Translation by Sebastian Lisken [German original / deutsches Original]
“Brave New World”, Aldous Huxley’s vision of a state where people can consume in comfort but live in a perfectly manipulated state of mind control, is much more up to date than George Orwell’s surveillance state of “1984”. On the other hand, we mustn’t assume the surveillance state to be out of the picture. In the last few years, civil liberties in Germany have been progressively restricted. A few headlines: Data retention for all communications, “major eavesdropping attack”1, federal states toughening their police laws with “data mining” investigation2, video surveillance in public places and dispersal orders, car registration number screening on motorways, biometric data in passports stored on an RFID chip, extended DNA databases, etc.
The German ministry of the interior and the surveillance industry are clearly among the winners of 9/11. The alleged threat of international terrorism is hardly ever missing among the reasons given for new observation measures. But most of these measures are not directly targeted on criminals or immediate suspects but affect millions of absolutely harmless citizens. In practice, this abolishes the presumption of innocence — the most important foundation of the rule of law, enshrined in article 6, paragraph 2 of the European convention of human rights. These arbitrary “law and order” politics (one could say the lawmakers are taking no prisoners, but that would be a confusing choice of metaphor) need to confronted with our concern, criticism and resistance.
Interior politics is not the subject of this article, but it is the context against which the following remarks should be seen. Our real topic is the commercial collection of data by businesses and the resulting threats to privacy and informational self-determination. Many regard this a „luxury problem“, arguing that the use of mobile phones, credit cards or loyalty schemes is supposed to be voluntary and the “discerning customer” is supposedly able to negotiate contracts freely. To put it another way: issues of privacy should be non-problematic in the economy because the free market, allegedly, will take care of them by itself. But how can it be that people are carelessly relinquishing their civil rights for a “mess of pottage”3 — rights that others have fought and risked their lives for in previous centuries? Why are customers disclosing their complete shopping lists, personalised with names, addresses, dates of birth and phone numbers, in a loyalty card scheme for a staggering 0.5% discount? The reason is probably not that they regard half a percent as much but — for lack of better information — they don’t seem to attach much value to the data they are asked to give in exchange. What must be pointed out is that the value of such data is not a merely pragmatic one, like the price their records achieve in the address trade — the traded commodity is in fact privacy, freedom of choice and informational self-determination.
Most people are aware that their privacy is violated if they are under surveillance (video or telephone monitoring, for example) or when their personal secrets are dragged into the limelight. But privacy can also be disturbed by constant collecting, processing and utilisation of a wide range of data that is produced with all kinds of everyday behaviour — and awareness of this is only emerging slowly.
Why is privacy important for democracy?
If people are constantly monitored, registered, marketed, and accompanied in life by a stream of personalised proposals and bargains, they gradually change their behaviour to match it with the expectations of those who process their data. Individual manipulation through ever increasing consumer profiling and movement tracking combined with the social pressure to “fit in” develop into increasing external influences on our lives.
It is therefore not just the “misuse” of data beyond its original purpose that is a problem but “normal use” as well. As all that seemingly trivial data on our everyday life — information that by itself would not be deemed very “private” — is collected, stored, accumulated, combined, processed and used, there is a rising threat to informational self-determination. If these data are linked, they can become wide-reaching personality profiles. Anonymous machines that ordinary people have no control over, of whose existence they often simply don’t know, put them into categories according to attributes and behavioural patterns4, and cause them to be treated according to these categories. This can not only determine which bulk mail is flooding your mailbox but also which job, insurance, or apartment you will be approved to get — if any at all. Such categorisation can therefore lead to a severe restriction of available options.
Those who are not aware how their data is registered and used will airily trade privacy for comfort. The power gap between citizens and authorities or between customers and businesses is widening. As a rule, the image of the “discerning customer” is always invoked by businesses if that customer is going to be ripped off. As citizens can not follow how data traces are stored and processed, and negative consequences are not directly felt by individuals and may only arise years after the data is gathered, making it impossible to link cause and effect, they suffer a substantial loss of control. People are no longer given unbiased consideration in the present and no longer asked questions, but categorised based on data from the past and treated according to a prognosis for the future. Companies are normally not interested in the individual case or the truth, only in maximising their overall profit. But every person is an individual, and loses options of individual action or decision-making in this way. If people are not aware of the possible consequences of this data hoarding madness, they become hostage to the fortune of those that have access to the data and use it to their ends.
If, however, someone knows that this kind of information is being collected, they will try to adjust personal behaviour. This can mean, depending on the situation, to act “normal” — or sometimes extra conspicuous —, to fulfil the (presumed) expectation of the observer, or to evade, hide, not speak, remain anonymous, or even lie.
