The digital Pharmakon
Constantin Vica: Let’s start by clarifying our terms of reference. What do we mean by “privacy”? Unfortunately the Romanian language does not offer a suitable translation for this concept: it can mean both intimacy and an individual’s representation as a person – his or her identity and reputation or “what we want others to know about us”. In French the term is translated as vie privée (private life), while in German it is rendered as Privatsphäre (private sphere). Since the initiation of Web 2.0 – the interactive web that has enabled social networking such as on Facebook, hi5, mash-ups, Google Street View and so on – we have witnessed an ontological shift. During the 1990s, anonymity was the rule in this environment but in 2010 displaying one’s identity has become more or less the norm. Facebook, among others, has speeded this change. The anarcho-libertarian discourse of the 1990s has been replaced by that of the “profile”: what is your online profile? Who are you? What do you want? How do others relate to you? What do others want to know about you?
And yet, what do we mean by “online privacy”? I am thinking first about the personal details – date of birth, Social Security Number, etc. – that states and companies collect during the transactions we perform. There is well-developed legislation, especially in the western world, which covers these aspects. But there is another type of information that almost all websites collect – through the poisoned cookies they dump into our computers – for the purposes of marketing. Google or Yahoo! know where you are, what sites you have been on, how long you spend online and so on, and they are, therefore, able to target advertising and information and dictate your lifestyle.
Cristian Ghinea: What I find paradoxical is this: people are absolutely obsessed with their privacy when dealing with the state or companies which may encroach on their private sphere, but they willingly leave that same private sphere open to intrusion from others online. Let me give you some examples. Remember the scandal surrounding the European Data Retention Directive. It was nicknamed the “Big Brother Directive” by the Romanian press and was subsequently ruled unconstitutional by the Romanian Constitutional Court. But the police and secret services who supported this directive offered as evidence the investigations held after the Madrid and London attacks, and argued that being able to reconstruct the suspects’ social networks – i.e. who they had spoken to on the phone, who they had exchanged emails with – had been essential for them. Bit by bit, they were able to reconstruct the terrorist network.
This logic led to a European directive whereby states oblige communication companies to retain such data for a certain period so that prosecutors and police can ask these companies to reveal whom X spoke to or with whom Y exchanged emails. Two important clarifications: first, access to this data should not be possible except with a warrant and only for serious crimes such as terrorism or kidnapping. Second, we are only talking about communication-related data – numbers called, email addresses – rather than tapping conversations or having access to email content. People have been annoyed by this directive and have organized European campaigns gathering millions of signatures against it; the German Constitutional Court has rejected it and so has Romania.1 I can understand this indignation: we have a right to be suspicious of the state, even when the latter is trying to prevent a greater evil. However, I do find it ironic that we get into such a panic when the police try to reconstruct some social networks after the event while we willingly join fairly transparent online social networks.
Here is another example of the same paradox: CCTV cameras in London. I must confess they didn’t bother me at all. I even liked the idea that, in the urban jungle that cities have become, there are public places in cities such as London where I feel more secure because others know they are being filmed. I understand people’s indignation and the numerous articles expressing worry and concern about Big Brother watching over London – the metaphor is over-used; these days any idiocy can turn into “Big Brother” – and it’s good that the state should always feel controlled by public opinion. On the other hand, this indignation becomes paradoxical when you see how many images and pictures of themselves people willingly post on the Internet (YouTube, Flickr, Facebook).
CV: I don’t think we are dealing with a paradox here but certainly an asymmetry: studies have shown that people more easily release information about themselves in an online rather than offline environment. But the asymmetry is also present at another level: if we choose to expose ourselves on the web, in the case of traffic data retention and CCTV surveillance we are chosen against our will (on the web, too, we can be exposed against our will).
I see two different categories of traffic data retention and video surveillance. The limits set by law in the first category give the impression that everything is under control. But this is the problem, nothing is under control: just as the police can have access to this data (sometimes for positive purposes), so can somebody else with the technological wherewithal. It is accessible. A second problem is that of rationality. First, is it reasonable for a person to be monitored without any direct control over the data, without feedback? And, second, is it rational to collect so much data instead of focusing on the suspects themselves? By the way, why are we paying so many secret services from our taxes when everything is supposed to be transparent, when there are no more secrets?
With respect to surveillance cameras, I have two counter-arguments. The first one is libertarian in origin: those states that place the security of the majority over the privacy of the individual open the road to totalitarianism. The security discourse, which was reinvented under George W. Bush, gives rise to panic, fear and suspicion, which destabilize communal life and the public space. On the other hand, you cannot oppose privacy to security: liberty means security and control over information, which is fundamental to autonomy. Placing the emphasis on one to the detriment of the other leads to the annulment of both.
