Figure 1: ‘Convenient digital payment systems can also protect passengers’ anonymity and privacy.’ Photograph: Debra Hurford Brown/PA
Blog Post Body
The surveillance imposed on us today is worse than in the Soviet Union. We need laws to stop this data being collected in the first place
While somewhat bombastic, Mr. Stallman still makes a good point. Do any of us (other than maybe Richard Stallman himself), really have a good idea what data is being collected about us? That’s the bigger issue: we don’t. We have become numb to the fact that we regularly have to give up a great deal of information about who we are, what actions we’re taking, and where we are going because we’ve grown used to having “free” access to online tools and entertainment. There is literally no way to opt out short of giving up many of the modern digital conveniences we take for granted.
In his article, Stallman uses the Transport for London’s digital payment card system or Oyster Card as a case study. Because this system (like many other ones around the world) connects a person’s identity with their payment card when they charge it digitally, the fare payment system can track a person moving around the city or region quite easily.
The Transport for London digital payment card system centrally records the trips any given Oyster or bank card has paid for. When a passenger feeds the card digitally, the system associates the card with the passenger’s identity. This adds up to complete surveillance.
I emphasize the term “fare payment system” because, in essense, that’s all it should do. It should allow a person to have a convenient way to pay a fare on a system where the price for a trip might vary. As Stallman points out, additional frills, such as having the ability to track one’s own trips and fares paid, can be done on a separate personal system, much like what you can do when taking a regular cab and you need to submit the fare in an expense report.
We see this regularly where phone apps and online services ask for much more personal data than is really necessary to perform the core functions. Companies have come to expect this type of personal access and what precisely is done with this data is rarely made clear. There truly is a need for alternatives.
However, alternatives can be hard to configure and get running. The Free Software Foundation has a great page of free software resources but many of them can be hard to work with or don’t have great documentation. This issue is getting better but for the longest time free software was only usable by those willing to make a significant investment of time and to deal with high levels of frustration. Just look at PGP if you want an example.
Thus, your average user is left in a bind. If they want an app to “just work” (e.g. function as expected without a lot of configuring and troubleshooting on their part) they may only have the option of giving up sovreignty over their personal data. Free software has definitely made great strides in becoming more user-friendly but it still has a way to go to get there. However, users are becoming more saavy all the time and there are more how-to guides on the web than every before. I expect there will be a meeting somewhere on this continuum where users have become more software-literate and the available software will become more easy to configure and use.
The key point Stallman makes in his article is that we, as software users, need to demand a better level of privacy in our applications, “To restore privacy, we must stop surveillance before it even asks for consent.”
- A radical proposal to keep your personal data safe | Richard Stallman: From The Guardian
- Richard Stallman’s profile on The Guardian: https://www.theguardian.com/profile/stallman-richard
- Richard Stallman’s Personal Site: https://www.stallman.org/
- The Free Software Foundation: https://www.fsf.org/
- FSF Free software resources: https://www.fsf.org/resources/
- Why (special agent) Johnny (still) Can’t Encrypt – One-Way Cryptography and the First Rule of Cryptanalysis.: http://www.crypto.com/blog/p25/
- Why Johnny Can’t Encrypt – A Usability Evaluation of PGP 5.0 (A bit old but still relevant): https://people.eecs.berkeley.edu/~tygar/papers/Why_Johnny_Cant_Encrypt/OReilly.pdf