antonio casilli, yonsei university (seoul, 198.09.2015) "four theses on mass surveillance and...

Four theses on mass surveillance and privacy negotiation

Antonio A. Casilli

The Leak Movement Civil society denouncing the digital military-industrial complex…

Unexpected outcome: mass electronic surveillance in the open Instead of correcting Western securitarian excesses, leaks seem to

instigate them and push governments to step up a gear

1st thesis : SURVEILLANCE HAS BECOME PARTICIPATORY

How did we go from centralized, active surveillance paradigm…

…to passive, participatory, spy-on-ye-one-another paradigm?

...or this?

Disclosure of contents voluntarily put online by users

Mutual and horizontal surveillance Lack of control over TOS on platforms

where personal data are collected and stored

The hypothesis of the “End of Privacy”…

“Publicness” (Jeff Jarvis, 2011)

Is our identity “public by default”?

2nd thesis : CLAIMS THAT ‘THE END OF PRIVACY IS NIGH’ ARE

ERRONEOUS AND IDEOLOGICALLY BIASED

“You have zero privacy anyway. Get over it.”Scott McNealy, CEO Sun Microsystems, 1999

“Public is the new social norm.”Mark Zuckerberg, CEO Facebook, 2010

“Privacy may actually be an anomaly.”Vint Cerf, Chief Internet Evangelist Google, 2013

“People are used to being under surveillance.”Eric Schmidt, Executive Chairman Google, 2014

In an attempt at historical and cultural restoration, tech giants aim to the ideological return to a “pre-privacy” time that they portray as one of harmony and openness among primary circles of socialization.

Facebook increasingly make your information public by default (blue areas) – users you opt out

Evolution 2005-2011 of level of disclosure for different profile items on Facebook (network of a major US university): red (public); blue (private).

Users actually opt out from public by default

F Stutzman, R Gross, A Acquisti (2012) Silent Listeners: The Evolution of Privacy and Disclosure on Facebook. J of Privacy & Condentiality, 4(2), 7-41.

Exogenous interventions by platform owners make users’ private data public by default (a). After an initial adjustment phase where users lower their average privacy level (b), they opt out and go private again(c).

Subsequent interventions by platform owners prompt cyclical reactions (d).

Outcome: “cycles of privacy”

(a) (b) (c) (d)

P Tubaro, AA Casilli, Y Sarabi (2014). Against the hypothesis of the end of privacy. An ABM approach to social media. Berlin: Springer.

“Moral entrepreneur” = a social actor (individual or organization) that seeks to influence a society to adopt or maintain a norm.

Periodical privacy incidents concerning social media platforms show that users react vehemently to changes in corporate privacy policies

Usual Facebook reaction: backpaddling and compromising (see table in next slide)

Date Privacy incident Users’ reaction Platform reaction

05/09/2006 Introduction of News Feed (content and user updates aggregator).

Users’ uproar over the default opt-in policy. Creation of the advocacy group “Students against Facebook News Feed” to protest the new feature. The group attracts almost 300,000 members.

Apologies by Mark Zuckerberg, Facebook’s funder and CEO. FB limits name search.

06/11/2007 Introduction of Beacon (advertising system aggregating purchase data over several platforms, most prominently Amazon).

Prominent political activist platform MoveOn.org creates an online petition against Beacon. Their Facebook group reaches 50,000.

Mr Zuckerberg issues official apology. Beacon ultimately shut down in September 2009.

09/12/2009 Facebook changes its privacy settings, making sharing with everyone compulsory: legal names, profile pictures, and gender are now public by default.

An alliance of privacy organisations files a complaint with America’s Federal Trade Commission (FTC).

(see next item)

21/04/2010 Facebook introduces the Like button social plugin for external websites. Users can now log in, like and share contents (“frictionless sharing”) on other services through their Facebook account.

Prompted by their constituents, a group of American senators asks the FTC to establish privacy guidelines for Facebook. Privacy groups file a formal complaint to the FTC against Facebook’s “unfair and deceptive trade practice of sharing user information with the public and with third-party application developers.

At the end of May 2010, Mr Zuckerberg announces new and simplified privacy settings.

14/01/2011 Facebook makes users’ addresses and phone numbers available to external websites.

After negative feedback from users, Facebook disables the feature. At the end of the month, the fan page of Mr Zuckerberg is hacked and compromised.

The following day, Facebook starts implementing https secure pages.

08/2011 Following a series of complaints filed by Austrian student association Europe v. Facebook. org, it emerges that Facebook fails to comply with the rule of allowing its users to download their own personal data: it provides only 39 over 84 personal data categories.

Negative media attention and creation of several campaigns requiring Facebook to give users full access to their data.

Platform has to face larges privacy class action ever (25000 users from Europe, Asia, Latin America and Australia demanding €500 in compensation each).

05/2012 Facebook proposes a new and more complex privacy policy while asking for generic “users’ feedback”.

40,000 user comments force vote on proposed alternatives to privacy policies.

FB forced to implement voting system on privacy policies.

20/06/2012 Facebook announces acquisition of facial recognition technology company Face.com (creates database of users’ biometric information through photo-tagging).

