Between SOPA, NDAA, telecommunications surveillance, and people's willingness to share endlessly via social networking, will 2012 mark the year consumers irreversibly surrender their privacy and freedoms?
A mantra of the Internet age, articulated in 1984 by WELL founder Stewart Brand, is that “information wants to be free.” Back then — the days of 360K floppies and 1200 baud modems — Brand was referring to digital technology making information ever easier to distribute, copy, and remix than their old-school analog counterparts. The oft-forgotten corollary Brand offered at the same time was “Information also wants to be expensive,” because particular items, while perhaps of no interest to one person, can be “immeasurably valuable” to someone else.
As we head into 2012, the conflict Brand articulated between information’s “want” to be both free and expensive is taking on new dimensions. So-called “digital content” like books, music, and television is increasingly falling into the expensive category, thanks to online stores, digital distribution, copyright, and DRM. Meanwhile, information about ourselves — like our location, habits, activities, possessions, transactions, preferences, and personal information — is increasingly becoming “free,” often accessible to advertisers, corporations, and governments without our explicit consent. Or, in many cases, proffered up willingly in exchange for things like coupons.
As we enter 2012, the tension between “free” and “expensive” information is becoming more charged than ever. What could 2012 bring… and will it end up resembling Orwell’s 1984? Here are a few of the threats on the horizon.
The Stop Online Piracy Act and its companion piece, the PROTECT IP Act (PIPA) are bills currently being crafted by U.S. Congress aiming to expand the capabilities of U.S. law enforcement agencies to combat copyright and intellectual property infringement — piracy. The proposed legislation is aimed at both the piracy of digital goods (books, movies, television shows, games, and things like live broadcasts), but also the use of the Internet and online marketplaces to traffic in physical counterfeit goods. That means pirated DVDs, Blu-rays, and CDs, but also fake drugs, fashion and accessories, electronics, antiques, collectibles, and many more items.
At a basic level, most people accept that piracy and counterfeiting are bad. It’s theft, and theft is rarely justifiable. So, on the surface, the notions behind SOPA don’t seem that onerous. The devil is, of course, in the details — or lack of details, given the very broad language in SOPA as it exists today. As originally proposed, SOPA would enable copyright holders to seek court orders against Web sites they believe are infringing on copyrights or either enabling or facilitating copyright infringement. Depending on one’s definitions, merely linking to a site that contained allegedly infringing content could be construed as “facilitating” infringement, so copyright holders could demand the site or account with that link be taken down.
In a worst-case scenario, Internet users who share a link to a cool video with their friends might find their social networking accounts suspended for “facilitating” alleged copyright infringement. Similarly, journalists writing about piracy could find their sites or publications suspended. And if a legitimate site or account were to get hijacked, transferred, or sold (because that never happens, right?) anyone who linked to or did business with once-legitimate content or sites might suddenly find themselves in violation of the law.
Under SOPA, a court could require ISPs to take down sites accused of infringement, order search engines to drop the sites from their listings, or bar online advertising and payment services (like AdSense or PayPal) from doing business with the site. The goal of those measures is ostensibly to shut down online marketplaces for pirated and counterfeit goods: Get them offline, and shut off access to their sources of online revenue. Although the bill provides for penalties against copyright holders who knowingly make false accusations of infringement (emphasis mine), the bill also grants immunity to ISPs who proactively take down accused sites. In other words, there’s no penalty to ISPs who take down sites because they’re accused of infringement, even if those claims are false. That’s a significant weakening of “safe harbor” provisions created by 1998′s still-controversial Digital Millenium Copyright Act (DCMA). Similarly, the process of requesting or obtaining a court order over alleged infringement would largely take place outside the public eye, likely with the owners of the accused site unaware action was being taken against it. If the order were granted, one morning a site or service operator could wake up and find their site gone. Site owners can file a counter-claim if they’re barred from ad or payment services, but the counter-claim would have no force.
That’s not the full course of SOPA. It also has broad implications for cybersecurity and DNSSEC, a new security layer for DNS. However, provisions like the ones outlined above obviously have tremendous implications for search engines and services that host user-generated content — think Facebook, YouTube, Twitter, and the like, but also for personal sites, blogs, small businesses, and (really) any person, organization, or business with a website. Under SOPA, merely linking to other sites could become a dangerous proposition, lest the site at the other end of the link be accused of copyright infringement.
