‘We are livestock for data farms’
Citizen Lab director analyzes how corporations monitor our behavior, discusses new methods of government surveillance
We are monitored by applications, even when we are not monitored by services. This is now the environment in which we operate – an environment that Professor Ronald Deibert identifies as “surveillance capitalism.”
Director of the Citizen Lab, the institute at the University of Toronto’s Munk School that identified the first Greek device infected with Predator software, Deibert is considered a pioneer in the study of digital espionage, commercial surveillance software and the protection of human rights. Professor of political science at the University of Toronto, his book “Reset: Reclaiming the Internet for Civil Society” has been awarded prizes and he was named a 2017 Global Thinker by Foreign Policy Magazine.
In an interview with Kathimerini, Deibert explains how corporations monitor our behavior and choices and discusses new methods of government surveillance.
How powerful are digital social media platforms and how intrusive can they really be?
The short answer is they are very powerful and extremely intrusive. The longer answer has to do with the business model of what I think is appropriately termed “surveillance capitalism.”
Surveillance capitalism is the primary business model, not only around social platforms but really now the entire digital ecosystem that we live in. And the basic underlying principle of surveillance capitalism is to monitor users’ behavior in exchange for mostly free access to various services, and most applications, and monetize that data in various ways.
What this does (“surveillance capitalism”) is create an almost relentless logic for the tech platforms to become more and more invasive by design. Almost every application that you use on the internet these days has a higher- and lower-level functionality.
The lower-level functionality is the apparent one. For example, an application that you use to call a taxi or deliver food, or play a game. But the higher-level function of almost all applications today is to gather as much information from us, the users. Therefore, we are really the livestock for their data farms. Even though the companies describe what they are doing as something different. Essentially, this is what the business model is about.
We already have applications that are designed to get at our behaviors. What is it that we are reading online? What are we purchasing? Now we are moving increasingly towards the subliminal. So looking at patterns of your retina, of your pupils, and how long you linger over something on a website may indicate some kind of pleasure that the company is trying to ascertain about you. And we even have now applications that aim to gather information about your mood or your sleep patterns.
Not far off into the future, we will have internet-connected neural systems that actually tap directly into our brains. All of this is part of an underlying business model that defines the digital ecosystem that we live in.
In Greece, there has been a discussion over the use of illegal spyware like Predator with political implications. In your view, how extensive can surveillance be?
We already live in an environment that is saturated with surveillance. There are sensors everywhere that surround us now as part of this mostly benign business model. Layered on top of that is something more serious, which is government surveillance.
Now we have the question of targeted espionage and spyware, which is even more concerning because of the level of intrusiveness we all carry around these devices with us 24 hours a day. They are at our bedside tables. They give a pattern of life. They are extremely detailed and comprehensive in terms of following us around, tracking our movements, our behaviors, and our communications.
For a government agency to be able to get inside that device, which they can now, thanks to mercenary spyware, represents, I believe, a quantum leap forward in government control capabilities. And frankly, most governments around the world do not have in place the proper checks and balances to prevent the abuse of power.
How does spyware software work and how do nations apply the different kinds to target their opponents?
The way to answer this is by looking at the history and evolution of law enforcement and intelligence-gathering techniques. In the past, intelligence agencies were interested in gathering information on targets, on human subjects. So actual human agents following people around, maybe taking photographs from a distance, putting in place wiretaps of the sort that we talked about, or putting in place a tracker on a person’s vehicle. So, surveillance techniques were mostly compartmentalized, quite labor intensive, and very primitive.
With digital surveillance, it is as if a lot of the physical constraints have been removed and government agencies have almost godlike powers to monitor what a subject is doing without that subject being aware of it.
Could the president of a country be justified in ordering the surveillance of political opponents or journalists?
Not according to standards of international human rights law or according to basic principles that are fundamental to liberal democracy, firstly, free and fair elections. In order to have free and fair elections, you need to have a certain degree of confidentiality in terms of political processes.
