Let's apply the Luddite - techno-solutionist spectrum to journalists, shall we? At one end, we have George Packer; at the other, David Pogue, and in the rather lonely middle, we have Alex Howard.
You mightn't guess it from his twitter handle, but Howard, who is perhaps best known for his years as the Washington Correspondent for O'Reilly Media, is very much a realist when it comes to technology, particularly where it intersects with government and citizen rights. Amidst a swarm of double rainbows and boys who cried wolf, this realism, and the clarity with which it is expressed, is both refreshing and, I think, necessary. We live in an era of unprecedented personal data, and Howard is one of the few people to tell us who has access to this data, and how it is and might be used.
Recently, I was able to snag an hour of Howard's Dewey Beach time to talk about the state of privacy rights, PRISM, and one of the most important things we can do in the 21st century.
The broad notion of privacy--the idea that our thoughts, our letters are our own -- is something I’ve been thinking about since I was a kid. Consider the concept of personal space: do you have your own room? If your parents come in, are they allowed to be there? It was something I certainly wanted.
I’ve always had the sense that [privacy] is something that if people aren’t able to get, it has a significant effect upon their ability to be completely honest with someone else, to share confidential information, to be able to express themselves without fear of retribution, without fear of mistakes.
My sense of where the law stands is that while you don’t see it written into the Constitution or the Bill of Rights, it’s preserved into the common law of the land.
On Big Data
Big data is a concept that has to be thought about with a great deal of nuance because of the ways you can quickly determine who someone is. The more data that is out there about us, the more that is accessible to people who want to know about us. The power of that is significant. The biggest shift right now is that we’ve democratized the tools with which you can do this sort of analytics.
One of the approaches people talk about is giving people more insight into the data that is being collected about them. Unfortunately our Congress has not been well served by the lack of an Office of Technology Assessment, which was removed back in the '90s. They are less well informed and there’s less impetus to act. A real challenge we’re also facing is: how do we find our footing in this new context where tech has completely changed the understanding of the Fourth Amendment.
There simply needs to be clear, transparent language that extends consumers’ understanding as to what’s happening, and much more vigorous advocacy for consumer rights.
ON A DIGITAL BILL OF RIGHTS
The existing Bill of Rights should be applied to the digital domain.
On the communication channels he uses most frequently:
I live on my smartphone, without a question. I’m using encrypted email, also Skype but I’m using that less as Google Voice has gotten better. I use a ton of social media. I’m trying to keep it balanced, but I continue to get so much value from it.
I should be using PGP, but I don’t. While I do put sensitive communications into email, if it’s something I need to keep to private or secret, I just don’t put it there.
On the who, what, and how of online data collection:
It depends how you’re surfing. There are numerous ways to minimize the data that’s being collected about you, and it really depends upon what your approach is. When you log into your computer that is connected to the internet, you have an IP address that identifies that connection. If you want to mask that you can use The Tor Project or some protection with VPN, and you can get a web browser that gives you more options, such as the Onion Browser for the iPhone.
The average user may not even realize that there are cookies, much less that they have an IP address or that their actions on a given page are being captured. There might even be a super cookie that is installed on their machine that follows them from site to site -- that’s something that Google and Facebook do, something that all services dedicated to understanding what you’re doing do. And that’s just with regards to being in a given web browser. Just about every kind of electronic interaction creates those kinds of often very useful data generation.
The most powerful data is that which collected by your mobile device. Finding ways to control, shape, minimize data collected by those devices is actually pretty difficult. There’s certain types of collection that you can’t do much of anything about. I’m sure you remember iPhonegate, but that’s just not something the average person has much understanding about. Technology has advanced far beyond most people’s comprehension of it.
On the status of Do Not Track (which most of the top internet companies agreed to adopt by the end of 2012):
There’s been an ongoing process. I think that Mozilla supporting it will make a difference.
