Your Privacy at Risk
A Lot to Absorb
This page has a lot of information on it. The issues are complex and have significant implications for our future as a free society.
For a long time, internet privacy seemed to only concern the conspiracy theorists and worriers among us. But these days it's getting harder to tell the difference between reality and an episode of Black Mirror. — Mozilla
People don't really understand privacy nor value what they've given away.
As disheartening as it is for some of us to believe, it's not the privacy that bothers most people — otherwise we'd be far, far more careful about all the data we're already handing over to Google and Facebook in exchange for “free” services. It's the impact on performance. We don't all hate giving away data but we all seem to hate our browsers being slow. — iMore
Essentially, privacy is power over your own information.
If we accept as normal and unavoidable that everything in our lives can be aggregated, sold, or even leaked in the event of a hack, then we lose so much more than data. We lose the freedom to be human. We deserve better. You deserve better. — Apple CEO, Tim Cook
The purpose of this page is to open your eyes to what is happening.
The next step is to fight to protect our virtual privacy for the same reason we protect our physical privacy with locks on our doors.
People often don't think about their rights until they need them -- whether it's when they're arrested at a protest or pulled over for a routine traffic stop. — ZNet
The examples used on this page are only the very tip of the iceberg.
Privacy a Basic Human Need
Privacy is a basic human right according to the UN:
No one must be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. — Universal Declaration of Human Rights, Article 12
Privacy is needed for dignity and respect.
The most common retort against privacy advocates — by those in favor of ID checks, cameras, databases, data mining and other wholesale surveillance measures — is this line:If you aren't doing anything wrong, what do you have to hide?
… [This] accept[s] the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. — Bruce Schneier: The Eternal Value of Privacy
Privacy is Not About Hiding Wrongs
Protecting your privacy doesn't mean you have something to hide. There is a reason we have locks on our doors and curtains in our windows.
But secrecy and privacy are not the same things, and there are many situations in which we need to stand up for privacy, even when something isn't completely secret. — Cindy Cohn, EFF
Don't confuse privacy with secrecy. I know what you do in the bathroom, but you still close the door. That's because you want privacy, not secrecy. — Fábio Esteves
Fear of Surveillance is Real
The fear of surveillance is realistic and stifles personal expression.
We don't feel as free to express our creativity when our conversations or Internet activities are being monitored.
We have laws against people opening our mail without permission. Why should we react any differently when someone is peeking into our electronic identity?
If you believe that you have "nothing to hide" from the prying eyes of the NSA, you shouldn't mind letting a stranger rifle through your bank statements, emails, and photos — right? — ZDNet
Not a Zero-Sum Game
The debate between privacy and security has been framed incorrectly as a zero-sum game in which we are forced to choose between one value and the other. Why can't we have both? — Daniel J. Solove
- Three reasons why the "nothing to hide" argument is flawed.
- "I have nothing to hide. Why should I care about my privacy?".
- The eternal value of privacy.
Blaming the Victim
Rather than examining the motives behind those collecting information, the “nothing to hide” mantra is designed to misdirect.
Blaming the victim has a strong echo of McCarthyism.
Even if we think we have nothing to hide, all of us, whether world leaders or ordinary citizens, have good reason to be concerned. — TomDispatch
[A] federal court in the Eastern District of Virginia held that individuals have no reasonable expectation of privacy in a personal computer located inside their home. — Electronic Frontier Foundation
This sort of invasion of privacy is totally contrary to the spirit of the law: innocent until proven guilty. I wonder how that judge would feel if you broke into his home and were sorting through his personal papers?
More about why privacy matters:
- Mozilla's The Glass Room is a 3D virtual reality tour of the ways our privacy is invaded by devices and corporations.
- A Saturday Morning Breakfast Cereal comic examines government back doors as privacy abuse.
- Glenn Greenwald: Why privacy matters — TEDGlobal October 2014.
- 10 big data analytics privacy problems. The mass collection of personal data needs to have regulation to protect our privacy.
- Appeals court affirms NSA surveillance can be used to investigate domestic criminal suspects.
We're being spied upon constantly. By our governments and by businesses.
Following the attacks on September 11, 2001 we've been faced with unprecedented attacks on personal freedom by governments worldwide.