Privacy advocacy groups file complaint to the FTC recommending suspension of facial recognition technology and protesting creation of biometric profiles of users without their explicit consent.

Irish Data Protection Authority bans biometric profiling.

24/09/2012 So called “Facebook bug” publicly displays 2007-2009 private messages.

French Data Authority (CNIL) auditions FB France officials. Official statement and clarifications by FB.

05/06/2013 Edward Snowden’s leaks classified documents claiming NSA direct access to Facebook servers

Crowdfunded European procedure brings together an international team of lawyers challenging Safe Harbor allowing EU-US Facebook data flows. In June 2014, the Irish High Court refers the matter to the CJEU (European Union Court of Justice.

By April 2014, FB introduces “privacy checkup” service to make sure users know when they are publicly sharing data. November 2014, FB sets up anonymous access via encrypted network Tor.

20/09/2013 Zuckerberg launches Internet.org (partnership with Samsung, Ericsson, MediaTek, Opera Software, Nokia and Qualcomm, to bring free internet service to developing countries).

65 advocacy organizations in 31 countries release an open letter to Facebook protesting the project as violating net neutrality, freedom of expression, and privacy.

September 2015: Zuckerberg changes name of Internet.org mobile app to Free Basics, commits to privacy and security by encrypting information and supporting HTTPS protocol.

Ideological discourse hides political and economic tensions

Full-fledged culture war over confidentiality, anonymity, and secrecy.

3rd thesis : RATHER THAN FADING AWAY, THE ‘CARE OF PRIVACY’

INCREASINGLY PERMEATES DIGITAL SOCIABILITIES

Today’s “privacy incidents” are not limited to celebrities and politicians

The need to control information circulating on oneself becomes more and more common

E. g. the big social experiment known as the “right to be forgotten” (more than 250,000 removal requests from Google Search results in one year).

After Michel Foucault’s notion of ‘care of the self’, the care of privacy can be described as the task of defining the boundary between public and private — in other words, between collective responsibilities and constraints, and that which pertains to the individual capacity to think and act.

From an indistinct sphere where individual intimacy was dispersed in a network of collective, feudal and community’ structures

End of Middle Ages: disruption of solidarities of feudal system, lineage, religious community.

Writing and print: analyzing oneself through diaries

Egalitarian relationships, with an emphasis on friendship between peers

Reconfiguration of living space: nuclear families in private accommodations

Origins of the notion de privacy

Tocqueville (1835) : Public opinion can be an oppressing power, shaping laws and mores(not always for the best)

Danger for individual autonomy

“Tyranny of the majority”: risk to disregard individual specificities and to oppress minorities.

To overcome such risk…

John Stuart Mill (1859) : “one very simple principle” (or harm principle)

“The only part of the conduct of anyone, for which he is amenable to society, is that which concerns others. In the part which merely concerns himself, his independence is, of right, absolute.”

The notion of privacy, as a sphere of “absolute independence”, starts to shape up

Until then, notions concerns behaviors. What about information about an individual?

Media and technological innovation defines

Popular press, gossip press and photographic journalism: invasion of celebrities’ private lives.

Louis Brandeis & Samuel Warren (1890): the right to privacy

Protect private life of celebrities (and possibly common citizens) from the excesses of information.

For every information which is not of public interest, a new right is recognized: the right to be left alone

4th thesis : PRIVACY HAS CEASED TO BE AN INDIVIDUAL RIGHT AND HAS

BECOME A COLLECTIVE NEGOTIATION

Brandeis & Warren embody the traditional approach to privacy as penetration

Private life conceived as a core of private, sensitive information

The more we move away from the core, the less sensitive becomes the information, the more people can share it

Invasion of privacy = penetration by external agent (government, media, criminal…)

New digital approach to privacy as negotiation

What is private is decided within a certain online context, and in agreement with a certain social environment

Every day we adjust sensitive information according to social feedback

Users push the boundaries collectively of what is private and what others do with shared information

A collective negotiation

• Three very good reasons to oppose the “privatization of privacy”

1.Trading data for money creates inequalities

2.Platforms are too strong (and opaque) negotiators

3.My data are personal but are also collective (they disclose information about my social contacts)

Merci beaucoup !감사합니다

- E-mail : casilli@telecom-paristech.fr - Twitter : @AntonioCasilli

Antonio A. Casilli (2011) “Surveillance participative”, Problèmes politiques et sociaux, 988 (1).

Antonio A. Casilli (2013) “Contre l'hypothèse de la ‘fin de la vie privée’. La négociation de la privacy dans les médias sociaux”, Revue Française des Sciences de l'Information et de la Communication, 3 (1).

Paola Tubaro, Antonio A. Casilli, Yasaman Sarabi (2014), Against the hypothesis of the "end of privacy". An agent-based modelling approach to social media, Berlin: Springer.

Antonio A. Casilli (2015) “Four Theses on Digital Mass Surveillance and the Negotiation Of Privacy”, 8th Annual Privacy Law Scholar Congress 2015, Jun 2015, Berkeley, United States.

Antonio A. Casilli (2015) “Quelle protection de la vie privée face aux attaques contre nos libertés numériques ?”, in La France dans la transformation numérique : quelle protection des droits fondamentaux ?, Paris: La Documentation Française.