As revelations continue about the US Government capturing and monitoring online activities and communications, I'm glad (and, ok, only a little bit smug) to see that more conversations are happening about just what privacy expectations we should give up by using modern Internet tools and services.
Most of the mainstream conversation has been focused on what information "big data" companies like Google, Twitter, Facebook and Apple do or don't hand over to the government and under what circumstances, and debating where those lines should be.
The built-in assumption here is that it's inevitable that these are the companies that will continue to have access to our private information and communications. I grant that it's a pretty safe assumption - I don't foresee a mass exodus from Facebook or a global boycott on iPhones - but I do think it's important to note that this is a choice we are making as users and consumers of these services. We are the ones who click through the "terms of service" and "privacy policy" documents without reading them so we can get our hands on cool free stuff, we are the ones who are glad to entrust our intimate exchanges to technology we don't understand.
A certain amount of naiveté about the security and privacy implications of the tools we use is understandable here. When I've given presentations on email privacy and security issues, some attendees are legitimately gasping at the new understanding that their e-mail messages are traversing the open internet as plain text messages that can potentially be read by any number of parties involved in the management of those servers and networks. The average user probably assumes that the Internet was designed from the ground up to be a robust and secure way of conducting financial transactions and sending suggestive photos of themselves to amorous contacts.
And why not? We assume that cars wouldn't be for sale if they weren't safe to drive, we assume lawn-mowers have been designed in a way that means the blade probably won't fly off mid-mow, so of course we assume that widely used technology tools can't be doing anything too awful or else they wouldn't be so widely used, right?
For better or worse, we've crossed a threshold where average users don't have the time or interest in understanding the inner workings of the underlying tools and technologies that support and enable their daily connected lives. I'm not saying I could explain all of the inner workings of a car engine or a lawn-mower to you, but the concepts are certainly accessible enough that most people can figure out the privacy implications of using those tools. This isn't so with email, web services, mobile devices, the modern phone network, and cloud computing. When most people use these tools, they're signing on to systems that are complex enough in construction and operation that users simply won't bother trying to understand all of the implications of usage, nor should they necessarily be expected to. They have to trust that the providers and operators of those tools and services are doing the right thing in the fastest and most cost efficient way possible. And if they want to audit that trust and those assumptions, it's a little more complicated than reading a lawn-mower manual.
Assuming that the thirst for participation in a global online communications network isn't going to go away any time soon, what we have left as a protection against abuse of that trust, then, is the idea that there are sufficient systems of accountability and oversight built in to our structures of government and culture. That these systems are staffed by experts and engineers who DO have the time and knowledge to understand these technologies, so that the companies providing these tools and services can't bring harm to consumers and users, or misuse the access they have to our data.
But we don't have those systems of accountability and oversight in place, not in any meaningful way. In fact, the government is seemingly delighted to have private sector organizations doing all of the hard work of collecting personal data, routing phone calls and maintaining infrastructure, and all it has to do is tap in to the resulting transactions as they fly by. Of course, we've enabled this reality with our choices and inaction as well. Over the last few decades, we've allowed legislation to pass and Presidential executive orders to stand that have brought this surveillance state into existence and then helped it thrive (with even more private contractors making lots of money on it along the way).
In that way, maybe it's fair to compare the machinations of the US federal government to the complexity of the Internet - few people have the time or inclination to understand or follow the inner workings, and most of us can only hope and trust that it's working in our favor. Like the online software we use, we click on through the US Government "terms of service" without much of a pause, and wait for shiny, fun things to appear before us.