Although poorly understood at the time, one of the biggest long-term impacts of the September 11 attacks was expanded surveillance in the United States and other democracies, by both public and private sectors.
The stakes are high. If democracies fail to turn the future of global surveillance in their favor, digital authoritarian competitors stand ready to offer their own model to the world. — Nicholas Wright
Governments seek to collect and store virtually everything about their own citizens including their online activities. Everyone is considered guilty.
A lot of people assume that those who are under surveillance are quite deserving of that surveillance. That is not true. — Mailyn Fidler
The “official” purpose of NSA (and Canadian) collection of personal phone records is to prevent future terrorist attacks.
We're No Safer
However, the process is incredibly invasive to our privacy and cannot be justified by any improvements in public safety from terrorist threats since it was introduced.
This abuse of privacy has made us no safer in Canada or in the U.S.
No serious, verifiable evidence has been produced by the proponents of compulsory suspicionless [bulk] data collection to show that the data mining and profiling by means of the bulk data in general… is even suitable to the ends supposedly being pursued — let alone that it is effective. — BCCLA
We have not yet seen any evidence showing that the NSA's dragnet collection of Americans' phone records has produced any uniquely valuable intelligence. — Senator Ron Wyden
Secret Courts Unacceptable
Collecting information based upon a warrant issued by a judge in a public court can be seen as justice.
However, collecting information on innocent citizens based upon warrants issued by secret courts just in case it may be useful in the future is hard to justify.
All this access has a very low threshold, partly because of a U.S. court decision that stated that if third parties have access to your information, a warrant shouldn't be needed for the government to access it.
Geofencing, stingray and other cell-tracking technologies reveal a lot about individuals that have nothing to do with the warrant (if one is even obtained).
The Canadian government raised a stink when cell-tracking technologies were used in Ottawa near federal facilities. They obviously are more concerned with their privacy than ours.
I don't want to live in a world where everything I say, everything I do, everyone I talk to, every expression of creativity and love or friendship is recorded. — Edward Snowden
Protection Against Terrorism Undeliverable
Unprecedented government spying on their own citizens has resulted in no significant reductions in terrorism that could not have proceeded otherwise.
Democracy and privacy are the victims, not terrorism.
The loss of our privacy is unacceptable.
If you're willing to sacrifice some freedom to feel safe, you deserve neither. — Thomas Jefferson
The Surveillance Economy
The traditional marketplace of buying and selling using a set price has been replaced with a surveillance economy where access to private data is exchanged for goods and services.
Unlike the up-front cost of purchased products, this new model simply collects information without revealing either the value or the cost in terms of privacy. It is a very one-sided bargain.
Social media is one of the most obvious examples.
So much personal information is collected by social media companies including facial recognition software, comparative and linked data (such as the Facebook "Like" button) and more.
Most, if not all, social media data is being stored outside Canada and doesn't have the protections afforded by Canadian law.
The Email Connection
The fact that users must sign up using their email address, that provides a strong link to other data about the user.
Most Canadians now use webmail which is stored on servers in the US or other countries. Your emails are scanned to profile you to serve ads, alter search results, and other purposes based upon the emails you send and receive if you're using Gmail, Yahoo! mail and similar services.
The Cell Phone Connection
Your cellular provider is collecting and sharing personal information.
Cellphones provide very precise 24/7 location data. While it is extremely handy to know where the nearest coffee shop or grocery outlet is located, that same information is provided in reverse. The cell company knows everywhere you go, even whom you're sleeping with.
Your cellular provider already tracks your physical location at all times: it knows where you live, where you work, when you go to sleep at night, when you wake up in the morning, and — because everyone has a smartphone — who you spend time with and who you sleep with. — Bruce Schneier
We've voluntarily provided governments and corporations with massive amounts of private information that used to be cost-prohibitive to collect — and we pay some of the highest prices in the world for that privilege.
We love cell phones. We love them to death. For all kinds of reasons. I mean, can you imagine? Suppose twenty years ago Congress had proposed a law saying every citizen had to wear a radio transponder around his neck, all day and all night, so the government could track him wherever he went. Can you imagine the outrage? But instead the citizens went right ahead and did it to themselves. In their pockets and purses, not around their necks, but the outcome is the same. — Lee Child, A Wanted Man
If the government said you have to have a tracking device, for certain you would rebel. But the government doesn't have to say that because you do it willingly and they just get a copy of the data. — Bruce Schneier on BBC
Thats a Lot of Data
The Guardian reports that
- 300 hours of video are uploaded to YouTube every minute.