Opponents of SOPA argue these provisions would fundamentally break the Internet and stifle innovation, and could lead to many sites and services migrating their infrastructure out of the U.S. to escape potential liability. Further, it seems unlikely SOPA’s provisions would do much to combat online piracy and trafficking in counterfeit goods, since site operators are already adept at moving to new hosting services in the space of a few hours: Even SOPA’s proposed streamlining of takedowns would still move at glacial speeds compared to the Internet world.
Proponents of the legislation argue SOPA’s provisions would protect revenues of content creators that would otherwise be lost and, hence, preserve jobs — an important buzzword in today’s political and economic climate. Supporters also note SOPA is not intended to go after single instances of links on blogs, social networking feeds, or other sites; rather, the bill is meant to offer law enforcement and rights holders tools to go after bigger fish, like substantial piracy and counterfeiting operations. However, the language of the bill as it stands today contains no such limits, implicitly relying on barriers to entry (court costs, attorneys’ fees, documentation, etc.) to curb potential abuses.
SOPA (and PIPA) are not law. Both bills are proposed legislation that has yet to make it out of committee for votes before the House and Senate, let alone be signed by the president. Nonetheless, the proposed legislation has drawn a wealth of criticism, with domain registrar GoDaddy bearing the brunt of anti-SOPA sentiment by first endorsing the bill, then retracting its support. A handful of gaming companies have also apparently withdrawn their explicit support, although it’s not clear whether that’s a genuine reassessment of their stance or merely a PR move in the wake of the GoDaddy fracas. Many other top-line Internet companies—Google, Facebook, Yahoo, Twitter, eBay, Wikimedia Foundation — oppose SOPA, as do the EFF, Human Rights Watch, and the ACLU.
The bottom line is that if legislation like SOPA and PIPA become law, the way the Internet works for most Americans could change substantially. Much of the information we understand to be “free” today, even to the level of tweets and status updates, could suddenly come with enormous consequences. The weight of those consequences will tend to suppress Internet users’ willingness to speak, communicate, link, and share — and that’s why opponents say SOPA will “break” the Internet.
National Defense Authorization Act
SOPA is not yet law, but the most recent National Defense Authorization Act is. The NDAA is an annual bill passed by the U.S. Congress authorizing the budget of the U.S. Defense Department. It’s always a bit of a political hot potato because few presidents can justify failing authorizing revenue for the Defense Department, particularly when tens of thousands of U.S. troops are overseas serving in extended conflicts. Since the President does not have a line-item veto, lawmakers try to attach all sorts of things to the NDAA, knowing the President will almost certainly have to sign them all through into law.
This year, the NDAA contains a doozy: It enables the U.S. military to conduct anti-terrorist operations on U.S. soil, and authorizes indefinite detention of terror suspects, including U.S. citizens, without trial. The law is not entirely clear whether the military can indefinitely detain U.S. citizens domestically, but it can certainly do so overseas, and foreigners can be detained whether overseas or within U.S. borders.
In signing this year’s NDAA, President Obama included a signing statement attempting to clarify his position on the law. “The fact that I support this bill as a whole does not mean I agree with everything in it. In particular, I have signed this bill despite having serious reservations with certain provisions that regulate the detention, interrogation, and prosecution of suspected terrorists.”
In essence, this year’s NDAA expands on provisions granted into the Patriot Act and extends the military’s role in domestic law enforcement. Now, the U.S. military can detain anyone, anywhere in the world, without trial or process, simply because they’re suspected of terrorist activities.
This may not seem to have anything to do with the Internet — until you think about groups like Anonymous and Wikileaks. Could Anonymous (or groups within Anonymous) attacking credit card operators, the threatening the NYSE, law enforcement organizations, or other organizations constitute terrorist activity? Similarly, would Wikileaks’ publication of classified U.S. diplomatic cables constitute terrorist activity? Suddenly, everyday Internet users speaking up in support of groups like Anonymous and Wikileaks might find themselves accused of aiding and facilitating terrorists. Similarly, if U.S. authorities decide these or similar groups’ activities constitute terrorism, members or alleged members might find themselves shipped to Guantanamo. No trial, no process, no appeal.
The Obama administration says it does not intend to exercise these powers. Even if that’s true, now that they’re law the only way they can be undone is with additional legislation that repeals the provisions, or through a court challenge, which would almost certainly ensure if the powers were ever utilized. But just because the Obama administration says it won’t use the powers doesn’t mean future administrations won’t. And let’s not forget that, at least in the case of Anwar al-Awlaki, the Obama administration concluded it has the power to assassinate U.S. citizens without trail. (The American-born al-Awlaki was killed in Yemen by a targeted U.S. drone strike in September 2011.)
