Prerna Soni, a UPenn Law Student and Symposium Editor of the Journal of Business Law, reports on CGCS and Penn Law’s Scholarship After Snowden mini-conference which took place on October 17th
Ferret Cannon. Egotistical Giraffe. Bullrun. These are not just nonsensical terms, but rather the names of a few of the surveillance tools used by the National Security Agency (NSA) to monitor your online activity. The discussion of Internet surveillance and the right to privacy has swept the U.S. by storm after the NSA exposé by Edward Snowden earlier this year. On October 17th a group of scholars and practitioners gathered at Penn to discuss what these revelations mean for the future of the academia and the Internet. Scholarship After Snowden proved to be a thought-provoking event. Attendees were forced to reexamine the breadth of government surveillance, and to reevaluate the way the academy approaches technology education and policy going forward.
The mere scope of surveillance by the U.S. government is astounding – we are not talking about an email here, a chat history there. Everything that is done on the Internet is collected and stored as data. As Bruce Schneier, a renowned cryptographer and privacy expert noted, “We leave digital footprints everywhere,” and the fundamental problem is that we have made surveillance far too easy and cheap. When surveillance and data storage is cheap, there is a tendency to store everything. As Schneier aptly noted, when you have a great deal of money and resources, “when you have the choice of A or B, you do both.” This problem is furthered by the fact that while many Internet users understand its basic mechanics, they do not really get what is going on “under the hood,” as Joseph Turow, the Associate Dean for Graduate Studies at Annenberg, puts it. There is a complete lack of cohesion between law and Internet engineering. This contributes to a lack of understanding as to what exactly Internet companies have promised consumers. As Christopher Yoo, the Director of Penn Law’s Center for Technology, Innovation, and Competition remarked, “All of you who are surprised that Google is [storing data] on your phone – wipe that surprised look off your face. If you are getting a service for free, you are not the customer, you are the product.”
Post-Snowden, a key question is what should we do about extensive surveillance. Many of the speakers agreed that law and policy is not progressing nearly as rapidly as necessary to keep up with the changes in technology. As Cynthia Wong, a Senior Researcher at Human Rights Watch, noted, the central gap is that the right to privacy has been protected for many years but “the rate of technological change has so outpaced the change in [legal policy].” Further, the U.S.’s legal framework regarding Internet policy must be considered within the larger scope of global human rights and global Internet policy. In this context, the issue that first must be resolved is how to develop an alternative human rights or international legal framework that incorporates these contemporary issues. Highlighting the international impact of the NSA surveillance, Ben Wagner, a Center for Global Communication Studies post-doctoral fellow, indicated that from the European perspective there is an, “incredible feeling of disenfranchisement in a post NSA world.” There is a lack of trust in U.S. Internet stewardship, which leads to the question of who can you trust.
Unsurprisingly, corporations can play a key role in setting the trajectory for Internet policy. While many companies are starting to push back against government surveillance, surveillance has in large part become a part of the business model. While the issue of corporate cooperation with government requests does need to be examined, the larger problem seems to be a lack of understanding of Internet policy in conjunction with the bigger corporate picture. Michael Samway, the former Vice President and Deputy General Counsel at Yahoo! shed some light on this noting that businesses, and future business leaders, are not at all equipped to deal with the contemporary issues in this sector. “I’ve worked in technology for fifteen years,” he said, “and technology is rapidly outpacing our ability to keep up, not only law and policy wise, but also our vocabulary and ability to talk about this.” He observed that even within technology companies like Yahoo!, there is an information and leadership gap; technicians may understand the surveillance aspect, but not the big picture, and vice versa for the senior management.
The consensus among the panelists seemed to be that the greatest underlying problem is inadequate preparation for students and future leaders concerning these rising issues. Andrea Matwyshyn, a professor of Legal Studies & Business Ethics at Wharton, noted many business schools are not taking into account the changing role of the Internet. Nien-he Hsieh, a professor at Harvard Business School, added that properly equipping future business leaders may be a better method to address this problem than what was originally thought. “We’ve often said that [the solution] is for the students to think more public-mindedly,” he said, “but as the Snowden files revealed, we’re not sure if that’s a good answer anymore.” He added, however, that businesses may not be as accountable as governments, especially in the international context, and that presents a key challenge in having businesses be a part of the solution.
It is evident that there is no simple solution to issues surrounding Internet privacy and government surveillance. Wagner outlines that there are layers of legal issues, international relations issues, as well as “a difficult sociological level where the user likes these services and eventually depends on [them].” These layers complicate any solutions to privacy and surveillance problems. However, preparing students from a young age to deal with these changing norms is the best way to see legal policy and technological advancements. As Matwyshyn suggests, “First, find the smartest 9- to 11-year-old that you know and get them excited about this issue; it’s about training a new generation to fix our mistakes. And second, ask a lot of questions to [any online company] that wants any information.” That said, however, there is a deeper issue when you cannot trust your government. As Schneier puts it, “The reason your locks work is not because of the technology, but because there is a legal infrastructure that respects locks.” This infrastructure is completely lacking in the realm of Internet privacy, and until we can establish that, little else can be done.