When The Guardian first broke the news on June 6, 2013 of mass surveillance programs run by intelligence agencies all over the world, Edward Snowden fled the United States.
Snowden’s most shocking revelation was PRISM, a collaboration between the NSA and various other companies to indiscriminately collect information from emails, chat logs, videos and photos to file transfer records. The companies spent the next few days refuting the claims, and clarifying their data collection policies.
A major concern is whether the collection of data is necessary at all.
Any new user creating an account voluntarily provides information to a website, which is used to customize the account and enhance user experience. This data is stored by the site on its servers. With the collection of more user data over time, the website modifies the content seen by the user based on algorithms which predict content appeal for a specific user and decide which ads a user sees, which is how the website makes money.
Privacy advocates argue that websites monetizing user data to sell ads is equivalent to sharing private user information with third parties. This particular argument is largely invalid, since websites usually customize ads in-house. Additionally, most websites are always explicit about how user data will be treated. Unfortunately, the average user skips the “Terms and Conditions” in his or her haste to get to the real deal.
To blame a website for user behavior is tantamount to shooting the proverbial messenger.
Here’s the catch: many popular websites have made policy updates that essentially overlook the permissions they have from users. Had these changes been made after acquiring user consent, users would have been aware of what to expect and the transition would have been smoother. Additionally, instead of the opt-out approach to policy changes, websites committed to user privacy would be better off making policy updates using the opt-in form.
On the other hand, intelligence agencies collect data from users by procuring court warrants which they legally need to provide justification for; however, other data collection practices circumvent this process. Known in the technology world as snooping, this involves acquiring unauthorized access to user data which is stored on servers or being transmitted over a network. Accessing the data being transmitted over a network is significantly more difficult, making Snowden’s revelations even more alarming.
Many argue that the NSA’s actions directly result in protecting the people of the United States against terrorist activities, and indeed there is no denying this fact. Some ask whether the average user data is really too sensitive when balanced against monitoring possible threats to a country.
There is a lot to be said about the manner in which the intelligence community treats privacy laws. However, it is important to appreciate the fact that the tech community is not a willing accomplice with Google and Apple in regards to updating their privacy policies. As responsible citizens, it is the duty of the web community to follow their lead.
It is the responsibility of the user to be aware of what they are signing up for when they put data on the internet. After all, the Internet is forever.