This ongoing series from Technology for Global Security (T4GS) and the Center for a New American Security (CNAS) examines the elements and potential implications of digital threats to democracy over the next ten years. This installment will discuss how privacy and compromised data challenges will shape democracy in the next ten years and beyond.
What is Privacy, Really?
The United Nations Universal Declaration of Human Rights states that privacy is a human right. The violation of this right for any reason puts at risk an individual’s sense of security and identity. Privacy can also be viewed as a consumer protection issue. When consumers sign on to new services and products, they want to understand the terms of service for how their data will be protected, used, and shared. Yet, regardless of one’s perspective, both individuals and consumers often lack understanding of privacy as a value, even though many are extremely concerned about surveillance, Personal Identifying Information (PII) data leaks, and corporate collection and sharing of their information.
The Thorny Challenges of Privacy
Over the past several decades, technological innovation has created many opportunities for multinational corporations and government institutions to serve customers globally, be it individuals, brands, governments, and civil society. Yet, this innovation has brought with it enormous responsibility and a challenge to protect both individual and consumer privacy. Several unresolved issues pose serious threats to democracy:
- Lack of understanding what really constitutes privacy and data protection
- Difficulty enforcing data regulation
- Malicious actors sharing PII and using technology to infringe on privacy
- Lack of privacy education for all members of society
When it comes to understanding privacy, the Pew Research Center highlights that a quarter of Americans are asked to read a company’s privacy statement on a daily basis, but just 9 percent actually take the time before agreeing to the terms of service. Marginalized communities are disproportionately affected; in particular, lower-income populations are less likely to have secure and private personal data. For example, individuals in lower income brackets and without a college education are more likely to say they think their personal information is less secure now than in the past. One potential explanation for this data privacy divide is the motivation to use free apps and services and limited privacy education.
Difficulty Enforcing Data Protection Laws
With mixed understanding of what really constitutes privacy and data regulation, lack of standardization, and international transit of business and data, it is challenging to create and enforce regulation for both government and corporate entities. Take for instance the European Union (EU) Global Data Protection Regulation (GDPR). This 2018 law sought to limit corporate collection and sharing of user data without explicit user consent. Many in the privacy community viewed GDPR as a model for other countries in enacting and enforcing privacy regulation. However, enforcement of this regulation has been mixed, with varying degrees of interpretation of the law. Enforcing data regulation in the United States has been a mixed bag as well, because U.S. privacy laws are not uniform and are "patched up" together. Further, privacy and data regulations are governed by individual countries and governing international bodies. Regulating corporations and entities that operate in a global market is especially challenging.
Nefarious Actors are Taking Note
Nefarious actors—individual hackers, corporations, and state actors—have taken note of mixed successes with privacy regulation and lack of overall consumer understanding on privacy. After Russia famously hacked into the Democratic National Committee systems, a new wave of digital asymmetric warfare gained prominence and attention in which adversaries strategically obtain and leak PII. China's subsequent hack of Equifax affected 143 million U.S. citizens. What’s more, in our pandemic “new normal,” adversaries and allies alike use location tracking and facial recognition technologies to track individual movement. As Katie Josef and Samuel Woolley write, “what unites these efforts is their reliance on data harvested from people’s smartphones and other devices—veritable troves of personal information ripe for collection and exploitation.”
Further, these actors have been taking advantage of new technologies in facial recognition to further invade privacy for criminal or strategic aims. Technologies such as those developed by Clearview AI could enable easy and widespread surveillance, where a simple app could identify most of the population and use personal data as it pleases. As Kashmir Hill writes, the proliferation of surveillance apps could make “searching someone by face ... as easy as Googling a name.”
Hope for the Future?
Whether you view privacy as a basic human or a consumer protection right, one thing is clear: privacy and data governance will likely continue to shape—and potentially undermine—democracies over the next ten years. We will need to focus on solutions that highlight greater understanding, education, and private-public partnerships with emphasis on regulation, information sharing, and iterative lessons learned. Finally, as democracies we are still learning and adapting. Therefore, greater investment in privacy-related research and technology is needed in order to mitigate these concerns and prepare for our likely turbulent future.
Read more in Future Digital Threats to Democracy, a commentary series from CNAS and Technology for Global Security about the elements and potential implications of digital threats to democracy over the next ten years.
Download the full commentary.
More from CNAS
CommentaryShift toward ‘Silicon Nation’ Promotes Resilience — for American Defense, Society and the Economy
Better understanding by stakeholders of the national security and economic implications associated with robust S&T policies will drive additional incentives for pragmatic ...
By Martijn Rasser & Alexandra Seymour
ReportsRewire: Semiconductors and U.S. Industrial Policy
As the United States considers industrial policy for the first time in decades, it should learn lessons from prior government efforts to shape the semiconductor industry, in t...
By Chris Miller
VideoMartijn Rasser talks CHIPS Act with Newsy
Martijn Rasser, Director of the Technology and National Security program at the Center for a New American Security, joins Newsy to discuss the CHIPS Act, Taiwan, and the semic...
PodcastAI and the Future of War
AI safety is having a moment. To discuss why AI safety matters for national security, today China Talks have on Paul Scharre (@paulscharre), Vice President and Director of Stu...
By Paul Scharre