April 15, 2019
In recent columns I addressed the harmful digital taxation proposals coming out of Europe and the danger of internet fragmentation due to incompatible rules on data storage, protection, privacy, and censorship, among other things. Today, I want to spend a bit more time specifically on privacy. To give away the ending up front, my conclusion is that there isn’t any, and while it’s a worthy exercise to try to create some, we’re fooling ourselves if we think we’re going to succeed. It is important to try, but at the same time, we should be realistic about the likelihood of success and, as individuals, decide what level of exposure we can tolerate and then adjust our behavior to stay within whatever limits we set for ourselves.
Every time someone engages in a digital activity, they are providing data willingly or unknowingly. At a minimum, this might be an address in an email or text. If a transaction is involved, then credit card or other bank payment information is transferred. If using social media, this includes whatever you choose to post and some stuff you did not intend to post. They say a picture is worth a thousand words, but it’s probably also worth 10,000 bytes. Where was it taken? What were you doing? Who else is in it with you and do you identify them? For even a mildly determined viewer, these all contribute together to form a picture of your life—your interests, friends, loved ones, charities, and priorities—out there for all kinds of people to see.
Lately, we have all been learning more about how digital platforms accumulate and then use data for profit-creating purposes. I am not particularly active in this space, but even I have noticed that if I shop for something online, and particularly if I buy it, I end up being bombarded with advertisements for other products just like the ones I looked at or purchased, and they keep coming back. If you’ve ever donated money to a political candidate, you suffer the consequences in the extreme. You are not only on the candidate’s email list forever—even after they lose—but you also end up on 20 or 30 other candidates’ lists, also forever, because lists are sold or simply shared among like-minded aspirants. (Unsubscribing, as most of you know, can be a lot more difficult than it sounds.)
Down the road, as the “internet of things” becomes increasingly operationalized, I will find my refrigerator not only telling me I am low on milk but on its own initiative ordering another gallon to be delivered (probably by an autonomous truck driven via artificial intelligence). And, the data my refrigerator will be compiling will reveal a lot about me and my family—what we eat, whether there are many of us or few of us, whether we have pets, whether our diet is healthy, and so on. When it starts ordering up “lite” products along with fresh fruit and kale, you know it’s drawn some conclusions about your lifestyle. These developments may not be all bad for some people, and for many of them, we have only ourselves to thank or blame since we have willingly provided the data, although perhaps without thinking through the consequences.
More sinister is when we don’t provide the data voluntarily but have it stolen from us by hackers, or when we provide it willingly only to discover later on that the authorized recipient was unable to protect it from intruders, and it ends up either in the hands of criminals or in the public domain. I experienced this several years ago at the National Foreign Trade Council when my email account was hacked, and 3,975 of my emails were made public. (Fortunately for me, only one was a tad embarrassing.) The growing number of unauthorized releases of personal data has led to a robust debate about the adequacy of corporations’ (including large banks) security procedures and demands that they shape up. To my mind that is a noble but futile effort. The hacker-security conflict is a cat and mouse game that will be with us for a very long time. Every move one side makes is counterbalanced by a move from the other side, and there is always another move. The fight needs to go on, since chaos would be the ultimate result of doing nothing. But we all need to be realistic about the realities of the digital world. There is no privacy—everything, sooner or later, is either exposed or at risk of being exposed—and even the EU’s General Data Privacy Regulation (GDPR) will not change that.
As a society we can make leakage harder or easier by insisting (or not) on more robust security and by limiting what platforms can and cannot do with the data that inevitably falls into their lap. But in the end, it is the individual who must decide how “public” they want to be. If you don’t want your privacy at risk, then abandon Facebook, Instagram, and other social media, shop in actual stores, not online, and pay by cash or check rather than electronically. In other words, go back to the 1950s, where our president happily lives. If you don’t want to do that—and few do—then be prepared for the consequences.
William Reinsch holds the Scholl Chair in International Business at the Center for Strategic and International Studies in Washington, D.C.
Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).
© 2019 by the Center for Strategic and International Studies. All rights reserved.