Over the last several decades, rapid increases in worldwide connectivity have changed the world in profound and irreversible ways. The positive effects that have stemmed from this so called “Information Age” are widespread and impactful. However, as history has demonstrated, it is nearly unheard of for a culture to rapidly expand its capabilities without taking advantage of some portion of its populace. The introduction of the internet as a commodity into the public sphere, has placed a powerful and versatile tool into the hands of the citizenry of most developed nations. By indicating their personal preferences and opinions through their online interactions, most people build a digital representation of themselves that they may not even realise exists. These collections of data points representing individuals can, and are, being collected in a widespread and systematic manner. This brings to bear the matter of privacy and whether or not an individual has a right to it. This is an immediate and pressing issue because the actions taken based on this data has very real effects both in the digital realm as well as the real world. As such, it is imperative that developed nations implement changes in government policy, as well as economic incentives in order to create greater transparency in how data is collected and stored, ensure that users have a better understanding of the level of consent they are providing by using online services, and create higher levels of accountability concerning data practices for governmental agencies as well as organizations within the private sector.
In 2006 the European Union issued DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, stating,“Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication.” mandating that governments within the European Union direct their law enforcement agencies to require that internet service providers retain “data necessary to trace and identify the source of a communication, data necessary to identify the destination of a communication, data necessary to identify the date, time and duration of a communication, data necessary to identify the type of communication, data necessary to identify users' communication equipment or what purports to be their equipment” and “data necessary to identify the location of mobile communication equipment” in all communications and attempts to access online services from personal devices. At best these measures compromise the personal freedoms of their citizenry, at worst they compromise the safety of investigators, journalists, and individuals engaged in political controversy. As well as placing identifiable personal information into databases potentially susceptible to unauthorized access and distribution by private entities or foreign powers. This is only one example of government organizations creating regulatory measures in the digital space to work around legal and constitutional protections.
Another example is House bill 3261, or the Stop Online Piracy Act. The bill was introduced to the U.S. House of Representatives in 2011 by Representative Lamar S. Smith. As an aside, according to the Center For Responsive Politics, Representative Smith has received $124,700 in campaign contributions from the telecommunications conglomerate AT&T over the course of his political career. The stated intent in the text of the bill itself is “To promote prosperity, creativity, entrepreneurship, and innovation by combating the theft of U.S. property, and for other purposes.” The proposed bill is summarized nicely by The Congressional Research Service of the Library of Congress, “Stop Online Piracy Act - Authorizes the Attorney General (AG) to seek a court order against a U.S.-directed foreign Internet site committing or facilitating online piracy to require the owner, operator, or domain name registrant, or the site or domain name itself if such persons are unable to be found, to cease and desist further activities constituting specified intellectual property offenses”. This proposed bill ignited frenzied political discussion and activism in the digital sphere due to its potential ability to nearly directly censor and obstruct online resources in the United States by allowing government regulators to define what constitutes “intellectual property offenses”, as well as opening the door to further regulatory measures against online services. Such a bill would have been incredible at working around the pesky legal protection that is the First Amendment of the U.S. Constitution. As a result of the surrounding controversy, the bill failed to pass.
These attempts to use the potential power that the internet provides as a tool for governments to overstep their constitutional and legal boundaries highlights the fact that the advancement and development of digital technologies has severely outpaced regulatory protections. This is demonstrated by the knee jerk nature of such drastic measures. The aforementioned regulations and others like them certainly increase the capability of governments to identify and prevent illegal activities utilizing online resources. However it does so in a way that violently attacks the very moral and ethical pillars that these governments are based on. As well as the very clearly stated protections that are in place to maintain these pillars. Preventing crime does not justify actions of a tyrannical nature that undermine fundamental liberties. If lawmakers cannot be trusted to understand or adhere to these protections in digital contexts, then further constitutional and legal protections must be introduced in order to preserve autonomy and freedom for individuals and organizations online.
