ONLINE BEHAVIOURS AND FACEBOOK NARRATIVE
IN THE POSTSNOWDEN ERA
by Roberto Pizzato A Thesis submitted in partial fulfillment of the requirements for the degree of Master of Arts in Media Studies: New Media and Digital Culture at The University of Amsterdam June 2015 Supervisor: Prof. Dr. R.A. Rogers Second Reader: Dr. Stefania Milan ©2015 Roberto Pizzato All Rights ReservedABSTRACT
In the short and fastchanging history of the web, very few dates have been important as 5th June 2013, when The Guardian published the first piece of revelation by a former consultant of the
National Security Agency, Edward Snowden. His leak helped to unveil the structure of the internet itself, making the connection between corporate dataveillance and government surveillance clearer. To some extent, surveillance has been enhanced by the characteristics of the web, a cyber network in which platforms such as Facebook have become hubs of information that continuously require to ‘share’ data in order to use all the services provided at their best.
TABLE OF CONTENTS ABSTRACT………. 1 TABLE OF CONTENTS………. 2 INTRODUCTION……….………. 4 RESEARCH QUESTIONS....……….. 10 PRESNOWDEN THEORIES………. 10 SETTING UP THE SCENE……….. 10 CYBERNETICS……… 12 POWER AND CONTROL……… 13 CONTROL AND RESISTANCE WITHIN NETWORKS………... 14 LIKE ECONOMY AND LIQUID SURVEILLANCE……….. 16 DYNAMIC PRIVACY IN A NETWORKED WORLD………... 19 POSTSNOWDEN THEORIES AND STRATEGIES………... 21 THREE PRIVACY LAYERS……… 21 DIGITAL TAILSPIN………. 23 KONTROLLVERLUST……….... 25 THE FUNDAMENTAL ROLE OF QUERIES………... 28 PRIVACY ENHANCING TECHNOLOGIES ADOPTION……… 30 TOR……… 31 DO NOT TRACK……….. 34 PRETTY GOOD PRIVACY………. 38 SURVEYS AND QUANTITATIVE ANALYSES……….. 40 REPORTS BY PRIVATE COMPANIES………..………… 40 PEW RESEARCH CENTER STUDIES………. 42 PRESNOWDEN US USERS’ PERSPECTIVES AND ONLINE BEHAVIOURS………. 42 POSTSNOWDEN US USERS’ PERSPECTIVES AND ONLINE BEHAVIOURS …………. 48 UNPACKING FACEBOOK……….………..………. 58 FACEMASH AND THE FIRST PRIVACY ISSUES………... 60 FACEBOOK PRIVACY SETTINGS ………...……… 63 THERE IS NO ALTERNATIVE TO FACEBOOK……….. 65 METHODOLOGY……….... 70 FACEBOOK NEWSROOM ANALYSIS………. 70
QUERIES SELECTION………... 70 CATEGORIES……….. 70 TRIANGULATION TOOL……….. 71 NETVIZZ……….. 71 DOUBLECHECK USING ONLINE MEDIA………. 71 GLOBAL GOVERNMENT REQUESTS REPORT……… 72 THE INTERNET ARCHIVE……… 72 ISSUES……….. 73 FINDINGS………. 74 FACEBOOK NEWSROOM NARRATIVE………. 74 POSTSNOWDEN RELEVANT FEATURES AND APPS………... 78 FACEBOOK AND PRIVACY WEBPAGE………. 79 FACEBOOK SECURITY WEBPAGE………. 80 FACEBOOK SITE GOVERNANCE WEBPAGE……… 81 GLOBAL GOVERNMENTS REQUESTS REPORTS……… 82 DISCUSSION……… 84 CONCLUSION………. 97 BIBLIOGRAPHY………. 99 APPENDIX……….. 114 LIST OF IMAGES………... 114 LIST OF FIGURES………. 115
Introduction
It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live — did live, from habit that became instinct — in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized. (Orwell, 2)
Apple’s launch of the first Macintosh was preceded by one of the most wellknown commercials of all time: a dystopian ad inspired by Orwell’s 1984 directed by Ridley Scott. It was presented for the first time by a young Steve Jobs, during a speech at the Apple Keynote 1983 in which he warned the public about an “IBMdominated and controlled future” (The Apple History Channel). He argued that Apple was the real alternative to a worrying, Orwellian and monopolised computer industry, such as the one desired by IBM (ibid). On 24th January 1984, the first Macintosh was launched on the market. Despite that commercial has been screened on TV only twice since then – in some local outlets in the US on New Year’s Eve, and during a time out of the Super Bowl final – it has become history. A woman is holding a hammer and running away from some “Thought Police” lookalike agents. At the same time, a lookalike Big Brother is giving a speech, screened in front of a passive audience in another room. Exactly when the Big Brother concludes with with the words “We shall prevail!”, the woman throws the hammer that destroy the screen (Scott). That hammer symbolised the end of an era, represented freedom, and of course, on the Apple side, a narrative of its software ideology. The impact of that hammer on the screen resembles the disruption provoked by the Edward Snowden’s in the internet realm: nothing would be the same after that. “And you will se how 1984 won’t be like 1984” (ibid), are the last words pronounced in that commercial, a prophecy that definitely went bonkers. In fact, Apple would ironically pop up in the news as one of the US based companies involved in the NSA scandal (Greenwald & MacAskill). Just like Foucault’s readaptation of Bentham’s Panopticon, 1984 has been an ideal reference for the internet era, because both could be easily associated with the concept of control. Control in all its acceptations – and especially when used in the meaning of information control –
is fundamental part of information technology: computers were invented as calculating machines, that is devices that could manage large amount of data. Thus, control is even more crucial when approaching network societies: as vital peculiarity of biological and computer networks, that is to say that our society may not be able to function without control. The spread of internet and internet connected mobile devices has increased the amount of data shared every day, making control more important than ever. Control is an agency that any actor would be able to exert on the web: companies, advertisers, users, intelligence agencies, publishers and so on. Given that it has progressively mingled with business, private companies are investing financial capital on developing internet based technologies, which require complex forms of algorithmical control to be managed. The dark side of this process hides risks related to surveillance practices and other privacy threats. Hence, control is not a negative concept per se, but its darkest nuances have to be grasped and unveiled to neutralise the drift to a dystopian world. In fact, history of espionage, information control and surveillance is of course longer of the history of the internet, by its complexity and pervasivity has never been so extended. Dataveillance is a term coined in the mid 1980s (Clarke), but it also the controversial monitoring of user activities upon which companies such as Facebook have built their business model (Gerlitz & Helmond, 2), dealing since its origins with users’ privacy concerns. On the internet, users’ behaviours are tracked, within and outside the internet, within and outside social media platforms. Data is collected through different kind of internet cookies and tracking devices, then is put together with offline data such as credit cards use. Finally, through real time data mining techniques, profiled users can be targeted and sold to advertisers; moreover, inferred behavioural patterns could even suggest users’ future choices. Behavioural advertising is just a small part of this game, even if Facebook apologised for the poor communication of its psychological experiments on users (Rushe), the shadow of even more complex forms of control cannot be ignored. Even though that experiment was related to content displayed in the news feed, content is only a part of the game, users data and metadata – that is data about data – is the other. When data and metadata are put together, their potential is enormous. To some extent, data about our data such as locations, relations with our networks, timing of our communication may provide ‘the pattern of our lives’ (Ball). The pattern of our lives and the content of our
