Thursday, October 1, 2015

Review of Dragnet Nation by Julia Angwin (2014, St Martin’s Press)

The subtitle for Dragnet Nation is ‘A quest for privacy, security, and freedom in a world of relentless surveillance,’ which neatly sums up the book’s focus.  In short, Julia Angwin charts: (a) how web- and mobile-based communication has become an intersecting set of data dragnets in the United States (and elsewhere), with state agencies and companies using a variety of practices (such as using cookies, data trackers, wifi and MAC address sniffing, spyware) to track and trace the use of phones, apps, websites and online transactions and purchases; (b) her attempts to reclaim her privacy and to evade mass surveillance, and to improve her data security, using a range of different tactics, including cloaking, blocking, obfuscation, encryption, requests for copies of her data and deletion from databases, and changing which services she used.  Her analysis draws from of two main sources: her journalism with the Wall Street Journal and interviews with key witnesses, as well as desk-based research of literature; and her own attempts to install various bits of software and to change her online and communications behaviour. 

Angwin’s argument is that ‘the modern era of dragnets marks a new type of surveillance: suspicionless, computerized, impersonal and vast in scope.’  She reports that in 2013 Krux Digital had identified 328 separate companies tracking visitors to the top fifty content websites.  She herself identified 212 data brokers operating in the US that consolidated and traded data about people, only 92 of which allowed opt-outs (65 of which required handing over additional data to secure the opt-out), and 58 companies that were in the mobile location tracking business, only 11 of which offered opt-outs.  She contends that through a lack of privacy people are being routinely hacked in a number of ways, including: always being locatable; finding it difficult to keep something secret; being impersonated; having devices hacked and used to spy on activity using the microphone, camera, and screenshots; being categorized, socially sorted and financially manipulated; and always being considered a suspect by state agencies and open to suspicionless searches.

While one of the back cover endorsements claims the book is an ‘antidote to Big Brother’s big chill’, I experienced the opposite.  It is an engaging and informative read, but an also somewhat depressing, revealing the US state to be entirely paranoid about its own citizens, routinely spying on them as if they are all criminal suspects (often in secret and without legal recourse; as the Snowden and Wikileaks revelations have also highlighted), and corporations have little respect for their customers treating them as simply another commodity to be monetized and sold, with just about all of their online behaviour, however mundane, being harvested, traded, and consolidated to create new derived data products, and used to nudge them towards purchases (with such actions authorized in the small print of complex legal documents that detail terms and conditions, or not at all as in the case of many apps).  In both cases, privacy has disappeared almost entirely, despite claims to the data being anonymized (it is incredibly easy to de-identify the data given the overlapping metadata). And Angwin’s analysis only concerned the internet and mobile phones; once one considers the plethora of smart home and smart city technologies, from mass digital CCTV, automated systems, to the internet of things, then the loss of privacy multiplies.

As Angwin’s own concerted attempts to reclaim privacy highlight, at present it is very difficult to regain any meaningful level of protection (and even if one does, the very fact that a person is seeking privacy flags them up as a potential risk and further potential surveillance).  Indeed, Angwin often struggled to make sense of different technical approaches, install various bits of software, and change her behaviour, despite being technically savvy and having access to leading experts in the field.  Certainly many of the approaches she tried would be beyond the average internet or smartphone user.  This leads her to conclude that the solution to the data dragnet cannot be purely technical, but rather requires a combination of better laws, oversight and financial penalties, a more transparent and ethical state (just as there is surveillance focused on citizens, there should be on the state itself to create mutual accountability; and it should use more ethical approaches such as programs like ThinThread that tries to respect and protect privacy, relying on encryption and court sanctioned search warrants), and a new market of platforms that see consumer privacy as a competitive advantage.  Here, I was somewhat surprised not to see privacy-by-design in the mix, or even discussed, nor data minimization or fair information principles. 

Ultimately, Angwin concludes that there is a need to find a middle way between ‘those who ask us to hand over all our data and “get over it,” and those who suggest that we throw our body on the tracks in from the speeding train that is our data economy ... We didn’t shut down the industrial economy to stop pollution.  We simply asked the polluters to be more accountable for their actions’ (p. 223-224).  Finding and implementing that middle way, however, given the vested interested involved will not be easy or straightforward.  Overall, an interesting read that highlights the extent of the present dragnet and the difficulty of avoiding it, but a little thin on how the data captured is being used and alternative privacy visions (which might have been gained by examining privacy, technology and legal debates).  Certainly worth a read if you want to increase your paranoia about how data about you is generated and traded.

No comments: