The Snowden revelations keep dripping away and revealing the nearly absurd levels of surveillance that the United States government and the ‘Five Eyes’ countries engage in—bulk, indiscriminate collection of a data to a level that should shock the conscience.
It should shock the conscience, but it doesn’t. That big technology companies like Google and Yahoo! have been deputised in programmes like PRISM and Tempora was already known in outline by most technically informed observers—Snowden merely filled in the details with evidence.
That government spooks could read your email via the big Internet companies is something any savvy journalist could have learned off-the-record by simply pouring beer into engineers who work at said big companies. I know, I’ve done it, and I’m just a guy with a blog, for fucks sake.
Everyone in the business knew it was happening already: Snowden lifted the cover on the collective doublethink about it. We already knew it was happening, but having nice PowerPoint slides up on the Guardian website short-circuited our internal plausible deniability. It made solid what was already in the air.
Except, here’s the really depressing bit: most people don’t care and won’t care. The issues are suitably abstract enough and technical enough for them to not care. People say they care but their actions belie their words.
It takes twenty minutes for a technically competent user to set up GPG. A small amount of Googling and you can get your email client set up to send 2048-bit encrypted email. I have had GPG set up for years and less than 1% of email I get is signed or encrypted.
And I work with developers, software people, people who would have no trouble getting GPG set up with their mail client. If even technology geeks can’t be fucked to send encrypted email despite military strength encryption protocols like PGP/GPG being available for 20+ years, expecting ordinary people to do so is a fools errand.
That’s not because of user experience. We could let a whole room full of top designers make the process of using something broadly like GPG into a much less awful experience, but people aren’t motivated to get it set up because it doesn’t solve something they actually in their heart of hearts think is a problem.
And there are now simple smartphone apps: TextSecure, RedPhone, Telegram. No complex key signing protocols or any of that: just free apps that are basically WhatsApp or Facebook Messages but with the nice benefit of the NSA and GCHQ not listening. These apps are riding high on the App Store and Google Play charts because of the clear user demand for surveillance-free communication, right?
My hypothesis is simple: people don’t care about privacy, they care about looking like they care about privacy. There are people I know who spend hours and hours posting links to the latest Snowden revelation, the latest stupid thing a politician said about privacy, hell, they consider themselves privacy activists—and then I click through to their website and the GPG key is… nowhere to be seen. Hell, sometimes I can’t even find an email address, so I end up sending them a Twitter DM. And that’s privacy activists.
In the time it would take for people to have all these extended conversations about privacy and surveillance on Reddit, Hacker News, Twitter and the comments section of newspaper websites, people could easily set up a secure chat app or start encrypting their email and actually make it so that the spying agencies have to try.
People scoff at “if you have nothing to hide, you have nothing to fear” as a glib political slogan without grasping that based on people’s actions, that is actually how people think about surveillance. The threat posed to individual people by the NSA and GCHQ feels pretty empty. At a certain point, it fades into the background.
When I first started commuting to London, I felt offended by CCTV cameras. I counted the number of cameras on my commute into London and across London on the tube (or I tried—I lost count after about 150). Now they are invisible—the only time they have even come to mind was when I got mugged for my iPhone in a side-street that Camden council had neglected to put CCTV on. What once felt like an Orwellian intrusion by an overbearing state is something I only notice when its absence allows a gang of thugs on motorbikes to pilfer my phone.
I don’t expect a political fix for surveillance. Politicians are surprisingly adept at grabbing on to public sentiment and squeezing votes out of it. The issue of mass internet surveillance is one that some political party would grab on to for votes. I watched the UK election coverage and I can’t recall seeing any politician of any party mentioning surveillance in the mainstream media. No votes to grab on opposing Big Brother, evidently.
Whether you think technology or politics or law is ultimately the way we fight the surveillance state, both need people. That mass of people giving a damn is missing. This is a dispiriting message for anyone who thinks these issues matter, but the first step to fixing the problem is acknowledging the reality—that most people don’t give a shit.