault rifle and ammunition at their disposal, it is difficult to conceal and carry around. It is also clearly not allowed to carry it around, so when you are in a situation where rage takes over, you are very unlikely to have your assault rifle at hand. A pistol has a far lower safety margin that way.

Laws can play a role in making murder more difficult, but they have zero influence on personal ethics, as they are obviously bureaucratic constructs with only a very tenuous connection to reality, and sometimes none at all. Any person striving to define personal ethics will soon find that today laws are mostly unsuitable as a basis and that in many instances they need to be actively ignored in order to not arrive at decidedly unethical behavior guidelines.

Now, I am not suggesting to do away with laws, there are rational actors that are utterly devoid of ethics (larger corporations and organizations, governments, law-enforcement, etc.) and these need to be constrained by laws. But your personal protection from being murdered by a fellow human being does not stem from the law, but from that human being understanding that it would be "wrong" to murder you in an entirely non-legalistic sense.

The real problem is, however, that the average person does not understand these limitations of "the law". They applaud stronger penalties for terrorists, without understanding that this has zero influence on the terrorists themselves and will likely get them more support from outside, because they are more likely to be perceived in the role of David fighting Goliath. And who likes Goliath, the big bully, after all?

The same, incidentally, goes on with surveillance. Those in power are always deeply suspicious of those they rule. If more control, more surveillance, more repression is an option, they always will go for it, often with the most ridiculous justifications. This then combines with the ignorance of the general population of what surveillance (and "the law") can and cannot do. The result is invariably a police-state, representing one of the most despicable constructs that human beings can create. A police-state is also extremely difficult to abolish. Historically, it takes a war or a revolution.

The fundamental problem is of course, that we do not put the people in power that would be suitable to wield this power, but people that crave it. These are then automatically trying to increase and protect that power, because they want it for itself, making them the least suitable class of people to be put in power. Unless the human race learns that wanting power is an automatic disqualification to wield it, the automatic slow degeneration of any kind of state into a police-state is inevitable.

I don't really have a solution for selecting better people to be put in power. Even most that do not crave power seem to immediately become corrupted by it once they have it. What seems to work (at least in small states) is close supervision of what those in power do by the general population and strong sanctions once power gets abused. This also entails that any kind of secret government program is extremely dangerous and must be prevented, as it cuts out the only potentially effective control mechanism. Laws will be completely useless there, as the US so impressively demonstrates these days.

Keith GlassJune 14, 2013 6:19 AM

"we got what we asked for when we told the government we were scared and that they should do whatever they wanted to make us feel safer"

Why, suddenly, do things seem reminiscent of "V for Vendetta" ????

The "speech" on Guy Fawkes Day seems particularly appropriate. . .

TheDoctorJune 14, 2013 7:05 AM

- Yet we all carry cell phones
- Yet we all use Gmail and Facebook messaging and SMS
- Yet we do exactly that on Flickr and other sites.

SOME do, not everyone.

And even when we do so we assume that this is done within legal constrains that protect us from beeing screwed...
...AND THIS is where the betrayal done by our gouvernement comes into play.

TetracycloideJune 14, 2013 7:34 AM

Of course abolishing the third party doctrine as the antiquated of a bygone era it is would got a long way toward fixing this 'issue' which is more specifically the fact that under current law a third party doesn't have standing to bar the government from examining the data they've collected from others.

Jenny JunoJune 14, 2013 7:36 AM

I agree with Gweihir - laws offer practically zero protection against murder, it is the ethics of the people we encounter.

I do think the comparison to Switzerland is off-base, it is my belief (and I would welcome evidence to the contrary if I am wrong) that most gun killings in the US are committed as part of another crime, usually something to do with illegal drugs. Take away the ethics-weakening influence of immense drug money and most gun killings will also go away.

I think that the only thing laws are able to protect as from are abuse by legal entities - the more an entity is a construct of law, the more law can restrain it. Government being practically completely constructed by law would be the most restrained by laws. Corporations are also legal constructs, the larger the corp the more law is part of its make-up. Mom-and-pop operations have much less legal entanglements and are thus less constrained by law, etc. Down the line to individual people and ultimately nature (tornadoes, wild animals, etc) which have zero legal existence and are completely unconstrained by law.

