Encrypt! Encrypt! Encrypt!
That was one of the key takeaways from the Privacy panel at the Digital Citizen Summit 2016 organised by Friedrich Naumann Stiftung für die Freiheit (FNF) and Digital Empowerment Foundation (DEF) in Bangalore on November 11, 2016. This panel could not have been better timed!
With a shortage in currency notes in circulation in the country due to last week’s demonetisation of the Indian currency, many have taken to using digital methods (credit card, debit card, internet payment, digital wallets etc) to manage their lives. With digital transactions, users leave a digital footprint that could be easily tracked it not careful. Let’s just say that if you bought a condom with your credit card or debit car, the government could know or worse, anyone could know about it. It gets better. India does not have any law to protect the privacy of its people.
So what then do we do? That was precisely the topic of discussion during this panel on privacy. With speakers from all around the world, the panel began with a global overview on privacy. Some interesting points were:
- Users give data even when they don’t want to: The phone number of a non-user of a service could still be available with the service provider because their rightful users have given them the right to access all the phone numbers from their phone.
- National security – Govt’s excuse to collect data: It is usually to child pornography, drug laundering, terrorism but more importantly, national security. However, no one has exactly defined what constitutes a threat to national security. Even Sec 33, sub-clause 2 of the Aadhar Bill 2016 says that the state may access the data of the citizens for reasons of national security, then again with no real definition of national security
- Govt wants data even from private players : Governments also want to control the retention of data by intermediaries. Government send annual data requests to companies such as Facebook, Google, Twitter, among others. Pages or information may be taken down without any explanation. There is very little conversations happening around this, to change this.
- Private data to predict trends: With the recent U.S elections, it became evident that with private data given to a private organisation, the election results can be predicted. It is ironic that we expect the government to find out what such private organisations could do with our data.
- Encryption, the safety net: Though encryption is the safest way to use the Internet, encryption is used only by some services like WhatsApp. After introducing its draft National Policy on Encryption, the Government of India withdrew it within two days. There is also lack of understanding about encryption and how to use it.
- Legal framework: Along with encryption, a legal framework may also be necessary. Going money less could be scary with it, don’t you think?
- Content -> Platform -> Network control effect: Content regulation is done usually against child pornography and anything that disrupts public order. In the printing pre-web era, the control point for content was with the newspaper or publisher. In the web era, with social media and blogs, users became their own publishers. Then governments moved to intermediary bodies to regulate the content like Facebook and Google. The liability moved to these platforms. These organisations have to self-regulate to be away from liability. People who got shifted control from content to platform. If the IP address was blocked, many people get affected. Post-Snowden’s revelation to the world, some governments introduced encryption. Government could then also ask local service providers to remove content. However this is not possible with providers from abroad. Local laws don’t govern these companies. In order to censor any content on their websites, governments would have to know the whole URL. But with encryption, only the domain name is available. So content cannot be censored in most countries. Governments are trying to get into the network layer in a way that everyone who uses the layer gets affected by it. Conversations around this is extremely important and necessary.
- Surveillance shapes behaviours: Going beyond violations, it is important to remember that surveillance shapes behaviours, though the intent may be good. In December 2014, Germany banned the retention of data by any service provider viewing it as a violation of privacy and data protection. This was passed by the Federal Constitutional Court of Germany owing to the effect the surveillance could have on the citizens behaviour. May be the history of Germany has something to do with this worry?
How can you on protect your privacy online?
All that said and done, how then can we protect our privacy online? How can we make the Internet a safe space? The key takeaways from the Privacy panel at the Digital Citizen Summit 2016 were:
- Encrypt! Encrypt! Encrypt! Encrypt your mails and your actions to protect data and privacy.
- Know the thing that you use: Learn where your data is and how it is protected.
- Ask questions: Have the courage to question the status quo and refuse to comply if it doesn’t make sense.
- Sharing information: Put out as little information about yourself as possible, on the Internet. Better, share wrong information. Like a post or page that is of no interest to you on Facebook. Now that could be a good way to mislead.