Imagine you are trapped in a forest fire, surrounded by burning trees and thick toxic smoke that makes it difficult to breathe and see. Would you mind if the government or a private business used the geolocation data from your phone to locate and rescue you?
This is the scenario envisioned by the Australian government when they developed the National Emergency Warning System (NEWS); a system that allows state authorities under the national emergency act to use personal geo data from cell phones and other mobile devices to track an individual’s exact location. This example touches on the ways in which governments and state authorities have the power to suspend data privacy laws during times of crisis.
There’s certainly no smoke or flames driving the current global health situation, but we are seeing a lively public conversation about personal freedom, individual privacy, and national security. As states around the world race to contain the pandemic, many are deploying and developing digital surveillance tools as a means to plank the curve and ultimately steam the tide of the virus.
While many people are willing to see the temporary suspension of liberties by governments, there is an increasing public concern about how far-reaching these measures will go—and their future implications. Many fear that if they give an inch, authorities will take a mile, and that the ratcheting up of surveillance to combat COVID-19 at a global scale could permanently open the doors to more invasive forms of snooping and state surveillance later.
In moments of widespread uncertainty, like the one we currently face, people are more willing to see the temporary suspension of certain freedoms. However, such willingness is far from uniform and is almost always quick to recede once people adjust to the new circumstance.
When it comes to data and surveillance, what matters most to us is who is using it—and why.
In a July 2018 survey of US consumers by SAS, people were asked which industries they trusted most to protect their data. Healthcare (47% confidence) and banking (46%) are at the top, followed by government agencies (29%), energy companies (21%), internet and cable providers (20%), retail (18%), travel companies (16%), and social media (14%).
73% of survey participants reported that they are more concerned about their overall data privacy now than a just few years ago. 64% said they feel their data is less secure today than it used to be.
Baby boomers exhibited the most concern about their data privacy (78%), trailed by Gen Xers (72%), and millennials (66%).
Identity theft ranked highest as the primary concern across all the respondents, followed closely by financial fraud, personal data being sold or shared without consent, misuse or inappropriate use of personal data, and government surveillance.
Interestingly, our attitudes about the privacy and security of our personal information pulls apart from our actual behavior. This is evident in the way that we routinely agree to contracts that we don’t or can’t fully understand. We tend to make decisions based on our shared cultural value—the assumption that our personal information is private—rather than actually knowing the full implications of the terms. Our decisions are often driven by assumption, at least in part, because we can’t decipher the hyper-specialized jargon.
This is particularly true in the digital space, where we are quick to scroll through the agreement and check the box in order to access services.
After a collective experience of a breach in trust, we don’t always fully change our behavior. Facebook, for example, remains a popular platform despite many such breaches. What does heighten, however, is doubt. We become more aware and careful about our data shadows—the small traces of information that we leave behind in our everyday activities.
We know a thing or two (or five) about how people choose whom to share their personal data with.
Most importantly, we consider who will benefit from the data. We’re more likely to suspend certain freedoms if we perceive it to be in our best interests, or in the interests of the greater social good.
We know that consent is important. We want to be asked, and are more likely to allow vendors or business access to data when we feel we’ve been consulted.
We go with the flow. We know that people are more likely to consent to data collection if everyone else is doing it. We tend to push back when we feel data collection is being enforced. Voluntary compliance results in greater compliance.
Overall, we tend to be more cautious when signing a written agreement as opposed to just checking a box. Written contractual agreements give us time to reflect and reconsider, and they feel more permanent.
Since the 1970s, governments have been gathering greater knowledge of their people while keeping their own activities a mystery. Part of this shift has come from leaps in surveillance technologies, and part of it has been triggered by key events.
Authorities used 9/11, for example, as the rationale to collect more and more personal information in the hopes of discovering evidence of terrorism. Governments around the world began expanding their surveillance programs very quickly.
But—citizens are now fighting for their data. Advances in encryption technology have changed the game. Authorities trying to access personal information at will are running into brick walls, and they’re realizing that technology can work against them, too. They’re calling for the creation of “backdoors” into encrypted content, and the people are not having it.
On one hand, our devices improve our lives dramatically. On the other, they have the potential to sell us out to subversive surveillance.
While very few of us may be terrorists, all of us will require healthcare at some point in our lives. What happens when the devices that track our sleep patterns, our daily activity levels and the symptoms we Google release our medical data to our insurer or employer?
People are rightfully reluctant to give up this advantage.
Ten years ago, Ann Cavoukian—Ontario’s former Information and Privacy Commissioner—introduced the concept of Privacy by Design.
“We as a society have the innovative ability to build systems that protect both privacy and public safety while allowing business interests to flourish. As freedom-loving societies, we must dispel the commonly held view, held by governments, businesses, the media and the public at large—that one must choose between privacy and public safety.”
The goals are threefold:
First, to educate politicians, businesses, the media, and public that we can and must engineer systems to protect both privacy, and other interests.
Second, to foster technology innovation in academic institutions around the world that will allow privacy and public safety, as well as privacy and business interests such as Big Data and data analytics, to be achieved without sacrificing either.
Third, to develop policy templates which will articulate how privacy is to be applied in the new digital age for different government and business segments, and the oversight these institutions should fall under.
To recover economically from COVID-19, we will need to rapidly innovate across industries. Ann Cavoukian concludes that innovation is driven by risk, which we are less likely to take if we feel like we’re constantly being watched and monitored.
A sense of privacy and freedom is an important driver for economic prosperity. It’s essential for building and maintaining a thriving and creative society.
While we need the ability to rescue our citizens from the proverbial fire, it is in nobody’s best interest to overreach. In the end, the goals of privacy and safety are one and the same: prosperity for all.