Julien CouvreurJune 14, 2013 10:51 AM

Bruce says:

If the network effects are great enough, and lock-in strong enough, you can gain market share even while getting worse.

I think you are taking a narrow view of utility to the consumer (definition of better and worse for customer).
The network size is a feature too. It may not be controlled by the company the way code is, but it is integral part of the trade-offs customers make.

In the scenario you describe, it sounds like things are getting better for customers (even if some aspect could suffer).
If things are truly getting worse, all your customers may not switch, but some at the margin would.
We already have examples of people switching networks and other networks rising. I remember a study which showed such network flows don't take that much to tip.

Of course, there is some inertia, cost of switching, and so on. But competitors have incentives to improve on those as well (bridge networks, import contacts and data if possible, ...).

GweihirJune 14, 2013 10:58 AM

@Jenny Juno:
As to the gun-killings, I really don't know. Swiss police is not hesitant to shoot people given the right provocation. Drug-dealing however seems not to be among them. From the news, my impression is that trying to run over a police officer or shooting at them first is required. Attacking them with a knife also seems to do the trick in some instances. But basically, it seems to boil down to the fact that neither do they want to kill people, nor do people want to kill them.

Bill VanceJune 14, 2013 1:42 PM

@ Reader said "Too bad the REST of us have to suffer because of those naive people who unfortunately told the government they were scared and that the government should do what whatever it wanted to make them feel better."

I suspect those "naive people" didn't tell the government anything; that's the story we're being sold. Rather, a window of opportunity was opened for those anxiously awaiting from the wings to exercise their power as change agents.

Nick PJune 14, 2013 1:43 PM

A hopefully productive counter to Bruce's metaphor

Bruce's feudal security metaphor seemed awesome when I first read it. There's significant differences from ancient feudalism to this, though. For one, many of the current reigning Houses beat out others in the same territory without a drop of blood spilled. The main weapons they used were innovation, better service or better marketing. Newcomers can constantly challenge the reigning companies with these same tactics without risking their freedom or lives as they would under feudal rule. Although, reigning companies' financial and legal strength gives them similar staying power to feudal lords.

The other problem with the metaphor is law. The lords of the ancient kingdoms often controlled the law, dictating the lives of the peasants. The Internet lords are governed by the same law that governs their peasant users and their competitors. The best they can do is influence changes in the law, try to bypass the law (eg offshore tax havens) or disguise that they're breaking the law (increasing risk). These are the same strategies that everyone else uses, too. So, rather than being on top of the law, they're a part of it and can be subdued by it like everyone else. That's another weapon to use.

A radical, interim solution

My concept is to use existing law to create companies that can offer highly demanded services but not harm the users. Maybe we use nonprofits, special corporations, trusts owning a company with contracts imposing limits, etc. I'll let legal types fill in the specifics. They're not as important right now. I'll focus on the concepts.

Each company will be paired to a set of requirements. The requirements are quite similar to a Service Level Agreement. The requirements will impose restrictions on what action the company can do with users' data and possibly contain service-level agreements. These policies will be mostly standardized, they will be vetted by an independent body before signed, and companies will be regularly audited for compliance. A huge violation will, by contract, result in termination of executives and their bonuses. Smaller violations might result in fines for those responsible of no less than 20% of their income. These fines will be garnished automatically or sued for if they try to quit. All employees will have agreed to these terms as a condition of employment and will understand the seriousness of enforcing the requirements contract.

New opportunities for use or monetization of data will appear. So, there must be a way to revise the agreement so the company can stay competitive. A voting mechanism will be in place for the users to decide whether they want to allow a particular policy change. Most people won't participate, but more watchful people can block malicious changes this way. The existence of this mechanism, along with strong visibility into operations, will make it harder for company insiders to cheat users for their own benefit.

These companies will likely be formed by philanthropists or collective efforts like kickstarter. They might be a new company or an already successful company is acquired, then legally binded with the protective rules. An example would be using Tagged, or Friendster at one point, against Facebook. A few high profile big and small examples might kickstart a movement. The independent body that certifies these companies should be a nonprofit whose members are very carefully selected for their character. This organization must exist so consumers have one place to visit to verify an organization complies with my concept, rather than pretends to.

Threat Analysis

1. Patent and copyright systems. Powerful interests can use these to try to deny newcomers access to critical features. This would keep deny them competitiveness. Combined with frivlous lawsuits big legal teams often win, the reigning companies can keep newcomers in check.

2. Subversions. Examples are control fraud at the top, contracts with loopholes that defeat their point, corrupt certifiers, and collusion with auditors. There are existing practices to counter stuff like this to a "works well enough" degree.

3. Congress, IRS or other government entities being influenced to pass laws to hamper newcomers or my legal strategy. Threat 1 is actually an example of that.

4. Convenience + existing lockin. This is one of the prime ways the powerful people stay in power. A switch to a new offering might involve massive movement of data, reconfiguration, learning new stuff, loosing old stuff, financial strains, risk to corporate operations, etc. Lockin is highly effective. The newcomers will need tools to help users facilitate the migration to be effective.

5. Tyranny of the Majority. The people were gullible and lazy about protecting their rights/future. The reigning companies tricked them into the current situation. My concept would require a battle for the public's minds between the reigning companies and the newcomers. The reigning companies are already propaganda masters with plenty of resources. The people's very nature might be used against them.


The status quo is mostly feudal in nature. The differences between a true feudal system and our system undermine the reigning companies' power. Their power might be totally reigned in with the passage and enforcement of new laws. However, the past ten years showed me that's unlikely. So, I've proposed using existing law with new companies to reign in abuses of users much like union contracts reigned in some abuses of employees. Precedents in unions, nonprofits and principle driven companies show that my scheme might work if a minority of entrepreneurs puts some momentum behind it.

JackJune 15, 2013 9:15 AM

On the Feudal concept, and the statement 'we were scared and asked the government to do whatever possible to protect us' what stands out to me is that for the average American who is not wealthy terrorism is not their fear.

Their fear is street crime. Which the US has a lot of. Far more people die to homicide then to terrorism. You are talking about a grain of sand versus a mountain. And then there is rape, assault, and other forms of violent crime.

I do think they have been asking for a reduction of crime for quite some time, and have not received that.

And we could point out that the moves the government has been making have been towards creating a really dark, large totalitarian state -- but does little to nothing to actually preventing terrorism.

It is like the metaphor where you lose a coin in Afghanistan and really want to find it so you look all over LA.

Just a little bit obvious.

So, what do "the people" really want. What scares them? The people who are wealthy want a totalitarian system, and the people who are poor just want freedom and protection from violent crime which is rampant.

I do not think they are asking for flying drones, either.

I would think they just want honest cops who respect them.

It does appear that while most Americans have ideals of freedom as expressed by our founding fathers, quite a number working "on their behalf" have had darker ideals of a new, larger North Korea. Of a Stalinist Russia, a Nazi Germany.

I do not think they consciously think of it this way. But to use words which are equivalent, that is their fantasy.

It appeals to them because they see themselves, their friends, their family as the ones who will be in power in such a system.

They likely mentally block out the reality that their system is exactly like any totalitarian system they claim to be opposed to.

Clearly, their opposition is merely based on the fact that it is "some other guy in power" and not their own self. Their hatred of totalitarianism then is based on ego, and not true idealism.

They are actually jealous.

JackJune 15, 2013 9:38 AM

Nick P:

My concern with this model is it plays out as if the current state of affairs is a foundation which can be built on.

I am very cynical on this, though I see many things in the current system which could stand. For instance, we have a great system of open communication today which inspires liberty, which inspires innovation.

Innovation of all sorts.

It also inspires justice. Exposure has been helping justice come about. We see this frequently where small "Houses" allow rapes and other crimes to happen without prosecution.

I suppose this goes into the concept that in old feudal systems class was the law. In this feudal system, class is not the law.

But, is this truly the case? Are not the top level enforcements performed by competing powers?

We have seen this frequently: corporations work with government paying them off as necessary, and government works with corporations paying them, as well. There is also a strong upper level commodity market in secrets, leverage, they can use on their enemies.