As part of their lineup of enterprise level products, Google offers the Analytics 360 platform, presenting the ability to “Use advanced tools to get a deeper understanding of your customers so you can deliver better experiences.” Analytics 360 offers many features and capabilities, such as User Explorer, which “lets you isolate and examine individual rather than aggregate user behavior” or the ability to generate a Behavior Flow Report, which “visualizes the path users traveled from one page or Event to the next”. This commercially available product, along with others such as Data Studio, Optimize 360, Search Ads 360, Surveys 360, and Tag manager 360, allows for privately owned corporations and business’ to gain astounding levels of insight into how individuals interact with their products and services with little to no accountability in how this data is used or stored. These products do not require a formal agreement by the user, in fact consent is often presumed to be given simply by accessing the webpage.
The issue of consent is profound, and far reaching in its effect on the digital landscape. It can certainly be argued that it is the right of a service provider to define the terms by which they provide their services. However this does not extend into a right to fail to clearly define to a user that they have even agreed to such terms. If an individual was to go grocery shopping, only to be punched in the face after walking in the door, an explanation that they consented to such treatment without ever being asked would be inadequate. Analytical practices for the purpose of improving user experience don’t necessarily need to be entirely done away with. But a clear point of entry into these terms is essential to allowing a consumer to make informed decisions on how they choose to interact with digital services.
In the Adobe Flash Player 10 Security White Paper (a document published by Adobe Inc to allow network administrators and other IT professionals to understand the security concerns and features of the Flash Player 10 program) it is stated that “The only type of persistent storage is through shared objects, which are embodied as files in directories whose names are related to that of the specific owning SWF files.” In layman's terms, this allows for a copy of the Flash program on a user’s computer to create and store a data file identifying a webpage as one the user has previously visited. Adobe asserts that “Shared objects are most often used to enhance your web-browsing experience. For example, by allowing you to personalize the look of a website that you frequently visit”. However it also has the unfortunate side effect of building a comprehensive and vulnerable map of the user’s online interactions. Similar practices are used by many social media giants in order to generate revenue through targeted advertising.
This fact was brought into the spotlight in April of 2018, when Facebook founder and CEO Mark Zuckerberg faced a series of congressional hearings on data privacy and suspected use of his platform for political influence by foreign powers. According to a transcript of one such hearing provided by the Washington Post, when questioned on the lack of information on what data Facebook collects and how it is used, Zuckerberg stated that “long privacy policies are very confusing. And if you make it long and spell out all the detail, then you're probably going to reduce the percent of people who read it and make it accessible to them.” This suggests that Facebook remains opaque concerning it’s data practices because the average user wouldn’t understand them. Zuckerberg then states that Facebook utilizes such practices because “offering an ad-supported service is the most aligned with our mission of trying to help connect everyone in the world, because we want to offer a free service that everyone can afford.” The consequences of such a lack of transparency in the handling of personal information was demonstrated clearly when political consulting firm Cambridge Analytica obtained personal data on 87 million Facebook users in 2015, allegedly using this information to formulate strategies in order to disperse Russian provided propaganda in a targeted manner with the intent of influencing the 2016 presidential election. The former Director of National Intelligence, James Clapper summarized the significance of this while testifying before congress in 2017.”If there has ever been a clarion call for vigilance and action against a threat to the very foundation of our democratic political system, this episode is it”. Cambridge Analytica is not a lone actor in these practices, in fact it is an offshoot of parent company SCL Group, whose mission statement “is to create behavior change through research, data, analytics, and strategy for both domestic and international government clients.” The homepage for the SCL Group presents their analytics capabilities as follows, “Using techniques from data mining, statics and artificial intelligence, we accurately forecast how people will behave.” As well as purporting their ability to “use digital, traditional and in-person communications to inform and influence target groups.” With an international scandal to backup the validity of these claims, the SCL group offers a clear and direct example of what can be done with user data without the user realising what is happening.