The second counterargument is that of the panopticon: extending the surveillance of high-risk environments (e.g. prisons) into the open social space turns the latter into a high-risk environment itself – where aggression rather than cooperation is expected. We are all subjected to the same level of monitoring, we are all virtual suspects. I belong to the category of people who feel intimidated by surveillance cameras. There are also those who feel comfortable with them. But how comfortable can you feel when these devices expose you to unknown individuals who cannot be controlled, when not only the state but thousands of other entities control you? Every time you get on a bus or take the underground in Bucharest you are under double surveillance: by cameras and through your electronic ticket card. These two technologies together can reveal a lot more about you than you would like. Abuse can be committed not so much by the public transport company itself as by some security agent trying to follow people for any number of reasons. Furthermore, we find nothing on their website about their confidentiality policy, despite the fact that they handle a good deal of personal data. I really don’t trust them: they are hardly capable of providing transport, let alone handling data safely.
I agree with you that the Big Brother metaphor has become thoroughly hackneyed by now. It never comes alone, though, it is always packaged together with the Kafkaesque metaphor of The Trial. And if everything is placed within the anti-terrorism discourse we merely amplify the evil that we westerners have caused ourselves by letting dubious characters such as Bush or Putin declare war on terror, simply because their governments’ policies have stirred up anti-western sentiment in the first place.
CG: Well, there are many provocations I would like to respond to, beginning with this last one that Bush and the West are to blame for terrorism, that the world used to be a peaceful, calm and quiet place until the West spoiled it, and that terrorism is merely the answer to bad policies. In which case I gather Obama will redeem us from this problem, it’s so simple after all.
But we don’t need to go into further detail. Our differences are clear: I believe the anti-state paranoia on this subject is unjustified, you hold that the state should have its knuckles rapped and that any kind of surveillance is bad. So I will move on to another theme: from personal data to life on the Internet. I asked Facebook readers of Dilema veche a few questions on the subject and one of them sent me the episode from South Park that features Facebook. In it, a kid ends up fighting with his own avatar, which raises the question: who is stronger, the real person or the Facebook image?
CV: No one will redeem us from anything. I was not arguing that Bush or Putin are to blame for terrorism (I was thinking about the latest attacks in the Moscow underground, which were covered by surveillance cameras), but rather that the imperialistic overtones of their foreign policies have amplified the aversion felt toward our world, an aversion which has a long history. They have both used the “terrorist threat” to reduce their citizens’ autonomy.
“You have 0 friends!” is undoubtedly a memorable episode of South Park. There is a kid in it who has no online friends and is very sad. And there is another one who fights with his online profile, his persona. This is the place where divergent theories meet head on: some hold that an individual and his or her online representation – through their avatar, personal photos and preferences, etc. – are identical, others that individuals are a sum of “roles” and have plural identities. I tend to agree with the latter: we perform a certain online identity which changes with time, just as parts of our person in the corporeal, physical world do. But I am not identical with my Facebook account and my Yahoo! address. They are sides to my persona, digital extensions, and I cannot equate myself with or reduce myself to them. Through them I fulfil a social role. In the episode you have cited it is interesting to watch (Eric) Cartman, who turns Facebook into his platform for communication and entertainment – he has his own videocast. Cartmans can be found throughout online marketing, in all the visionaries who preach about the power of the Net and how important it is to be connected, in all those who want to make money from the web. For Cartman there is no separation of public and private, which is why he arrives at the ultimate stage of self-exposure: Chatroulette.
We therefore arrive at the problem of revelation: how much do we want people to know about us? To what extent is it reasonable to consider an act private on a social network (we are searching for limits)? How much control do we have over these representations when they are not made available by us? These fall under the umbrella which Jonathan Zittrain called “Privacy 2.0”, or the private sphere within the public world. This umbrella bears other names too: identity management (horribile dictum) or reputation-building. Sometimes we arrive at extreme cases such as the one in 2008, when a Muslim father from Saudi Arabia killed his daughter just because she was on Facebook. Another aspect of the private sphere taken tel quel from the world of writing is the secrecy of correspondence.
Neither Internet providers nor governments or other entities should be given the right to inspect the information packages circulating on the Net. Unfortunately, this desirable goal seems utopian now. If I were a classic liberal, I would say that an individual’s autonomy is impossible without privacy. If I were a communitarian, I would accept that privacy is not a universal right, being contingent upon the political culture of a given society. Neither of these positions tells us everything: personal autonomy is needed even on the Net, but it is especially on the Net that the private sphere is being continuously negotiated.
CG: But how is it negotiated? And between whom? I think there is serious actual discrimination between those who know how to play with these Internet toys and others who don’t. There are people, like myself, who are no technology buffs and who always find themselves exposed to intrusion from those who know what to do with these devices. I was shocked when I found out that there is a piece of software that can allow someone to monitor my Yahoo Messenger. Similarly, from what I hear, cracking email passwords has become a doddle for those who are technologically skilled. So, how can I, as you say, really negotiate the private sphere when it is so complicated to decide my Facebook privacy settings, when I can be monitored on my Messenger, violated on my email, and not by the state but by fellow Net users who are more skilled than I and who don’t even seem to think that they are doing anything wrong. They are just playing: “It’s only the Internet, there’s nothing serious here is there?” So who negotiates what?
