Internet privacy: Will the users respond to the invasion of their

personal data?









COMM3715 Internet Policy
By Elizaveta A. Shulyndina
University of Leeds
November 2014
Recent revelations about global surveillance and international spying by the NSA and
GCHQ leaked by Snowden in June 2013 (Torgovnick, 2013), brought attention to the issue of
increasing lack of privacy online. The leaks have demonstrated the vulnerability of personal data
and lack of its control and made the public reconsider their online security.
While the programs such as PRISM are meant to protect the population against terrorism, they
compromise internet users constitutional rights to privacy by breaching legal restrictions. The
recent shift in perception of the Internet as no longer a free, unregulated space, to the Internet as
another social sphere strongly controlled and viciously monitored by governments has led to the
fear of Orwellian society and the defeat of democratic principles (Harrison, 2013).
Although personal data mining by private companies has become wide spread with the rise of
social networks such as Facebook and Twitter and their reliance on income from third-party
advertisers, the majority of Internet users are generally unaware of the amount of personal
information that is being collected about them legally (Cohen, 2012). Thus, the NSA leaks,
coupled with the illegal nature of their operations have created a blast in the public sphere
bringing societys attention to their increasing loss of control of users personal information.
It is evident that these events dramatically affected status-quo of Internet usage and users
perception of their own data security online.
In light of the governments position on the issue, the shift sprung yet another debate on privacy,
which may well lead to very radical changes. As the government steadily refuses to alter their
spying programmes (Masnick, 2013), the users are slowly losing their trust in the government
and may turn to other ways to protect themselves.

The question is whether the increased invasion in privacy can and will be tolerated by
Internet users, or will facilitate a reactive movement from their users to regain their rights. This
essay explores the possible paths of responses to the issue of data protection, exploring the key
factors that shape the role of online privacy in our society.
There are four ways to deal with the issue of privacy protection, which are drawn upon Lessigs
(2006) four modalities. According to Lessig, there are four factors shaping online behaviour,
which are the current societal norms, the law, the market and the code (the architecture of the
Internet) (2006). The modalities form a good framework for understanding online behaviour and
possible solutions to the current issue of privacy. However, it is important to take into account
Murrays notion of the user as an active rather than passive actor (2007). It is especially crucial
to recognize the active role of the user in the situation being discussed as the users are the key
actors interested in the change of status-quo.
The four ways in which the users can respond to the invasion of privacy include: 1) ignoring the
issue and disregarding the importance of privacy; 2) fighting for stricter law enforcement and
data protection; 3) improving encryption and decentralization; and 4) removing themselves from
the Web.
The last option refraining from using the Web is not discussed, as it is not very viable that large
amounts of users will stop using the Internet. The ones who may choose this way to act against
the invasion in privacy will be deprived of many benefits that the Internet and online
communities have to offer due to the steady movement of the market into the Web 2.0 world.
The same notion stands for the use of social media. Once becoming a Facebook user, individuals
are highly unlikely to stop benefitting from the services as this would mean their withdrawal
from the community.
Is privacy truly important?
Privacy is a fundamental right in modern civilization established in the Universal Declaration of
Human Rights in 1948 (Lax, 2013). In principle, personal privacy should not be invaded by
public authority except when it is absolutely necessary (Lax, 2013). Privacy has many broad
definitions which affects ordinary citizens understanding of privacy. However, common
concepts such as restricted access, control of the data being communicated (Fuchs, 2012) and the
context in which the data is shared (Cohen, 2012) are seen as key elements of privacy definition.
Traditionally, people always valued their personal privacy. However, recent rapid changes in
citizens willingness to give up their personal information online sparked discussion on whether
privacy is no longer a social norm, and hence, whether it no longer has to be protected. Mark
Zuckerberg argued that privacy as a social norm has evolved over time as users are no longer
concerned about sharing their personal data on the Web (Dyer, 2010). The founder of Russian
Facebook Pavel Durov takes the same stance arguing for more transparency in our society and
less need for protection (Konolov, 2013). However, it is arguable whether the attitude towards
privacy is really shifting. According to Cohen privacy is a very complex notion to embrace for
an average user due to the variety of places where privacy is exercised or given up (2010). As
users lack understanding of how their data is used, they essentially have no control over their
data and how it is used.
The most prominent example of misunderstanding of the notion of privacy can be observed in
users behaviour on social networking sites (SNS) and in the use of applications. The rising
concerns in regards to privacy of personal online data stem from the same feature that make
social media so attractive to the users (Edwards and Brown, 2009). While social media has
fostered voluntary sharing of personal information and enhanced user-to-user communications
creating online communities, the data collected by the organizations is kept for indefinite amount
of time, while the users are largely unaware of the purposes of this data use (Cohen, 2012;
Edwards and Brown, 2009). Furthermore, new cloud storage systems encourage users to keep
their personal files online, thereby making them vulnerable to misuse. Although, it is largely
assumed that information is collected for advertising purposes, online businesses lack
transparency in the ways they use the data and how far it travels (Solove, 2013). Such
inconsistency provides potential for abuse, such as cybercrime (Cohen, 2012).