In order to remedy this misuse of personal data, new industry standards need to be created concerning the level of transparency that information based companies provide to their users. These companies often rely heavily on such practices to turn a profit, and direct governmental interference could absolutely be defined as a restriction on the free market. However, by creating adequate standards for clear and direct language explaining the level of consent that a user is agreeing to, the only companies that would suffer would be those that rely on taking advantage of uninformed consumers. And the data suggests that they are indeed uniformed. A paper published by the Conference on Human Factors in Computing Systems indicated that “Participants seem to be habituated to coercive interception dialogs---presumably due to ubiquitous EULAs---and blindly accept terms the more their presentation resembles a EULA”. An EULA (or, end user licence agreement) could be defined as the moment that a user surrenders certain information in order to use a service or product. Such agreements are written in a manner that is dense and filled with technical legal terms. As such the tendency of most individuals is to simply not read it, allowing companies to take extensive liberties with what they ask consumers to agree to. If required to be direct and open with consumers concerning data collection and usage, companies would be forced to align their practices with how involved their consumers actually wish to be with data collection.
The issue of data privacy isn’t something that can be solved easily, if it could it wouldn’t be much of an issue. However the ethical and practical consequences of refusing to try are significant and urgent in the world today. It is absolutely crucial that the world learns to take proper measures towards ensuring that we maintain a healthy and productive relationship with technology as we move into an increasingly digital world.
Works Cited
- House Bill 3261 Accessed at https://www.congress.gov/bill/112th-congress/house-bill/3261/text
“About the Behavior Flow Report - Analytics Help.” Google, Google, support.google.com/analytics/answer/2785577?hl=en&ref_topic=2996562&utm_source=marketingplatform.google.com&utm_medium=et&utm_campaign=marketingplatform.google.com/about/analytics-360/features.
“Adobe Flash Player 10 Security White Paper.” Adobe Inc. Accessed at https://www.adobe.com/content/dam/acom/en/devnet/flashplayer/pdfs/flash_player_10_security.pdf
Böhme, Rainer, and Stefan Köpsell. “Trained to Accept?: a Field Experiment on Consent Dialogs.” CHI '10 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems .
Calabresi, Massimo. “Russia's US Social Media Hacking: Inside the Information War.” Time, Time, 18 May 2017, time.com/4783932/inside-russia-social-media-war-america/.
“DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.” EUR-Lex, Publications Office of the European Union, eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32006L0024.
“Enterprise Advertising & Analytics Solutions.” Google Surveys, Google, marketingplatform.google.com/about/enterprise/.
Government, Transcript courtesy of Bloomberg. “Transcript of Mark Zuckerberg's Senate Hearing.” The Washington Post, WP Company, 10 Apr. 2018, www.washingtonpost.com/news/the-switch/wp/2018/04/10/transcript-of-mark-zuckerbergs-senate-hearing/?noredirect=on&utm_term=.a569d00a555c.
“Home.” SCL Group, SCL Group, sclgroup.cc/home.
“Manage, Disable Local Shared Objects | Flash Player.” Adobe.com, Adobe Inc, helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html.
“Mission Statement.” SCL Group, SCL Group, sclgroup.cc/missionstatement.
“Online Behavioral Tracking.” Electronic Frontier Foundation, www.eff.org/issues/online-behavioral-tracking.
“Rep. Lamar Smith - Campaign Finance Summary.” OpenSecrets.org, Center For Responsive Politics, www.opensecrets.org/members-of-congress/summary?cid=N00001811&cycle=CAREER&type=I.
Smith, Lamar, and Congressional Research Service. “H.R.3261 - 112th Congress (2011-2012): Stop Online Piracy Act.” Congress.gov, Library Of Congress, 16 Dec. 2011, www.congress.gov/bill/112th-congress/house-bill/3261.
“User Explorer - Analytics Help.” Google, Google, support.google.com/analytics/answer/6339208?utm_source=marketingplatform.google.com&utm_medium=et&utm_campaign=marketingplatform.google.com/about/analytics-360/features.