- 500 million tweets are sent every day.
- 30 billion WhatsApp messages are sent every day.
- 40 million photos are uploaded to Instagram every day.
From the dawn of civilization until 2003, humankind generated five exabytes of data. Now we produce five exabytes every two days…and the pace is accelerating. — Eric Schmidt
Artificial intelligence (AI) has been seen and promoted as having huge potential for good but also has the ability to work against humanity. Machines don't suffer a conscience like humans do unless it is programmed into the machine.
The reality is, AI is everywhere. AI helps diagnose our diseases, decide who gets mortgages, and power our TVs and toothbrushes. It can even judge our creditworthiness. And the impacts — touching on issues of fairness, privacy, trust, safety, and transparency — will only get more profound as our reliance on AI increases with each passing day. — Mozilla Foundation
AI allows for rapid manipulation of massive amounts of data and commercial and government entities have been collecting more data than they could possibly sift through. AI gives them the ability to make use of that collected data.
AI is being rapidly deployed and not everyone is ensuring that our privacy is being protected. We see YouTube video suggestions that reflect the extreme rather than the norm, leading many down a rabbit hole that can be destructive. Other online resources have similar issues where choices are being made by formulas managed by machines rather than people.
I strongly recommend you read Mozilla's approach to trustworthy artificial intelligence (AI) where they look at these issues.
Facial recognition is nearly perfect and is now being deployed in businesses and government services around the world. There has been an explosion of the number of cameras in public areas — often accessible via the Internet.
Facial recognition is often portrayed in a positive light on TV shows where the police use camera footage to identify and arrest the perpetrators of crime.
Unfortunately, the truth is much darker.
[F]ace recognition may seem convenient and useful, but is actually a deeply flawed technology that exposes people to constant scrutiny by the government…. — EFF
The British security industry association figures there are nearly six million CCTV cameras in the UK. That's one camera for every 11 people. — Veronica Belmont
Chinese scientists have developed an artificial intelligence (AI)-enabling 500 megapixel cloud camera system able to capture thousands of faces at a stadium in perfect detail and generate their facial data for the cloud while locating a particular target in an instant. — Global Times
The legal framework to protect your privacy has fallen far behind the technology. Searches at the border are based upon the needs of an age when everything was on paper. That is how they justify copying everything on your phone or computer, placing all of us at risk.
A report by Georgetown Law Center for Privacy and Technology estimates that about half of US adults — more than 117 million people — have their images logged in a facial recognition network of some kind — a trend civil liberties group the Electronic Frontier Foundation describes as “a real and immediate threat” to privacy. — BBC
This has never happened before. It hasn't happened with fingerprints, it hasn't happened with DNA. Until now there's been a line, that unless you commit a crime we don't record the facts of your body. — Alvaro Bedoya
Facial Recognition Errors
It's bad enough that you can be recognized in photo and documents everywhere, enlarging the massive profile advertisers and governments have on you. What if there are serious errors?
Facial recognition technology is often biased along the lines of age, gender, race, and ethnicity.
In 2014, Steven was living an ordinary life as a financial broker in Denver. In the month's before a couple of bank robberies had taken place in Denver. There was a video clip from a security camera and it played on the local news. Three people who thought it could be him phoned in a tip…so the cops came for him.
Steven spent months in jail before his lawyer proved it wasn't him. Proved he was at work when the robberies took place. They let him go.
A year goes by and then he's arrested again. This time, the cops were sure it was him. They were wrong. More evidence proved he wasn't the suspect. Again, he was a free man, but the damage was done. You can't keep a job in the finance industry when you've been accused of robbing a bank.
Because of what's happened Steven Talley is currently homeless. — Veronica Belmont
Stalkerware sold as a method of monitoring your child or your employee's use of a company-owned phone (the only legal uses) but is more commonly used to track your spouse (hence, the nickname “spouse-ware”).
Whether your motives are pure or otherwise, this is an invasion of privacy and the fact that the data is often stored on insecure servers should cause you to rethink its use.
Stalkerware is spyware and is now marked for removal by Kaspersky and other security software vendors.