communications put together are the most dangerous weapon of social control of all time, and this is not paranoia, it is already happening. As disclosed by Snowden, the NSA has accessed
XKeyscore Facebook chats and private messages, DNI Presenter has enabled the intelligence agency to read emails (Naughton). Additionally, the NSA usage of thirdparty cookies allowed the intelligence agency to incorporate cookie data to their monitoring, mainly because thirdparty trackers are mostly based in the US and NSA is likely to have a “good wiretapping” of the internet traffic reaching the States (Englehardt). Globally, about 90 % of all the internet traffic cross the US (Ball) and Silicon Valley is one of the principal hub of digital innovation in the world, so that the US are a crucial country when it comes to discuss the Web of today. Nonetheless, this topic should not be taken on national scale: firstly because internet boundaries are only partially national – domains, headquarters and servers could be moved from a country to another – so that many countermeasure could be used to sneak around enforcements and limitations; secondly because the policies adopted are in process of continuous updating. This latter process has been speeded up in the internet era: internet corporation policies updates have consequences on people’s lives that cross national boundaries. Their changes are faster than any law, and they do not need approval by the users to be put into action. For this reason constant attention is required, that is control on the dynamic and dialectic process of privacy, which is regulated by an everchanging scenario. Nonetheless, control faces forms of resistance within network, because both, control and resistance are fundamental part of networks. Resistance may assume the shape of different behaviours and practices, that online are partially represented by the ‘countermeasures’ adopted by the users to avoid control, a reaction triggered by the awareness of being controlled. This concept may well explain users’ behaviours when using anonymity and encryption tools on the web. And if behaviours matters for advertisers and internet corporations, they should matter as well for scholars and researchers who aim at investigating control and surveillance. In the postSnowden era, studying resistance is crucial, and so is speculating on the narrative used by an internet giant such as Facebook to engage with this new scenario. The relation between user behaviours and Facebook’s narrative is the core of this research, which will focus on the reflections of the postSnowden era on these two spheres of the cyber space.
Privacy management goes beyond the ‘privacy settings’, a topic that has been the focus of many discourses on users privacy, but that has gradually lost its importance in the postSnowden era. The whistleblower’s revelations has underlined how that is just a facet, to some extent less relevant than the others. That privacy settings are updated, customised or automatically reset as ‘by default’, a practice to which users have gotten familiar, is a misleading approach to surveillance and privacy issues. In other words, users are led to think by internet corporations that they are in control and that their privacy is guaranteed by the improvement of customised privacy settings, but privacy is way more complex, it is layered. For this reason I would like to suggest three different layers of privacy: the ‘public layer’, the ‘corporate layer’ and ‘the intelligence layer’, that will be introduced after a theoretical analysis of the most relevant preSnowden media theories on control. After a historical background on the topic of information control, I would like to analyse and explain this ‘layerification’ as a preliminary step of this research. Subsequently, various qualitative analysis and surveys will be offered as snapshots of the transition from the preSnowden internet to the postSnowden era. The last step will be the analysis of Facebook’ narrative in the postSnowden era, whereby methods, language and tools used, as well as the categorization of Facebook Newsroom posts according to the three layers of privacy, will show how the company has engaged with the status quo. This mixed approach, theoretical and empirical this topic, will show unveiling secret forms of control may led to bring also possible alternatives to the mainstream. In fact, it emerged that while the ‘intelligence layer’ was not a relevant part of the privacy discourses before the Snowden’s leak – the ‘public layer’ has been and still is the most discussed –, it has gained momentum. During the Global Conference on CyberSpace 2015 held in The Hague last April, the Netherlands based NGO Free Press Unlimited placed an inflatable elephant in different meeting points of the event venue (Alimardani). GCCS is a biannual conference where institutions, private sector, academia, advocacy groups and civil society converge to discuss issues related to the web (GCCS 2015). Eventually, they come up with solutions, target opportunities and take on the main challenges of the internet of the future. Using the hashtag #theelephantintheroom and the slogan “As long as there is mass surveillance, there can be no free and secure internet for anyone anywhere”, the Dutch organisation teamed up with other advocates to bring this topic to
the attention of the most important actors working at internet policy, cyber security and of course privacy (Alimardani). The metaphor of the elephant in the room refers to a relevant problem, just as notable as an elephant in a room, that keeps has not been taken on as it deserved, that is mass surveillance.
