Surveillance and Privacy
TLDR: Civilization gives the luxury of willing vulnerability. Surveillance can either protect or erode this, depending on consent, transparency, and the protection of private spaces.
Prerequisites: None, though I incorporate and reference the specifics of several other essays.
Civilization is many things, but one of the better perspectives on it, in my opinion, is that of a hugely-multiparty bargain or social contract. In the wild, all creatures must fend for themselves; nature, red in tooth and claw, makes life nasty, brutish, and short. Animals of the woods must bring their weapons wherever they go, and generally shun possessions, lest they be stolen. But in civilization, the defenseless can walk openly, wearing jewels and transporting goods without fear of theft or assault. The arrangement of civilization allows people to lower their guard, and reap the dividends of peace.
Protecting the peace is thus vital, not just for protecting the individual under threat, but in protecting the ability to be willingly vulnerable. To be vulnerable is an amazing luxury, which is harmed by every criminal, whether they’re successful or not. Even those who simply make (credible) threats are eroding this central aspect of civilization, and must not be tolerated in a society that wants people to enjoy the joy of defenselessness.
It is through this frame that I want to consider the topic of surveillance.
Surveillance is, of course, often a means to the end of protecting the peace. Security cameras in a convenience store, for example, disincentivize theft, and thereby allow fewer physical defenses, such as guards or locks. But surveillance can, in some ways, also directly erode the luxury of vulnerability, leading people to feel a need to hide themselves in paranoid fear of unseen eyes.
The Land of Masks and Cloaks
Everyone has secrets of some kind. We keep secrets for our friends, as well as for ourselves. Some secrets can be life-destroying, while others are mere embarrassments. We use the word “private” as a kind of softening of the word “secret,” though they mean very similar things, in practice. A person without privacy often cannot even think things through with an appropriate level of clarity and neutrality, for fear of how others might react to their half-formed thoughts.
Suppose there was a society that not only allowed surveillance, snooping, gossip, searching, and spying, but encouraged it. Finding a houseguest trying to read your diary, unlock your phone, or install a covert camera in your bathroom would be both legal and expected. Government workers could trivially find out how much money someone makes, what health problems they have, and when they’re out of town. It would be understood that anything you write down on a computer, whether it be a search query or corporate strategy, is probably going to be read by someone else and, if it’s juicy, posted publicly on the web.
I claim that this society would very quickly invest in masks and cloaks — tools that fight back against snooping, and allow for some semblance of privacy to return. By actively hiding your identity, embarrassing photos of you in the restroom or buying some awkward product become generic photos of an anonymous figure. More doors would be locked. More cabinets would have secret compartments. Fences would be taller. There would be fewer windows. Bug-sweeping tools would be a staple. And particularly wealthy individuals and corporations might even build their own computers (or at least software) from obviously-secure parts.
Yes, many in the Land of Masks and Cloaks would choose to forsake such protections, feeling them as too costly compared to the cost of being watched. But many would also claim as much, while still secretly defending their privacy when it matters most. The appearance of having nothing to hide is a kind of defense, after all.
Corrosive Surveillance
I don’t know about you, but I find the thought of living in the Land of Masks and Cloaks to be both exhausting and painful. I’m used to living in a better world! In most respects, I can be unguarded about my privacy, thanks to a reasonable expectation that anyone caught spying will be punished (legally and/or socially). But this sense of protected-privacy only goes so far, and I think it’s worth paying attention to the way in which many people still live in day-to-day fear of being spied on.
The most obvious way in which our world resembles the Land of Masks and Cloaks is that governments in our world routinely violate people’s privacy through mass surveillance — and I don’t just mean in China1 and other dictatorships. The NSA, as an easy example, runs a program called PRISM, where data transmitted across the internet or provided through one of their secret partners in the tech industry (including Google, Apple, Microsoft, and Facebook) is collected and analyzed, including breaking encryption, when possible. For six years the program was secret, and involved top government officials lying to the public and the Senate. It continues to this day and has led to the US government spying on billions of people, many of whom are American citizens. Similar programs exist in the UK, Canada, France, and other countries, many of which are presumably still secret from the general public.
But mass surveillance certainly goes beyond governments — companies have a significant interest in monitoring the public, mainly for marketing and advertising. Whenever you shop online, buy something with a credit card, or sign up for a loyalty program, your data is being collected by a multinational megacorporation, and usually then sold to many more. Selling personal data is a large source of value for social media platforms like Facebook and Twitter, and there are major businesses that thrive based on brokering the trading and accumulation of these bits of data.
Society, I think, tends to look down on people who worry about mass surveillance programs. Indeed, paranoia and other forms of mental illness tend to be disproportionately prevalent in the spaces where people complain about surveillance. Wild conspiracy theories find fertile soil in those who can’t be sure of what programs even exist. This blight on public trust and mental health should not be neglected when tallying up the the costs of mass surveillance.
But most people, even when learning that the level of surveillance is even higher than they believed, will shrug and do some combination of giving up, pretending to give up to stay inconspicuous, or try a little harder to switch to technologies that aren’t known to be vulnerable. Mostly, we just accept that we live in a world where it’s illegal for stalkers to spy on you, but it’s normal if it’s Facebook or the NSA.