Various social media sites and applications constantly request data without providing the users
options to opt-out or receive clarifications on the privacy policies. Private companies do not
provide the necessary means for understanding and lack transparency in the use of the data. The
data is often collected for indefinite period and the users are largely unaware of whether the data
travels and how it is used.
Furthermore, the users are forced to give up their information and provided no other options, but
to abstain from using the services (Edwards and Brown, 2009). Unfortunately, current online
market conditions leave users no choice but to comply with the Terms and Conditions
regardless of whether they agree with them or understand them. People tend to have low concern
about the information generated at a specific time by specific actions, thereby giving up their
personal data without thinking of consequences (Cohen, 2010). While occasional sharing of the
data can do little harm, collection of data on a large scale inevitably drives the risks of abuse
(Lessig, 2006).
Thus, ignoring the growing societal concerns regarding privacy seems to be the easiest way out
of the dilemma for an average user: as they do not completely understand privacy, or the system
how their data is being collected and have no alternative options online, continuing the use of the
Internet in the same pattern becomes the simplest solution.
This leads us to the second way of tackling the problem: fighting for stricter law enforcement
and data protection by confronting the governments, writing petitions and organizing
movements. As the majority of the users do not understand privacy or the mechanics behind data
mining (Edwards and Brown, 2009; W3C, 2010), the smaller more knowledgeable part of the
society needs to take action. This involves activists and policy-makers putting pressure on the
legislators to force changes in the law that would allow for better privacy protection. While
currently at least the EU legislators are working towards better laws protect privacy, potential for
abuse by the corporations is still high. For example, last year Googles changes in privacy policy
that merged 60 various policies into one single agreement caused outrage and the EU launched
investigation into the matter (EDRI, 2012). However, Google did not provide a
sufficient[cs13eas1] explanation in regards to the changes (EDRI, 2012). This is an example of
organizations abuse of the law and users fundamental rights, which should be severely
punished.
Furthermore, more changes in regards to the users protection need to be implemented. Europe-
v-Facebook initiative argues for the need of a number of fundamental changes in regards to
online data collection: transparency, opt-in instead of opt-out and availability of open social
networks (EDRI, 2013). Companies have to provide users the means to access of information in
regards to their data and its use. Furthermore, cookies policies should be changed. Organizations
should change the essence of cookies making them not an assumed activity, but something to
what the users should agree explicitly. At this point, users are allowed to opt-out from cookies (if
at all) however, a large part of the organizations simply informs about cookies and does not
allow to use the services without users consenting to the cookies policy. Such offers leave the
users with no choice but to either restrain from the use of the services or comply with the cookies
policy essentially allowing the companies to track their online behaviour.
One of the strategies aimed at fundamental change in relation to users privacy is creation of the
alternative social networks that would break the monopoly of Facebook (Europe-v-Facebook,
2013). Social Web can be defined as the Web that allows for portability of information across
networks, while retaining users control over their private information (Haplin, 2010). Self-
management of private information would provide users with more freedom and control over
their data, which is invaluable for the companies (Fuchs, 2012).
These principles would allow users for privacy self-management and higher control over their
data. The laws should force private companies to provide clear-cut, easy to understand privacy
policies and give the users options to find out more about the data being collected or refrain from
allowing certain data to be collected (Europe-v-Facebook, 2013). These changes would make
organizations more accountable to the users and will allow for more control of users personal
information.
However, W3C argues that policy-centric views towards privacy is necessary, bringing us back
to the necessity of collaboration between the legislative body and the society (Haplin, et al,
2013). Such views would capture access control, obligations and other settings needed for
peoples independent data management and control. This can be implemented through education
in regards to privacy and data control.
The Code, the Dark Web and Encryption
Nevertheless, changes imposed by the law are impossible without the involvement and change of
the architecture of the Web. As the code shapes the nature and type of actions on the Web
(Lessig, 2006), the changes made in the structure of the Internet would be fundamental. Among
the current proposals and trends towards the change in the code are default encryption,
decentralization and new software that allows for better data control among the Internet-users.
In their annual report, W3C proposed a system of the Social Web that would allow the users to
control their personal data across different social networks, thus fostering portability of the data
(Haplin et al, 2010). The project was proposed as the means for better privacy control in the
bigger framework of improved online communications between the users.
W3C defines privacy as control over data that allows people to communicate in their preferred
fashion (Haplin et al, 2010). According to Doctorow, giving the users control over their data
would not destroy current business systems as the users would be able to grant exclusive rights to
personal data of the users thus benefitting only certain businesses (2012). In my opinion,
however, this approach is highly unlikely be implemented in the near future, and at this stage too
many businesses and governments would oppose this idea. This can be explained by the role of
information in our society. As information has become a commodity, nor companies nor the
governments would like to provide their citizens with such high control over these valuable
resources (Cohen, 2012).
