Do people behave differently when they think they are being watched?
When former National Security Agency contractor Edward Snowden revealed the mass surveillance of American citizens in June 2013, the question suddenly grew in importance. Can the behavior of an entire population, even in a modern democracy, be changed by awareness of surveillance? And what are the effects of other kinds of privacy invasions?
Jon Penney was nearing the end of a fellowship at Harvard Law School’s Berkman Klein Center for Internet & Society in 2013, and he realized that Snowden’s disclosures presented an opportunity to study their effect on Americans’ online behavior. During research at Oxford the following year, Penney documented a sudden decline in Wikipedia searches for certain terrorism-related keywords: Al Qaeda, Hezbollah, dirty bomb, chemical weapon, and jihad, for example. More than a year later, when the study ended, such searches were still declining. “Given the lack of evidence of people being prosecuted or punished” for accessing such information, Penney wrote in the Berkeley Technology Law Review (which published his research last June), he judged it unlikely that “actual fear of prosecution can fully explain the chilling effects suggested by the findings of this study.” The better explanation, he wrote, is self-censorship.
Penney’s work is the sort of evidence for negative social effects that scholars (and courts of law) demand. If democratic self-governance relies on an informed citizenry, Penney wrote, then “surveillance-related chilling effects,” by “deterring people from exercising their rights,” including “…the freedom to read, think, and communicate privately,” are “corrosive to political discourse.”
“The fact that you won’t do things, that you will self-censor, are the worst effects of pervasive surveillance,” reiterates security expert Bruce Schneier, a fellow at the Berkman and in the cybersecurity program of the Kennedy School’s Belfer Center for Government and International Affairs. “Governments, of course, know this. China bases its surveillance on this fact. It wants people to self-censor, because it knows it can’t stop everybody. The idea is that if you don’t know where the line is, and the penalty for crossing it is severe, you will stay far away from it. Basic human conditioning.” The effectiveness of surveillance at preventing crime or terrorism can be debated, but “if your goal is to control a population,” Schneier says, “mass surveillance is awesome.”
That’s a problem, he continues, because “privacy is necessary for human progress. A few years ago we approved gay marriage in all 50 states. That went from ‘It’ll never happen’ to inevitable, with almost no intervening middle ground.” But to get from immoral and illegal to both moral and legal, he explains, intervening steps are needed: “It’s done by a few; it’s a counterculture; it’s mainstream in cities; young people don’t care anymore; it’s legal. And this is a long process that needs privacy to happen.”
As a growing share of human interactions—social, political, and economic—are committed to the digital realm, privacy and security as values and as rights have risen in importance. When someone says, “My life is on my phone,” it’s meant almost literally: photos, passwords, texts, emails, music, address books, documents. It is not hard to imagine that the Declaration of Independence, redrafted for an information society, might well include “security and privacy,” in addition to the familiar “life, liberty, and the pursuit of happiness,” among its examples of “unalienable rights.”
Although Snowden highlighted government surveillance, it may not be the worst problem. Corporations hold vast and growing troves of personal information that is often inadequately protected, its use largely unregulated. Since 2005, hackers have stolen hundreds of millions of credit-card numbers from major retailers such as Target, Home Depot, TJX, and eBay. In 2014, someone stole the keys to half a billion Yahoo accounts without being detected. And everyday threats to privacy are so commonplace that most people are numb to them. In exchange for free email, consumers allow companies such as Google to scan the content of their digital messages in order to deliver targeted ads. Users of social media, eager to keep in touch with a circle of friends, rarely read the standard agreement that governs the rights and use of what they post online. Smartphones know their owners’ habits better than they themselves do: where and with whom they sleep, what time they wake up, whom they meet, and where they have been. People accept such tradeoffs in exchange for convenience. They don’t really have a choice.
Bemis professor of international law and of computer science Jonathan Zittrain, faculty chair of the Berkman Klein Center, worries that the ubiquity of privacy threats has led to apathy. When a hacker released former Secretary of State Colin Powell’s private assessments of the two leading presidential candidates prior to the recent election, “I was surprised at how little sympathy there was for his situation, how it was treated as any other document dump,” Zittrain explains. “People have a hard time distinguishing, for instance, between government documents and private documents authored by people who were once government officials, [between] documents released under the Freedom of Information Act, and documents leaked by a whistleblower. It’s all just seen as…‘stuff is porous, and we can get it.’” As “the ability to hack is democratized,” Zittrain worries that people have lost sight of the original value behind whistleblowing, which is to make powerful institutions publicly accountable. Now everyone is vulnerable. “Over time,” he wrote recently, “continued leaks will lead people to keep their thoughts to themselves, or to furtively communicate unpopular views only in person.” “That does not seem sustainable to me,” he said in an interview, “and it doesn’t seem healthy for a free society.”
The perception that the Information Age has put privacy and security at risk is widespread. Necessarily, the search for solutions is equally broad-based. In Washington, D.C., Marc Rotenberg ’82, president and director of the Electronic Privacy and Information Center (EPIC), seeks legal solutions to privacy problems. At Harvard, research into privacy and security is focused at the Berkman Klein Center; at the Paulson School of Engineering and Applied Sciences’ Center for Research on Computation and Society; at the Kennedy School’s cybersecurity program; at the Institute for Quantitative Social Science’s (IQSS) Data Privacy Lab; and also within the schools of medicine and public health (and at the affiliated hospitals), where researchers seek to protect patient data so that it can be shared appropriately, particularly in the case of rare conditions. Solutions to privacy and security problems thus involve computer scientists and legal scholars, as well as experts in healthcare, government, and business.
Read on here: http://harvardmagazine.com/2017/01/the-watchers