Consensual Surveillance
I don’t want to give the impression that I think surveillance is bad. The security camera in the convenience store, for example, seems good to me! Electronic surveillance can straightforwardly cut down on things like shoplifting, with estimates as high as a 75% reduction in lost inventory. The exact benefit is hard to pinpoint as it depends on context, but there’s a good economic reason for security cameras and similar measures being common. There’s also a case to be made that “surveillance” is one way of characterizing the collecting of data that’s useful on scientific and practical grounds. For instance, monitoring the flow of traffic so your navigation app can find a detour could be seen as a form of highly useful surveillance.
What sets these examples apart from more corrosive instances of surveillance is that they reflect consensual deals in the social project. Let’s break it down, focusing on the case of security cameras in a convenience store:
The store is a public space, and I know the cameras are there. There’s no chance that I’ll end up revealing something I want kept secret, mistakenly believing that I have privacy.
I know why the cameras are there and how the footage is going to be used to stop crime. This gives me the opportunity to be selectively vulnerable, such as by wearing an unfashionable outfit to the store, knowing that I’m not going to be scrutinized in that way.
If there are a range of options, I can punish excessive surveillance simply by opting-out of shopping at those kinds of stores. This produces a nice counterpressure on the store owner that helps balance concerns. And regardless of how many stores have surveillance, I still have lots of private spaces.
Surveillance, I think, is generally good as long as all three of these properties hold, and risks becoming corrosive if any are lost. We can see this in imagining how we might feel if it turns out our convenience store sells its security footage to third parties, or if there’s no way to leave our house except by going through a space surveilled by the store.
I think this kind of perspective also helps show why paparazzi are scum, but taking photos of celebrities while they’re hosting an event is encouraged. When a public figure opts-in to being in the spotlight, they are making an informed choice to be seen. When they go out to dinner or the beach, they usually aren’t.
Surveillance vs Searching
Mass surveillance by governments blatantly violates all three principles, but it’s worse than this, because in the context of governments snooping on digital devices and communications what is often called “surveillance” often reaches into territory that I believe is a distinct concept: searching.
A search is when there’s an intrusion into a private space to check for secrets. Where a mask can stop a passive watcher from knowing your identity, a search involves pulling off the mask and violating that attempt at privacy. Going through someone’s mail is a search, not surveillance, as is tapping their phone line or installing a hidden camera in their home. These are intrusions into private spaces — an effort is required to get access.
Like with surveillance, searches can be consensual. Some stores might demand that customers agree, before entering the store, to let an employee search their bags for stolen goods on the way out, for instance. But consensual searching is rare. In the cases where it’s most normal — going through security checkpoints at airports and courthouses — I think it’s only semi-consensual, since there’s no ability to select for airports or courts that don’t search everyone. Regardless, when a government agency uses a security flaw to get access to a device, or break the encryption on a message, this seems to me like it should be talked about with language that associates it with actions like going through someone’s glovebox or bedside table.
Utopian Privacy
In my Utopian dreams, I see less surveillance in some domains, but more in others. In general, people in Utopia have more of an expectation of privacy, both in knowing when they are on the record, and in expecting that recordings won’t be used against them unless they are doing something illegal.
The general rule of thumb that Utopia uses is that the social order should not encourage wearing disguises and putting personal effort towards guarding privacy. Some amount of needing to protect one’s secrets is natural and unavoidable, but in Utopia the hope is that less effort can be wasted in the arms race between cloaks and cameras, and more people can feel safe in their privacy, without putting in personal effort to protect it.
To this end, searches are significantly more rare in Utopia. Due to universal gun control and ban on explosives, there is less of a need for metal detectors or other kinds of weapons searches. Someone with enemies might demand that people be searched before being allowed near them, but this searching is generally considered rude and is always done with the consent of the person being searched. Non-consensual searches are limited to specific, rare cases, such as certain arrests made by police. Breaking encryption is considered a non-consensual search and similarly limited. There are certainly no searches when boarding airplanes or other kinds of mass-transit.
Due to the monopoly on violence provided by the world government, there is no need for espionage and counter-espionage between nations, and the actions done by intelligence agencies seen in our world is extremely illegal in Utopia. This somewhat benefits terrorists and gangsters, but the benefits of protecting the trust and privacy of ordinary citizens is seen as worth it. Utopia fights crime in other ways.
Some local governments have fewer guarantees of privacy. As part of living in that local community, people sign explicit contracts allowing themselves to be monitored, sometimes without it being announced. But these local governments are required to get (and maintain) explicit consent for this from informed residents,2 and cannot use their local notions of what is private to snoop on people who haven’t explicitly signed up for those norms. Places with fewer privacy norms are the exception, however, and it’s more typical for local governments to add extra privacy protections, on top of what’s guaranteed to everyone.
Utopian Police Surveillance
Surveillance is an important part of police work in Utopia, and it is prevalent in public spaces, such as shopping centers, transit hubs, parking lots, and streets. These spaces frequently have security cameras or other monitoring devices, but are also legally required to be marked as surveillance zones via standardized signage. Police officers also wear body cameras when on duty, and it’s understood that if you’re visible by the police, you’re potentially being recorded.