In Europe, they are talking about Watergate-style scandals – that metaphor is very appropriate. Watergate, as you know, was a major scandal in the United States because Richard Nixon, then president, attempted to bug the offices of his rivals in the Democratic Party, and he was caught. And then he tried to cover it up.
What we are seeing in Europe is a whole series of these scandals, domestic surveillance of political opponents, which obviously interferes with free and fair election processes.
What is the balance between rights and security and how do we detect the limit of this line?
I think that we first have to recognize that there are serious threats to people’s security and well-being. We live in a world that is full of nasty people. Sometimes that nastiness can result in violence and loss of life. That is why we have law enforcement and military and security agencies to protect our security.
In fact, we need well-equipped, well-trained professional law enforcement to protect human rights. So, I am not arguing that we should not have those capacities within a liberal democracy. Quite the opposite. However, we cannot have a situation where law enforcement and intelligence agencies are operating in the absence of oversight and checks and balances, which appears to be the case in a lot of the countries in Europe that have been caught up in Pegasus-related scandals.
It appears to me that you have one or more security agencies that have undertaken wholesale domestic surveillance of one segment, at least one segment of the population without any proper safeguards or oversight, and certainly no public transparency or accountability. If that goes on it is very dangerous for liberal democracy. You are starting to slide into authoritarianism, and that is definitely a concern for any citizen of any country.
As an ordinary citizen, how can I protect myself against malicious surveillance actions?
Unfortunately, there’s no simple or positive answer I can give you, when the most advanced mercenary surveillance technology vendors are able to produce spyware that exploits vulnerabilities in the most advanced technology platforms that even the vendors of those platforms are unaware of.
A $2 trillion company like Apple still has flaws in its operating system. Companies like NSO Group make money by exploiting those flaws, and they are now at the point where the latest versions of their spyware can access a target’s device without any visible indication of tampering. Without needing to trick a target into clicking on a link.
That means if I was a government operator using, say, Pegasus spyware, I could get inside your device without you knowing about it. And frankly, there is nothing that you can do to defend yourself against that. But of course, with respect to a wide variety of lower-level threats, things like phishing and more traditional malware, there is a lot that individuals can do.
Everyone can improve their digital hygiene by taking certain steps like using two-factor authentication or a password manager or using an application like the signal for your messaging.
What institutional measures should a state adopt against arbitrary actions that violate citizens’ rights?
Government operators can press a button and get inside any device anywhere in the world and gather information on a target right down to the most intimate details of their personal life without that target being aware. That is like something out of the future. Our checks and balances are oversight mechanisms like something out of the Victorian era. They have not changed much since the 19th century or the early 20th century.
We have basic safeguards like judicial oversight warrants, but these obviously are inadequate to the type of extraordinary surveillance capabilities that are available to government operators today. So my strong feeling is that liberal democracies around the world need to invest deeply in robust restraint mechanisms.
The principles that I am talking about have their origins in ancient Greece. The idea of division, powers, and checks and balances is something that goes back to ancient Greece. It is at the heart of liberal democracy. And we need to remind people that we can’t take them for granted.
Therefore, we need independent oversight mechanisms to prevent the abuse of power to preserve liberal democracy moving forward.
The war in Ukraine sparked debates on cyberspace battlegrounds and cyberwarfare. Have we moved to the meta-level of unconventional battles, the ones in front of a computer screen?
I think the unlawful Russian invasion of Ukraine has demonstrated how we still live very much in a material world where bombs and bullets can cause enormous damage. And we have an extraordinary loss of life and just unrelenting cruelty.
One of the surprising observations many people have made about this conflict is how little the cyber dimension has played a role. Everyone expected it to be more prominent. I think where we have to be concerned is around the security of those who are investigating war crimes. They are reliant on digital technologies and on uploading and preserving that data to whatever platforms they are using.
We need to make sure that those people’s devices are secured from espionage and malfeasance. And I think we have to be concerned about disinformation because Russian threat actors are well-known purveyors of disinformation.