On the 20th of May 2013, Edward Snowden arrived in Hong Kong and checked into a Kowloon hotel armed with north of 1.5 million stolen documents detailing mass governmental surveillance orchestrated, primarily, by the National Security Agency of the United States and GCHQ in the United Kingdom.
On June 5th 2013 the Guardian published its first exclusive based on the leak and by June 9th he had come forth as the source, achieving a level of global recognition which most political actors can only dream of. The CIGI-Ipsos Global Survey on Internet Security and Trust, undertaken by the Centre for International Governance Innovation (CIGI) and conducted by global research company Ipsos between October 7th – November 12th 2014 showed that over a year later, 60% of internet users globally had heard of Edward Snowden while 39% stated that they had taken steps to protect their online privacy and security as a result of his revelations.
Earlier this week, and almost three and a half years after Snowden’s leak, the investigatory powers tribunal – the only court that hears complaints against MI5, MI6 and GCHQ – ruled that the security services operated an
“illegal regime to collect vast amounts of communications data, tracking individual phone and web use and other confidential personal information, without adequate safeguards or supervision for 17 years”
and you could be forgiven for knowing nothing about it; only a handful of national newspapers and technology publications have covered the story.
The debate around online privacy remains in its infancy in the UK, and it is clear that it is a complex topic in which public feelings depend largely on the context in which our data is embedded. Clearly, surveillance plays a key role in the way nations protect their citizenry, and while opinions of Snowden were mostly favourable in the wake of the 2013 leak – an Angus Reid Global poll in October 2013 showed that 60% of Britons felt Snowden was a ‘hero’ while 40% felt he was a ‘traitor’ – in 2016, as the below chart shows, 46% believe that more should be done to help combat terrorism while just 16% feel more should be done to protect privacy.
Much has changed in three years. We now find ourselves in a different context of terrorism.
The impacts of the Sousse attacks in Tunisia in June 2015 and those in Paris in November are clear to see in the above chart, however the long-standing, complicated nature of our relationship with data, security and privacy is illustrated by a further piece of YouGov research. In March 2015, when the Privacy vs. Security Tracker showed that 45% of people felt that more should be done to help the security forces at the expense of privacy, 60% of people in the UK believed that GCHQ already had the technical capability to intercept or collect the internet communications of every British citizen and 27% believe they already did so, while 52% stated that they would not trust them not to abuse this power.
The fact that the British public can simultaneously distrust the security services, believe they have the ability to collect the internet communications of every citizen, and want to give them more power illustrates the multiplicitous nature of public opinion with regard to privacy and security.
While this blog has used national security as an example, it is clear that the unfolding public position on privacy will cause problems across industry but that we are yet to establish a set of societal norms in relation to perceived breaches. Yahoo waited two years to announce that it had suffered one of the largest disclosed cyber-breaches in history and exceeded earnings expectations in the following quarter, with page views, messages sent and messages read unchanged. By contrast, an NHS leaflet drop to 26.5 million households simply explaining how they could opt out of the now infamous Care.Data scheme created enough hysteria to have the scheme scrapped.
From the outside looking in you could be forgiven for thinking that the way forward was to simply not disclose breaches of privacy, treating them as ‘business as usual’ if and when indiscretions come to light. In August 2015 we wrote about the potential for an enormous data security event to change the way we think about privacy forever, but maybe we’ll just keep calm and carry on.