A lot of privacy advocates have been looking closely at the “deep web,” the enormous number of websites that aren’t indexed by Google, as an alternative to more “public” web services. But that came to an end this weekend, where as part of an FBI sting operation, a major hosting company was completely shut down. Furthermore, several sites were infected with malware that essentially outed the identity of whoever visited.
All this raises a question: Is privacy possible on the Internet? Or, for that matter, should it be?
The second question needs to be raised for a fairly simple reason: Freedom Hosting, the company in question, was shut down amid accusations that its founder was essentially the world’s biggest dealer in child pornography. One of the questions that few fans of products like the Tor Project or Bitcoin are willing to discuss is the appeal these have not just people opposed to government observation of their behavior for abstract or political reasons, but to people who we pay the government to hunt down and isolate from society, and for excellent reason.
Privacy is very much on everyone’s mind right now. PRISM, even if it was our own fault, deeply troubles a lot of people. Look no further than the nationwide freakout over six police officers visiting a home for “Googling ‘pressure cookers'” before it came out the police weren’t looking at real-time Googling, but rather got a tip from the victim’s idiot boss. Clearly we’re all on edge and wondering just how far the government has gone, especially as more information comes to light.
At the same time though, there’s always been the tension between privacy and the need to protect others. We’ve talked about the concept of privacy and consent before; the fundamental building block of privacy is that you decide whether or not to share information publicly. It’s incredibly troubling that the government can, in the course of one investigation, stumble on something else that might be of use and file it away. It doesn’t help that there’s no evidence the government can actually find terrorists by monitoring the services they look at in the first place.
So, what do we do? And what are our choices?
Well, first of all, the government can be forced to stop. In fact, bills to limit the NSA’s authority are starting to pop up. There will be the usual derp among the kind of people who think voting is a scam because politicians don’t give them everything they want, but the truth is, if people are angry and want this to stop, politicians do have to be voted into office.
The second step is a bit more thorny and cultural instead of legal: Privacy advocates and the like need to confront, head-on, the ethical problems involved in developing and releasing tools to avoid government scrutiny. Again, the vast majority of people using these tools are law-abiding citizens, but some of them are not, and we need to stop pretending that the most horrendous among us will not use these tools for terrible ends. It’s a difficult question, and groups like the Tor Project have struggled with it for years. But it’s time to put it front and center and work that out.
Finally, the last step is with us, as people. We should never forget the most basic rule of privacy on the Internet, which is simply this: If a system is designed for a legitimate way to get inside it, that means there’s also an illegitimate way inside. We can’t count on others, whether privacy advocates or the governments we elect, to protect our privacy for us. We have to think hard about what we value when it comes to our privacy, why we value it… and then take steps to protect that.