In the short and fastchanging history of the web, very few dates have been important as 5th June 2013, when The Guardian published the first piece of revelation by a former consultant of the National Security Agency, Edward Snowden (The NSA files). It was only the beginning, many other disclosures would be published in the following months, firstly by The Washington Post, and subsequently by other newspapers around the world. Leaks of classified documents have found resonance on the cyberspace, the environment in which surveillance techniques used by US intelligence agencies as well as other countries were unveiled. Intelligence agencies have taken advantage of the biggest device of information control of all time, only monitoring the biggest repository of information of human history, that is the web. This has been made possible by the fabric of the web itself, a cyber network that continuously requires to ‘share’ data in order to use all the services provided at their best. On the web, internet corporations such as Google and Facebook – the most accessed websites (Alexa) and probably the vastest repositories of online data in the world – catalyse online traffic and become hubs of information. The urgency of addressing users’ data management is made clear also by another technological innovation that will strictly link the web with our everyday life: the advent of the Internet of Things. Thus, given that there will be an increased number of devices connected to the internet and exchanging data in the coming years, what is needed is a framework upon which building a flexible approach to a fast changing cyber space. In fact, the struggle of addressing privacy concerns intertwined with information control and surveillance has to be understood as a continuous attempt to provide new frameworks for us and ‘yet to come’ users, so that new technological developments would not be a threat for the internet of the future. A good perspective on information control and privacy related issues – two of the main problems when studying the effects of surveillance – is an approach that could find traction in theories on surveillance and control, as well as on the empirical analysis of counterpractices put
into action to resist control. After two years since the first Snowden’s revelations came out, this paper aims at providing a complete theoretical framework, insights and data on users’ perceptions and practices related to privacy issues, focusing on eventual changes in their online behaviours. Moreover, after having mapped out this scenario, there will be a detailed study of Facebook narrative aimed at underlining the influence that these changes may have had on the company’s strategy and on its relation with public and media.
As stated by Geert Lovink in Hermes on the Hudson, the first Snowden’s leak dated June 2013 represents the “symbolic closure of the New Media era” (Lovink). In fact, the NSA scandal has brushed away what remained of an outdated cybernaivety, finally bringing the “internet issue” into the realm of politics, and of course, of human rights. Nonetheless, scholars have had hard time when dealing with the postSnowden internet issues, often finding themselves incapable to be of help when dealing with the ‘log in era’. According to Zygmunt Bauman, one of the most wellknow surveillance scholar, the problem when doing research in the humanities is that “we never solve any issues – we only get bored with them” (Bauman & Lyon, 51). Problematising surveillance and privacy is a process that had started before the postSnowden era, scholars have forecasted this situation years before the whistleblower actually made his revelations. Nonetheless, if users want to protect their privacy from mass surveillance, what is needed is that the understanding of the complexity of this topic that crosses the boundaries of academia and impact public opinion, in order to trigger a substantial understanding of the internet itself. This process could reach its peak only when enhanced by different actors, which represent different sectors of society, working together. The postSnowden era is a call for working together to keep civil society uptodate, and to maintain an acceptable level of trust in one of the main driver of our economy and our connectivity, that is to say of our lives: the internet. When talking about privacy, transparency becomes fundamental, and requires a conjuncted effort by scholars, activists, NGOs, institutions, governments and internet corporations in order to give voice to any part of society represented online, and to answer the question: what is the kind of society we would like to live in?
Research questions
To what extent have Edward Snowden’s revelations influenced users’ perspectives and practices online? How have postSnowden online behaviours been reflected in Facebook’s narrative?PreSnowden Theories
Setting Up the SceneAccording to a survey on Internet Security and Trust conducted by CIGIIpsos in 24 different countries and published in November 2014, 60 % of the respondents have heard about Edward Snowden (CIGIIpsos, 3), while 64% of users are more concerned about online privacy than they were a year earlier (1). A similar survey by GlobalWebIndex shows that the percentage of people concerned about the internet eroding their privacy has risen from 49% to 58% between 2012 and 2014 (GWI, The Fight for Online Privacy). This increase would appear to be associated with Edward Snowden’s first leak in June 2013, however in the six months following the leaks, the number of concerned users rose by only 2% (ibid). On the one hand, the revelations by the former NSA contractor regarding the PRISM electronic data mining program – particularly the first article published by The Guardian – may be considered as turning point in the short history of the Web, on the other it seems that the evaluation of the impact on user perceptions and online behaviour could lead to controversial explanans. The issue is complex and deserves to be
addressed through a mixed approach, starting from a historical analysis of the theories related to power and control – and of course surveillance and privacy – followed by plausible explanations for the data derived from numerous quantitative analyses. The classified information exposed by Edward Snowden had the capacity to uncover the structure of the internet, showing to the public how it works ‘behind the curtains’, that is to say that its most controversial peculiarities went mainstream. Beyond a widespread ‘anxiety’ concerning the global surveillance program carried out by the NSA, some other considerations should be taken into account. Firstly, the intertwined relations of the American military apparatus and large US based corporations focusing on the development of new technologies still seems far from being over. Secondly, the Internet – especially since the Web 2.0 and the widespread use of Social Networking Sites (SNS) – has become an unprecedented and
continuously growing repository of data which can be used for information control, mostly related to two practices: targeted advertising and surveillance. Thirdly, the fashionable idea of user empowerment has shown its two facets also to users that are not part of the academic environment. These threats which cannot be ignored, should be investigated, understood and assessed in order to provide policymakers with a solid framework upon which regulate the complexity of privacy. It must be said that the NSA has started its practices many years before the Web had been even invented, so that the Snowden’s revelations represent only the most recent case related to this issue. During his farewell speech in 1961, US president Dwight D. Eisenhower explicitly stated that the militaryindustrial process could “endanger our liberties or democratic processes” (McAdams). An NSA analyst under the pseudonym Winslow Peck, exposed the existence of a “UK USA Agreement” on global intelligence and espionage to the press in the 1970s (NortonTaylor). In 1976, the Government Communications Headquarters (GCHQ) appeared on the pages of Time Out magazine in the UK (Campbell). In the late 1980s, ECHELON – a signals intelligence (SIGINT) collection and analysis network built in 1971 – was uncovered by Margaret Newsham (Cryptome), which, according to the BBC, was capable of surveilling up to the 90% of the Internet traffic in 2001 (BBC, Q&A: What do you need to know about Echelon). Nonetheless the US government denied the existence of this secret network (ibid). In 2011, the founder of Wikileaks Julian Assange warned the citizens of the world of a reality that would become crystal clear two years later with the Snowden leaks: “We are in a world now where not only is it theoretically possible to record nearly all telecommunications traffic out of a country, all telephone calls, but where there is an international industry selling the devices now to do it” (CBS News). If these techniques of espionage and surveillance have been used for decades, it is fundamentally important to investigate how they have been developed into their current form. Thus, examining the theoretical framework on which these techniques are built upon as well as the evolution of global society during this time is crucial.
