Till Wascher

For years, privacy advocates had been speculating about a possible “Privacy Chernobyl” – a major scandal that would put the issue of surveillance on the global agenda and create a mass social movement against privacy intrusions committed by governments and corporations. In the summer of 2013, this speculation became reality. Edward Snowden’s leaked documents detailing the mass surveillance activities conducted by the National Security Agency and its international partners caused – to stick to the nuclear disaster analogy – a temporary meltdown of public trust by citizens around the world.

The series is based on the author’s dissertation on political communication tactics of the global privacy community for which he conducted 21 semi-structured interviews with activists from 14 countries. This third post in the series focuses he way in which the anti-surveillance movement partnered with large ICT companies rather than targeting them, what this alliance means for the future of privacy advocacy.

How do privacy activists see the role that online companies play in the surveillant assemblage and how does it influence their campaigning and political communication? The first two major protest events in the aftermath of Snowden’s leaks, “Restore the Fourth” and “Stop Watching Us,” focused on government spying and largely ignored the involvement of corporate actors – although, as PRISM leaks detailed, the massive amount of personal data collected by Google, Facebook, and others had eventually landed in the hands of the government.

The latter half of the first post-Snowden year, in the form of two online protest events, “The Day We Fight Back” and “Reset the Net,” saw varied attempts to address the data gathering practices of online companies, though these were carried out differently than one might have imagined. Instead of outright opposing corporate surveillance, privacy activist networks sought to include companies in their campaigns and formed temporary coalitions with them.

While aligning with corporate players like Google helped the campaigns generate a critical mass and relatively wide coverage in the media, arguably the companies have benefitted more from this partnership than the privacy advocacy community. Based on interviews with a wide array of activists, two lines of argumentations emerged about the relationship between corporations and the activist community.  One stressed the necessity to uphold a constant dialogue with the companies rather than to alienate them, ensuring good and professional relations and the possibility to create change by making use of that relationship. On the other hand, some activists were deeply disturbed by the ties between some activist organizations and corporate actors, fearing that it would ultimately undermine their core message.[1]

In fact, most activists, were very well aware about the controversial role tech companies play in the global surveillance apparatus. As an activist from Eastern Europe admitted:

[T]heir role (…) is essential. If [surveillance] wasn’t conducted by private actors it wouldn’t be available to (…) law enforcement and secret services. (…) The current model of mass surveillance would not be possible without these companies providing the raw data. [C]ertainly one fits into another. It cannot be ignored. Whatever the companies try to offer, they were still missing the very basic point, namely that they are collecting mass amounts of data and they are collecting more than what is necessary for providing service.

Despite, this concise understanding about the interplay between companies and intelligence agencies, it did not translate into actions or campaigns directed at those tech firms. More often than not “going after companies,” as an U.S. privacy advocate put it, did not actually involve any public opposition. Instead,

we really try to work hard with them and get to know their staff. (…) [W]e want to give them the benefit of the doubt. We want to know why they are making decisions; we want to help them formulate policies. Often times they just don’t have the time to think it through. Other times they don’t realize how it impacts people. Especially vulnerable people; it is not something that they are aware of. Other times it is just about making money and they just tell us they are not going to do anything. But we really try (…) to get those people to come and talk to us (…). If we just go after them it can work but chances are it will work and then they don’t want to talk to us again. We negotiate all the time.

This open-minded and cautious (but hardly confrontational) stance in working and talking with online companies was also echoed by another activist: “We could look at that very cynically and say this is about greenwashing (…) or (…) that they have some kind of hidden agenda to raise their bottom line – and that may well be true. But it may not necessarily be true and I would hate for us to simply say ‘the corporations are the enemy.’

Others noted a structural problem in publicly opposing companies such as Google due to the fact that they generally share a lot of policy preferences with digital rights groups on issues such as copyright legislation and net neutrality. Running a campaign against tech firms could endanger the alliances that were established in other digital rights fields:

We are trying to build relationships with Google and Facebook and Twitter and so forth. We (…) make it very clear: we’ll criticize them on some occasions. We’ll definitely be strongly critical of them but we also have common ground on some other issues and we keep talking. And generally they are quite supportive of our work. It’s a complicated question.

Even some of the more grass roots oriented privacy activists to a certain extent appreciated the sway tech companies had over the government. “I think that it is often helpful to have them in the room,” one interviewee noted, “because we know that tech companies have influence over members of congress and the administration. They can provide a unique perspective on the feasibility of solutions and (…) I’m not opposed to them being involved in the process.”

However, more radical privacy activists understood their role as a corrective to a debate dominated by corporate actors, government agencies, and moderate privacy advocacy groups noting that the exclusion of radical groups from such conversations would lead to pro-surveillance arguments prevailing:

One reason that more radical perspectives can be useful is that radicals react against the idea that if the government and the intelligence community and the tech community got together with a few token privacy activists, then they would be able to come up with something that would be ok. We are very skeptical that what would come out of a process like that would be ok. We suspect that it would be something that would be much more likely to facilitate mass surveillance [than to reduce it.] We often find ourselves in these discussions, playing a somewhat skeptical and somewhat radical role trying to push for solutions.

