Over the past two weeks, I have written about the “surveillance state,” exploring how close we are to the concept of a true “Big Brother” watching our every private moment. If you want to catch up, you can read those articles here and here. But the TL:DR version is this — our fear of true government surveillance in the Western world is fairly overblown. But corporate surveillance is real and far more pervasive than you may realize.
So what are we going to do? While big tech companies tout that the reason they collect so much data about our daily lives is to provide us better services, the sheer magnitude of data collected and breadth of where companies can gather data is cause for concern. Recent advances in AI-enabled camera and microphone technology takes us from concern to alarm.
First, let’s look at things you can do that are already in your control. There are a number of common tools and practices that can help protect your privacy in the digital space. Because browsing and internet communications are done through devices, you can protect yourself with fair effectiveness by using the right digital tools.
● Use a Virtual Private Network (VPN) to hide the IP address of your device. This keeps services that you browse to from knowing what specific device is being used (and if that same device has browsed there before, for example). A VPN will also encrypt your internet traffic, offering further protection.
● Select software that is designed with privacy protection as a core feature. Browsers like DuckDuckGo and Tor are two examples that block most data tracking methods. Browser extensions like uBlock Origin and Privacy Badger stop trackers and ads.
● Enable DNS-over-HTTPS or DoH. This sends normal DNS (Domain Name Server) queries as HTTPS queries instead, encrypting the DNS requests and hiding them within normal internet traffic. Your internet browsing is much more difficult for 3rd party companies to ascertain.
The good news is that using the right tools can get you a lot of the way towards protecting your digital privacy. The bad news is that the biggest rise of “corporate surveillance state” data collection is being collected in the offline world, not through our browsing sessions. How do we prevent that? It starts with education.
Understand what data you share
If you want to protect yourself, start by reading the user agreements for any software or apps you install on your electronic devices. You’ll learn a lot about a company’s intentions for your data by reading these documents. Generally speaking, language like:
- “3rd party sharing” means your data is probably being sold for profit, usually to marketing companies that want to target you with ads.
- “to improve our services” is a really broad statement that implies your data could be captured for any reason. A famous example is that video meeting platforms recorded and stored the audio of private conversations, without express consent, to train AI for future closed-captioning feature development.
- “Aggregated or anonymized data” sounds benign, but implies that companies are absolutely collecting your data and likely sharing it.
- “Device information” means a company is not only tracking how you use their software, but they’re interacting with your hardware to capture specific information about it.
- “Updates to privacy policy” is another broad clause giving companies freedom to change their data collection practices without explicit notice to users.
- “Opt-out clauses” give a user control over data collection, but imply that data collection is the default. Be careful with these because some apps market about user control over data collection, but default settings are to the contrary.
Control your sharing settings
Once you understand how companies are collecting data, go to your application settings and turn off collection you don’t need.
- Location-collection is one of the most important. Turn off GPS or location tracking for any application that fundamentally doesn’t need it.
- Regularly review and adjust your privacy settings. Each time software updates are make to apps, it is a good idea to check to see what changes have been implemented.
Data privacy requires policy changes
Set good habits from the start. If you want your children to be privacy-literate, then behave like you want companies to behave. Don’t track your children’s device location or usage. If you do, you’re setting an expectation from a young age that being tracked is a healthy behavior. Your children’s privacy should be as important as your own. Trust them to make good decisions as young people and they’ll carry those behaviors into adulthood – and hopefully into the workforce where they’ll challenge questionable ethics when they encounter them.
Despite our best online and software hygiene practices, there is very little we can do to prevent the rise of AI-enabled camera and microphone surveillance in our homes and in public. To stop the flow of unauthorized private data collection by corporations, we need government intervention. While I’m doubtful we will see many (or any) of the below suggestions implemented, here are a few thoughts on regulation and policy changes that would help consumers.
● Require notification – Each instance that your data is shared with a 3rd party, you should be informed of what specific data was shared and who it was shared with. Giving consumers a transparent understanding is the first step.
● Equate personal data with proxy data – I have previously discussed how companies use the movement and use of our devices as a proxy for movement and activities of ourselves. We need to close this loophole which allows companies to track people while claiming they’re only tracking hardware devices.
Tom Snyder: Mobile devices deliver our data, our ‘proxy selves,’ whether we like it or not
● Enforce ethical lapses – When a company is caught capturing data inappropriately, hold them legally accountable to a greater degree than we see today. Make unauthorized data collection akin to physical crimes like trespassing (data collection in your private location) or mail theft (capture of private conversation). Even misdemeanor crimes in our analog world carry 12-18 month prison sentences and fines of $1000+. Hold corporate executives to similar weight penalties for digital crimes, multiplied by the total number of affected users. White collar crimes are far too lightly enforced today.
● Require data transience – The federal government requires camera usage to be limited to the site of the camera only. We should regulate companies to that same high standard. Images captured are analyzed and used for an immediate use case and then the data is deleted. In this way, cameras can search for weapons or contraband or for specific people (with a warrant), but everything else captured in the video feed is immediately lost. When we allow video or audio recordings to be stored for future use (or even for AI training) we imply the privacy rights of people caught in those feeds is secondary to corporate interests.
● Minimized or Purpose-limited data policy – Disallow companies from collecting any data that is not absolutely required to deliver a stated product or service.
● Right to Erase – give consumers the right to request their data (including biometrics like face recognition) to be deleted from corporate databases.
● Ban Biometric Data – Disallow the use of biometric data, like facial recognition, in public places. And create a labeling system for private businesses to advertise they are biometric data-use free locations, similar to how they today label whether they allow guns on premises or not.
Ultimately, the above suggestions are a step forward but probably not enough. To really reduce the corporate surveillance risks, we need to look at much more radical solutions. There is absolutely no political will to break up big tech companies, but if I had a magic wand, that’s where I’d start. Big companies have become incredibly vertically integrated, across multiple industries. Communications companies are also content creators. Search companies also sell hardware devices. Operating system companies also sell applications.
Until we break companies into separate, constituent parts, and move from proprietary platforms to open systems (like how the internet was first architected), we’ll continue to be surveilled by big tech.
The post Tom Snyder: It’s up to you to protect your data first appeared on WRAL TechWire.