Cybernetics
According to Geert Lovink’s review of the book Excommunication, “computers had not yet shaken off their military origins” and the scenario portrayed by the first Snowden’s leak suggests that “the integration of cybernetics into all aspects of life is a fact” (Lovink). In fact, an understanding of the aims of the first cyberneticians may be considered a reasonable starting point when discussing theories of surveillance and control in the networks societies. If we were to trace back the origin of the discourses related to the notion of control, we find a milestone in 1943, when Wiener, Bigelow and Rosenbluth wrote the first paper on a new interdiscipline: Cybernetics, often used as synonym of ‘control theory’ (Bowker, 108). The relation between the US army system, toplevel academic and military research, and information technology corporations started when this “universal discipline” was conceived. Cybernetics began the process of a coupling of man and machine, and the process of developing selfadaptive systems based on feedback control (107, 108, 109, 110, 115). Moreover, behavioural analysis applied to machines and living organisms would eventually build the framework of the
contemporary science and society. In fact, Behavior, Science and Technology, can be considered the seminal article of the first cyberneticians, a group of intellectuals and scientists which became popular in 1948, when Wiener wrote the book Cybernetics (108). The complexity of this subject lies in its universal character, its will to discover patterns and rules applicable to biology as well as informatics, using an analytical and empirical approach when working with information, that is to say data. Universality is achieved through a lingua franca used by the cyberneticians to enhance the merging of different disciplines historically segregated in their own fields of research. The crucial point when looking at cybernetics, in terms of its relevance for the topic discussed in this paper, is basically this: no matter the nature of the data collected, captured, analysed, mined or exploited, data is essential in order to have control. At a first glance, the aim of the cyberneticians seems to have found its momentum nowadays: different disciplines have merged together, affecting one another, forming a chain on improvements that could benefit other fields of application. That is, most of the mechanisms of control have reached the highest level of effectiveness and pervasivity in the human history. On the one hand, the same data could be used for different purposes, such as business, surveillance,
research and activism; on the other hand the empowerment achieved by the ‘controllers’ through data control raises concerns about privacy and surveillance. Power and Control Undoubtedly, the notion of surveillance is related to the concept of power, and the world has changed in the 70 years between the conception of cybernetics and the postSnowden era. Nonetheless, in order to analyse the transformation of the society in this time span, the contribution of Michel Foucault is crucial to understanding the dynamic that governs the relation of power within societies. In his The Subject and Power, the French philosopher suggests a “new economy of power relations” that consists of taking the forms of resistance against different forms of power as a starting point, so that the antagonism of these two opposing forces may render a relation of power evident (Foucault, 780). In other words, in order to study power, control and surveillance, forms of resistance should be analysed to grasp the relation of these opposite forces. Foucault argued that these ‘antiauthority’ struggles are likely to find their adversaries in “technique, a form of power” (781). Moreover, Foucault underlined that power characterises itself for its capacity to be deployed through relations between individuals and groups, and it becomes explicit, or better it “exists only when put into action” (786). Power is not a universal abstract idea, in fact, it becomes evident when it “acts upon action” in environments marked by freedom (790). What emerges is a complex definition of power and freedom as “mutually exclusive”, but strictly intertwined at the same time: power is exerted on free ‘subjects’, but freedom and control, being mutually exclusive, they never directly confront one another (790). Foucault’s study was dated 1982, and based on his ideas, another fundamental contribution was delivered by Gilles Deleuze a decade afterwards, in his Postscript on the Societies of Control. Although the Foucauldian model has recently gained traction again among scholars – in particular the concept of panopticism borrowed from Bentham’s Panopticon – it applied to a different model of society. In effect, as suggested by Deleuze, the ‘disciplinary societies’ had to face the decline of their outdated model, and have been replaced by ‘societies of control’ (Deleuze, 4). In these latter societies, differently from the previous ones, the apparatuses
of power are no longer institutions, but rather corporations (5). Given the importance of focusing on the forms in which power is exerted, the notion of control becomes crucial. Control is what enables power strategy to maintain itself and implement its strategy (Foucault, 793), and it resembles “a selfdeforming cast that will continuously change from one moment to the other” (Deleuze, 4). From the deleuzian perspective, corporations exercise power through the code, the password that regulated access to information (5). The numerical language of control is made of codes that mark access to information, or reject it. We no longer find ourselves dealing with the mass/individual pair. Individuals have become ‘dividuals’ and masses sample, data, markets, or ‘banks’. (ibid) This scenario, forecasted by Deleuze when the internet had not been globally commercialised yet, hints the shift from a capitalism of production to a capitalism of higherorder of production (ibid). The name he suggested for this socioeconomical model is ‘corporate system’ (7), a system in which “marketing has become the center of the ‘soul’ of the corporation” and “the operation of markets is now the instrument of social control (6). If we were to find a relation with the postSnowden era, mass surveillance may be considered a form of control, which relies on the data collection, exerted mostly by private US based internet corporations such as Google, Apple, Facebook, Amazon, just to cite the ones grouped under the acronym GAFA coined by Ken Doctor (Doctor). That is to say that, the usage of forms of resistance towards the abovequoted technological ‘dataveillance’, also known as privacy enhancing technologies (PETs) – mainly represented by anonymising softwares, antitracking devices and encryption techniques – is a physiological characteristic of the dynamic of power relations. Control and resistance within networks Another author who focused on the “coupling of freedom and control” is Wendy Chun, who used the term “controlfreedom” to describe the reaction to the “privatisation of networks, public services and spaces” (1). Her Power and Paranoia in the Age of Fiber Optics stresses the fact
