Hurtling towards a Big Brother State – The Hindu BusinessLine

So it is now official: the state can snoop, via 10 agencies, any and all computers for what it may choose to define as essential information in defence of the nation. What is worrying is the function-creep implicit in all the data being gathered.

Surveillance is not new. All monarchs and governments have kept an eye, through informers and spies, on potential ‘trouble-makers’. In contemporary culture, online and offline retailers regularly collect customer information in the guise of offering them appropriate products, services and discounts (what Joseph Turow brilliantly terms ‘the aisles have eyes’, a riff on the cannibal-thriller, The Hills Have Eyes) — this being information that we willingly share on membership cards, feedback on purchases, etc.

On social media privacy is supposedly determined by the individual user, although recent revelations by FB indicate that information leaks without the individual authorising it. On the obverse, the anonymity of digital technology allowed the users to say things that they could not have said because their identities as employees, citizens, victims would have placed them at the receiving end of oppressive regimes.

Those experiencing social stigma, likewise, found it a space of freedom. Till they discovered that nothing is truly anonymous in the digital.

Process, product and function-creep

The state is at the centre of the surveillance-privacy question. Worrying about data protection and privacy rights, organisations and some governments in Europe, have put together advice material. The UK government’s Department of Education published Privacy Notices: An Explanation of Privacy Notices in 2018. The Publications Office of the European Union, also in 2018, published Surveillance by Intelligence Services: Fundamental Rights, Safeguards and Remedies in the European Union. These documents are key elements in spreading the awareness of “what should governments and private corporations know about you”, as the subtitle of a recent book on the subject puts it.

Under the new rules, information can be gathered but the procedure of information-gathering has not been specified nor what purposes it will be put to. Surveillance studies scholars speak of ‘function creep’, where data obtained for one purpose can be used elsewhere, for entirely different purposes.

So the question is: if an academic has been examining the role of, say, jingoistic nationalism or corporate corruption in her/his academic writings, can the agencies tracking this writing appropriate it for other purposes?

It is incumbent upon any state instituting mass surveillance systems to explicitly detail procedure, security levels (of data gleaned), access to data and use/purpose, in addition of course to seeking informed consent. Without clear guidelines on process and product, any ‘dataveillance state’ is on the verge of totalitarianism. Further, if the state chooses to share data with corporate organisations, then the government-business nexus will produce a gargantuan structure in which all lives are, effectively, documented lives.

In a horrific recent study in the Wake Forest Law Review (53.3, 2018), Lori Andrews examining mobile medical apps discovered that, despite all the privacy policies offered by the apps, over 70 per cent of the medical apps they studied shared users’ sensitive information with third party data aggregators, including insurers, advertisers and employers, without the app-users’ knowledge or consent. This breach of the public/private barrier via technology is precisely what mass surveillance processes institute at the level of the state.

Assembly-line citizens

Surveillance marks the end of the individual self when the individual is no longer sure where the data is being collated and interpreted. Identification techniques, as the Routledge Handbook of Surveillance Studies puts it, “make at least some aspects of an unknown entity known by mapping it to a knowable attribute”. When this “knowable attribute” (suspicious behaviour, terrorist behaviour, paedophile behaviour, resister?) is left undefined it enables the state to label any individual.

Many, it is likely, would withdraw from political discussions, for instance. This means, in short, I would hesitate to present my political self to the world. If I cannot choose what information about myself the world needs to know, then I would prefer, perhaps, to disguise my identity by appropriately tailoring a public self. Whether data is being gathered or not, the threat or belief of surveillance will alter the into somebody who fits the normative/acceptable ideal. We will have standardised, assembly-line citizens, not individuals.

If the information collected is identified with an individual, then that individual loses her/his identity and privacy. Anonymised information is a weapon against such surveillance, but is a premium in our networked lives. Even if the information is anonymised (erase that cookie!), it can be re-identified the next time you log in. The store Wi-fi tracks your progress, via your smartphone and via ShopTrak through the aisles for future use.

The rise of “differential privacy” that introduces randomness into the samples of data collected is a partial response to the fears of surveillance. As a consequence, any reader of the data finds an ambiguity when trying to reconstruct what the confidential data must have been originally, so that it produced the current results (see the essay by Alexandra Wood et al in Vanderbilt Journal of Entertainment & Technology Law, 21.1, 2018).

The ‘publicness’ of the private

Privacy is about the individual’s relationship with the world. It is true that individuals become a community through the sharing of information (communication and community are etymologically linked), but this again is founded on the respect for an individual’s right to safeguard some privacy. Privacy is the seat of individual well-being, which includes the right to make choices for one’s individual self (decisional privacy), and not determined, limited or influenced, as far as possible, by the world. It marks the sense of the self, its boundary with the world.

What erodes my sense of self, its borders, is not that I am being watched, but that I may be watched. This belief in being surveilled alters the nature of my interactions with the world. The odd thing is: all surveillance in the name of security for the self causes me to worry that I am no longer myself, by myself.

In the media age, it becomes important to define what we understand as the personal and the private. These are culture-specific as well. Definitions of privacy will also depend on how we define the process of information-sharing, Raymond Wacks puts it this way: “(personal information) should refer both to the quality of the information and to the reasonable expectations of the individual concerning its use”.

But Wacks also notes that a piece of information that is innocuous in itself, in combination with another piece of data, can be detrimental to the individual’s privacy. Using data from, say a crime database in which an individual may figure to influence her/his fate in a civil dispute or employee record or health services would constitute the function-creep that infringes on the individual’s right to privacy.

This last is the crux of the matter. Until such time as the state creates a detailed procedural plan on info-gathering, the nature of data gathered and the sharing of data, all mass surveillance modes must be treated with suspicion.

The writer teaches at the University of Hyderabad