Not long ago, Americans had a palpable fear of government eavesdropping on their private lives. For post-war generations, the specter of an Orwellian "Big Brother" was more than a farfetched, fringe conspiracy theory. It was manifest in the counterintelligence program (COINTELPRO) of the 1960s, the Foreign Intelligence Surveillance Act (FISA), and interstitial federal statutes permitting the secret collection of information on citizens.
Enemies of the state
Through them, we learned of government's adroit ability to peek into our private lives without our knowledge or consent. The 1998 movie "Enemy of the State," starring Will Smith, informed a younger generation that the federal government has both the authority and technology to watch us wherever we go and whatever we do, far beyond George Orwell's menacing portrait. We have come to accept this as the carrying charge of an open society.
We now live in a world where security reigns supreme. In the 15 years since Sept. 11, most Americans have embraced the government's right and responsibility to thwart terrorism through advanced surveillance. We also have accepted — albeit grudgingly — government's right to collect private information on anyone, including a national registry of suspicious citizens, suspected terrorists, organizations and events. With limited constitutional restraint, the courts have balanced this power by presuming such data collection inures to the greater good. On that, there should be little discord, Edward Snowden notwithstanding.
Big Brother by another name
For many citizens today, though, the main concern is no longer government intrusion, but the compilation of data by private companies: Big Brother by another name. In a world where "the Internet of things" is an emerging reality, the present challenge for policymakers is to develop a set of rules that balance the citizen's right to privacy against the corporation's well-established, constitutionally protected right to commercial speech.
They also should determine whether corporations, like government, should have an unencumbered right to collect, store, manipulate and otherwise use our individual personal data.
As a society, we have evolved to a point where erstwhile concerns of the government as Big Brother seem almost quaint. Government collection of information has been legitimized by real-world terror. Not so much when it comes to private actors — until now.
Piercing the veil of privacy
With Apple holding a potential key to uniquely valuable information with global security implications — and refusing to relinquish it to government — it is time to evaluate where we are in the privacy continuum. In this matter, it is not the state's action that is troubling.
The courts will sort out the thorny legal issues involved in this standoff, but it really should not have to come to that. We should have in place an enforceable statutory regime that will allow legitimate law enforcement and national security investigations access to quintessential private data under controlled and limited conditions — wherever the data may be stored. In the absence of such a scheme, companies should have the acute sense of corporate responsibility to take affirmative steps in the right direction.
After all, they have unrivaled custody over consumer data obtained through use or permission or both. Thus, when Google pierced the privacy veil to help arrest a Houston man for having and promoting child pornography images in his Gmail account, a precedent — and best practice — was established. Google's decision to report criminal activity to the National Center for Missing and Exploited Children led to a societal outcome that trumps privacy, any day. This should provide a shining path forward for Apple's acquiescence.
Broader privacy concerns
Privacy is a hot-button issue, which has moved from the playbook of shrill consumer activists to the pinnacle of the policy agenda in Washington. The issue has spawned countless conferences, debates and organizations devoted to finding a solution. Congress and regulatory agencies appear to be baffled by divergent paths forward.
Beyond the Beltway, there is a raging war for the private data of the average consumer, with a Maginot line drawn as a result. On one side are Internet companies, data aggregators, retailers and advertisers who want unfettered access to as much personal information as possible. On the other side is a loose confederation of privacy purists, consumer activists and think tanks who want to limit or disallow commercial access to personal information altogether. In the middle are consumers, who mostly want to keep getting as much free online stuff as possible, but who are clueless about the cost of compromised privacy.
There is no free lunch
At stake are billions of dollars in advertising revenue and profits from the warehousing of rich consumer data, which are dearly valued by retailers selling everything from cars to computers.
When consumers blithely consent to let companies such as Google, Facebook, Apple and others collect their personally identifiable information as a condition of continued use, a social contract is formed and the veneer of privacy fades. There is scant evidence that most Americans know the true cost or character of the private information they relinquish in an ostensibly fair exchange of data for service. That certainly seems true for millennials, including those in my own household.
What complicates this scenario is the fact that companies like Google, Yahoo and Facebook offer a suite of free, easy and widely accessible services and applications, which consumers accept as must-have accoutrements of daily communication. Consumer data are typically collected through techniques and technology unseen and unknown to the average Internet user. A growing array of sophisticated analytic tools allow these companies to watch us wherever we go by tracking our searches, scanning our email, cross-referencing our contacts and using the data to deliver ads based on our online behavior.
We have seen the global fallout when massive databases are hacked or compromised, and recently witnessed the government's authority to compel Internet companies to share or surrender their closely held consumer data. Yet, even as new revelations unfold on the fragility and security of data, most Americans are lost in the cloud(s) when it comes to their online personal privacy.
Internet companies have been trying, perhaps in vain, to reassure consumers that privacy is paramount, recently arguing against mandatory privacy restrictions in favor of voluntary commitments. The advertising industry has launched an ambitious self-regulatory regimen to govern online behavioral advertising practices, and consumers are now empowered to search the Web anonymously, and opt out of almost all online tracking.
To be clear, I believe most companies — some more than others — are careful and responsible when it comes to the respect and protection of consumer privacy. Were it not so, the market would soon find out and exact its due. But we must admit that the lack of clear rules is a problem. In that regard, neither consumers nor commercial entities can predict what is in, or out of, bounds. And this lack of certainty is neither good for business or consumers.
The record is replete with abuse, as over 38 states, plus the District of Columbia, along with Australia, Germany, Spain, the U.K. and several other nations have investigated Google's data collection practices.
Against this backdrop, there are many questions:
- Are we comfortable with the aggregation, analysis and auctioneering of data about our habits, health, holdings and households?
- Do we mind that our personal associations, interests, travel, readings, mail, phone calls, searches and purchases are stored and maintained by a few dominant companies?
- Is it OK that every single email correspondence and search query is scanned and stored by companies that own, aggregate or host more Internet content than any other entity in the world, including the federal government?
- Are we troubled by the ability of those companies to integrate disparate data to compile the most comprehensive profiles imaginable, and to what use?
If Americans have been suspicious of government's collection of personal information, why should they be any less suspicious of the same by private companies? Put another way, if we can request government files through the Freedom of Information Act (FOIA), should we have the same right for files compiled by Google, Facebook and others with infinitely more and better data?
The answers to these questions are as complex as the technologies we use on a daily basis, but no less critical to our way of life. When one company refuses to acknowledge rules, let alone play by them, there is an imbalance in the ecosystem, and society suffers. While the underlying issues involved in Apple's refusal to cooperate with government are intellectually ripe, it is time for that company to put the nation's interests above its own. It is time for Apple to put patriotism over profit, act responsibly and cooperate with our government.
Hoffman is chairman of Business in the Public Interest and an adjunct professor in Communication, Culture and Technology at Georgetown University. He is the author of "Doing Good: The New Rules of Corporate Responsibility, Conscience and Character."