This sounds well and good. The people who propose and implement these solutions are undoubtedly well- intentioned. But the whole approach is fundamentally flawed.
One big problem is that the path of legal regulation assumes a trade-off between privacy and other benefits, such as profit or bureaucratic efficiency. In the balance, privacy usually comes off second best. There are clear and direct advantages to corporations and government departments in expanding their capacities to gather and manipulate information on citizens. By contrast, there are few powerful groups with any direct interest in protecting the privacy of the “ordinary citizen.” The result is that privacy concerns are routinely squashed by the steamroller of surveillance.
It is risky to rely mainly on governments to provide protection against surveillance when governments themselves are responsible for much of it. The very existence of the government depends on collecting taxes. So when government needs for tax money meet citizen resistance to further impositions, it becomes difficult to argue against extra measures to stop “tax cheats,” even when these measures involve accumulating ever more information about individuals. The state also depends for its existence on the police, military and spy agencies to detect and thwart external and internal challenges. These arms of the state are well known to thrive on information collected through surveillance.
In practice, the main role of laws protecting privacy may be to give the illusion that the problem is being dealt with. Certainly that is the case for the Privacy Commission in Australia, whose task is to make recommendations on how to maintain privacy within the present laws. The Commission can do nothing to challenge existing laws. So when the Australian government decided to allow tax records and other records to be combined — something it had earlier promised not to do — the Privacy Commission could only sit there and make recommendations within the framework of the new policy.[5]
It is unrealistic to expect governments to take the lead in countering the driving forces behind increasing surveillance. True, the state is not a unified entity, so there can be groups inside pushing against as well as for surveillance. But as long as the state depends fundamentally on maintaining power over citizens — and it must, in order to extract resources to support itself and to defend itself against internal and external enemies — the state cannot be a reliable ally against surveillance, since surveillance grows out of and supports the power of the state.
The power to undertake surveillance and use the information obtained is corrupting. That explains why reform solutions are inadequate.
Technical solutions
Another way to deal with problems of surveillance is to implement technical fixes. An example is public key encryption for electronic communications.
Consider a person who uses a computer to generate a message that is communicated through the telephone network to another computer. Surveillance of this message is possible by tapping into the network and deciphering the computer text. Now add encryption: the sender uses a little program to turn their message into code, using their own private key and the receiver’s public key. The receiver is able to decipher the message by using the receiver’s private key and the sender’s public key. The receiver also knows that the message could only have come from the sender, for whom the key thus is an electronic signature. This can be done using ordinary desktop computers using freely available software.
Naturally, spy agencies do not like it. The United States National Security Agency has pushed for keys designed by the NSA itself. Others suspect that the NSA will design the key so that it can break the code and be able to read all telecommunications. Individual users, by contrast, want a system to guarantee the integrity of their messages.[6]
Many government and corporate elites won’t be attracted to public key encryption either. They prefer encryption systems which ensure that they can find out what their employees or clients are communicating.
One lesson from this debate is that technical solutions are not automatically implemented, however logical they may appear. Technical approaches to collecting and processing information are the product of the exercise of power. In the case of public key encryption, the power struggle is visible. Usually such struggles are not.
Technical choices pervade privacy issues. They are involved in designing questionnaires and standard forms. (Why, for example, should I have to provide my social security number when assigning copyright of an article to a publisher?). They are involved in setting up computer databases. They are involved in establishing standards for telecommunication systems. These and other technical choices involve the exercise of power. A technical fix is not an easy solution to the problem of surveillance, but simply another arena for the same basic debates.
Disrupting surveillance
Surprising as it may seem, much surveillance depends on cooperation or acquiescence by the person about whom information is collected, such as when we fill out forms. As well, the cooperation or acquiescence of various workers is required for surveillance to be successful. These dependencies suggest a number of measures to corrupt databases. I will comment afterwards on the disadvantages of this approach.
Disrupters can fill out forms with small mistakes in their names, addresses, and other details. This will create multiple entries in databases and make it more difficult for database matches to be successful.
Disrupters can fill out forms with imaginary information, or with information about famous people (or about database managers). This will swamp the database with incorrect information.
Workers who key in data from forms can introduce mistakes.
Computer programmers can corrupt files. A subtle approach is to make changes that reduce the value of files, for example replacing the occasional number “0” by “1” or replacing the occasional letter “a” by “e.” (Just imagine how this would affect a record of personal data about yourself.)
Computer programmers can take more drastic action against files, for example totally erasing databases (and backup copies). There are a number of destructive techniques, such as logic bombs, Trojan horses and computer viruses.
One needn’t be a computer specialist to be disruptive. A magnet can be quite sufficient to damage computer tapes and discs, and pulling out a few circuit boards can disable a computer.
In the face of direct surveillance by bugs or observation, a range of devious techniques can be imagined, such as disguises and misleading taped messages.
