Heidi Boghosian - “I Have Nothing to Hide”: And 20 Other Myths About Surveillance and Privacy

For my parents,
Marilyn and Varujan Boghosian,
with love

Do you know where your data is?

Most of us do not.

Its astounding how weve embraced the digital age without such an awareness. Late-night television news watchers from the late 1960s through the 1980s remember what became a parodied catchphrase: Its 10 p.m. Do you know where your children are? Celebrities like Andy Warhol and Grace Jones even appeared on screen to invoke the public service announcement mantra, urging parents to keep track of their kids.

Fast forward to the electronic age. Youngstersthe so-called iGenerationspend hours online each day. Virtual forays can be as sinister as walking unattended in the streets after dark. A public service warning about the perils of electronic mass surveillance is long overdue.

Thats because most Americans are unfit as digital parents. They let the familys personal information roam far and wide, through electronic devices and social media platforms. Hundreds of data trails remain, like breadcrumbs in a forest. In this epoch of data-as-commodity, these crumbs give strangerscommercial data aggregators who mine and analyze our habitsa means to monitor us 24/7 and to influence our thinking. When we dont take precautions to secure our personal information, such intruder entities exercise more and more control over our lives.

When third parties control our information, we are vulnerable to discrimination by landlords, employers, or service providers based on age, race, disease and mental health history, and other qualities. Autonomy and personal freedoms perish when private data is up for grabs. Gone is the option of being anonymous when we want to voice an unpopular opinion or share a tip about fraud. Also harmed is freedom of expression and personal agency over our thoughts, actions, and self-perception.

And thats why we must demand to know where our data is and how it serves as the keystone of the surveillance state.

Northridge, a data analytics firm, suggests that in the data economy, data is more valuable than oil. Like oil, raw datas value comes from its potential to be refined into an essential commodity. And what is the refinement process for our data? It is the linking of different information sets to create dossiers on every American to sell to third parties.

The US data brokerage industry is estimated to be worth over $200 billion, while the European Commission, as of 2020, estimated the European data market to be worth 106.8 billion. The firm paid Dr. Aleksandr Kogan of Cambridge University to develop a personality quiz app, thisis yourdigitallife. Touted as being for academic use, the app scraped data from Facebook users friends, without the social networks knowledge.

Algorithms then combined this data, according to former CA staffer Christopher Wylie, with other sources such as voter records to create a superior set of records... with hundreds of data points per person.

Despite practices like this, Madison Avenue advertisers arent creating PSAs urging data protection. Slogans like If You See Something, Say Something, addressed later in this book, in , convince civilians that spying on one another is a civic duty. Apps like Neighbors and Nextdoor are popular vehicles to share information about home repair recommendations, attempted auto thefts, or suspicious activity. And for $2,000 a year, Flock Safety will install a private license plate reader on a pole to track the comings and goings of all cars on your street. These apps, cameras, and social media platforms influence profit and politics, while marketing a false sense of benign community.

The prevailing message is clear: share your personal information for convenience and total connectivity. Tech companies market the tools of electronic surveillance as our friends, while disguising the lucrative business of gathering and selling personal data as essential for security: Smart homes are more secure. Biometrics are unhackable. Surveillance makes the nation safer. And so on.

Preferences expressed on Facebook, as the Cambridge Analytica scandal shows, purportedly enliven exchanges with friends but can also reflect, and affect, our choices in the voting booth. The masters of the surveillance statemarketers, contractors, and government agenciesmake it easy to enlist but quite difficult to get answers about what they do with our information. Thats like stashing the crown jewels in a motel room safe, and then leaving the code on a Post-it. Yet we do it daily.

Every two seconds a new victim of identity theft is born in the United States. Experian estimates that more than 30 percent of data breach victims will have their identity stolen.

Why is that? Once they amass our information, arent big corporations and the government safeguarding it in their databases?

Lawmakers arent doing enough to learn about cybersecurity and hold large database managers accountable for data breaches. Sloppy security practicesboth by corporations and government agenciesexpose wide swaths of credit card numbers, social security numbers, passwords, and other personal information to hackers.

Another reason identity theft is an epidemic in the US is that federal law enforcement agencies (the FBI, NSA, and others) handle data under the illusion that they are computer geeks, super sleuths able to avert threats to national security with the press of a computer key. In fact, the entire government suffers from tech illiteracy that was exposed when the FBI tried to force Apple to provide access to a terror suspects iPhone in 2016. A 2020 audit of the FBIs information security program and practices identified weaknesses or control deficiencies, in five of the eight domain areas that need strengthening to ensure adequate protection of the Bureaus information systems and data.

Errors abound, corrupting the dossiers held on millions of Americans. The mundane task of entering data incorrectly can be life altering. That happened to Muslim graduate student Rahinah Ibrahim. She was stranded in Malaysia for nine years after the United States barred her reentry in 2005. An FBI agent had mistakenly added her to a terror watch list by checking the wrong box on a form.

The National Crime Information Center (NCIC) database has also been susceptible to errors in profiles of individuals. This database is a central resource for more than eighty thousand law enforcement agencies. Defying common sense, the FBI, in 2019, exempted the NCIC database from provisions of the Privacy Act of 1974s mandate that federal agencies keep all records used by the agency accurate, relevant, and complete. This means that more than thirty-nine million NCIC records, relied on by law enforcement, may include errors.

Each day new privacy intrusions come to light. During the upsurge in online learning due to the 2020 COVID-19 pandemic, hackers set their sights on e-learning portals such as Unacademy. More than sixteen billion sensitive records were exposed in data breaches between 2019 and the summer of 2020, according to the blockchain startup SelfKey.

Breaches of online classes are just the tip of the pandemic-related data breach iceberg, whose impact will likely be far-reaching. Efforts to quell the novel coronavirus have sent tech companies and public health officials scrambling for ways to track its spread. Left unchecked, valid public health objectives may pave the way for more insidious and permanent means of government surveillance. We could so easily end up in a situation where we empower local, state or federal government to take measures in response to this pandemic that fundamentally change the scope of American civil rights, says Albert Fox Cahn, head of the Surveillance Technology Oversight Project in Manhattan.