We hear the words data breach, and we gasp in horror. Then we go on as before. There are so many leaks, it's hard to care. Is there any use protecting personal data? Perhaps the post-privacy movement had a point.
Excuse the cliché, but the devil is in the data. We hear about another Facebook "scandal," a government spy program, or some other abuse of our privacy rights, and we scratch our chins, musing, "Hm, that's really bad, we'd better do something about it." Then we hop onto our nearest and dearest social media feed to discover what we think. We read, we swipe, forget what we were so worked up about, play a trashy game, fall asleep and then wake up to do it all over again.
"This Facebook 'scandal' – the one we're hearing a lot about right now – we awarded them a BigBrotherAward for that in 2011," says Kerstin Demuth, a campaigner at a German data protection group called DigitalCourage.
The BigBrotherAwards, which originated in the UK, are what DigitalCourage call "negative" or "anti" awards. They go to companies, institutions and people who are considered to abuse other people's privacy and data "in a prominent and sustained way."
The latest round of awards were doled out on Friday, but Microsoft Germany won the grand prize for its handling of clients' data, with Facebook spared renewed focus.
"It's all been said," says Demuth. "We've already pointed out Facebook's evilness."
Indeed, why keep harping on about Facebook? A big target is an easy target, no matter how much you think it needs to change. And there are so many other, smaller, yet equally pernicious, evils in our hyper-connected digital worlds.
We wouldn't want to risk Facebook bashing fatigue, either, would we? So let's spread the likes … and dislikes.
Take my washing machine, for instance. There are four lights on the control panel that occasionally tell me I've done something wrong — used too much soap or that it's time to run a high-temperature load again to kill residual bacteria in the drum. It's useful information. While it can be irritating to have a machine wag a finger at you, I try to use these prompts as personal tips for me to get the most out of my machine. But all the information — my "wash history" — is stored, and the only people who can access it are the manufacturer's engineers.
So I had one of their engineers come around a while back, because water was leaking out of the soap dispenser. And the first thing he did was attach a laptop to an invisible sensor behind the control panel (the clue was the label "PC") to read off the data and tell me that I had over-soaped 43 times. Oh, how naughty I had been, I thought! Then I asked him for a copy of the data — my personal data — but he ignored my every attempt.
The company in question has since told me — in an email statement for this article — that the data are stored locally and not transferred back to them. So, okay, in that sense, my data are protected. But I still have no control over how the data are used. In this case it seemed the engineer was trying to find fault with the way I had used the machine to pin the responsibility on me for the busted soap dispenser. If my suspicion is true, it was an unfair tactic, as I had no insight into my own data or any means to interpret it.
This should worry me, and it does. But at the same time I'm convinced I'd have to dedicate all my waking hours to protecting my data wherever and by whom they are stored or used. So I try to get on with my life instead.
It's the same way I feel about personal pricing on the internet – the way that I and a friend could buy a product from the same website at the same time, yet on different devices, and pay different prices. I know we're being played, but how angry can you get, and how often?
Shots in a barrel
Well, the way DigitalCourage sees it, both big and small fish are fair game.
In 2017, the list of BigBrotherAwards winners (or losers) was as varied as ever. They included Germany's defense minister, Ursula von der Leyen, for "militarizing the internet" by establishing the Cyber and Information Space Command group; both the Technical and Ludwig Maximilian universities in Munich for their links to the online education platform Coursera; and the Turkish-Islamic Union DITIB, for allegedly spying on its members in the service of Turkish state authorities.
Plus there were some players you may never have heard of, and "the reason they qualify," says Demuth, "is that their business model might be[come] more prevalent."
Germany's defense minister, Ursula von der Leyen, couldn't get out the line of fire during the 2017 BigBrotherAwards
"Last year we awarded a small company in Germany called Prudsys," she says. "They sell software that facilitates price discrimination in online stores, and that is something that might happen more often in the future. So it's a warning call to people who want to make a business model out of this, because it undermines basic rights."
What basic rights?
You would have to be a cynic like me to think such warnings fall on deaf ears. But if you are a cynic, you may well wonder, like me, whether it's time to give up trying to protect privacy altogether.