It’s not clear when a releasable standard DNT is going to come out. It seems to be that the advertising industry has slowed it way way down, which is not a huge shock. If the default is do not track, it puts the stakes very high for a lot of the industry. That doesn’t mean that it won’t happen, but I think it means that it’s going to result in bifurcation of what actually is out there.
I do know that there is a conversation with consumers that should be happening around this.
It’ll be really interesting to see whether Google and Microsoft have to compete on privacy. Given Google’s revenue is based on internet advertising, that company has a lot riding on this. Google’s position on many things has been more consumer friendly than a lot of companies’, so we’ll see what comes through.
The PRISM debate is serving the public just in terms of awareness. What happens when the details of who you talk to and how you talk to them and where you go are all available? What are the boundaries for that use? How do we give people better tools to be somewhat on equal footing with the powerful people using those capabilities?
Despite peoples’ lack of understanding, a public update on Facebook or Google+ or an unprotected Instagram is public. There’s no privacy protection for public speech. There are other kinds of protections for intellectual property, but a third party private service is not government--there are no First Amendment rights.
As we’ve seen with the Snowden case, the laws of the land allow the collection of communication through all the services. There’s certainly strong evidence that the NSA may have appliances at internet companies, may be harvesting information directly from telephony trunks, through fiber-optic undersea cables. Again, if you have a sense of history, this shouldn’t come as a gigantic shock--intelligence agencies are doing what their nation states want them to do.
if you have something to protect, you'd better take all reasonable steps to do so.
On the administration's stance on privacy rights:
It depends on which part of the administration we’re talking about. The Department of commerce was involved in putting out the Consumer Privacy Bill of Rights. The FTC--which has basically become the de facto arbiter on this kind of action given Congress’ unwillingness to act--creates a sense in the industry of what is acceptable or what isn’t. The result of which is that Google, FB, and Twitter are under audit for 20 years.
The challenge is that those kind of actions aren’t necessarily obviously being balanced out by the direction that massive electronic surveillance has gone in. Recent disclosures of the extent to which those powers are being used has a lot of people questioning.
We’re being asked to trust without being able to verify.
My sense is that there’s a constant battle between people who are strong advocates for privacy rights, but the president himself -- who says that privacy is being defended -- hasn’t moved to proactively have that conversation over the last five years. Even if the Patriot Act and the FISA Amendments Act predate the administration, the actions of the Justice Department and FBI under his eye are his to own. This administration has developed a framework for the execution of immense powers around surveillance, around drones that the previous one hasn’t, and deserves credit for that.
On millennials' privacy standards:
I think there’s a great fallacy that young people don’t care. I don’t think that’s the case. I think they’re more public about some things and more private about others, and they’re adept at moving between what’s public and what’s private and the dark spaces. They’ll use misdirection or they simply won’t use services.
I see this frustrating tendency for politicians to cite “well people are using Facebook to share information about themselves so obviously they don’t care about privacy.” That’s a profound misunderstanding--it’s much more important to understand what’s being collected about us than focus on what we are proactively choosing to share.
I think there’s a sense that people may be sharing information online but that doesn’t necessarily mean that they are comfortable with other people videotaping them having intimate relationships with someone else. They want to have protected space to have conversations with friends, and be able to indulge in flirting without it ending up on the equivalent of the cafeteria wall. There’s a different world we’re in, obviously, but there’s a real spectrum. It is true that the Pew Research has found that a pretty low percentage of teens are concerned with ads getting their data, but I think there’s an awareness that they’re living in a different environment. You can control what you put up about yourself, but you can’t control what other people put up about you.
The information that data brokers have on consumers is so much greater and more powerful than what we put onto these networks voluntarily, and we don’t have control over it. Giving consumers a right to view those data broker profiles and update them if there’s errant information is one of the most important things we can do in the 21st century.
Alexander B. Howard is a writer and editor based in DC. Previously, he was the Washington Correspondent for O’Reilly Media, where he chronicled how the intersection of technology, government and society was changing and why. Howard began his writing career as the associate editor of SearchCompliance.com and WhatIs.com, where he covered technology policy and nearly every aspect of enterprise IT.