that since the commercialisation of internet by private corporations, the concept of privacy has been an illusion (15). If you believe that your communication are private, it is because software corporation, as they relentlessly code and circulate you, tell you are behind, and not in front of the window. (21, 22) Thus, the narrative and rhetoric of these corporations is crucial in order to establish how control is put into action. Another fundamental point made by Chun is that the privatisation of the backbone of what was a “military and research network” until 1994, was a political decision by the US government which boosted the spread of the internet as commodity (25). This privatisation is only one example of the relation between the US government, its military apparatus, high level universities and private companies that has led to influential innovation in the realm of information technologies in the last decades: from cybernetics to ARPANET, from the development the Onion Router – now known as Tor software – to the most used social media platforms, eventually used to put surveillance into action. The internet is a network and given its predominant role in our society, we can call the status quo a networked society. However, networks exist in nature as well, and like biological networks, computer networks are based on control. Moreover, as argued by Galloway and Thacker in The Exploit: [...] there is no greater lesson about networks than the lesson about control: networks, by their mere existence, are not liberating; they exercise novel forms of control that operate at a level that is anonymous and nonhuman, which is to say material. (5) Thus, control is an inalienable characteristic of networks, whether they be biological, social or computer networks. On the internet, which is the “most highly standardised and controlled technology in history” (18), information is controlled. Through the use of protocol, circulation,
delivery and decodification of data are made possible, so that protocol may be defined as “all the technoscientific rules and standards that govern networks” (28). Consequently, control based on protocol could be defined as “protocological control”, a concept that Galloway and Thacker considered dynamic and metastable (29). That is to say that protocol is not only a means to control networks, but it is also the means that make networks function. Through protocol, data production and analysis (73) makes control effective. To be effective, control should not be pervasive, but instead operate above networks (36), and this characteristic could make control drift to surveillance. Nonetheless, while for Galloway and Thacker control aims to make itself relevant (41), I would like to point out that surveillance, especially on the part of intelligence agencies, operates better in secrecy. In fact, the files disclosed by Snowden were classified. A step back to Foucault is needed at this point. He had introduced a concept that is cited in The Exploit: ‘biopolitics’. Biopolitics may be described as the “strategic integration of biology and informatics” that enable forms of control on population, and it is put into action through ‘biopower’, or the technology of power (72). Given that in network societies control becomes effective through the production and analysis of data (73), actors that can access and manage that data have an enormous and unprecedented power based in the biggest repository of data in the human history, which is the internet. Biopolitics is related to “the concern for security” that has become “immanent to social life” in the network societies (76), and so is surveillance. Thus, the same data used by internet corporations, such as social media or search engines, as well as patterns inferred through data mining could be used to exert surveillance. To sum up, surveillance aims at maintaining power through control and at neutralising the threat of resistance. Like Economy and Liquid Surveillance When talking about surveillance, there is a notion that has gained traction again in the postSnowden era: it is the concept of ‘liquid surveillance’ introduced by David Lyon in Liquid Surveillance: The Contribution of Zygmunt Bauman to Surveillance Studies. Zygmunt Bauman is an influential scholar who has dedicated most of his work to surveillance studies, a field that has gained traction especially after the Snowden’s leaks. The subject of his research has been
subsequently integrated with David Lyon’s ideas in the book Liquid Surveillance: A Conversation. Bauman identified liquidity as a fundamental characteristic of modernity (336) and “the feeling of liquidity surrounds Deleuze’s formulation” as well (326). Nowadays, the ancient solidity of social structures has turned into a constant flowing that is hard to grasp. This could be applied to feelings, information, time and other aspects of our everyday life. In a society in which not only information travel fast, but also people and products, we are experiencing a ‘freeform’ reality in which surveillance has become liquid too. New technologies – internet in primis, as well as the ubiquity of devices connected to the internet – have enhanced this process, suggesting a switch from the Foucauldian idea of the Panopticon to a postpanoptic mode of observation (Bauman & Lyon, 19). According to Lyon, we are witnessing: the transformation of ordinary citizens into suspects and their relegation to consumer status across a range of lifespheres (Lyon, 325) SNS are the very example of that, because of their potential for business and surveillance purposes. During the last decade, the spread of social media such as Facebook has been a fertile ground for liquid surveillance, which has merged liquidity with the socalled ‘Like economy’. The company based in Menlo Park and its “ambition to extend into the entire web” have directed to the platform itself information that were not part of it before (Gerlitz & Helmond, 1). Through the introduction of the ‘social buttons’, Facebook has turned users into part of the Open Graph since April 2010 (ibidem). As stated by Mark Zuckerberg, “making it so all websites can work together to build a more comprehensive map of connections and create better, more social experiences for everyone” (2). Partially due to this strategy, the impact of Facebook on the global economy has become remarkable and deeply intertwined with people’s professional lives: a study by Deloitte calculated that the social media supports 4.5 million jobs and has a global economic impact of 227 billion dollars (Facebook Newsroom, New Deloitte Report Looks at Facebook’s Impact on Global Economy, Jobs). Simply put, nowadays it is hard to imagine a world without Facebook, because of its services and business model have shaped the global economy in the last decade. This process has led to a situation in which Facebook – the second
