San Francisco, CA—At the risk of committing a thoughtcrime, it’s hard to walk away from RightsCon day two without thinking that the battle for our privacy rights online has already been lost. While I would undoubtedly prefer to believe the opposite were true, that seems unlikely given present reality. Many people at RightsCon appear optimistic about the likelihood that one day we will be able to enjoy the Internet with our privacy rights intact, but the facts suggest that conclusion is unwarranted. Those who work and think about this issue should make no mistake about it: securing our privacy online will be a Herculean task.
As a starting point, the ongoing NSA revelations make absolutely clear that the United States is actively and aggressively involved in surveillance activities that infringe on your privacy rights online. The United States is not alone in digital surveillance, either, as it is joined by its Five Eyes partners (including the UK and Canada) as well as Russia and China, among others. But governments are not the only players in the game. As many people at RightsCon pointed out, private (and public) companies are collecting mind-boggling amounts of data from our Internet-based activity every day. Information about our activity online is being plucked by private and public hands from the moment we log in until the moment we shut down. Viewed from a distance, the end result is clear. The fight to secure online privacy begins from a near-impossible-to-overcome starting point: there’s essentially no privacy on the Internet as it currently exists.
And the people at RightsCon know this. That’s why you can easily find someone here who uses VPN, PGP, and/or Tor—they know that not doing so will mean exploring the Internet as it exists for everyone else, and that Internet is a place where you have no privacy. But the bad news doesn’t stop there. Outside of RightsCon and back in the real world, most people have no clue what VPN or PGP are, let alone how to use them competently and effectively. By comparison, just yesterday the Los Angeles Times published an article indicating that 11% of Americans think HTML is a sexually-transmitted disease. Here again the picture comes into focus when assessed from afar. On one hand, the people at RightsCon understand that the Internet offers no guarantees whatsoever regarding privacy and that the only way to protect oneself online is through an array of computer programs, and on the other hand you have the reality that most people can barely manage email and online shopping. Privacy online can be secured, it seems, but only through technological means that are as understandable to most people as Egyptian hieroglyphics. What are the odds the situation can be reversed?
Numbers may help provide a sense of scale to the gargantuan hurdle facing digital privacy-rights advocates. The U.S. census indicates that the U.S. population last year was approximately 316,000,000. According to Tor’s own numbers, for reference, approximately 370,000 people use the software every day. Notwithstanding the millions of Americans who don’t use the Internet at all, you don’t need to be a mathematician to see that the number of people using Tor is greatly outstripped by the number of people using the Internet in general. And Tor is just one method of protecting your online privacy out of many. Most of us, in other words, experience the Internet in precisely the way that the people at RightsCon know leaves you exposed with zero privacy. Shockingly, Americans appear unconcerned, as 45% of them “say the government should be able to go further than it is” in its online surveillance, according to a Washington Post-Pew Center poll regarding the NSA last June.
On our current trajectory, there seems to be little reason to think that we will be able to secure privacy online in any meaningful sense anytime soon. How to believe otherwise? Both governments and private entities are extracting, aggregating, and analyzing data from our online activity everyday. The majority of Internet users have only the slightest idea of how the Internet actually works, let alone Internet security or encryption. Worst of all, most people just don’t seem to care. Does our right to privacy end where the Internet begins? I hope not, but the weight of the evidence tips the scales (heavily) towards yes.
This piece is not written to denigrate those who work towards securing our privacy rights online. I support that goal and that fight is important. At the same time, however, it is critical to understand the scale of the journey ahead. Only then can we begin to identify a way forward. Indeed, one of the panelists today—Richard Stallman (pictured below)—offered what might be the best advice regarding online security I heard all day: pay cash, get rid of your cellphone, and do less online.