More about stalkerware on the Malware (Spyware) Detection & Removal page.
You've probably seen the ads for The Ring, the door bell/video camera that allows you to see who is at your door even when away from home. Sounds like a great security tool, right?
Crime Rates Dropping
If you've seen the commercials for the Amazon Ring camera, you'd think crime was rampant in your neighbourhood. Crime rates have been dropping for years.
By sending photos and alerts every time the camera detects motion or someone rings the doorbell, the app can create an illusion of a household under siege. It turns what seems like a perfectly safe neighborhood into a source of anxiety and fear. — EFF
Ring owners can share video from their Ring's camera with other Ring owners as well as provide that footage to local police without a warrant. Even if you don't have a Ring, your neighbour's Ring shows everything going on at your house.
Issues with facial recognition complicates matters. It isn't as straight forward as TV crime dramas would have you believe.
[E]ven when facial recognition works as expected, it's often used to surveil people of color. Amazon's Ring doorbell cameras pose similar risks, because Ring shares its footage with law enforcement through its Neighbors Law Enforcement Portal, which has been called the "perfect storm of privacy threats." — Mozilla
Partnerships with Police
Many local police departments have been working with Amazon to increase the number of cameras to gain access to footage. But there are issues.
In just a year and a half, Amazon's Ring has set up more than 500 partnerships with law enforcement agencies to convince communities to spy on themselves through doorbell cameras and its social app, Neighbors.
The company is moving recklessly fast with little regard for the long-term risks of this mass surveillance technology. These partnerships threaten free speech and the well-being of communities, vastly expand police surveillance, undermine trust between police and residents, and enable racial profiling by exacerbating suspicion and paranoia. — EFF
Law enforcement partnerships with @ring don't make neighborhoods safer—they turn our front doors into vast, unaccountable surveillance networks. — EFF on Twitter
Your Devices Are Watching You
Can anyone really have total confidence in what these machines overhear and where those recordings might appear? Sometimes, such speakers have deliberately recorded your conversations. To help create a better product for you, of course. — ZDNet
The problem of privacy is only going to get worse as the Internet of Things evolves. Already there are more connected devices than people in the world. There is an imminent explosion of devices that will track every aspect of our lives.
Any bed that monitors your heart rate, breathing, and movement could allow people with access to that data to determine when you get up in the morning, when you go to bed at night, or even when and how often you have sex. — Mozilla
The reason I smartened up my house was to find out whether it would betray me. — The House That Spied on Me
Virtually every “smart” device is gathering information on you (perhaps including your private conversations). From connected baby monitors to smart TVs to video cameras, everything is being connected — the majority in a very insecure manner that can be hacked.
This isn't an isolated incident. Vizio surrendered to a lawsuit charging them with collection viewing data on 11 million consumer TVs.
Many people feel safe with a printed document, assuming it can't be traced.
The US government made a secret deal to place yellow dots onto every page printed from many (perhaps most) colour laser printers, ostensibly to track counterfeiters.
We've found that the dots from at least one line of printers encode the date and time your document was printed, as well as the serial number of the printer. — Electronic Frontier Foundation
Smart Meters Reveal Much About You
Analogue meters simply recorded the total amount of electricity used between readings.
Smart meters do more than simply remove the need for meter readers to visit your home or business a few times a year. They record the timing, duration and quantity of electricity you use.
Privacy information begins at the video's 24:24 mark but I strongly recommend watching the entire presentation.
Apple Treating Privacy Differently
It doesn't have to be like that. As we move into an era where more and more personal data is required in order to provide services that require personal data like map services, health information tracking, etc. Apple wants to have your trust. They make their money on products, not by monetizing the data required to operate these devices.
[S]ome of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. They're gobbling up everything they can learn about you and trying to monetize it. We think that's wrong. And it's not the kind of company that Apple wants to be. — The Washington Post
The laws that govern the ability of the governments to collect this information are woefully out of date.
The Privacy Act, which oversees the [Canadian] government's use of your data, came into effect in 1983 — years before the Internet, or cell phones. — OpenMedia
Legislation is required to manage this “no holds barred” collection of personal data just as certain questions are no longer acceptable on an employment application and access is provided to challenge your credit reporting data.