most used website in the world after google.com (Alexa) – has become one of the central hubs of the web (10), enabling liquid surveillance as side effect. The use of the ‘Like’ button outside Facebook website has also brought to lawsuits in Germany, where “consumer advocates have sued two ecommerce firms […] and have successfully pressured three companies […] to remove the thumbsup button from their German web pages” (Meyer). The lawsuit brings up the question whether a global shared policy on privacy is really possible or not, or if rather different national ones should be pursued instead. The former approach could be a possible way to deal with the US digital cultural imperialism (Chibbler), or to what Wendy Chun defined as the ‘American exceptionalism’ (Chun, 2). User participation on the social web, whether it happens for work, entertainment or as form of exploited free labor (Fuchs, 183) combined with Lyon and Bauman’s statement that people “now recast into the hope of never again being alone” (Bauman & Lyon, 26), provide a socioeconomic snapshot of our lives. The fact that what is out of Facebook has been dragged in it, enables any kind of surveillance exerted on Facebook to reach an unprecedented effectiveness. Moreover, as shown by Gerlitz and Helmond’s research, “the part of the web that receives most of the traffic come with an embedded data mining infrastructure based on tracking devices” (9); thus NSA practices were not invasive per se, they took advantage of the fabric of the web itself, that is the “organisation of connections between websites” (ibid). The ‘Like economy’ enables instant data mining attached to profiled users, that is a constant control of information, which could be accessed by intelligence agencies when they take control of social media platforms. When surveillance can access two huge constantly updated repositories of information such as Google and Facebook, and combine it with offline digital footprints – credit card transactions, CCTV cameras, GPS connected devices and so on – the power in hands of the ‘controllers’ is enormous and beyond users’ control. In fact, as argued by Lyon: Behavioral control, with asymmetric access to information, is the key to the freedom of the inspectors, in relation to the inmates. (Lyon, 327).
Panopticism shows a new contemporary nuance because of the ability by marketing and crime control to take advantage of the fluidity of the actual network society (332). However, while Bentham’s Panopticon was designed as ‘prison model’, now “everything moves from enforcement to temptation and seduction” (Bauman & Lyon, 53), a seduction achieved through connectivity services – social media platform in particular – and the narrative used by their providers. Users are not prisoners, they are volunteers who subscribe contract with social media platform accepting their terms of service. Nowadays, avoiding surveillance is an individual effort, users can only partially rely on institutions when it comes to defending their privacy. Moreover, privacy has become liquid, it is a concept continuously revisited by governments and policy makers, and it has to be contextualised in specific historical moments. Internet corporations managing personal data have terms of service with which we are asked to agree before using their services, intelligence agencies put into action their practices in order to provide the government with the requested monitoring to make their countries more secure, and internet users try to put these pieces together and manage their privacy through online ‘privacy settings’ and PETs. Dynamic Privacy in a Networked World Information control and surveillance pose the issue of privacy in the network societies, that is to say that if economics and social relations are based on the flow of information produced in the network societies, and if data management is a driver of innovation and change, the concept of publicity and privacy should be redefined according to this socioeconomical model. To this respect, a remarkable contribution has been given by Palen and Dourish, which have built upon the theories of the social psychologist Irwin Altman. Their work is dated 2003, but it is applicable to the current scenario, in fact it finds its killer application in the postSnowden era. In an increasingly networked world, privacy protection is an everpresent concern. (Palen & Dourish)
The crucial concept of this theory is that privacy is “a dialectic, and dynamic boundary regulation process” (ibid). As it will be further analysed in the next session of this paper, when studying Facebook’s approach to privacy and its narrative, privacy is dynamic because is constantly managed and negotiated, while it can be considered dialectic because this process is enhanced by people’s expectations and experiences (ibid). In the network societies, people are connected and influenced each other through social interactions. That is, the Snowden’s revelations, so widely covered by the media, may have been one major driver for change in terms of users’ expectations and experiences, but the process is ‘everpresent’ because it is a natural tension between the need of publicity and the need of privacy. If we think of Facebook, the idea that “privacy is a process of give and take between and among technical and social entities” (ibid) becomes easy to grasp. According to this framework, the shadow of the Orwellian Big Brother is showing up again, given that most of our communication happens through digital devices that Snowden revealed as being surveilled or at least potentially monitored. The fact that data is recordable means that data is persistent, so that information can be retrieved from the past (ibid). Indeed, this is the first complication concerning a broad use of digital technology. Recordability does not refer only to data input into digital devices, but hints at a series of positional and offline data that are put together, mined and exploited for commercial and surveillance purposes. Altman described privacy as the “selective control of access to the self”, and as “a boundary regulation process” in which people manage the accessibility through “openness” and closedness” (ibid). Contextualising this concept, which was conceived in the 1970s but it still valid, “privacy regulation is neither static nor rulebased”, it is rather the constant “management of the boundaries between different spheres of action and degrees of disclosure within those spheres” (ibid). These boundaries represent tensions between different purposes, but at the same time they are balancing this dynamic and dialectic process of redefinition. And given that the status quo may rapidly evolve due to the disruptive potential of technological innovation, boundaries evolve and move together with society. So that information technology gives new tools to manage and disrupt the concept of privacy at the same time. That is to say that, when
participating in online and offline social life, what is at stake is a “selective disclosure” (ibid) of personal information. According to Palen and Dourish, even though a Big Brotherlike form of control may threaten people’s freedom, it is interpersonal privacy that plays the main role when it comes to using digital technology in everyday life (ibid). However, the NSA scandal has brought up the importance of surveillance, based on the corporate model of dataveillance imposed by the most internet corporations. This is not a shift, different levels of privacy are likely to be found. The Snowden revelation has just shown a hidden layer of privacy, and showed that privacy is not only the management of what it can be publicly seen, but also the right to keep what we believed to be private confidential.