The bottom line here is that it doesn’t matter whether the U.S. government ever exercises the powers granted under this year’s NDAA: the very fact they exist suppresses American civil liberties by explicitly authorizing the indefinite detention of U.S. citizens without trial, anywhere in the world. For folks who hold unpopular views, or merely know people who do, that’s a sobering thing to consider.
Confused yet? Things get weirder. Late last month a U.S. Court of Appeals panel upheld the constitutionality of a law that makes telecommunications operators immune to lawsuits for assisting the federal government’s surveillance of American citizens. In other words, if your cell phone, telephone, or Internet provider turns over information about you, your activities, and use of their services over to the Federal government — even illegally — you’d have no grounds to sue. Communications companies face no sanctions for disclosing personal information to the federal government, including account information and even usage data like sites visited, account names, and location data.
When can the federal government require communications companies to hand over customer information? Essentially, anytime it likes: As part of anti-terrorist measures enacted by the Bush administration, the federal government has been engaging in warrantless wiretapping of individuals it has reason to believe may be connected to terrorist activities. Although originally revealed back in late 2005, the practice was sustained by the Bush administration and continues under the Obama administration. The activities include tapping phone calls, as well as intercepting Internet traffic (email, Web use, etc.) VoIP traffic, and text messages. The government is the sole arbiter of what individuals are surveilled, and is under no requirement to disclose its activities.
However, there is an upshot to the appeals court ruling. The court only finds the immunity granted to telecommunications operators to be legal; a case against the government challenging the legality of warrantless wiretapping practices can still proceed. That case, Jewel v. NSA, alleged that the National Security Agency set up secure facilities within AT&T facilities across the United States to engage in an “unprecedented suspicionless general search” of digital communications.
“The federal courts remain a forum to consider the constitutionality of the wiretapping scheme and other claims, including claims for injunctive relief,” wrote Judge Margaret McKeown of the 9th Circuit.
However, even if the Justice Department does not appeal the ruling that Jewel vs. NSA can proceed, it is likely to move the case be dismissed on state secrets grounds. Given the volume of information that has already been disclosed about the NSA’s domestic surveillance operations, the Justice Department may have a difficult time asserting a state secret privilege, but it does mean key proceedings of the case could take place outside public view.
The true value of privacy
Does any of this actually matter? Some might argue that talking about preserving privacy and civil liberties is pointless in an age when many everyday citizens regularly share intimate details of their daily lives with the entire world, including who they know, where they are, what they’re doing, what they like, what they’re looking for, and what they buy. Couple that with personal information about most people squirreled away in private and government databases (think health care providers, credit reporting agencies, banks, credit card companies, even grocery stores, not to mention the erstwhile efforts of online advertisers to track your every move across every site on the Internet) and it’s easy to see why former Sun head Scott McNealy said “You have zero privacy anyway. Get over it.” And that was way back in 1999, before things like smartphones, Facebook, and Foursquare.
Fundamentally, the value of privacy comes down to whether individuals consider personal information to be free or expensive. It’s easy to consider information about other people “free,” after all, most of the time, it doesn’t matter to us. That leads to the comforting fallacy that individuals have nothing to worry about if they have nothing to hide. Perhaps, for a handful of people who have absolutely no qualms about living their entire lives in the public eye, that might be true.
However, there’s a distinct difference between having something to hide (like, say, terrorist connections), and not wanting every iota of personal information available to anyone, at any time. Few people would want their entire medical histories made public—which could lead to problems with insurance, health care, job prospects, and more. Similarly, few people would want their communications or financial records available to anyone, or consent to having their location monitored at all times. Is it acceptable to live our lives constantly wondering how our actions might be interpreted by the myriad of other people, organizations, and governments who might be watching?
Simply put, most people believe that information about themselves belongs to them, and ought to be under their control. We find information about ourselves to be “immeasurably valuable.” Sure, we’re free to share details if we like. But we should also be free not to share information, or to have information about ourselves collected and used with no right of recourse, appeal, deletion, or correction, because we recognize that information could be misused by others, to our detriment.
Unfortunately, in the world of 2012, it looks like Americans — and most other people — are finding themselves with less and less choice in the matter. And if you’re a marketer or a government, maybe that’s doubleplusgood.