US Federal Bureau of Investigation director James Comey designed his social media presence to be safe from prying eyes. He set up a private Instagram account only followed by family members, and subscribed to Twitter under a false name. After just one mention in a public speech, it took only a few hours of a reporter’s time to discover the accounts with certainty approaching 100 percent. (Apparently in response to the story, the Twitter account — which quickly started gaining followers — is now available only to subscribers approved by its owner.)
If anyone really wants Comey’s family pictures and media-reading history, the Instagram and Twitter accounts will be hacked in no time. In any case, the companies involved have the data, and the Senate recently voted to allow internet service providers to sell personal browsing and app usage histories to advertisers — or, presumably, to anybody who wants them. Meanwhile, the internet privacy of non-US citizens is not protected at all thanks to an executive order that tells agencies foreigners are exempt from the US Privacy Act, even though European officials cling to the illusion of an unenforceable “Privacy Shield” arrangement with the US (Under it, affected Europeans are invited to sue in US courts; I’d have to be officially accused of being the leader of ISIS before I’d contemplate that.) People the world over should be aware that using any of the services provided by major US-based internet companies means giving up privacy altogether and opening up the most personal data to governments, advertisers, the press and private investigators. It also makes malicious hackers’ work a lot easier because a lot of eggs are being put in large baskets.
Up until now, the services have flourished anyway thanks to the well-known privacy paradox: people say they care about their privacy, but in practice they willingly give it up for convenience. My favorite explanation of the phenomenon is so-called “benefit immediacy”: When the benefits of disclosure are instantaneous while the risks are delayed, the benefits are perceived to be higher than the risks. Last year’s Pew Research study of the paradox showed a plurality of Americans is fine with giving up shopping histories in exchange for a discount card, but not with putting tracking devices in cars in exchange for cheaper car insurance.
The trade-off, though, is highly fluid; customers may become hostile to privacy intrusions by the tech industry if there are more major security breaches and more people are personally affected. So while investment currently flows mostly to companies whose products further compromise privacy — such as Uber, which knows everything about its customers’ movements and has been known to misuse the information, or Internet of Things startups that essentially install surveillance technology in people’s homes — privacy protection may be Silicon Valley’s next hot play.
While there are many privacy protection products available, from browsers that block trackers to messenger applications offering end-to-end encryption, using one or several such products doesn’t guarantee true safety: users need a holistic approach that entails lifestyle changes to stay safe but still connected to the tech-enabled universe.
A company called Purism, for example, sells laptops with maximum privacy and security in mind. It means not using certain processors — like recent Intel ones — that enable remote access to the computers even when they’re powered off. It also employs an operating system (Linux-based) that prevents information collection, and has privacy-ensuring software, from a custom browser to encrypted messaging to a Google-bypassing map app. If one has the discipline to give up the social networks (especially Facebook, whose data-collection practices are so complex that it’s probably fair to say no outsider understands them), a Purism machine can take care of all the basic privacy and security needs. But Purism is a tiny firm, which has had to crowdfund its component inventory. It gets some attention in the tech press, but not enough for a breakthrough: Its target audience is considered paranoid.
Because much of the tech economy is advertising-financed, and advances in important fields such as big data and artificial intelligence depend on people’s propensity to share lots of information, much of it inadvertently, privacy concerns have taken a back seat. That doesn’t mean, however, that the status quo is sustainable.
I wrote recently about a similar lack of investment in devices that work to reduce, not increase, people’s device dependency; at some point, when medical science judges the digital media addiction as dangerous as the tobacco one and there’s public pressure to combat it, the money will come. The same goes for privacy. The more intrusive the tech industry becomes, the less users want to be the commodity sold by tech companies to advertisers or other exploiters of behavioral data and the more demand there will be for means of resistance. Investors betting on a Big Brother future may be in for some nasty surprises; those who bet against its endurance may be rewarded for their prescience.