Surveillance capitalism: A risk to privacy and security

The term “surveillance capitalism” was coined by Shoshana Zuboff, Professor Emerita at Harvard Business School, in 2014. This term, according to Zuboff, describes a “new economic order” characterised by “an expropriation of critical human rights”.  It had its origins in 9/11, which Zuboff says was the catalyst for legislative changes enabling surveillance practices by large institutions.

As she told The Harvard Gazette in 2019, the effect of 9/11 was to turn the US Government from having a “concern about privacy to a preoccupation with ‘total information awareness’.” This preoccupation, Zuboff observed, led to a tendency by intelligence agencies internationally to “incubate and nurture the surveillance capabilities coming out of the commercial sector.” In this new order, public and private organisations are demanding, collecting and storing individual information and exchanging it, often without the transparency a modern democracy would expect or deserve.

More recently, the pandemic has increased both incentives and opportunities for organisations to demand, collect and store individual information.

Surveillance powers in Australia

Lizzie O’Shea is a lawyer and writer and the founder and board chair of Australia’s Digital Rights Watch. She is renowned internationally as an expert in the fields of digital rights and human rights. For nearly a decade, she has been observing and discussing the impact of data mining, excessive data collection and retention, and the increasingly clever ways corporations use data collected in the name of identification authenticity to target individuals with their advertising and political agendas.

O’Shea says, “Australia has a large number of national security laws that require and [conduct] surveillance, including requiring private companies to hold information in case it’s needed by agencies at a later point. There are also business models available to companies that enable them to extract large amounts of information from people and then engage in microtargeting advertising.”

She adds, “In both instances, most people would be unaware of the extent to which this occurs. I think people would be surprised to know how many surveillance powers exist for national security agencies.”

The recent Optus case brought two substantial legislative measures to public consciousness: the Privacy Act 1988 (Cth), defining the parameters of collection, use, storage and disclosure of personal information in the Australian public and private sectors; and the metadata retention regime, enacted under the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Cth) – currently under a three-year review that began in 2020.

O’Shea explains, “The metadata retention regime requires that metadata be retained by certain companies for two years, including identifying information about whom that metadata belongs to. We know that metadata can be very revealing.”

The original metadata law, imposing mandatory data retention requirements on public and private organisations, was reformed following recommendations to the Parliamentary Joint Committee on Intelligence and Security. The original intention of the metadata law was to battle ‘serious criminal offences’, though it has also enabled government agencies and even local councils to enforce fines and pursue debts – the consequences of which were borne out in the insidious Robodebt scheme.

These laws fundamentally oppose the human rights Australia is obligated to uphold as ratifier of the International Covenant on Civil and Political Rights, which guarantees the right to privacy, bar very limited exceptions justified by the need to uphold national security or fight serious crime.

Whistleblowers, journalists and climate and justice activists have reason to be sceptical about the liberties taken with these laws. In 2019, ACT police admitted to accessing metadata unlawfully more than 3,000 times, including information pertaining to journalistic investigations and telecommunications data.

“There’s a common misconception that metadata is not particularly illuminating or invasive. That’s certainly how it was put by the previous, conservative LNP government, but we know that metadata can be revealing,” O’Shea says.

“In relation to women [being more vulnerable to data exploitation], there are companies in the US that can identify women who might be seeking an abortion out of state, and that data might then be used to harass or prosecute women who have sought reproductive health care. Data reveals who you’re visiting, how you’re spending money and those kinds of things.”

Beyond the daily invasiveness of microtargeting ads, the risks to private safety and freedoms cannot be overlooked.

“It’s been well documented that a lot of technology is perfectly suited to become stalker ware, whether it’s software or hardware. WiFi-connected toys and home assistants can be easily hacked, [as can] a doorbell. If they’re not properly secured, these technologies can be agents of abuse,” says O’Shea.

Indeed, Amazon was sued in 2020 in a class action regarding the hacking of its doorbell technology, which resulted in racial vilification and threats.

“Women who might be seeking to protect themselves from a violent partner have been shown to be the victim of harassment and stalking within the homes and within shelters. The current policy environment isn’t suited to trying to resolve it,” O’Shea says.

“At Digital Rights Watch, we think that privacy is about dignity, autonomy, and freedom from being targeted by advertisers or being watched,” she adds.

“There’s a general chilling effect of surveillance in terms of participating in public debate. It’s not just about freedom of speech, it’s about being able to participate in a social media group about gambling or sobriety and knowing that your information will not be shared or exploited.

“The regulations that do exist haven’t really made the leap into the digital space. Gambling, vaping and alcohol advertising can target people who are vulnerable. There’s almost no transparency about online advertising, especially for predatory or restrictive industries. So, how do you even tackle it? The proliferation of problematic advertising has been allowed by permissive privacy regulations that allow for targeting individuals.”

A statutory right to privacy?

O’Shea remains hopeful, though, in light of the proposed modernisation of antiquated legislation.

“One of the reform proposals is the statutory right to privacy, which we currently don’t have. Multiple state and federal law reform bodies have recommended that the invasion of personal space fall under that reform. This would permit people to go to court and say their privacy has been violated; claims would be assessed on a case-by-case basis. It’s a law reform that could be effective in starting to address [individual privacy]. It’s remarkable to me that we don’t have that.”

Read more here about the admission by ACT police that they accessed metadata illegally.

Read more about the 2020 class action against Amazon here