"It's a pity if people give up [this] basic human right, because there are good reasons to have a right to privacy. It can be hard to protect your privacy if you just want to do normal things on the internet," says Demuth, "but it's worth it because behind that there are other rights. Like, for instance, going to a demonstration and being watched — if you'd rather your employer didn't know — or being scared of some kind of oppression. And so you would decide not to go. But you would have a right to express your political opinion."
When we talk of basic rights, it implies we've had them forever. But ask people in the post-privacy movement, which had its heyday about eight years ago, and they will tell you privacy is a relatively new concept that grew with cities and prosperity, and with the idea of doing things in the "privacy of your own home." So there's no birthright to privacy.
A German writer called Christian Heller pedaled this theory in a 2011 book called "Post-Privacy," and he was right — up to a point. But I'd say language was also a relatively new concept in life's evolution on Earth, so you could argue in favor of scrapping that as well. Only, how would you write books then?
The second point they made was that privacy can trap individuals or groups and lock them out of society. A favorite example was that of the LGBT community —that by living openly, they had forced society to "adjust its tolerance levels," as Heller once put it, rather than the community conforming to society.
"I think the [LGBT] community benefitted hugely by putting themselves out there, by making themselves real. You could no longer say, 'gays don't exist.' They do, there's a lot of them, they're a part of society, and they have rights," says Tante (a.k.a. Jürgen Geuter), a computer scientist and a member (along with Heller) at Die datenschutzkritische Spackeria. (Very rough translation: 'The data-privacy-critical dorkery.')
Attending a gay pride march in Turkey can be dangerous, but it may "force tolerance levels to change"
This idea of getting out there bleeds into the idea of transparency. I'm not talking transparency like in Dave Eggers' book The Circle, but about using transparency to break social taboos to empower people. Heller was once vocal on transparency, but declined our request for an interview, saying he had grown bored of the topic and that he was less sure now about his earlier thoughts on transparency and democracy "going hand in hand."
Tante, however, suggests that with growing levels of inequality, transparency can still have meaning if we adapt our ideas of privacy to allow, for instance, an open discussion about wages.
"The only people who profit when wage distribution is not public knowledge are companies," says Tante. "They can push your wages down if you don't know what an hour of your work is worth elsewhere."
An illusion of control
The key in all this is who controls the data — like with me and my washing machine. Yet that is where things get sticky.
"This whole idea about the individual being in control of their data is an outdated concept," says Michael Seemann, a researcher and author of Digital Tailspin: Ten rules for the internet after Snowden.
"And the notion that 'information is self-determination' is an illusion. We're all obliged to recreate the illusion whenever we click 'OK,' but the illusion doesn't solve anything."
Seemann is another veteran post-privacy activist. And, like Heller and Tante before him, he is keen to point out that things have changed over the past eight years. But Seemann sees a renaissance in the offing for the post-privacy movement, perhaps a post-post-privacy movement — especially with the emergence of the European Union's General Data Protection Regulation (GDPR).
What is data protection anyway?
There's still a feeling, though, that our concepts of privacy and data protection — even in terms of the law — get conflated and misunderstood.
Activists like Tante say we still need to re-think privacy, which is not what it was before the digital networked society
"[Facebook CEO] Mark Zuckerberg keeps saying the user should be in control, but it doesn't solve any of the issues. If you go back to the Cambridge Analytica case," says Seemann, "everything they allegedly did — and I have my doubts… [T]heir making psychological profiles and correlating them with 'likes' could have been done with anonymized data, and then we wouldn't be talking about privacy at all. But everyone thinks this is about privacy because of the way we've been taught to think about privacy and data protection as ideologies."
Read more: Russian court blocks Telegram messaging app
Today, Seemann is a critic of some aspects of data protection. He says there is every chance they will bore down to the bloggers who, for instance, embed YouTube videos or use Google Analytics. Doing that might expose them to the same rules as a Facebook, and for the first time those rules might even get enforced. But no one would say "we don't need data protection at all — it's still good for protecting individuals against the state," says Seemann.
And it stands to reason. Even post-privacy types use encryption software and carefully select what they post in public.
So things have become more "nuanced."
"The post-privacy spectrum isn't as homogenous as the term might make it look," says Tante, even though he tends not to use the term anymore. "I think there's value in publishing data about yourself, especially if you think of society as us all working together. But you don't have to publish everything, because that can open the door to a lot of discrimination."