But there are strict rules about how police can use their recordings. Records can’t be stored or accessed outside of the local area where the recording was taken.3 And whenever footage is reviewed, a member of an independent, non-police oversight organization must be present and logs of the review must be entered into the public record. Surveillance data is almost always kept away from public eyes unless it becomes relevant to a criminal case, and whenever it is, all people who aren’t relevant to the case must be obscured.
Vehicles that travel on public roads are tracked in Utopia, mostly to ensure they follow traffic rules and pay appropriate taxes. But this data is also available to detectives trying to solve crimes, in a similar way to other police surveillance. Similarly, certain forms of pollution are monitored for taxation, and police can get access to those records with the equivalent of a warrant.
Public spaces that are privately owned, such as private roads or businesses like stores and hotels can invite and fund police surveillance if they want additional security. The security cameras installed in such spaces are subject to the same data protection standards as other police surveillance. Businesses are generally not allowed to run their own surveillance.4
Utopian Private Recordings and Data Collection
One might suspect, with such an emphasis on privacy, that taking photos of strangers would be heavily regulated. But I think no, by default, citizens of Utopia are allowed to record whoever and whatever they want, in all kinds of ways, including pictures, videos, and so on. Sensors are generally conceived as akin to sensory organs, and digital storage is likened to the memories of the brain. If you’re allowed to see something with your eyes and remember it with your brain, you’re allowed to take a photo.
Which is not to say that everyone is allowed to see everything. Most local governments have laws about harassment, stalking, and restraining orders, and it is broadly illegal to set up surveillance of private property, including just by peeping through windows with binoculars.5
One primary rule for private recordings, however, is that they must be obvious to those being recorded. Cameras, whether on someone’s phone, car, or doorbell, must be marked with patterns that match the standard signage for surveillance zones. When someone records a call, all parties involved must be informed that the recording is taking place. And in general, deliberately hiding a recording device is illegal, both for normal citizens and police.6
Since the right to (clearly) record what you see is protected in Utopia, one might be concerned that businesses or random people might erode privacy through pervasively installing cameras and so on. The key protection here is that while people are allowed to take records, any photo or other recording that contains an identifiable third-party must, by default, may only be shared in a small-scale, private, temporary way, and only for the purpose of recounting one’s experiences, not as part of doing business.
In other words, if I take a photo that has Alice in it, I am allowed to look at that photo, or show that photo to a friend or family member. But I can’t post that photo online, give that photo to someone else, or share it with my employer. These restrictions can only be ignored with Alice’s consent. Because of this general ban on sharing recordings of third-parties, software that edits photos and videos to replace the faces of people with stock-characters is common.
Utopian Targeted Advertising
Because businesses aren’t allowed to record people without their awareness and consent, corporate surveillance is less common in Utopia. But there’s also naturally less demand or opportunity, since most of Utopia heavily regulates advertising, and uses clever techniques for automatic identification that protect privacy.
Nevertheless, there are still some forms of targeted advertising in Utopia, where businesses get explicit consent from users to share their data in return for relevant information on products that they might be interested in purchasing. To most people this feels less like “surveillance” and more like trading information with a business, and is generally regarded warmly.
Alas, as a result, Utopia has fewer great works of art and music examining the alienation of being scrutinized by global megacorporations.
Though I certainly do include China, which is probably the world’s biggest surveillance state, and has some of the most potent intelligence networks, globally. I have a friend who used to work in cybersecurity who likes to say “There are two kinds of organizations in the world — those that realize they’re being hacked by the Chinese, and those who don’t.”
I’m honestly uncertain how this would apply to children and non-human people—presumably there’s some arrangement with their guardians. But regardless, I think once a person reaches a certain level of competence they are forced with a hard choice: compliance with local law or exile.
In other words, if you live on, say, an island, the police might have recordings of you, but people outside the island can’t access those recordings. If those records are relevant to some case sprawling multiple jurisdictions, the detectives must travel to the island to access the records.
Recordings might sometimes leave a jurisdiction, such as to be presented to a judge, but such a borrowing must have a fixed duration, after which they must be returned (and if still relevant, checked out again).
This is one of the more common instances where local governments choose to override the default privacy guarantees.
I use the phrase “set up surveillance” to distinguish the deliberate act of watching from the kind of casual/random/unproblematic seeing that happens when passing nearby.
This means that police are generally not allowed to “wear a wire” or make other secret recordings of people to gather evidence of their activities. On one hand this makes policework harder, but it helps prevent arms-races and more importantly, it helps establish trust with the public. “Cops have to tell you if they’re a cop” is a sticky myth, I think in part because people want to live in a world where the law is honest, rather than sneaky.
The important baseline of surveillance is whether it's intrusive or obtrusive. Obtrusive is the general chilling effect of a panopticon and cannot be ethically justified. Intrusion is targeted surveillance for specific reasons which can be validated against various ethical standards.
Surveillance in a world of inequality is always oppressive to those with less and protects those with more. There can be no general understanding of it, much less as a good, in extreme inequality.