Others were even more critical, worrying about the institutional and sometimes financial support of tech firms of privacy-themed conferences and possible ‘revolving door’ effects:

There is no doubt about it that they sponsor many of the conversations in that space. [I]f they are not supporting it nobody else is so who else is going to make these (…) conversations happen[]? They are listening. They understand that civil society has a voice (…). It’s also a little bit of soft power that they know they can influence advocates by treating them well. (…). For example, we have taken money from [Facebook and Google] but as terms of taking that money we said ‘We (…) have to be able to campaign against you. (…) If we go after you, you can’t strip our funding away.’ Every place handles it differently. [Other organizations] take a lot of money from these companies but you won’t hear about it. (…) There is no question that it influences. It’s a really sad but real thing that if someone is paying for you it’s going to influence the way you think even if they never ask you to do anything. Even if all they do is treat you to coffee. I think part of human nature that’s how discussions are swayed. And if you find out you like each other and you actually get along you might work for Google, you might work for Facebook.

Focusing on government rather than on corporate surveillance was also due to convenience and necessity. It was far easier to criticize the government for privacy breaches because the political system at least in theory allowed activists to convince political representatives of the problematic effects of surveillance programs. In contrast, most companies lacked such processes. The only way to express dissent was by ‘voting with your feet’ and even that was increasingly hard due to the de facto monopolies these companies had established in their respective domains: “The reason I think the companies haven’t been the same target,” an activist noted,

they have no pretention of being democratic. (…) [T]heoretically, we can vote with our dollars but (…) in this context there is no way to vote as a consumer for these companies other than being a user of a different service. But there is nowhere to go (…). I think the biggest issue though with all that is that the government provides a cleaner target because we do have members of congress who can theoretically reign in the agencies. We have no equivalent with the companies. They just present harder targets.

Others, however, outright rejected the notion of even talking with companies. They felt it systematically undermined their anti-surveillance narratives. A grassroots activists involved in the street protests of “Restore the Fourth” and “Stop Watching Us” (which neither addressed the issue of corporate surveillance nor integrated online companies in their protest networks) was highly critical and argued that the privacy community had made “a huge mistake.” Ever since Google had been instrumental in the anti-SOPA online protest and temporarily blacked out their homepage, privacy activists had tried to once again get the company on board. “But”, the activists rhetorically asked, “what happens when Google and Facebook are trying to fight environmental laws and they put something on their homepage and it gets seven million phone calls [to Congress]? I think it is short-sighted to see the tech companies as the heroes and defenders of liberty. I think it is very [cynical].”

In contrast, in the MENA region, with its history of decades of authoritarian rules and a certain distrust in the current government, companies such as Facebook and Google were seen as allies that have shone light on the spying activities of their governments. Local activists were aware that social media companies collected data on them, but at least they were transparent in their dealings with the government, as an activist from the region explained:

I personally don’t trust Facebook. I don’t have a Facebook account. But you don’t have the choice when you [live in] a country [that] practices (…) censorship, surveillance etc. [Because] you have the opportunity (…) to talk with such big companies as they have a kind of transparent process. You don’t have the choice. Either you stay with your government and [deal with] opaque practices or to deal with this kind of companies [and] at least after six months you will [get] a transparency report. You will know how much your government asked (…) to have personal data accounted. It is very difficult. I’m not saying that we believe them. But between two devils…I [would choose] Google (…) because Google in the Maghreb is kind of an investor in our digital agenda. [And] with Facebook I’m very close (…) and I was present in two or three meetings regarding this kind of partnership. We don’t really have the choice to go in another way.

A final aspect of the complex relationship between privacy activists and tech firms was the use of social media services. One activist from Scandinavia suggested that the work his organization was doing was based on tools provided by the very companies that were part of the NSA surveillance nexus – a fact that made them admittedly uncomfortable and forced them to confront their own position in a communication infrastructure that was dominated by Google and Facebook:

[M]aybe the key aspect of it is we are all using those platforms. I use Google and I’m talking to you on Skype. I have got Facebook open. So in a way I’m a complete hypocrite. If [there were existing] privacy aware platforms (…) that had the [same] level of popularity […] then I would use those. But I’m a hypocrite for using those. (…) But the level of hypocrisy can vary and that we should try to bring down a notch. But I’m aware of my hypocrisy. It doesn’t rest easy with me. Maybe that’s part of it. Because we are using these platforms every single day and maybe that makes us turn a blind eye to them.

A privacy advocate from Germany also struggled with the use of the social media applications for the organizing aspect of their campaigns. They were aware of the potentially damaging PR effects of conducting a privacy campaign in the ecosystem of Facebook. In the end, however, the protest network could not forego using these services without losing visibility and the means of effectively organizing the campaign:

Many of us said, ‘Facebook is a No-Go. There is no way that we are going to use it.’ We had really, really long debates about the issue. Eventually we settled on ‘Okay, let us use Facebook as a way to promote our campaign, to raise awareness for the issue.’ (…) But it was long and hard debate for us. Up to this day it has been tricky, because, on the one hand, unfortunately, you can reach people that are otherwise out of reach. [But on the other hand I am] signaling to people ‘[corporate surveillance] is not that bad. I am using the service as well!’ Somebody has to make the first step and abandon those services. (…) That would be important (…) and I support that. Next year, I am going to [do the same].

[1]               It has to be noted, while this study is concerned with major anti-surveillance campaigns in the first year after the Snowden revelations, subsequently the privacy activist community has at times directly taken on online companies in some of their campaigns.  The most prominent example is the activists’ opposition to Facebook’s plans to expand its “Free Basics” service in developing countries.