Fifty years ago last year, the US government first proposed a “data center.” Not only was this surprisingly close to the data centers of today, it caused an outcry over a privacy invasion with strong resonances today. In 1965, the government proposed creating a National Data Center, which would centralize statistical data from Federal bodies. The data would be kept on magnetic tapes so it would be easy to refer to.
Almost forgotten now, the proposal caused a huge storm in Congress and amongst the public, who felt such a thing would infringe their privacy, and was eventually abandoned in 1968.
This sounds a little like the arguments over the NSA’s ability to snoop on electronic communication, but it was actually quite a different debate. I first heard about it in an article from EMC, which states: “The original proposal inspired a great deal of Big Brother-esque debate, and accelerated our collective awareness of matters of privacy and control,” before concluding that today’s consumers are sophisticated enough to accept a privacy trade-off, and now “expect that the organizations they interact with will use data to understand them better and serve-up more accurate and efficient user-experiences.”
Well, that’s exactly the message you’d expect from today’s computer industry. But the full story of the Federal Data Center is well worth looking into.
Kraus says the Census Department was handed the job of developing the data center proposals, and stumbled unawares into a massive privacy row. The proposal progressed through various levels of committee reports, after Yale economist Richard Ruggles’ report in April 1965 suggested the data center should “have the authority to obtain computer tapes produced by other agencies,” and aggregate that data for research purposes.
The idea caught the attention of Lyndon Johnson, who commissioned the committee that proposed the data center.
The committees working on the idea knew that data was given to the government under a pledge of confidentiality, so it should be “disguised” (anonymized) and aggregated so confidential data wouldn’t be disclosed.
But this was the 1960s, a time of “lie detectors, psychological testing [and] background investigations of job applicants,” says Kraus. The academics proposing the idea got lambasted in Congressional debates by representatives who saw this as a “total information system” which would compile dossiers on individuals.
Even if that wasn’t in the initial proposal, Cornelius Gallagher, Democratic representative for New Jersey, warned: “our concern is what an innocent statistical center could turn into as the years roll by and pressure mounts to program into the computers more and more information on individuals.”
Congress feared that even an innocent data center would be plagued with errors and distortions, and open to misuse, accidental breaches through remote access and outright violations of privacy rules.
The public debate got even more heated. It was denounced by the Daughters of the American Revolution in 1967, and other bodies weighed in.
In a sermon in Washington Cathedral, Canon Michael Hamilton supported the idea of creating the data center, “for not to do so would be to lose faith in ourselves as a nation and in the flexibility of our political system to adapt creatively to change.”
Meanwhile, Rabbi Norman Lamm said “the whole sense of Jewish law and universal morality must reject such a plan as abhorrent.”
In August 1968, the House Special Subcommittee on Invasion of Privacy strongly recommended that the creation of a national data center be postponed until the technical requirements for protecting privacy could be fully explored.
EMC clearly feels we’ve worked it all out, but it seems to me we have just come to accept that big data sets will be collected and used and there’s not much we can do about it.
It also seem to me, as I try not to look at the US election roadshow, that the quality of political debate hasn’t progressed much either.
The privacy crisis is a disaster of our own making – and now the tech firms who gathered our data are trying to make money out of privacy
Friday 4 March 2016
For privacy advocates, the Apple-FBI standoff over encryption is deja vu all over again.
In the early 1990s, they fought and won a pitched battle with the Clinton administration over the Clipper chip, a proposal to add mandatory backdoors to the encryption in telecommunications devices.
Soon after that battle was won, it moved overseas: in the UK, the Blair government brought in the Regulatory of Investigatory Powers Act (RIPA). Privacy advocates lost that fight: the bill passed in 2000, enabling the government to imprison people who refused to reveal their cryptographic keys.
The privacy fight never stopped. In the years since, a bewildering array of new fronts have opened up on the battlefield: social media, third-party cookies, NSA/GCHQ mass surveillance, corporate espionage, mass-scale breaches, the trade in zero-day vulnerabilities that governments weaponise to attack their adversaries, and Bullrun and Edgehill, the secret programmes of security sabotage revealed by whistleblower Edward Snowden.
Who really cares about surveillance?
The first line of defense for surveillance advocates – whether private sector or governmental – is to point out just how few people seem to care about privacy. What can it matter that the government is harvesting so much of our data through the backdoor, when so many of us are handing over all that and more through the front door, uploading it to Facebook and Google and Amazon and anyone who cares to set a third-party cookie on the pages we visit?
Painting the pro-privacy side as out-of-step loonies, tinfoil-hatted throwbacks in the post-privacy era was a cheap and effective tactic. It made the pro-surveillance argument into a *pro-progress* one: “Society has moved on. Our data can do more good in big, aggregated piles than it can in atomized fragments on your device and mine. The private data we exhaust when we move through the digital world is a precious resource, not pollution.”
It’s a powerful argument. When companies that promise to monetize your surveillance beat companies that promise to protect your privacy, when people can’t even be bothered to tick the box to block tracking cookies, let alone install full-disk encryption and GPG to protect their email, the pro-surveillance camp can always argue that they’re doing something that no one minds very much.
From the perennial fights over national ID cards to the fights over data retention orders, the lack of any commercial success for privacy tech was a great way to shorthand: “Nothing to see here – just mountains being made from molehills.”
And then ... companies started selling privacy
But a funny thing happened on the way to the 21st century: we disclosed more and more of our information, or it was taken from us.
As that data could be used in ever-greater frauds, the giant databases storing our personal details became irresistible targets. Pranksters, criminals and spies broke the databases wide open and dumped them: the IRS, the Office of Personnel Management, Target and, of course, Ashley Madison. Then the full impact of the Snowden revelations set in, and people started to feel funny when they texted something intimate to a lover or typed a potentially embarrassing query into a search box.
Companies started to sell the idea of privacy. Apple and Microsoft sought to differentiate themselves from Facebook and Google by touting the importance of not data-mining to their bottom lines. Google started warning users when it looked like governments were trying to hack into their emails. Facebook set up a hidden service on Tor’s darknet. Everybody jumped on the two-factor authentication bandwagon, then the SSL bandwagon, then the full-disk encryption bandwagon.
The social proof of privacy’s irrelevance vanished, just like that. If Apple – the second most profitable company in the world – thinks that customers will buy its products because no one, not even Apple, can break into the data stored on them, what does it say about the privacy zeitgeist?
The privacy catastrophe has only just begun
Seamlessly, the US Department of Justice switched tacks: Apple’s encryption is a “marketing stunt”. The company has an obligation to backdoor its products to assist law enforcement. Please, let’s not dredge up the old argument about whether it’s OK to spy on everyone – we settled that argument already, by pointing out the fact that no one was making any money by making privacy promises. Now that someone is making money from privacy tech, they’re clearly up to no good.
The smog of personal data is the carbon dioxide of privacy. We’ve emitted far too much of it over the past decades, refusing to contemplate the consequences until the storms came. Now they’ve arrived, and they’ll only get worse, because the databases that haven’t breached yet are far bigger, and more sensitive than those that have.
Like climate change, the privacy catastrophes of the next two decades are already inevitable. The problem we face is preventing the much worse catastrophes of the following the decades.
And as computers are integrated into the buildings and vehicles and cities we inhabit, as they penetrate our bodies, the potential harms from breaches will become worse.