One of the less encouraging reports to come out of the tech world this month was that Facebook, everyone’s favourite villainous corporation, knew very well about the colossal security flaw that let hackers rob personal data from millions of users long before the breach itself.
Facebook employees have said that they felt “guilt” and “hurt” at knowing the attack might have been prevented. Yet they had to watch it happen regardless, like a 40-car pile-up viewed one frame at a time.
Data leaks are painfully common. Often, they’re not even down to hackers or breaches. One of the most recent and most alarming was reported by the Norwegian Consumer Council, which revealed that 10 apps — notably Tinder and Grindr among them — had collected and distributed data including users’ sexual orientation, political beliefs and drug use to at least 135 different companies.
As the lawyer Burcu Kilic said in the wake of this scandal: “Industry calls it ‘adtech’. We call it surveillance.”
The frequency and thoroughly depressing nature of these revelations starts to make you wonder whether you should call your digital information “personal” at all, since in all likelihood it will end up being lost, stolen or sold.
And the curious thing is that almost no one thinks this is a satisfactory state of affairs. Amnesty International found in December that more than 70 per cent of people in nine countries were worried about how tech companies are collecting and using data. Yet most continue to hand over that data with little more than a shrug, a sigh, and some vague muttering about how they are “the product”.
The term for this oddity is the “privacy paradox”. People naturally feel that they have a right to privacy, but seem perfectly happy to give it up to companies that they either know nothing about, or — worse — have business models openly based on surveillance.
This is partly a problem of competing virtues: everyone wants their privacy to be respected, but they also want lives of convenience.
That’s hardly surprising in a world in which you can order almost anything conceivable to your front door — clothes, food, 1,500 live ladybirds (yes, really) — without having to lift a finger, if not quite without having to lift your thumb. In-the-moment convenience apparently trumps long-term privacy.
There is also a sense that we are already too far gone to change our approach. No one really knew what they were signing up for when they joined those most egregious users and abusers of private data — who could have foreseen the impact that Facebook might play in national elections when Mark Zuckerberg was getting curious Harvard students to sign up to his young platform?
The tech giants have slowly eroded the privacy of their users over time, and now there is a general feeling of resignation: this or that platform already has all my data, goes the thinking, so I might well as keep using it. After all, those photos of someone else’s cat or beach holiday won’t look at themselves.
Confusing matters further is how abstract discussions around data feel. It’s hard to make long, meaningless strings of characters seem at all tangible or significant — that is, until you realise just how many companies now know all about your sexual history and drug use.
How, then, do we solve the privacy paradox? One suggestion is that you start pricing data. It’s sometimes argued that, since tech companies are providing their services for free, user data is a fair exchange. It would certainly be interesting to know how much money someone would pay to use a tech platform if they knew they retained control over their own information.
Others have suggested that tech companies offer a kind of data amnesty — a one-off “delete all data” button which would serve to restore trust between company and user, and give the user the choice as to whether they continued to use the platform, only this time with their eyes open.
Sir Tim Berners-Lee, architect of the world wide web, has turned his powerful intellect to the problem. He has created Inrupt, which aims to push the development of a new web infrastructure called Solid. Solid would allow users to keep all their personal data in a private “pod”.
And who knows where that might lead? Inrupt’s chief executive has said that “innovation and value creation [on the internet] are choked by powerful forces whose focus is primarily on what generates profit or serves political agendas”.
Then there’s blockchain and browsers like Brave, which prevents online tracking by default and gives users a cryptocurrency called Basic Attention Tokens for watching ads that respect user privacy. Last year, the browser doubled its users.
With any luck, these efforts will serve not only to inspire other innovations that put the dignity, autonomy and privacy of the user at their heart, but also to make it clear to those who make millions out of their users and their relationships that this respect is becoming a minimum expectation.
As it is, however, the burden of preserving privacy online falls squarely on the shoulders of the user.
Main image credit: Getty