CV: Your disaffection is justified. Every technological leap creates a division between those who are skilled and those who are not. Obviously communication and information technologies can be understood and explained to almost anyone, they can be learned. But there will always be a “digital gap” between experts and neophytes. Some argue that knowing these technologies and their applications is a moral and social obligation. Philosopher Mihail Radu Solcan has noted that there are two ethical routes one can follow: the cautious one – I am only using the technology, I am not trying to change it – and the skilled one – any new device or machine is a space for playing and experimenting with the risk that I will make errors from which I shall learn. Someone can monitor your Yahoo Messenger or break into your electronic correspondence address only if the system you work on is not secure. Obviously, the best hackers can crack any secret on the Net but not any kid can. This is a deep problem: we use systems that lack total security and control, which are technically impossible to achieve, in order to allow for development and innovation.
The generativity of the online world, which Zittrain has written about, is like a pharmakon: it can be poison or cure, venom or remedy.
The design of web technology, through its very nature, allows for the zero-cost transfer of information, its duplication, etc. If we want total protection of communication it will not be easy to achieve it online. We willingly connect to the Internet so maybe we should assume its limitations. If we want total security, we learn how to encrypt the communication channel: we do not send personal messages to anyone, we surf online anonymously; we do not allow anyone to get data about us, we have our own email server and use many proxies through which we can disappear without a trace; we do not do online transactions. It is possible but we would be missing the advantages of this medium. It is as though you were to send a letter by an invisible plane that deletes itself once it has been read. It is not feasible but it is possible. What is feasible is to use operating systems that can withstand attacks (e.g. Linux distributions), have secure and encrypted communication services (for which the company will assume the risks and pay for damages), and access only “clean” websites (without allowing cookies to be stored).
CG: You are a typical representative of the caste who knows what technology is all about and has no empathy with neophytes. What I’m afraid of is not so much the state as those individuals who are better at violating someone’s privacy, and all you say is, “Use proxies and Linux distributions or don’t use the Internet at all”. I haven’t a clue what a proxy is and Linux could be a cat for all I know. What’s more, I claim my right not to know, to treat the Internet the way I do a car engine: I don’t need to know how the car is made so I can drive it, and I don’t need to know about Linux so I can use the Internet. I want laws, tough laws that can defend me. I want to see those kids who break into email accounts for fun go to jail. I want to see the police slap spam-mailers with a fine, and so on. I want the Internet just as regulated as real life.
CV: As far as I’m concerned, even though its mascot is Tux the penguin, GNU/Linux is indeed a cat who purrs away nicely and protects the house from evil spirits! There are all sorts of feasible scenarios to suit you, with which you can defend your privacy by spending very little of your time and using free tools and knowledge which can be acquired in a few hours. The Internet is made up of a whole host of knowledge communities: you do not need to know anything at the beginning because you can find out from your fellows. The web is a technological pharmakon, the venom is based on the same prescription as the cure.
The complicated scenario of mega/para/super-encryption suggested above is not feasible for those tempted by the neo-Luddite community. Steam engines eventually vanquished the nineteenth-century Luddites. Computers will do the same. Don’t side with the Luddites!
It’s all very simple, especially since the state is on your side. The latter has hyper-regulated the Internet. First of all, all offline laws apply online as well. To which you add those specific to digital communication. Just as the state cannot guarantee that a more zealous postal employee won’t read your mail – but protects you in the event of that happening – likewise it cannot guarantee that some kid paid by a political party won’t break into your email account. You are not vulnerable by default but are constitutionally defended by the state: that kid, once he or she is found out, is an IT criminal who will be sent to prison. Everything is regulated, from e-commerce to personal data. They have already started to impose fines for sending spam, the situation is under control. Asking the state to defend you without being under attack, to turn the Internet into an environment which is 100 per cent secure, is like asking for a police officer to be based in your own home. China has managed just that. And why should you wait to be attacked when together we can make such attacks improbable through standards and dialogues like this one?
I do not accept the technological determinism which holds that we have lost all right to privacy, that privacy is no longer a social norm, that this is it: we are all connected to everything, information is the flux which has swallowed us, the Internet is a dangerous collective memory. I prefer to believe, perhaps in a utopian fashion, that the match is still on and that players are getting better and better.
- On the ruling of the German Constitutional Court and the "Europeanization" of the data privacy campaign, see: Ralf Bendrath, "From Karlsruhe to Brussels", first in Blätter für deutsche und Internationale Politik 4/2010.