June 4, 2014

“Our calendar is on the web. Our location is on the web. You have a cell phone and you have a cell phone network provider and if your cell phone network provider is Sprint then we can tell you that several million times last year, somebody who has a law enforcement ID card in his pocket somewhere went to the Sprint website and asked for the real-time location of somebody with a telephone number and was given it…We don’t know that about AT&T and Verizon because they haven’t told us…the deal that you get with the traditional service called telephony contains a thing you didn’t know, like spying. That’s not a service to you but it’s a service and you get it for free with your service contract for telephony. You get for free the service of advertising with your Gmail which means of course there’s another service behind which is untouched by human hands, semantic analysis of your email.” -Eben Moglen

Now, more than ever, people are becoming concerned with their digital privacy. Unlike the early days of the internet, even casual computer users are aware of the number of threats, from malware to identity theft, that they face online. With the recent revelations from people like Snowden, Hammond, and Assange, there is no longer any question that we are constantly being spied on.

The big online players, like Google and Facebook, receive much of the brunt of public outcry about digital privacy. Google reads our emails, Amazon analyzes what we shop for, and Facebook recognizes our faces. All these household names do much more than just provide users with a service. They are in the business of collecting information on their users, and doing whatever they please with it…without telling us. While data mining is most noticeable with these bigger companies, and they have attracted the most attention for doing so, they are absolutely not pioneers.

“Customers choose to do business with companies they trust. 90% of adults are concerned about privacy, and 88% avoid companies that don’t protect their privacy.” -TRUSTe

“Strong privacy practices are at the core of all of comScore’s operations. We are proud to have developed clear disclosures to help our panelists understand their role in contributing to the data that comScore’s clients use to improve their products.” -comScore

TRUSTe and comScore are now known as two of the leading companies that form the backbone of internet data mining. These companies work with and provide information to tech giants from Microsoft to Facebook. If you see an “official” news report or article with some statistic about internet usage or a statement on digital privacy, chances are it came from one of them. comScore attempts to obscure its true nature by calling those it spied upon “panelists.” These companies claim to act in the interests of privacy and “to safely collect and use customer data to power their business.” In reality, these companies occupy positions of power within the internet landscape because they were some of the first companies to embrace data collection and analysis on a wide scale.

Much in the way that capitalism arose out of “primitive accumulation,” our information society has come to be through a series of digital conquests, gradually stripping the end user of any privacy, and even their own identity.

“The discovery of gold and silver in America, the extirpation, enslavement and entombment in mines of the indigenous population of that continent, the beginnings of the conquest and plunder of India, and the conversion of Africa into a preserve for the commercial hunting of black-skins, are all things which characterize the dawn of the era of capitalist production. These idyllic proceedings are the chief moments of primitive accumulation.” -Karl Marx

Just as resources were stolen from the New World and Africa, our digital resources were stolen from us by malware. Both TRUSTe and comScore, while today being hailed for “demonstrating exceptional consumer protection, data security and privacy practices,” would not exist in their current forms without being some of the first companies to exploit people’s digital identities through spyware. Had they not spied on us and stripped us of our identities, the Facebooks of today could not exist.

comScore claims that “researchware is not spyware.” It claims their “panelists” are provided with “clear disclosures” about what comScore’s software is doing on their computer. Are their at least 2 millions panelists aware that comScore’s “marketscore” software essentially sends all a user’s internet traffic to comScore also? Are they aware that every move they make online is being tracked and analyzed? comScore would say that these users are aware, as everything that is happening is disclosed, or rather buried, in the complex legalese of the license agreement. The user is to blame because they didn’t read the fine print.

During the earlier ages of the internet, there was not much as concern about privacy on the internet as today. The terms malware and spyware did not appear to most until the mid 90s. Before the era where we could play Flash games in our browser, people had to download executable files of games. Before Google Docs, people had to download word processors. In the early internet, having to install a program to your computer was not uncommon. These programs would often be bundled with adware or spyware. The best of which would simply discreetly show you a popup ad every once in a while. The worst of which would show ads as well as track every website visited, or even every key pressed. The distributors of these programs were protected by the fact that the users had accepted the license, and could not really be held responsible for the spying they did. comScore was definitely on the worse side of the spectrum of spyware.

TRUSTe is slightly different from comScore, as it was actually started as a non-profit. Rather than directly spy on people, TRUSTe is in the business of trying to redefine what spying is. Its main focus is on certifying companies via its privacy seals. While not a non-profit since 2008, the company exists to tell users what companies they can trust. This may sound like a noble venture, trying to keep companies accountable for their privacy policies, but in reality TRUSTe is accountable to the companies it certifies. It even calls them its “clients.” Without its clients, TRUSTe would not be in business…so who really holds the power in this accountability process?

Not only is the very model of TRUSTe flawed, their reputation and past actions have proven that they are little more than a rubber stamp. There have been cases, such as with a piece of software bundled with spyware, “hotbar.” This software was known as spyware around the Internet, yet TRUSTe stood by their client, until public pressure forced them to delist hotbar. Even further, a 2006 study by Ben Edelman found that TRUSTe certified sites were a significant amount more likely to be untrustworthy than those not certified.

The danger of TRUSTe is that it has been given the power to determine what spying is or is not. If IBM or another large company has enough money or clout, they can work with TRUSTe to get the definition of privacy itself to still be certified. If TRUSTe decides that something isn’t spying because it is buried in a 5,000 word contract, unreadable by some, then we are told that we are not being spied on…even though we very may well be. The very companies that are spying on us are in charge of defining spying.

It is through this primitive accumulation by way of malware, that we have reached the current state of affairs. The spying machines that exist today, while having surpassed older companies, still depend on them for information and support. We have moved away from the brute force methods of spamming people with ads, or capturing personal information through keystrokes. Today, we are given spying as a service, without many of us knowing it. Our emails are being read, and the contents being used to sell us things. Companies are being urged to move into the cloud, exposing the inner workings of these business to the government or any hacker good enough to get to them. Our transit systems are beginning to eliminate the ability to travel anonymously, requiring online registration. Our faces are being cataloged, so that along with increasingly connected CCTV networks, we cannot even walk somewhere without being tracked. We are not even allowed to see the information that these networks collect on us.

While the populace in general is finally beginning to become concerned with digital privacy, the truth is that our digital privacy was stripped from us years ago. While recent events may have tilted the focus towards state agencies like the NSA, spying by private companies will only continue to grow. In the near future, these private companies will most likely hold some degree of power over state spying, though, and there will be little difference between the two. Amazon is currently building a $600 million cloud computing center for the CIA. Google is already running programs for the Department of the Interior, and offering “apps for government” to a wide range of municipalities. We are well down the road to a complete surveillance society. Instead of a totalitarian state, though, we face the very companies that sell us things or help us connect with our families.

Can we save our digital landscapes, as scarred as they are by spyware? Can we save our digital identities, even though we are not even allowed access to them? Anything is possible.

10 Kudos