Not only does surveillance restrict people in living out their personality, it may also keep them from exercising constitutional rights such as the freedom of speech or assembly. Thus, the loss of informational self-determination destroys people’s ability to communicate or participate — and ideas, opinions and talents that these people could have shared and contributed beyond their own interests are lost to society.
We are therefore not only talking about individual spaces that everyone could be allowed to negotiate or surrender for themselves. What is threatened here are basic rights that are not negotiable but indispensable for democracy and the common good.
Why not leave privacy up to the free market?
A frequent argument from business representatives is that people are independent consumers and it could be left to them to decide what they want to do. We will now give several reasons why an independent negotiation of privacy arrangements is doomed to fail in most cases.
Consumers have no or only very rudimentary information about possible long-term consequences.
In most cases, the terms and conditions they are supposed to agree to are absolutely unreadable. It simply cannot be expected of consumers to read and critically assess pages of legalese regulations, for example before placing an order.
Consumers are often quite deliberately deceived. Who would assume that lines like “Your data will be confidential and it is our principle not to share data with third parties” do not at all mean that the data will never be shared. How is one supposed to know that the intention not to share might be there “in principle”, but the phrase “it is our principle” does not reinforce the statement, conveying instead that exceptions will be made for “authorised” third parties. And that “authorised third parties” can be anyone who buys your address on the open market, enriched with age, size of city, purchasing power and “tendency to mail order”. This was the strategy of tchibo direct__5, who offer their customer data for sale via AZ Direct / Arvato / Bertelsmann. And this kind of “exception” is quite the rule, almost all mail order companies “lend” or sell their customer addresses. Let us take on this example in detail. For the customers to understand what is actually meant, the condition’s words should say something like this:
- I agree that my address can be sold, linked with my age, city size, purchasing power and readiness to use mail order, on the commercial address market.
[ ] If you agree, mark here.
- I agree that my address can be sold, linked with my age, city size, purchasing power and readiness to use mail order, on the commercial address market.
How many people, we wonder, would tick that box?
Or how many people know that “Informa Consulting”, a company that many “direct banking” contracts mention as a receiver of shared data, is not in the consulting but in the scoring business?
Consumers in Germany rely on a) the law to protect them and b) on the assumption that there will be some institution to come to the rescue if there is a problem. (So let’s go ahead and grab those discounts first and then complain to Data Protection Commissioners or make a nomination for the Big Brother Awards.)
And: individual consumers will initially act egoistically, not care for the common good. In the long run, this is a disadvantage for the individual, too.
Divide and rule. As long as it’s just other people who suffer the negative consequences, it doesn’t really matter. (We know it’s all about terrorists, paedophiles, fare dodgers, welfare fraudsters or just all those annoying lorries on the motorway etc., so it isn’t really a concern — or in fact it even benefits me.) Martin Niemöller has summed up this attitude in his well-known words: “When the Nazis came for the communists, I remained silent; I was not a communist. When they locked up the social democrats, I remained silent; I was not a social democrat. When they came for the trade unionists, I did not speak out; I was not a trade unionist. When they came for the Jews, I did not speak out; I was not a Jew. When they came for me, there was no one left to speak out.”
Consciousness is determined by circumstance. As long as someone is given Senator Card status by Lufthansa and charmed as an “Class A” customer, she will consider the “Miles and More” scheme a great idea. If the card is withdrawn because Lufthansa got word that her income has dropped after a job change, she will suddenly change her mind about the system.
Promoting a sense of ownership (“my data belongs to me!”) has not proven helpful. Businesses counter this by asserting that one address on its own is worthless. Only by combining it with other data and accumulating it with other, similar addresses, is it supposed to become valuable.
What is the difference between personal acquaintance in a corner shop and customer loyalty cards?
This is similar to the difference between a policeman on the street and video surveillance. First, it is about balance. There is a balance if you are facing a person, not an anonymous technical structure where you cannot know what is actually happening. When facing a video camera, it is completely unclear whether it is working, who is watching the monitor, whether it is pointed my way, whether the person at the monitor is zooming in on my cleavage or on the book I am reading while sitting on the park bench. Is anyone looking at all? In how many places can the image be seen? Is a recording made? How long is it kept? Who has access to it? etc.
If people in the corner shop know me and my shopping habits, then I know them as well. Every time I use a loyalty card, I am disclosing my shopping list in all detail, but it is unclear who processes this information, how long it is being stored and who is going to conclude what from it. Imagine I had bought very cheap beef fairly often in the 1990s — and loyalty card schemes had been around at the time — then by now I might find it very hard to find a good deal from health insurances, because they will want to minimise the risk of Creutzfeld-Jacob Disease. The fact that the meat was bought for the dog who has long since moved on to the eternal food tray can’t ever be discussed. But the people at the corner shop do not have such long lasting memories — and they are not in contact with health insurances looking to negotiate a deal with me.