When we see big boys get hit in big cases we can think to ourselves, "The system is working", but we can know: the full story is not being told.

It is true and a good metaphor that swords and physical brutality are often not the weapons here. Though, the US has made sure that their prisons mean rape, assault, and other crimes by other prisoners -- and is looking for acceptance of routine torture by the guards.

Further, poverty for the wealthy which can come about by a variety of means by their opponents will put them in a position vulnerable highly to physical, violent crime.

Yet, we have a solid system of providing food (with some strong weaknesses), of providing jobs, we have luxuries ancient people's kings only had and far more available to even low income people. (Those beds were expensive, and the best entertainment they had outside of political intrigue was dances and music. They did not have toilet paper, water had to be carried to them, they had to ride horses and carriages.)

We also have a system where, as noted, dark principalities who wish to pervert the law are far more easily exposed, globally even. Police beat a protester, it can be spread globally. Kids are locked up for a crime they did not do, the world can judge it and free them. You can actually prove murder these days.

If anything what the world needs is a global surveillance system where the people can spy on the government. Not the other way around.

My conclusion is the whole foundation is rotten, but there are some ancillary buildings which are strong. When you have a rotten wood foundation, you burn it down.

As amusing as it is that we have a slogan for a Joker, "some people just want to see the world burn", I am reminded of the slogan Jesus Christ had.

(And no, NSA, that is not literal. But, thankfully, you can not crucify Jesus, as your predecessors did.)

JackJune 15, 2013 5:45 PM

on facebook:

I think people will use this or similar technology, and there simply are limits to what others should be able to get from it to spy on others.

We have a lot of trends today, because of the internet, of wide openness. I do not see this as a bad thing. It brings people together and keeps them real.

What can be a bad thing is when, for instance, others with a critical eye spy on these areas of people's lives with an intent to find fault.

Might as well then install mics in all of our homes and post it all online for them to do the same.

It is really a depraved, lifeless person that would grab people's private conversations and use them as fodder.

The only survivors in such scenarios are sociopaths who are always thinking of "the right thing to say" and "the right front to put out" because they have no compass or morality or compassionate emotion.

rabbitJune 16, 2013 11:10 AM

How can the 'government' use metadata to influence elections, encourage some to get out and vote, discourage others from voting, or like the supreme court, just fix the election to come out as desired?

Jamie McCarthyJune 16, 2013 12:23 PM

"The companies contending to win our trust to manage our digital identities all seem to have complementary (or competing) business models that breach that trust by selling our data."

No. Apple is different.

Google and Facebook make money by selling me to their actual consumers: advertisers.

Apple makes money by selling things to me.

Other companies survive by exploiting my data as much as they can get away with, but Apple has no economic reason to do so. This is borne out by what we now know of its executives' dealings with other companies: Apple jealously guards its customer data, forcing others to accept terms that give them no access to its customer database.

FigureitoutJune 16, 2013 6:35 PM

Jamie McCarthy
--Google is a step above Apple, but Apple isn't much different in terms of "caring" about you. I guess giving another choice besides MS, and becoming big enough to make it usable is good. However, I believe Apple has much to gain exploiting your data; let's have a look at the latest ToS, shall we?

Pg. 3, You may withdraw this consent at any time by going to the Location Services setting on your iOS Device and either turning off
the global Location Services setting or
turning off the individual location settings of each location-aware item on your iOS Device. Disabling these location features will only impact the location-based functionality of your iOS Device.
--Does that mean that function will be slower b/c I didn't consent?

Pg. 3, By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and dictation functionality in other Apple products and services.--Hmm, seems a little sneaky; hopefully there isn't a clause like that to use the entire device.

Pg. 4, In order to set up FaceTime, and to initiate and receive FaceTime calls
between you and other FaceTime users, certain unique identifiers for your iOS Device and account are needed. These unique identifiers may include your email address(es), the Apple ID information you provide, a hardware identifier for your iOS Device, and your iPhone’s telephone number. By using the iOS Software, you agree that Apple may transmit, collect, maintain, process and use these identifiers for the purpose of providing and improving the FaceTime
--Hmm, again, by just using it I consent to something that isn't made obvious to me.