PostSnowden Theories and Strategies
Three Privacy Layers Nowadays, users may be led to think that their privacy is guaranteed by the improvement of customised privacy settings, but privacy goes beyond the mere privacy settings’ management on social media platforms. Privacy is complex, it is as dynamic as the society that shapes it. To take on the increasing complexification of the matter, I would like to suggest a multilayered definition of privacy, in terms of threats related to it and possible ways to limit the capacity of observers to invade our personal online sphere. The first layer, the closest to user control, is the ‘public layer’. On this level, any user can control to her searchability and visibility online, according to the technological possibilities given within a specific digital product. To make it simple, the public layer is the management of the exposure of a user’s practices and online reputation. It hints at an average ability to engage with tools of control provided by SNS such as Facebook, such as the privacy settings. The ‘public layer’ enables users to check and control what other users can know about them simply customising their audience – if possible – or examining the results when they query their names on a search engine. This layer has been improved through the years and users have become familiar its management, nonetheless it only refers to the surface of the privacy issue, that is what other users can see. Infact, it is quite easy for users to control what others can see, but it is not the same when it comes to managing what it is beyond their control. The public layer is the one on which users can exert the highest level of control. To sum up, it consists in all the information a user may decide to be public or not, even if this privacy management is constrained by the functionalities of the digital object in which the user operates. This second layer is the ‘corporate layer’, or what companies and the wellknown thirdparties collect and know about the lives of online users. This layer is regulated by a onesided terms of service contract, in which the companies are the only parties with the power to write and update it. Terms of service are updated beyond user control, which means that a contract that a user signs may change at any moment, and when it happens, they will be notified. Tracking cookies and other online tracking devices are part of the ‘corporate layer’, as is all the information a company or its consultant collected about any user, usually for the purpose of targeted advertising. Some of these companies have started to share part of this information. For instance, Google provides its users with the entire history of their web searches upon request (Google Help), while Facebook does the same with all the data shared by anyone who has had a profile on that social media (Facebook Help Centre). Nonetheless, the corporation based in Menlo Park puts together user data from different platforms and services that are part of the same group – i.e. Whatsapp and Instagram – and through the ‘Like’ button has taken over also what was outside of its platform. On the one hand, antitracking software or browser extension such as DoNotTrackMe may provide a shield to protect users on the ‘corporate layer’, on the other, the patterns of behaviour inferred through the monitoring of users’ activities are a wider issue than just being tracked using internet cookies. The wellknown case of Facebook’s psychological experiment on users (Gibbs, Facebook apologises for psychological experiments on users), even if not handed in to the US government (Gibbs, Facebook denies emotion contagion study had government and military ties), shows how the boundaries of the corporate layer are not always directly related to targeted advertising. This is the middle layer, which is the one that somehow shapes the other two: the ‘public layer’ is managed through privacy settings that are designed according to terms of service, and upon this corporate level lays the last one, which was unveiled by Edward Snowden.
This last layer is the farthest from user’s control and lies on top of the corporate one: it is called the ‘intelligence layer’. As it has emerged thanks to Edward Snowden’s revelations, espionage has developed from the oldfashioned eavesdropping of phone calls and turned into systematic mass surveillance of entire populations, not only of suspects or enemies as it used to be. On this layer, surveillance has reached unprecedented levels of invasiveness, mainly through the unclear relationship between USbased internet corporations and the US government. As reported by John Naughton, according to the document and revelation provided by Edward Snowden: [...] Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cybersurveillance system. Nothing, but nothing, that is stored in their "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA. (Naughton).
Through a tool called DNI Presenter, NSA analysts can read the content of emails, and using
XKeyscore the American intelligence agency can access user Facebook chats and private messages (ibid). Thus, user’s awareness of the ‘intelligence’ layer is totally dependent to leaks by insiders and whistleblowers, the only actors who may unveil classified documents as evidences of the existence of this layer. Internet users may try to shield their data from intelligence agencies using the anonymity network Tor, which blurs digital footprints such as user IPs, and encryption tools. Nonetheless, when using Tor the user IP is not traceable, but the user’s identity and activities may be still monitored on the corporate layer, which identifies the user through the login process. Digital Tailspin
As stated by Geert Lovink in Hermes on the Hudson, the first Snowden’s leak dated June 2013 represents the “symbolic closure of the New Media era” (Lovink). In fact, the NSA scandal has brushed away what remained of an outdated cybernaivety, finally bringing the “internet issue” into the realm of politics (ibid). Scholars have had hard time when dealing with the
postSnowden internet issues, often finding themselves incapable to be of help when dealing with the new scenario. Following this theoretical summary, which was necessary to gain a historical framework on information control from cybernetics to the present time, I would like to focus on a recent attempt to answer to the questions posed by the postSnowden era. We are living in a new phase of the Internet history that Michael Seemann called ‘New Game’ in his Digital Tailspin: Ten Rules for the Internet After Snowden (9). Helped by a pool of New Media scholars, this German blogger and activist drew an empirical approach based on rules, that is a summary of possible reactions, or better solutions, to the Kontrollverlust – the loss of control in the digital world. As for this paper, what it is at stake in Seeman’s work it is not the novelty of the issue of privacy, but rather its formalisation into rules and practices.
The author identifies three drivers that lead to what he called the ‘digital tailspin’ – which he define as “an issue of strategies turning fragile” (Seemann, 15). These drivers may be summed up as follows: the widespread usage and dissemination of control and surveillance devices – especially in the Western countries – such as sensors, security cameras, the Internet of Things related objects and all the digital devices ‘datafying’ our lives. Often, we are not even aware whether they are around us or not, what information they record and process; the Internet is basically a ‘copy machine’, that is that our data are copied and stored continuously, but we do not know where those data are travelling and how many copies of them are in circulation; although many people think this vast amount of data is too big to be handle, ‘Big Data’ can be easily turned into readable information through machine learning algorithms, eventually determining patterns and mapping behaviours. (9) In this context, citing Christian Heller’s work, it is possible to name the postSnowden era a ‘postprivacy world’ (10). Thus, a strategy is needed to address the contemporary situation, a strategy that could enhance the “freedom of civil society” and protect disadvantaged users (ibid).