Corporations have not protected the personal data they've collected. Instead they've allowed it to be hacked over and over because they had no real investment in the data (unlike their own proprietary secrets).
New Legislation an Improvement, But Falls Short
Canada's proposed Bill C-11 is an improvement, but doesn't go far enough, partly because it fails to establish privacy by design.
Bill C-11 seeks to enact the Consumer Privacy Protection Act (the CPPA) while simultaneously repealing corresponding provisions from Canada’s existing data privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA). The CPPA would create new data privacy obligations and maintain PIPEDA’s principles. — Colin Hyslop
Although [Bill C-11] is primarily a bill to fight against piracy, [i]t also gives the Canadian government more power to monitor the Internet activities of its citizens.
In fact, it requires that ISPs collect and store their users' data. It legally takes away all of your online privacy.
There is also the Anti-Terrorism Act, Bill C-51. This bill gives Canada the opportunity to share datum with the government and their allies. — Top VPN Choice
The European GDPR, which came into effect on May 25, 2018, is a good start. It puts control of private information back into the hands of those that suffer the most when it is compromised.
Current Trends Contrary to Privacy
Current trends in the US are contrary to this protection and it will be an uphill battle.
Not only is this culling of data extremely profitable, but these companies spend a great deal of money lobbying for a relaxation of existing laws. Even politicians that should be protecting our rights want to know the demographics that will get them re-elected regardless of the threat to our privacy.
- Save Broadband Privacy.
- Congress repeals Internet privacy rules.
- Five creepy things your ISP could do if Congress repeals the FCC's privacy protections.
- Snoops may soon be able to buy your browsing history. Thank the US Congress.
There are bound to be abuses by law enforcement of any tracking system.
We're Becoming a Police State
We've seen a series of laws and rules that greatly increase the power of the government and police to gather information on their own citizens and use it without the traditional requirement for warrants or probable cause.
This is the very definition of a police state.
Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that's why we should champion privacy even when we have nothing to hide. — Bruce Schneier: The Eternal Value of Privacy
No Privacy for Canadians in the US
Trump's 'no privacy for non-Americans' order is not encouraging but don't be fooled into thinking that other governments are benevolent.
Private data for citizens of Lithuania, Estonia, Malta and the Netherlands receive greater legal protection from the US than Canadians' data does. Canada is NOT designated as a “covered country” even though we share a huge common border and they are our largest trading partner and have some of the toughest copyright laws.
Fight for our Privacy
To make matters worse, a great deal of Canadian Internet traffic flows in and out of the U.S.
Add your name to the letter to these ministers to demand that they take action to fight for our privacy at Fight for our Privacy.
Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World by Bruce Schneier is an imperative read for everyone. Read the introduction.
The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we're offered. Governments use surveillance to discriminate, censor, chill free speech, and put people in danger worldwide. And both sides share this information with each other or, even worse, lose it to cybercriminals in huge data breaches.
Much of this is voluntary: we cooperate with corporate surveillance because it promises us convenience, and we submit to government surveillance because it promises us protection. The result is a mass surveillance society of our own making.
But have we given up more than we've gained?
In Data and Goliath, security expert Bruce Schneier offers another path, one that values both security and privacy. He shows us exactly what we can do to reform our government surveillance programs and shake up surveillance-based business models, while also providing tips for you to protect your privacy every day.
You'll never look at your phone, your computer, your credit cards, or even your car in the same way again.
Frontline's United States of Secrets is a powerful look at the dangerous spying by the NSA on their own citizens and the revelations following the release of the Snowden documents.
Frontline investigates the secret history of the unprecedented surveillance program that began in the wake of the 9/11 attacks and continues today.
Episode 1 (Transcript) shows how the dangerous plan to greatly increase the power of surveillance on the American (and international) public was secretly authorized with the stated goal of finding unknown terrorists within our midst.
Several members of the NSA and other government bodies opposed the plan on the basis that it overstepped the requirements and undercut civil liberties enshrined in the US Constitution without any real oversight.
Episode 2 looks at the increasing commercial surveillance by companies like Google and later Microsoft, Facebook and others to generate massive advertising income. This information was later co-opted by the NSA and, in the process, further eroding every citizen's privacy. There is no evidence that any of this surveillance has made us any safer (think of the Boston Marathon attacks — the sort of event this program was supposed to prevent).