Pg. 5, Apple may provide mobile, interest-based advertising to you.--Oh, they "may", how would they know my interests? Or is it just the device's interests?

Pg. 6, By using the Services, you acknowledge and agree that Apple is not
responsible for examining or evaluating the content, accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality or any other aspect of such Third Party Materials or web sites.
--Apple is really looking out for you.

Pg. 7, Upon the termination of this License, you shall cease all
use of the iOS Software. Sections 4, 5, 6, 7, 8, 9, 12 and 13 of this License shall survive any such termination.
--So once you agree, you're set.

Pg. 8, In no event shall Apple's total liability to you for all damages (other than as may be required by applicable law in cases involving personal injury) exceed the amount of two hundred and fifty dollars (U.S.$250.00).--That should cover just about anything.

That was just for iOS 6.0. Assuming you've at least read that and this, look closely and they leave some nice holes. And they lock you in like a nice serf.

Dirk PraetJune 16, 2013 8:26 PM

@ Bruce

Ray Ozzie is right when he said that we got what we asked for when we told the government we were scared and that they should do whatever they wanted to make us feel safer. But we also got what we asked for when we traded our privacy for convenience, trusting these corporations to look out for our best interests.

I don't entirely agree.


More than the terrorists themselves, it was governments and mainstream media that conditioned both the general public and its representatives into a state of permanent fear. Vladimir Lenin once said: "If you repeat a lie often enough, eventually the lie becomes the truth."

At no point did the public knowingly and willingly give the military (NSA) a blank cheque for dragnet surveillance both foreign and domestic, allowing the executive branch to listen in on all its phone and internet communications. Not only was this achieved through secret orders from secret courts based on secret interpretations of laws, but also - as it appears now - through "partnerships" with many US based companies running the very telecommunications and internet infrastructure folks put their daily trust in.

I am not a specialist on constitutional law, and I'll gladly leave that debate to those who are, but I'm willing to bet my every cent that the Founders - and James Madison in particular - would have been horrified by such practices. It's the sort of stuff you can expect in totalitarian regimes like China and the former Soviet Union, but in my opinion has no place in a democratic society, especially in one that calls itself "the land of the free and he home of the brave". Reading up on the subject, they bear a striking resemblance to King George's writs of assistance, which was exactly what the 4th Amendment wanted to address.

For those justifying what's going on in the name of "the permanent war on terrorism", I would like to point out that the Fathers in their days were facing a problem of an entirely different magnitude than the odd (and mostly incompetent) terrorist, i.e. the tyranny of a colonial oppressor backed by the British Army. Until such a day that there is conclusive proof of a terrorist organisation having acquired WMD's and the capability to use them, the simple truth remains that more people in the US on a yearly basis die of lightning strikes, falling furniture and even toddlers with guns.

As a non US-citizen who's equally impacted, the current legal high-tech and word games surrounding the ongoing mass surveillance are nothing more than purposeful obfuscation of the truth - not to say downright deception of the public - and which all three branches are complicit in.


The same can be said about the corporations, their products and services we put our trust in. The general public never knowingly and wittingly gave up its privacy or traded it for convenience. We were lured into doing so. The average (smart)phone or computer device user had and still has no idea what the companies behind their shiny devices and convenient (free) services are doing with the digital trail they generate and leave behind. Nobody reads EULA's and T&C's. Even if you do, they're incomprehensible, full of legal mumbo jumbo and smallprint only lawyers understand. This afternoon, I was presented with a 326-page Apple T&C when setting up my sister's new iPad. That's absurd.

I submit that the average user cannot possibly and reasonably be expected to fully fathem the consequences and ramifications to his/her life in general, and privacy in particular when all they hear is "when you've done nothing wrong, you have nothing to hide". The impact becomes even bigger when all the breadcrums are mined and combined by governments doing so in absolute secrecy, and which the corporation is legally barred from revealing the full extent of.

Coming clean

Even when put in place with the best of intentions and justified with all sorts of legal high-tech, it is my firm belief that secretive mass surveillance programs as suspected by some and now revealed by Edward Snowden have no place in a democratic society. They are a trademark of totalitarian regimes and can be turned on the people at any time, and for any reason, especially when oversight and justification is as secret as the programs itself.

