There is a story making the rounds today about a secret CIA program for which very few details exist except for the disclosure that it involves a mass surveillance program on American soil that included at least some data collection of U.S. Citizens. It looks like the Wall Street Journal broke the article but Fortune has a good summary.
What we do on the Internet has been commoditized for years. If you’ve been paying attention, you shouldn’t be surprised. If advertisers are figuring out when you’re pregnant, don’t you think the government is also taking notes?
At this point, governments (and companies looking to monetize you) are punching holes in the Internet much faster than the folks trying to protect your privacy can patch them. When I was a lawyer, and a client would ask me how to make sure sensitive data was safe “in the cloud”, my stock answer was, “Don’t put it there.” Reading the story about the CIA’s data collection plan is not shocking. It would be surprising if they weren’t doing it. (I expect numerous foreign governments are doing the same things, if not worse.)
Just think about email, for instance. You send an email, and it goes through the Internet pipes to get to your recipient. It has to. No pipes, no email. Clever governments and hackers can snoop in those pipes and capture copies of unencrypted email as it is in transit—we just kind of live with that. If we rewound the clock several decades and discovered that the government was intercepting and making copies of all the mail that arrived in our physical mailboxes, there would have been riots in the streets. Now we just sort of shrug.
All we can do now is try to make smart choices.
- Try to deal with companies with transparent ownership and express an interest in privacy through their actions.
- Don’t rely on companies that you suspect will one day need to monetize your data to stay afloat.
- If you want to be even more paranoid, don’t trust small start-ups. You never know who will end up buying them and inheriting your data.
- Wherever possible, use end-to-end encryption.
- Seriously, consider why you’re sending data somewhere else.
All that said, I’m not sure how you escape it in the modern world. We live in an age of mass surveillance, whether you realize it or not.