The 9/11 attacks brought about a changed world, especially when it came to how governments collected and used our personal data. Nearly twenty years later, we face another big privacy event: the coronavirus, which is launching yet another grand leap forward toward even more mass data collection. Is there a middle ground?
In the wake of 9/11, governments in Canada and the U.S.A enacted sweeping security measures designed to protect their citizens from terrorism. In the months and years that followed, both countries gained new perspectives on data privacy, which was now forever tied to the success of anti-terrorist initiatives.
In one fell swoop, the horrific events on the morning of September 11, 2001 drastically diminished the fear of mass surveillance. That opened up a window of opportunity as panicked lawmakers, eager to prevent another attack on domestic soil, enacted the Patriot Act (U.S.A.) and the Anti-terrorism Act (Canada). In the US and in Canada, information-sharing between government agencies was broadened and enhanced. What followed was a stronger defense against terrorism at home but also a body of legislation whose scope was extremely broad, leading to surveillance abuses.
A Summary of Post 9/11 Privacy Setbacks, Culminating in Cambridge Analytica
In the U.S., the National Security Agency was allowed to listen to citizens’ private phone calls and read their emails without first getting court approval. The Patriot Act stripped away protections of personal data and private communications. What soon followed were other privacy abuses like:
- Warrantless wiretapping
- Telecom companies cooperating with government to track phone calls
- Government collection of private data on web activity – AT&T let the NSA monitor web and phone traffic in the U.S.
- Facebook and Google and others allow the NSA to collect data on live chats, email, file transfers, and search history, under the PRISM program
- Later, the NSA was able to bypass security features built into smartphones in order to access contacts, photos, location data, and even passwords and credit card numbers.
Eventually, the loosened privacy restrictions combined with aggressive data collection techniques exemplified by Facebook and Google led to the Cambridge Analytica disaster, where private companies were able to leverage lapses in privacy legislation in order to sway the U.S. 2016 presidential election.
New Hope and Corrections Long Overdue With the GDPR are Quashed by the Coronavirus
Post 9/11 anti-terror sentiments and fear were understandable – but they did lead to the weakened state of data privacy protection in which the world found itself at the height of the 2016 abuses. Great steps forward were taken in 2018, with the EU’s General Data Protection Regulation (GDPR) and subsequent, similar legislation around the world. But here we are, exactly two years after the launch of GDPR, and we find ourselves once again caught in the crosshairs between privacy and safety. Once again, there is a new perspective on privacy, driven by a terrible event (the global pandemic), which threatens any momentum the data protection movement has managed to gain. Sebastian Kurz, chancellor of Austria, sums it up with these words:
“It is a trade-off. What is more important to us? Data protection or that people can return to normal? Data protection or saving lives?” – Sebastian Kurz, chancellor of Austria
The COVID-19 Challenges vs. Privacy
In countries like China, Israel, South Korea and Singapore, surveillance is gaining tremendous backing, with privacy-threatening measures like facial recognition monitoring, collecting location data or credit-card transactions, and the tracking of citizens’ phones. Even in North America, there are calls to take steps that leave privacy advocates worried and which have reignited the “privacy vs safety” debate that began just after 9/11. Yes, aggressive surveillance might save lives. But also yes, aggressive tactics could remain in place long after the threat has dwindled, as they did post 9/11. Some even theorize that this is government opportunism, leveraging a citizenry’s fear in order to pursue its own goals (i.e. expand power).
It’s not an easy debate. This much is true: there is an urgent need to break the chain of transmission of COVID-19 in order to save lives and protect livelihoods. Contact tracing helps slow and sometimes stop outbreaks and represents a key element in the fight to contain the global pandemic. It does not, however, come without major privacy concerns.
Can we strike a balance? Perhaps. Using people’s smartphones to map out their contact with one another in order to trace exposure to the coronavirus, some governments hoped to use a central database to store the private data collected as part of the contact tracing activities. The other option, storing the data locally on people’s smartphones, ensures a higher degree of privacy protection and, as such, was agreeable to device makers like Apple and Google. Their cooperation is needed since they must rewrite Bluetooth protocols so that contact tracing apps would have access to other apps for data collection without reducing the phone’s performance.
Germany, Switzerland, Estonia, and Austria have agreed to abandon the idea of a centralised database in order to get cooperation from Apple and Google. Others are holding out for a centralised protocol even though there is no legal basis for requiring a private firm to comply with government demands on how their products should operate.
In Conclusion
The implications of COVID-19 for privacy perspectives and legislation are enormous. While 9/11 prompted stronger surveillance of a citizenry largely naive to the scope of the privacy infractions that were about to take place, the coronavirus hits at a time when our collective views on data privacy are far more informed.
We have learned valuable lessons in the twenty years between these two catastrophic events – lessons about data privacy that should help balance the equation between safety and privacy. The difference between a centralised database and local storage of data on private phones is a case in point. Twenty years ago, the public would not have been ready to address this issue at the level of casual discourse because most people would not have understood the technology, let alone the implications for privacy and how that impacted their lives. Now, thankfully, we live in a more informed era, one where privacy awareness is not reserved for just the experts and lawmakers. It’s on everyone’s radar now – let’s keep it that way and do better this time around.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.