While every year since the advent of the internet has had its share of privacy stories, 2013 has been a cornucopia of news about surveillance and personal data.
Undoubtedly, the biggest story of the year was the disclosure of thousands of secret documents detailing the US National Security Agency’s global surveillance activities by Edward Snowden, a former NSA contractor. In June, Snowden met with Guardian reporters Glenn Greenwald and Ewan MacAskill and filmmaker Laura Poitras in Hong Kong. During a week of interviews, Snowden revealed a surveillance apparatus so vast, and spying programmes so all-encompassing, that it began a conversation about the modern surveillance state across the globe.
In addition to disclosing the reach of these programmes, Snowden’s trove of secret documents revealed the weakness of oversight for US spying, exposing the wide gulf between classic wiretapping rules and the current regime governing surveillance.
The Snowden affair
The classified documents describe the NSA’s near-omnipotent abilities to read and listen to the content of electronic communications anywhere on earth. They also detail NSA systems designed to access information on Microsoft, Apple, Facebook and Yahoo servers with and without company knowledge, with and without warrants. Emails, phone call details, chat messages, stored documents – the Snowden disclosures highlight the NSA’s capability and clear intent to capture and analyse any data that might implicate US security. It came to light that the US was spying on 35 world leaders including Chancellor Angela Merkel of Germany and Brazilian President Dilma Rouseff.
The documents show the NSA’s concerted effort to weaken encryption standards and hardware to make them easier to break. Britain’s GCHQ was also revealed to collaborate closely with the NSA, and expected to “pull its weight” in exchange for access to US intelligence.
Augmenting these stories is the cloak-and-dagger tale of Snowden himself. Only 29 at the time of the disclosure, he left a well-paid life and a girlfriend behind to travel to Hong Kong to expose NSA secrets. Fearing capture, Snowden then flew to Moscow where he remained in limbo at Sheremetyevo Airport because the US had invalidated his passport. Several weeks passed, and Snowden was granted a one-year asylum in Russia, where he remains. Each week brings a new revelation of the NSA’s insatiable appetite and seemingly limitless reach as news organisations analyse the disclosures and file new stories. The conversations Edward Snowden sparked – of the tension between law enforcement, security, and privacy, and legitimate versus illegitimate spying – as well as debates of whether he is a hero whistleblower or a national traitor, rage on.
The year also saw the conviction and sentencing of Chelsea (formerly Bradley) Manning, who in 2007 gave hundreds of thousands of secret US government cables and documents to the whistleblower site, Wikileaks. Manning, a former intelligence analyst for the US Army, had been jailed since 2010, spending nine months in solitary confinement, and in August was sentenced to 35 years in prison. Julian Assange, the founder of Wikileaks, remains under virtual house arrest within the Ecuadorian embassy in London.
Privacy law
It’s been an active year of privacy and data protection policy development. The European Commission continued to grind through a massive overhaul of EU data protection rules, updating the relatively ancient 1995 Data Protection Directive. The new rules seek to strengthen consent requirements, increase data portability, improve data breach notifications, and encourage “privacy by design” principles. Fearful of disruptions to existing business models, EU member states including the UK and others have voiced significant concern, and negotiations will continue well into 2014.
The “right to be forgotten” has appeared in the EU draft regulation, aiming at helping people remove their digital traces from the internet. However, while the intent is laudable, it’s a very challenging proposal – the EU’s own network security agency, ENISA, reported that any comprehensive enforcement method would be impossible. Meanwhile, Kazakhstan, South Africa and Malaysia have enacted their first data privacy laws, Singapore’s goes into effect next year, and Brazil is expected to pass a law shortly.
In the US, individual states have been making headway on privacy issues. Montana and Maine became the first states to require police to get a search warrant to access current and historical location data from mobile phone carriers. Similar efforts are underway in Wisconsin and other states, and two bills were reintroduced to Congress this year aimed at controlling the use and release of geolocation information. Throughout the US, a number of new state laws have been passed on issues such as email privacy and prohibitions on the collection of biometrics.
No end of year review would be complete without mentioning privacy’s favourite whipping boy, Facebook. It’s been a relatively quiet year for the social network. A bill to prevent the online tracking of 13-15 year olds, extending existing prohibitions on tracking children aged 12 and under, was introduced in the US Congress citing Facebook as a specific concern. Facebook’s use of facial recognition technology also spurred Congressional attention, and a US executive agency has announced plans to study the privacy implications of such technology.
German regulators lost a legal battle with Facebook, the court deciding that German privacy laws requiring the right to use services pseudonymously did not apply to the company.
The rest
Amazon recently generated a lot of buzz after announcing it was testing aerial drones to deliver small packages. Shortly thereafter, Deutsche Post-DHL made a similar announcement. As commercial, scientific and private uses of drones start to proliferate, issues of privacy and surveillance come to the fore. In response to these issues, different drone privacy bills are moving through the US Congress. The EU has yet to take an official position.
The UN recently reported that 40% of the world would be online by the end of the year. As people become digital citizens and society becomes more electronic, the transparent, pervasively monitored character of our online lives becomes more and more apparent. Privacy researchers speak of the panopticon – a space where we can all be watched, but we do not see the watchers. The year was full of stories that showed people how naked their digital lives are, and how weak the protections of their privacy have become.
While many responded with a shrug, others were appalled, and the advocacy community continued its fight in legislatures and the courts. The nature of the internet is to share information, but the social and psychological need for privacy remains a core human trait. This tension between society and its electronic tools is an enduring feature of the information age.