The disappearance of privacy in the digital age is irreversible. Now we have to figure out how to protect ourselves.
Let’s get the bad news out of the way first: Technology and social media are frequently manipulated by bad actors. As a digital investigator, I see the effects of this firsthand. Often, my prospective clients want me to utilize my knowledge of OSINT (Open Source Intelligence) to stalk and harass someone they don’t like. Recently, a man contacted me to ask how much I would charge to cyberstalk his adult daughter and “expose [her] as a slut.” Of course I declined the commission, but I know there are plenty of less-than-scrupulous OSINT experts who will do the job for him.
OSINT is a methodology by which one collects and analyzes online data that is in the public domain. OSINT can and does include leaks, and it can also involve information that was never meant to be shared widely—which is why a good investigator should always seek to protect a potentially vulnerable source, even if that source shared something publicly.
On the micro level, OSINT can be manipulated to stalk an individual—a good example of this is people poring over clues in the photos you post to your social media accounts in order to figure out where you live and/or hang out. On the macro level, governments can and do utilize OSINT— as well as more traditional spying methods—in order to spy on their citizens.
The combination of both OSINT and other new sophisticated technologies means that none of us are truly safe from those who want to pry into our personal lives. Sometimes, this can lead to truly terrifying outcomes. If you saw “The Dissident,” the documentary film about the assassination of Saudi journalist Jamal Khashoggi, you know how easy it is to hack a phone, for example. The film shows how the Saudi regime used Israeli spyware to read communications between Montreal-based Saudi dissident Omar Abdulaziz and Jamal Khashoggi, who was then a columnist for The Washington Post. There is convincing circumstantial evidence in the film to support the theory, shared by Turkish Intelligence and the University of Toronto’s City Lab, that Mohammed bin Salman, the powerful Saudi crown prince, ordered his henchmen to murder Khashoggi at his country’s consulate in Istanbul—based on information he obtained from using Pegasus spyware to take over both men’s phones.
Or, consider the case of model Ines Helene, whose stalker geolocated her apartment building using the reflections of the buildings in the selfies she posted online.
I posted photos of myself in my last apartment with a little more background than this. I was DMd by a man who had sneaked past the concierge and saw me with my then-boyfriend. He had geolocated me to the exact building. He sent me a message: “you’re prettier in real life” pic.twitter.com/peAXGiG3qT
— ines helene, ShroomGirl (@inihelene) June 17, 2021
Ines Helene’s stalker didn’t need to employ sophisticated spyware to find her address. All he needed was to be obsessive and pay attention to detail.
If all of this scares you—well, it should. We live in a world where anyone can find out vital information about you and use it for malevolent reasons. This genie is out of the bottle in many respects, but there are ways in which legislation can catch up to our worst privacy concerns: legislation against revenge porn, which 48 states and the District of Columbia have passed, is a good example here.
There are also ways in which an environment where nothing stays secret for long is a good thing. For example, investigators can use data breaches and leaks to expose crimes that individuals or governments are trying to hide. BuzzFeed News won a Pulitzer Prize this year for its four-part series on the detention and long-term incarceration of the Uyghurs in China’s Xinjiang region; to prove the existence of concentration camps the Chinese government was trying to hide, BuzzFeed reporter Megha Rajagopalan collaborated with architect Alison Killing, and Christo Buschek, a programmer and digital security trainer in using open source technology to locate and identify the mass prison camps in which over 1 million Uyghurs are being held and, according to first person accounts, tortured. The importance of this type of work is in its clarity and effectiveness: by identifying and documenting irrefutable facts on the ground, it cuts through a well-funded and cynical propaganda machine to expose the truth.
That’s not all, of course. Many of you reading this have undoubtedly experienced what it’s like to be lied to or conned. In this digital age we can expose liars and con artists before it’s too late. Worried about that guy you’re going on a date with? You can find out if he has a criminal record, or if he’s married. Concerned that a scam artist may be targeting a loved one? You can investigate the person to see what is really going on.
Stolen valor has traditionally been a popular way for grifters to scam people—faking military service has a long, ignoble, and sadly profitable tradition—but today, there are enough tools at our disposal to figure out if someone is lying or not.
Our social mores will eventually catch up to our changing understanding of public versus private. In fact, our comparative lack of privacy is beginning to change our very culture — making certain aspects of our past and present irrelevant.
Consider the #infosecbikini Twitter storm. It started when a female Twitter user who works in information security was shamed for posting a relatively tame bikini photo; this led to a backlash against random sexism and harassment in cybersecurity.
The more frequently people are “shamed” and “exposed,” it would seem, the less weight such harassment will carry in our lives.
Simply put, we might soon reach a critical mass of “embarrassing” content, revenge porn, and other content routinely used to harass or denigrate people. So much so that a lot of this content will become just another form of internet white noise.
Oh, your emails were leaked? Well, so were a bunch of other people’s emails. Not only will many people have some kind of “scandal” or another in their past, there will simply be too much data to sift through.
Similarly, the enormous amount of data out there presents a challenge for prying governments too. Russia is one example of a mass surveillance state. The scope of Russia’s surveillance system, SORM, is so great, however, that it creates logistical challenges. Nobody has time to watch everyone all the time, and unless the government is actually zeroing in on you because you stand out to them, you can still manage to fly under the radar.
I understand that none of this is particularly reassuring for dissidents. In fact, it becomes less reassuring when we consider how evolving Artificial Intelligence (AI) is going to tap into mass surveillance systems over time—gradually reducing the human component and watching us all with renewed vigor and precision.
Again, we have a window of opportunity to enact better legislation on AI now. Instead of being defeatist, we can think about ways in which AI can be regulated so as to reduce the potentially harmful impact of this data mining on private citizens.
Perhaps, eventually, a healthy balance between constant hypervigilance online and going completely off-the-grid to raise chickens in a remote part of Montana will even be possible for those of us—most of us—who are trying to stay safe while also living our lives and doing our work.
Of course, this healthy balance will not be available to private citizens of authoritarian regimes for as long as they remain authoritarian. But for those of us who still have democratic institutions to fall back on, creating the legal blueprints for how our digital rights can work better for all of us is possible. With smart activism, it is also attainable.