Eight years later, more online communications are encrypted, but governments and private companies still have plenty of ways to access citizen data. Meanwhile, trends in police use of surveillance technologies and proliferation of home IoT devices further privacy questions, speakers said.
“The most important thing that’s happened since 2013 is, people now know we are being exploited — awareness of what’s happening has risen,” Snowden said. “What this means is we can start to respond, bit by bit.”
ENCRYPTION ON THE RISE
Individuals today are now more aware of the extent to which their information is tracked and to which data about them collected by a private company may be shared with governments, Snowden said. But this has far from stopped mass surveillance.
One result of growing awareness is that a greater share of online communications are now encrypted. FortiGuard Labs — threat intelligence solutions provider Fortinet’s research arm — stated in August 2020 that 85 percent of web traffic was encrypted at that time, compared to 55 percent of traffic in Q3 2017, for example. Alexis Hancock, EFF’s director of engineering, said organizations’ earlier concerns over encrypting their sites have largely fallen away.
“Https … is one of the things that don’t get talked about a lot, because it’s becoming more of a normal process right now,” said Hancock.
“Encrypted” isn’t the same as “hidden,” however, and those monitoring can see that encrypted information is moving across the network even though they cannot view the specific contents of the communications, Snowden said.
PERSONAL AND PRIVATE DATA SOURCES
Private firms continue to be adept at tracking consumers online, typically with the goal of tailoring marketing or creating more insightful customer profiles, said EFF executive director Cindy Cohn. Such massive data stores remain a treasure trove for authorities, sparing them the work of collecting the information themselves, she said.
“Governments … can just go to a company and find out what you’ve been up to. They don’t have to bother with pesky things like making sure you know that they’re tracking you,” Cohn said. “They can … send a FISA request to Google or Facebook to search everything that they have.”
The spread of IoT personal and commercial devices is also giving law enforcement greater abilities to monitor citizens in their offline movements as well, said surveillance and privacy policy analyst Matthew Guariglia. Police warrants can grant them access to footage from stores and homes’ smart doorbell cameras, for example, and IoT device providers often actively encourage this when designing their products, Guariglia said.
“A lot of manufacturers of street-level surveillance technology ... have seen that police make very effective marketers,” Guariglia said. “So if they build a special interface that police have access to, [police] are more likely to go out to the community and sell it to stores or homeowners organizations to put up, because they know they get the benefit of having private surveillance that is readily accessible to them, without having to go through bureaucratic loopholes or having the city pay for it themselves.”
GOVERNMENT TECHNOLOGY
Governments still gather directly, of course, and police-owned surveillance tools carry particularly high risk of harmful results. Technology-enhanced monitoring of any neighborhood will increase arrest rates, given that most police stops are not for violent crimes but rather low-level misbehaviors like public transit fare evasion that are common everywhere, Guariglia said. These rising arrest rates then create the impression an area is dangerous, justifying yet more surveillance and stops.
The ease with which police tracking tools can go wrong is especially important with technologies like gunshot detection systems where false positives — such as the system being triggered by fireworks and cars backfiring — send police into neighborhoods mistakenly primed for violent interactions, which can lead to overreactions, Guariglia said.
But even agencies like transit departments can contribute to surveillance ecosystems. Automated license plate readers contribute to an ecosystem in which it is possible for organizations to learn an extensive amount of information about individuals’ movements and lives, speakers said.
Image searches on these license plates can uncover other locations the cars have been photographed and blending such details with those gleaned from additional data sources — such as cellphone transmissions — can quickly create comprehensive profiles, Snowden said. Entities purchasing that data can draw connections, potentially learning revealing details such as the owners’ home neighborhoods and likely economic statuses.
CHANGING THE LANDSCAPE
Creating more privacy depends on everyone from developers building more protective software to politicians and lawyers creating new policies, Snowden said. Court cases are already starting to resolve in favor of greater privacy protections, but this is a slow shift, Snowden noted.
“In just a few cases in the last few years the courts are finally raising an eyebrow to what the government is doing … and saying ‘You have violated the law, and you have likely violated the Constitution,’” Snowden said. “Soon enough, we’ll get to the point where they say ‘You have violated the Constitution,’ but courts always act like 10 years late.”
Although Snowden did not specify an example, one might be the 2019 Carpenter v. United States ruling that government officials cannot access individuals’ cellphone location data without a warrant.
But not all technologies can function without a level of tracking, with Snowden noting that mobile phones constantly communicate their location to cell towers even if Bluetooth, Wi-Fi and GPS features are shut off.
This puts a pressure on creating legal protections that can enable consumers to still use technology while being better shielded from privacy risks that come with it, said Cohn. She proposed assigning companies greater obligations to prioritize users’ interests when handling or sharing their data, akin to how certain financial professionals have fiduciary duties to their clients.
Legal and political frameworks are essential to shaping how harmful or innocuous surveillance is, noted Guariglia. The proliferation of facial recognition and other monitoring tools leads to fears of a future in which police can fly drones over protestors to identify each person in the crowd and link them to their social media accounts, then retaliate against the demonstrators for the views being expressed, he said.
“Centuries of criminalization and racialization have created a system in which you are afraid to be knowable by your government because it is such a punitive institution,” he said. “There is an alternate future in which being knowable [all the time] is not as scary as it is now, if there is actual trust and a feeling of benevolence between citizens and government.”