The difference therefore is about balance, the power gap between person and anonymous structure, about lack of transparency, and dimension.
Why is there so little resistance against the data collecting frenzy?
Each single collecting event seems unimportant
The problems are only felt at a later time
It is often not recognised that the processing of previously collected data is the cause of problems
Circumstances are complex and difficult to comprehend
People are resigning to the expectation that “we are stored everywhere” or “they can do whatever they want anyway”
There is a trend towards individualism and against solidarity in society: “I am not going to pay for anyone else!” or “I will only pay exactly for what I’m using!” That causes a demand for individual billing and therefore detailed storage of personal and consumption data. “Flat rate” or “lump sum” arrangements are much more friendly from a data protection perspective, such as a general tax for public broadcasting instead of a licence fee linked to possession of receiving equipment, motorway vignettes instead of registering vehicles at bridges, a “culture flat rate” instead of digital rights management (DRM).
Interior politics tend to give such data collection schemes their tacit approval, thinking “who knows, this data might come in handy some time in the future”.
Spy chips and fundamental remarks
We will now discuss some fundamental points, using RFID technology as an example.
RFID (Radio Frequency IDentification) chips are tiny devices with an antenna, they store a globally unique serial number and can be read without visual contact (meaning: unknown to the carrier) via radio waves. RFID chips are destined to replace bar codes on shopping items in a few years time, according to retailers’ intentions. And they take surveillance and manipulation to a new dimension. In contrast to the bar code, which designates only the product, with RFID every single pair of underpants or package of cream cheese can be identified.
If customer cards are equipped with RFID chips then not only can your shopping list be stored, the card can reveal where I am, how long I am there and who is with me. And the information at which shelves or departments I have spent more time can generate a profile of interests, even if I have not bought anything. Also, the card can be read from the owner’s handbag without her noticing. RFID represents a new quality of collecting data.
Once we have disclosed a piece of data, it can not be repossessed. And information that we would consider completely banal and unimportant can take on a whole new meaning tomorrow — in a new context (such as terrorism investigation) or in the wrong hands (employers, health insurance), in the light of new research (such as connections between beef, BSE and Creutzfeld-Jacob Disease) or in the light of political developments (when it becomes a fashion again to get rid of unwanted people6).
And if any application is not on the agenda today, it doesn’t mean it will never be realised in the future. Companies can be taken over, complete with their databases. Shareholders can demand that customer data should be used after all, if that might mean extra profit7. Investigation agencies can seize the data8. Terms and conditions, privacy statements, even laws can be changed9. However much Metro Group assure us they are not doing anything with the data gathered about their customers through RFID, it doesn’t mean they would not do so in case it seemed profitable some time in the future. Large data collections always produce desires. Once they exist, new ideas will soon appear how they could be used. This is dangerous.
We need Privacy Enhancing Technologies.
Once a technological infrastructure has been widely installed in a particular form, it is almost impossible to change it. If the technology hasn’t been designed from the outset to make abuse difficult or impossible, that abuse is going to occur sooner or later, legally or illegally. To patch the technology later is more expensive and will hardly undo the damage.
We need new laws that confront the dangers of new technology in an effective way.
The RFID industry, retailers and their lobby organisations are currently running an intense campaign against legal regulation of RFID in which they propagate so-called “voluntary commitments” by the industry. A better name for these would be “non-binding declarations of intent”. It makes no sense why companies that keep declaring they intend no evil with the data should fear legal regulation. A legal framework would only protect the “good guys”, the companies that really do respect people’s privacy, against the evil competition — or if it comes to the crunch, against their own shareholders, as explained above.
If some companies think they can just push through and introduce RFID, meeting growing public opposition against the ubiquity of spychips with just a little more investment in lobbying, marketing and PR to silence the critics, then they are making a dangerous mistake.
In a study at Berlin’s Humboldt university, 73.4% of participants who were shown a neutral information video about RFID chips and then given various options said that in no circumstances did they want a “live” RFID chip on the shopping items they would take away from a supermarket. The study10 was funded by Metro and is therefore not under suspicion of peddling the propaganda of data protectionists. And 73.4% is the average across the sample, the resistance against spychips increases with the level of education.
Industry and retailers are still searching desperately for a new recipe to make RFID seem attractive to consumers — but there simply is no application that is of real value to the customer, not only for the retailers. The so-called “intelligent” refrigerator that automatically orders a refill of Pizza Tonno as soon as I take one out of the freezing compartment has had to serve as an innovation alibi for this and that over 10 years. But nobody is interested in it.
We could indeed see consumers boycotting RFID. And there are plenty of reasons to believe that realising effective privacy protection would also be in the interest of the industry. Still, economic arguments must never be allowed to displace the consideration of civil liberties. Acceptance studies can not be the ultimate wisdom — civil rights are not a commodity, even if the mess of pottage offered in exchange should become a little more valuable.