If such programs are deemed necessary in a certain societal context, then they have to be carried out in an open way both by the governments that instate them and the corporations that participate in them. This also implies adequate and transparant oversight, not just reassuring statements from officials that there really is nothing to worry about but that no details can be given on grounds of "national security". If a government or corporation is worried about the possible backlash such programs would generate in terms of political or economic damage, the way of going about this is by engaging with users/electorate, not by going behind their back or obscuring the truth.

No one is questioning the necessity for secrecy in the line of certain security sensitive programs or activities. This is as much true for private persons as it is for public (or civil) servants and their governments. Neither is anyone questioning the business model of companies that generate revenues from customer data. But we need better checks and balances than what is in place today.

Citizens cannot make informed decisions about the usage of telecommunication and internet services if they are not sufficiently aware of the possible consequences this can have for privacy and other aspects of their lives, and especially when at some point they can be used against them. In the US, the 5th Amendment protects one from self-incrimination. Many other democratic countries have similar legislation.

Digital Miranda

I have entertained this thought on this blog before, and the longer I think about it, the more I'm convinced that we need a digital equivalent of the Miranda warning as a mandatory clause in the preamble of EULA/T&C's of any and all telecommunication and computer device or service. It should briefly and in layman's terms explain the possible consequences of their usage and ways to mitigate those. In its shortest form it could go something like this:

"Any and all activity engaged in with this device, software or service, as well as all data stored or passing through it may be subject to monitoring, collection and analysis both by vendor and third parties, domestic and abroad, including but not limited to government agencies, and irrespective of any wrongdoing on your behalf.

This can have severe implications on the privacy of your activities, data and person, both in a civil and criminal context. If you do not understand these, please discontinue usage or seek legal advice. If you cannot afford such, our legal service will provide it at no cost."

I don't think any company would voluntarily adopt this, but it would be the right thing to do. I also doubt that it would influence in any way the behaviour of those who are indeed willing to give up privacy for convenience, but then at least they have been warned in so many words.

Matt CJune 16, 2013 8:39 PM

The thing that frustrates me about this argument is that us 'giving up our privacy' is framed as if it's some stupid choice that we made as consumers, as if we even had the choice to begin with.

So, as a savvy consumer, what are my options, really? Is it trivial to just throw away your cellphone? Ok, while we're at it, might as well turn off my Internet because hey, I can't trust my ISP. While I'm at it, I could try and convince my employer to shut off the security cameras in the building I work in. Might as well stop buying anything using my debit or credit card, because some other company I don't know then has my purchasing history, etc etc.

Consumers don't stupidly trade privacy for convenience. Where is the for-pay alternative to Google? Or Facebook? I'd gladly pay a monthly fee for Gmail and other services if it meant better protection of my data (but in reality, I DO place my trust in Google becausae they're very up-front).

I like the fact that Google uses my information to make my experience on the web better; I like receiving targeted ads rather than ads I'm not interested in. These are informed choices I made, to trade privacy for convenience.

I don't know what the solution is; laws are one, but what's the point if the government is just above the law anyway?

(FWIW, I wouldn't even mind the government using my data if it were necessary so much if they were up-front about it in the same way that Google is).

J.D. BertronJune 17, 2013 12:59 PM

I applaud the very first post on the thread. This is exactly what I was going to say in regards to the trust we give corporations.
The same logic carries over to government :
Making the assumption that only government can provide security - because it has awarded itself that monopoly - causes ramifications that imply the duality between privacy and security. But this is not true if government isn't the sole provider of our security.

bobJune 17, 2013 3:31 PM

Re: "we told the government we were scared and that they should do whatever they wanted to make us feel safer" - I am with several others here who said no such thing.

When Pres Bush (disclaimer: I liked him, thought he was basically trying to do the right thing) said "Freedom has been attacked" on TV on 9/11, I said right then (yes, I talk to my TV - it has just as much effect as voting and it's quicker and
cheaper) "TERRORISTS may attack my LIFE or my PROPERTY; only my GOVERNMENT can attack my FREEDOM"; and a couple of weeks later - it did exactly that.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.