In my career as a cyber security professional, I have found that the interests of security and privacy can often collide. But I have also learned that that doesn’t have to be the case.
For example, protecting customer data from hackers often includes monitoring employee behavior and activity for potential data theft, a precaution that can be taken too far. While working at a startup in San Francisco, fellow members of my over-zealous security team wanted to decrypt employees traffic to sensitive websites and send it to a third party to determine if the activity was malicious. What’s worse, they were testing it on the entire security team without our knowledge. Unbeknownst to me, I had been sending my personal email addresses, passwords and other data were sent to a third party I knew nothing about.
Sure, I had signed an employment agreement that likely declared I had no expectation of privacy on company-owned hardware, but my ability to truly consent, or at least make an informed decision, was stripped from me. That would make anyone feel violated. I soon changed my behavior and have never used personal logins on hardware owned by my employer since.
A similar dilemma exists in our community today between the police and citizens. Police departments across the nation and in Santa Clara County are attempting to acquire and deploy privacy invasive technology with no public oversight.
Yesterday, the Colorado State Supreme Court began to hear oral arguments for a case in which police spied on Rafael Tafoya’s backyard for three months using a camera. They did not obtain a warrant to do so, arguing it was unnecessary because the backyard was visible from public vantage points. Upon learning of the surveillance I’m sure Tafoya felt violated, the fact it was warrantless adding to the punch.
In my last column I provided several instances of privacy invasive technologies in San Jose being slipped in as small police budget items and approved with no push back. The community, like me, felt violated upon realizing their consent was never fully asked for.
But what I learned from my experience is that privacy and security don’t have to be at odds. In fact, I believe deeply that they can complement each other. After learning of my breach of privacy at work, I quickly proposed a plan to ensure it never happened again. Soon a program was developed to provide oversight into exactly what was being monitored by our team on employee laptops.
While the fix wasn’t a perfect model of consent, at least the employees could make informed decisions regarding the digital intersection of their work and personal lives. And while my coworkers and I had signed away our right to privacy, thus covering our employer from any legal trouble they otherwise would have had, privacy is a fundamental human right that must be protected at all costs, especially by our elected officials. Yet, they continuously fail to do so.
As more and more individuals receive the COVID-19 vaccine, the rush to return to “normal” and yet maintain the security of our wellness has caused many governments to adopt digital vaccine passports, illustrating how the tension between privacy and security in the public sphere reaches beyond policing.
There have been many talks about bringing vaccine passports to the Bay Area.
As we can see, rapidly advancing technologies and unprecedented emergencies are only going to make this problem worse. More oversight in needed now and most jurisdictions in our county aren’t moving fast enough.
Last month, only six San Jose councilmembers voted to prioritize developing comprehensive surveillance legislation that would bring the oversight necessary to remedy the problem, at least when it comes to policing. To my knowledge, no other city in the county, with the exception of Palo Alto, has even publicly considered the option.
The county itself was the first jurisdiction in the nation to require public approval of all surveillance technologies. Our neighbors of San Francisco, Oakland, Davis, Berkeley, and even BART have done the same, as well as more than a dozen more cities across the country.
San Jose is moving too slow at the cost of its community’s human right to privacy.
My column, the newest to San José Spotlight, will address issues such as this and how they are affecting us in San Jose. My years of experience monitoring the networks of Silicon Valley tech companies positions me to technically and fundamentally understand surveillance technologies and highlight their dangers and shortcomings.
My passion for privacy and oversight led me to create the Citizens Privacy Coalition of Santa Clara County. Surveillance is no longer just a policing tactic, it’s a business model. As shown by Professor Simone Brown in her book Dark Matters: On the Surveillance of Blackness, it’s a practice deeply seeded in racism, first used on a wide scale in the trans-Atlantic slave trade. It still disproportionately affects our non-white neighbors and makes those who employ it very wealthy.
We’ve allowed it to thrive in our own backyard, leading our world-famous pseudonym “Silicon Valley” to become synonymous with the term. I have taught activists, journalists and citizens across the country how to preserve their privacy. I would like to live in a world where that is no longer necessary.
San José Spotlight columnist Ethan Gregory Dodge is the founder of the Citizens Privacy Coalition of Santa Clara County. He is also the creator of Surveillance Today, a weekly newsletter and podcast discussing current events in surveillance. His columns appear every second Wednesday of the month. You can follow Ethan on Twitter @egd_io.