April Falcon Doss’s unsettling yet eye-opening book traverses the challenges of data collection and tracking, and urges that laws and policies be reformed to protect personal data while balancing convenience, national security goals, and corporate profits. In an age of unprecedented data aggregation, with fast-paced evolution of new digital technologies, our personal data is increasingly collected to profile and target us, predict our behavior, and influence our political opinions. Cyber Privacy examines our digital footprints and reveals how governments, the private sector, and even employers and schools are using our intimate data. A former NSA counsel for intelligence law, and lawyer for the Senate Select Committee on Intelligence, Doss draws from over a decade of experience with data privacy and cybersecurity issues. She tackles important questions of how data aggregation undermines individual autonomy, how privacy is undervalued, and how society might benefit from data aggregation while managing risks and assessing costs.
Divided into six thematic sections, the book’s first part centers around data-driven technologies that deploy “government surveillance, political manipulation, [and] microtargeted commercial advertising.” (1) New ways to create, collect, and catalog data raise questions about the fundamental nature of privacy. Fingerprinting, gait recognition, facial recognition technology, DNA collection, and fitness wearables are expanding the collection of biometric data that documents peoples’ locations and activities in real time. As smartphones, social media platforms, location tracking, deep fakes, and other new technologies shape what is knowable about us, law and policy have struggled to keep up. Presenting people with meaningful alternatives can empower them to knowingly decide what their privacy is worth. (57)
Section two discusses four tech giants, Apple, Google, Facebook, and Amazon, all of which offer free apps and web-based services but monetize our time on-screen, sharing personal data with third-party app developers or data brokers who then sell data to other corporate partners. (71) Doss argues that the power imbalance between market-dominating platforms and consumers produces a cycle wherein consumers believe they have no choice but to agree to the collection of their data. This section grapples with the reality that privacy is valued to different degrees, while also addressing social media manipulation, microtargeting, and the proliferation of distorted, damaging, false, or divisive messages.
Location tracking and health monitoring by employers comprise section three, exploring how companies use surveillance technology (such as smart toilets and digital sensors) to collect detailed information about the personal lives of employees. (120) Doss also describes the growing prevalence of data aggregation platforms in classrooms, intended to enhance teacher performance and track levels of student engagement. In light of the COVID-19 pandemic, Doss analyzes the lack of regulatory scrutiny regarding review of biometric data and identification in the context of public health crises. (144) A critical theme is that the internet reinforces “inequalities and power imbalances that exist in the physical world.” (169)
Section four surveys the historical framework of government surveillance in the US intelligence community post-WWII. It addresses areas where privacy rights are at significant risk from federal activities, such as border searches, DNA testing of migrants, and community policing. Critics of surveillance technology are uneasy about its infringement on core privacy values and personal autonomy. But Doss contends it’s “necessary to strike a balance between national security and individual privacy,” and that our legal traditions provide tools for setting boundaries and holding the government accountable for overreach. (190)
Section five analyzes how other countries handle data. While the European Union recognizes individual privacy as a human right and has enacted sweeping privacy law, China is implementing the world’s most pervasive totalitarian surveillance system, and Russia is leveraging the power of digital data to influence political processes of other nations and propel information warfare. (236)
Doss’s final section suggests that sensible approaches to privacy must balance individual rights with national security, law enforcement, public health research, technological innovation, and local and global commerce. She offers insights on the future dangers of data-driven manipulation, and how law and policy can adapt. Doss asserts that simply limiting data collection is no longer realistic for protecting privacy. Clearer, more granular definitions of privacy will help us approach data as a multidimensional problem. (268) And she argues that meaningful protections should derive from regulating how data is used, rather than how it is acquired. (287)
This brings me to a minor reservation, one that Doss acknowledges on her last page. Doss’s intention was to provide an overarching set of principles on data privacy, a framework for questions regarding the technologies and privacy concerns that bombard us. Given an ever-evolving, complex environment, this is a feat easier said than done. I found myself wanting more practical prescriptions and actionable steps. She argues privacy advocates should press for transparent regulatory schemes, robust compliance programs, and independent oversight mechanisms. How exactly should advocates go about this? Schools, workplaces, nursing homes and even senior centers should teach critical thinking, she asserts. How exactly do we teach critical thinking with respect to privacy? She articulates that we must be judicious in choosing which apps to enable push notifications for. But, if we cannot “develop laws, definitions of privacy, or codes of ethics quickly enough to keep pace,” as she writes, then what else can be done? (302)
Such caveats aside, Cyber Privacy offers a well-researched and captivating historical framework and analysis of data collection. It provides readers a comprehensive foundation to understand data aggregation and offers invaluable yet chilling insights into how both public and private actors use our personal data to manipulate us, undermine our personhood and autonomy, and exploit societal faults. (262) Presenting an extensive catalogue of risks and relevant questions, Doss delivers an accessible understanding of key data-driven technologies and trends, while initiating discourse on how to shape laws and policies around the privacy conundrum. Collecting, aggregating, and analyzing data cannot be stopped. The challenge lies in creating sufficient restrictions that rein in a widespread tendency to misuse and abuse our information.
About the Author:
Keya Bartolomeo is in the Global Governance, Politics, and Security master’s program at American University’s School of International Service. Her concentration is in global security, and her interests include nationalism and political polarization, migration, and emerging threats. She is currently assisting with research on anxiety and trust in American politics, mental health and substance use effects of the Covid-19 pandemic, and religion and vaccine hesitancy. Keya also works for AU’s Journal of International Service as a graduate student editor.