Times are changing — but not automatically
“You have zero privacy anyway — get over it.”
(Scott McNealy, Head of Sun Microsystems, 1999)
“Only the Beginning: The movement to respecting privacy is just getting started. We expect to see more public debate, legislative reforms, and business consequences in the years to come. Smart companies are recognizing the need to change their business practices and (...) to design and implement sound privacy policies.”
(Sun Microsystems Newsletter for IT professionals, 2004)
In 1999, the head of Sun dismisses all privacy concerns about one of their products. Five years later, the Sun newsletter takes on a very different tone. Our compliments for an elegant U-turn.
Meanwhile, Scott McNealy’s quip “you have zero privacy anyway” is still part of the mainstream debate. The loss of informational self-determination is often portrayed as an almost natural side-effect of technological progress — especially in digital and network technology —, one that can not be averted.
Thinking that way is to give up choice. Who argues in this way wants others to give up choices (“resistance is futile!”). Another quote:
“It’s simply about what you want, it’s your decision: all people networked everywhere and with each other, global open channels of communication, surveillance etc. — and keeping the private space as we know it: that just isn’t possible!” (futurologist Jeremy Rifkin in a TV feature about the film “Minority Report”, ZDF [a German public TV broadcaster], 26 Sep 2002)
We can regard this as an interesting parallel to the debate on the environment. For decades, pollution was accepted as an inevitable side-effect of industrialisation. If someone dared to criticise the poisoning of soil, air, and water by industry, the advice was they might just as well “go back to live on the trees”. Only thanks to the work of a multitude of environmental organisations has this attitude changed. Protecting the environment is now understood as safeguarding the foundations of life on our planet; it has been anchored in public consciousness and is found in various forms in the agenda of politics, organisations and businesses.
A similar change of consciousness about informational self-determination is just gaining momentum. Some successes have been achieved, but much remains to be done. The most important task now is to heighten awareness and make as many people as possible realise that they possess “first-born” rights that can never be matched in value by any, however savoury, lentil pottage.
Großer Lauschangriff, the German name for audio surveillance being used on private homes in the course of state investigations. ↩︎
Rasterfahndung, where profiling and data mining are used as a “dragnet” to find potential suspects — the tactic or at least the name is a German invention of the 1970s. ↩︎
The mess of pottage, or lentil pottage, is a metaphor for a seemingly attractive but actually cheap commodity accepted in exchange for a much higher good. This is a reference to a story in the bible (1 Moses 25:29–34) in which Jacob, Isaac’s younger son, persuades his brother Esau’s to trade in his first-born rights in for a lentil soup as Esau comes home tired from a day’s work in the fields. ↩︎
The so-called scoring schemes are an example: Out of a multitude of personal data, such as age, federal state, city, borough, neighbourhood, number of address changes, a “score” is calculated (the actual method is not published) — leading to a number that determines credit ratings. Scoring is automatic prejudice. ↩︎
Tchibo received the Big Brother Award 2004 in the consumer protection category for this. ↩︎
Should anyone think that the past was fully behind us: Friedrich Merz, general secretary of Germany’s main centre-right party, the CDU, used the words “scum that no-one wants to see in Germany anymore” in a speech at a rally at Berlin’s Alexanderplatz on 2 July 2001 ↩︎
Vodafone have made a similar point. Vodafone want to deduct losses from the Mannesmann take-over from their taxes. Mannesmann’s share value was inflated in the take-over battle. This would translate to a tax rebate of 25 billion Euro — in other words, Vodafone will not have to pay any taxes for years on end. A company spokesperson argued they had to act in this way because their own shareholders would sue them otherwise. ↩︎
This happened in Switzerland in August 2004: after an arson attack the High Court of the Canton of Berne ordered a “dragnet investigation” using data from Migros Cumulus, the loyalty card scheme of the Swiss supermarket chain Migros. A tool had been found near the scene of the attack that had been bought in a Migros market. The authorities demanded a list of all Cumulus customers that had bought this kind of tool. This, they hoped, would lead them to the arsonist. Migros refused at first, citing privacy issues. Then the Berne High Court forced Migros to hand over the data. The result? To this day, the arsonist has not been found, a speaker of Berne Canton Police admits. ↩︎
Case in point: using toll bridges to construct movement profiles. Toll Collect, operators of the German motorway toll system, point out at length that they would not share data with investigation authorities. (“These cameras belong to us, not the police.”) But a small legal change could force them to do just that. The technical structure is already in place. ↩︎
Günther, Oliver, Spiekermann, Sarah: “RFID and Perceived Control — The User View”, http://www.wiwi.hu-berlin.de/~sspiek/phdresearch.htm ↩︎