Through an indepth critique of the most relevant strategies suggested by Seemann, I would like to draw a contemporary theoretical and empirical framework of this ‘postprivacy world’. Given that this scenario has exposed our digital lives to new threats, or at least has mutated our awareness of the adoption of mass surveillance through the widespread control of our digital footprints, we need to unlearn what we knew in order to adjust our behaviours to the novelty (11). The world of the internet is unstable, the improbable has become a constant in the contemporary network society, that is to say that unpredictable events are a fundamental part of the game, they are drivers of change (ibid). Unexpected events should be approached being able to quickly disrupt our previous ideas in order to avoid biases, which could lead us to use outdated and misleading paradigms when dealing with new issues. In other words, we need strategies to prepare ourselves to face new challenges. Upon reaching South America during the Spanish conquista, Hernan Cortes sank the boats used to get there in front of his crew. There was no way back, “no hope of returning to the old world” (13). Imposing to his crew a new mental state was for him the best strategy to make his crew realise that a new era had started (ibid). Thus, the ‘New Game’ requires us to “mentally detach” from the Old Game (13). Kontrollverlust Nowadays, the flow of information is fast, cheap and beyond our control. We do not know where our data goes, to whom it goes, and for which purpose it would be used. However, information control has also become more difficult for actors aimed at limiting access to information and knowledge. Given that in the socalled ‘knowledge based society’ sharing information is vital, the process of controlling access to knowledge is twofold. Wikileaks could be considered an example of this process whereby secrecy has been disrupted, building a platform to unveil classified documents. To some extent, information control may not be fought, but rather adjusted through a flexible model, that would not collapse when facing unpredictable changes. According to Seeman, we should design a model that is adaptable, but not fragile (15). Fragility is a key point in the ‘postprivacy world’, thus we should build an ‘antifragile’ model capable of renovating itself when there is disruption . But if “privacy has gone bankrupt” (16) it is due to the outdated
and naive idea of a state that ensures data protection for its citizen. There is an apparent contradiction in Seemann’s perspective: when he says that the NSA – that is part of the US state apparatus – exercises surveillance, he does not mention that another part of the same institutions is in charge of investigating whether surveillance practices were legal or not. It has actually turned out that US mass phone surveillance was against the law (Roberts & Ackerman), hence the idea of a state that grants itself unrestricted access, regardless of privacy to a passive civil society , is reductive, if not even completely wrong. Nonetheless, I do agree with Seemann when he argues that the practice of adjusting privacy settings on social networks is misleading, because there is no communication on SNS which can be considered confidential when it is controlled by intelligence agencies that have access to it (16). The issue is way more complex, and the ‘layerification’ of privacy may provide a new perspective on that. Surely, there is no way back, as the Internet is a ‘copy machine’ and whatever has been stored by NSA could potentially exist and circulate forever. Possible ‘antifragile’ solutions suggested by Seeman are openness, transparency and networked structures, disruptive strategies applied to the information tailspin (17). Nonetheless, the relationship between actors that exercise surveillance through digital technologies and actors which try to protect themselves is always unbalanced. Internet corporations and intelligence agencies, which own and develop these technologies, and manage financial and technological power will always be a step ahead the struggles of their respective behaviours of resistance. When discussing the New Game, one of the most relevant issues posed by the postSnowden internet is what scholars call the ‘privacy paradox’ (19). I will dive into surveys and data about users’ privacy concerns in the following sections of this paper, but what Seemann and other researchers have noticed is that while privacy concerns are said to be very important to users, strategies and behaviours enacted to fight back surveillance are not always put into action (19). The struggle for privacy has a cost, not only economical, but also in terms of time and effort spent to learn how to protect online data. However, the value of privacy cannot be measured only through to the interest shown when it comes to defend that. According to Seemann, surveillance is likely to increase in the coming years (18), on the contrary I think that the fact that NSA phone
surveillance was said to be illegal by a court could indicate an opposite development in term of privacy regulations. Surely, the development of the Internet of Things could lead to new and unexpected privacy issues, but it is also true that in the postSnowden era, user’s naivety has started vanishing. Moreover, according to the author, the fact that we have been dealing with mass surveillance for a decade proves that we can definitely live with that (19). However, we should not forget that the awareness of these practices has likely only increased since June 2013, when Snowden first released classified documents. Surveillance had been exerted for years prior to the recent NSA scandal, and is older than the digital world. Nowadays though, surveillance is the ‘default setting’, hence – given the lack of a serious supranational policy which regulates that – the countermeasures used to avoid information control represent the only segments in which surveillance may be contested (20) and privacy shielded on its three layers. Consequently, surveillance emerges as a symptom of a relation of power between ‘controllers’ and ‘controlled’, that is to say that surveillance is the practice of observation that reinforce this relation of power itself. It can be said that the foucauldian discourses on power and the deleuzian idea of
‘corporate system’ (Deleuze, 7) merge into a status quo in which corporation enhance the widespread control of intelligence agencies. To make it simple, we know that what we write on Facebook, even if our privacy settings are adjusted to the audience we want to reach, or even if we write a private message, or an email using Google Mail, may be the object of requests made by the NSA, requests that internet corporations will oblige (21). Nonetheless, characters such as Chelsea Manning, Julian Assange and Edward Snowden have shown that if “power is founded on secrecy” is vulnerable and fragile, because transparency is eased in the network society (22). To some extent – thanks to the above quoted whistleblowers – it can be argued that data collected beyond our control may be used to expose the threat of surveillance, that is for countersurveillance purposes. Steve Mann, an American inventor and researcher, called the action to watch the watchmen ‘sousveillance’ (23), a practice enhanced by the spread of the internet. Finally, a possible strategy to be used to confront surveillance in the postprivacy world is total transparency’ (ibid). As suggested by Christian Heller, keeping in mind that “all data is