Yet, the Social Web that W3C proposes has a certain quality that is now seen as one of the main
ways to avoid unwanted data collection decentralization. Decentralization of communications
would allow for higher level of privacy and harder access to the users information (Kaplan,
2013). It essentially would provide an option to protect ones data without limiting users
activities online. Initiatives towards creating a decentralized online community are already
happening. Recently, the founder of McAfee has developed a device that would allow users to
contact each other via peer-to-peer networks, in the Dark Web, thereby bypassing ISPs and
governmental organizations such as the NSA (Kaplan, 2013). While the device has not been
produced yet, there is a trend towards the shift of communications to the Dark Web, potentially
making it dedicated not only to the illegal activities, but also to social networking.
While simply moving to decentralized or highly protected networks would be far safer, at this
point the action requires technological awareness from the users. Thus, only certain groups can
afford to use the Dark Web as the majority lack the skills for it.
NSAs privacy breach brought attention to the increasing lack of users privacy and uncontrolled
collection of personal data by private companies. At this point, it is known that this information
can be accessed illegally thus making the users very vulnerable to abuse. The NSA leaks brought
the issue of privacy in new light forcing Internet users to reconsider their privacy and react to the
invasion in it. While the majority of users may choose a path of ignorance and continue with
their online habits, others may spark a protest and with the help of legislators, lead to new laws
and policies that would be more protective of the users personal data. These legislations should
involve increasing transparency in regards to the use of users data, better more accessible privacy
policies and options to opt-out from sharing the data without losing the benefits. Legislations,
however, need to happen coupled with changes in the code, thus creating alternative systems
within the Internet. Decentralization of communications, de-monopolization of social networks
and better encryption could solve the issues that put users at risk. Furthermore, it is essential to
educate the users about the risks involved in sharing personal data.
Reference List
Cohen J. E. 2012. Configuring the Networked Self: Law, Code, and the Play of Everyday
Practice. Yale University Press.
Doctorow, C. 2012. The Curious Case of Internet Privacy [Online] [Accessed 12 November,
2013] Available from: http://www.technologyreview.com/news/428045/the-curious-case-of-
internet-privacy/
Dyer, P. 2010. Facebooks Zuckerberg: Privacy No Longer a Social Norm . [Online]
[Accessed 10 November 2013]. Available
from:http://www.pamorama.net/2010/01/11/facebooks-zuckerberg-privacy-no-longer-a-social-
norm/
EDRI. 2012.Google needs to improve its privacy practices [Online] Accessed 17 November
2013]. Available from: http://www.edri.org/edrigram/number10.20/european-dpas-google-
privacy-policy.
Edwards, L. and Brown, I. 2009. Data Control and Social Networking: Irreconcilable
Ideas?, in A. Matwyshyn (ed.) Harboring Data: Information Security, Law and the
Corporation. Stanford: Stanford University Press, pp. 202-228.
Europe versus Facebook. 2012. Objectives of Europe-v-facebook.org Online] Accessed 17
November 2013]. Available from: http://europe-v-facebook.org/EN/Objectives/objectives.html
Fuchs, C. (2012) The Political Economy of Privacy on Facebook, Television & New Media
13 (2), 139159.
Harrison, M. 2013. Are we moving towards a totalitarian police state? [Online] Accessed 17
November 2013]. Available from: http://www2.warwick.ac.uk/knowledge/culture/policestate/
Haplin, H. et al. 2010. A Standards-base, Open and Privacy-aware Social Web [Online]
Accessed 17 November 2013]. Available from:
http://www.w3.org/2005/Incubator/socialweb/XGR-socialweb-20101206/
Kaplan, T. 2013. John McAfee reveals details on gadget to thwart NSA [Online] Accessed 17
November 2013]. Available from: http://www.mercurynews.com/bay-area-
news/ci_24198989/john-mcafee-reveals-details-gadget-thwart-nsa
Konolov, N. 2013 Code of Pavel Durov. The Real Story of VKontakte VK.com and Its creator /
Kod Durova. Realnaya Istoriya VKontakte I Ee Sozdatelya [Russian]
Lax, S. 2013. Privacy and Data Protection. CM3715 Internet Policy. 18 November, University
of Leeds.
Lessig, L. (2006) Code 2.0. New York: Basic Books, Parts I and II. [Online] [Accessed 10
November 2013]. Available from: http://commons.wikimedia.org/wiki/File:Code_v2.pdf
Masnick, M. 2013. Supreme Court Refuses To Hear Case About NSA Surveillance That
Attempted To Jump The Line ? [Online] Accessed 17 November 2013]. Available from:
http://www.techdirt.com/articles/20131118/11092525280/supreme-court-refuses-to-hear-case-
about-nsa-surveillance-that-attempted-to-jump-line.shtml
Murray, A. (2007) The Regulation of Cyberspace: Control in the Online Environment.
Abingdon: Routledge-Cavendish.
Solove, D. (2013) Privacy Self-Management and the Consent Dilemma: symposium
introduction Harvard Law Review 126 (7) 1880-1903
Torgovnick, K. 2013. The internet, the perfect tool for the surveillance state? Further reading
(and watching) on the state of digital privacy [Online] Accessed 17 November 2013]. Available
from: http://blog.ted.com/2013/11/07/reading-on-the-state-of-digital-privacy-nsa-surveillance/