The news about the NSA’s widespread surveillance has unleashed a firestorm of well-deserved anger. Americans are trying to process what NSA spying means for them and how they can take action, but there’s also a palpable feeling of hopelessness, as if these big, faceless agencies have set in motion surveillance machinery that cannot be stopped or evaded. The fact that the scandal continues to unfold with new revelations, like the bugging of EU embassies, only exacerbates that sense of being out of control.
But while the media’s coverage of the program has focused on the privacy threat that PRISM and the NSA represent, the emergence of Edward Snowden as a central figure demonstrates that the untold story and the true threat to privacy is how easily our data can be exposed by one individual. For each hero like Snowden who comes forward, how many others sit silently or even abuse these data stores themselves?
With so many companies and organizations collecting and sifting through personal data—both in the private and public sectors—millions of employees are faced with the temptation of these treasure troves of data. Whether for mischief or profit, unauthorized access to big data is an alluring temptation for many. In other words, the problem isn’t just big companies and government agencies with top-level access to information; it’s their millions of employees with lower level access to it, too.
There’s little to stop the rogue employee from misusing data and we already know that it happens. Many abuses start with a single actor inside the group:
- Look at the IRS’s recent targeting of conservative groups. This wasn’t high-level, systematic, strategic mistreatment by the IRS; it was individual, low-level IRS employees who decided to further their own agendas while at work.
- The NSA has a legitimate interest in some data collection to ferret out terrorism, but it was their data that NSA employee David Murfee Faulk used to listen in on phone sex and personal conversations with his co-workers.
- Cannibal Cop Gilberto Valle unlawfully accessed federal law enforcement databases to stalk his victims.
- Harvard has a legitimate interest in storing email records, but an associate dean was fired after rifling through them to look into a cheating scandal.
Everyone seems to deal in big data these days, which is a generous way of saying that they’re spying on individuals and buying and selling their personal data. With big data comes big responsibility (and wealth and power), and we’re asking a workforce to sit beside a digital diamond mine of personal secrets without taking a peek…or a handful.
People are flawed, and even if the NSA’s and the FBI’s goals are noble, as they say, they’re simply providing too much temptation to the people they trust to carry out their jobs. The same goes for big companies mining commercial data. If these privacy risks are ultimately about human weakness, then the root problem is the widespread data collection that aggregates and makes sensitive information accessible.
But people aren’t entirely powerless. In fact, most of the recent stories about big data collection and breaches have a central theme: the little guy matters and can do something. Whether that individual is a Facebook user who refuses to give the site her real name, an NSA whistleblower who tells the world when it’s being watched, or a person using a tool to block companies from tracking him online, each person has the power to move privacy forward or diminish it.
There’s an emerging consumer privacy movement built around the premise of giving regular web users, regardless of tech-savvy, the power to limit the personal info collected about them. Limit the data that the private companies collect on you, and you don’t have to worry about how they–or their employees or hackers–might misuse it. No tool alone will stop NSA surveillance, but a few combined will blur the picture that emerges of you.
At Abine, we are creating tools that block online data collection and remove consumer information from big databases. The nonprofit organization Tor, as well as VPN companies like AnchorFree and Private Wifi, help protect your IP address. Silent Circle, RedPhone, and Wickr help protect your phone. Unlike bigger ISPs like Verizon and Comcast, Sonic collects close to the minimum info necessary on its users. Cryptocat lets you chat securely. TrueCrypt protects your files.
Take on the law, too, by signing the Stop Watching Us petition (of which we’re a business supporter), calling your representatives, and protesting for a stronger Fourth Amendment. Tell the people around you why the “I have nothing to hide, so I don’t care about surveillance” argument is wrong.
People are only as powerless as they let themselves be. Adopt the mindset of only giving out the personal data that you absolutely must—for example, at checkout or when signing up for an online account—to significantly reduce your digital footprint. Avoid companies that don’t respect your privacy. Just as one bad actor can induce a privacy scare, one good actor – like Edward Snowden, or you – can take the necessary steps to reduce your exposure and strengthen your sense of privacy.