The Privacy Mission E-Book

Table of Contents

Cover

Title Page

Copyright

Dedication

Acknowledgements

Introduction

Untangling the World Wide Web

Education for an Empowered Future

PART I: Privacy and Why We Should Care

CHAPTER 1: Our Human Rights Online

Why Does This Matter Now?

The Privacy Versus Security Debate

Why Should I Worry About My Online Privacy If I Have Nothing to Hide?

The Consequences of Digital Convenience

Carrying Out Your Own Risk Assessment

Follow the Leader

Notes

CHAPTER 2: Gamekeeper Turned Poacher

Notes

CHAPTER 3: How Did We Get Here?

You and Your Data Are the Product

Social Media Has “Groomed” Society

Open‐Source Software Is the Antidote

We Are Still Living in the “Wild West”

You Have More Power Than You Think

What World Do You Want to Live In?

Notes

PART II: The Dark Triad

CHAPTER 4: Spooks

The 1990s – When the World Changed

Total Mastery of the Internet

ThinThread and Trailblazer

The Snowden Disclosures

Knowledge Is Power

Hacking the Spooks

Cyber Weapons: A Pandora's Box

Cyber Threats: What You Need to Know

The Blurred Line Between State and Corporate

Notes

CHAPTER 5: Corporations

Nothing Comes for Free …

Blurred Lines

The Ongoing Issue of Net Neutrality

The Battle Between Lobbyists and Government

The Trickle‐Down Effect

Corporate Threats and Opportunities for SMEs

Sustainability: A Key Battleground

Different Approaches to Our Tech Evolution

What Does the Future Hold?

Notes

CHAPTER 6: Criminals

The Sophistication of Digital Crime

What Is the Scale of the Problem?

Why Should This Matter to You?

LOVEINT: Where Criminals and Law Enforcement Meet

Awareness Is Essential for Protection

How Is Cyber Crime Being Tackled?

Cyber Criminal or Hacktivist? Who Decides?

Notes

CHAPTER 7: Media Control

The Evolution of Media Control

Manipulating the Press

The Power of Press Reports

Modern Media Censorship

Striking the Right Balance

Who Really Has Control?

Notes

CHAPTER 8: Cyber Warfare

What Is Cyber Warfare?

What Infrastructure Is Vulnerable to a Cyber Attack?

Cyber Propaganda

Who Are the Key Players in Cyber Warfare?

Cyber Warfare Goes Beyond Nation States

Are We Prepared?

Notes

PART III: Solutions

CHAPTER 9: Individuals

Awareness Is the First Step

Countermeasure #1: Open‐Source Software

Countermeasure #2: Open‐Source Web Browsers

Countermeasure #3: Email Encryption Programs

Countermeasure #4: Privacy‐Focused Search Engines

Countermeasure #5: Tor (The Onion Router)

Countermeasure #6: Secure, Non‐Proprietary Operating Systems

Countermeasure #7: Virtual Privacy Network (VPN)

Digital Empowerment

What About Smartphones?

What About Smart Home Devices and the Hardware Itself?

Privacy and Tech Can Go Hand in Hand

CHAPTER 10: Corporate

Why Do Businesses Need to Take This Seriously?

Countermeasure: Open‐Source Software

Business Reputation: What Is Worth Fighting For?

Secure Online Communication

What Can Big Corporations Do to Redress the Balance?

What About Businesses Buying This Tech?

Why Do So Few Businesses Consider Open‐Source Software?

The Business Case for Open‐Source

Do Not Forget About Physical Security

The Business Opportunities in Open‐Source and Better Data Security

Countermeasure: Blockchain Technology

Notes

CHAPTER 11: Government

Government Action Has Become Imperative

Reaching a Fork in the Road

A Question of Knowledge

How Can Governments Redress the Balance?

Education Is the Key

Countermeasure: Promote Tech Experimentation in Educational Settings

Creating a Cultural Shift

The Driving Forces in Cultural Change

Notes

CHAPTER 12: Utopia or Dystopia?

The Move Toward the Metaverse

Quantum Computing: A Game Changer

It Is Time for Governments to Wake Up

Education: The Binding Thread

The Time to Act Is Now

About the Author

Index

End User License Agreement

Guide

Cover Page

Title Page

Copyright

Dedication

Acknowledgements

Introduction

Table of Contents

Begin Reading

About the Author

Index

Wiley End User License Agreement

Pages

iii

iv

v

ix

xi

xii

xiii

xiv

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

93

94

95

96

97

98

99

100

101

102

103

104

105

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

189

190

191

192

193

194

195

196

197

198

199

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

THE PRIVACY MISSION

ACHIEVING ETHICAL DATA FOR OUR LIVES ONLINE

ANNIE MACHON

This edition first published 2023.

Copyright © 2023 by Annie Machon. All rights reserved.

This work was produced in collaboration with Write Business Results Limited. For more information on Write Business Results' business book, blog, and podcast services, please visit their website: www.writebusinessresults.com, email us on [email protected] or call us on 020 3752 7057.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

The right of Annie Machon to be identified as the author of this work has been asserted in accordance with law.

Registered Offices

John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA

John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom

Editorial Office

John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Wiley also publishes its books in a variety of electronic formats and by print‐on‐demand. Some content that appears in standard print versions of this book may not be available in other formats.

Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty

While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

Library of Congress Cataloging‐in‐Publication Data is Available:

ISBN 9781119906964 (Hardback)

ISBN 9781119906971 (ePub)

ISBN 9781119906988 (ePDF)

Cover Design and Image: Wiley

To my father, Nick Machon, who taught me about the need for freedom of expression and the courage to speak truth to power; and my mother, Michèle Mauger, who died two years ago, from whom I learned compassion and the need to fight for justice.

ACKNOWLEDGEMENTS

I would like to thank the World Ethical Data Forum and Foundation for its support in writing this book, not least the founder and CEO, John Marshall, and our privacy expert, Sander Venema. An honourable mention should also go to my colleagues at Sam Adams Associates for Integrity in Intelligence, and also a vast array of hacktivists, journalists, politicians and technologists, whose company I have very much enjoyed over the years and from whom I have learned so much.

Last, but not least, I think both MI5 and David Shayler deserve a mention. Without those experiences, I should never have started down this path of discovery…

INTRODUCTION

The subject of data ethics and how the digital world impacts our privacy and basic rights has never been more urgent. This is no longer an academic or niche geek issue as it had been since the inception of the internet and the World Wide Web. Digital and data ethics are issues that affect all our lives, particularly as we have been forced to live increasingly online due to the Covid‐19 pandemic.

We all have to start thinking about who controls the manufacture of and access to the hardware (including how it's manufactured and where the raw materials come from), who runs the software, who can spy on us, who can hack us and who can data farm us. These are issues that we, at the very least, need to be aware of in modern society. We need to ask what threats we need to protect ourselves from democratically, socially and personally. While there is certainly an element of individual responsibility, it is also essential to turn the lens onto business and governments. How can corporations protect us rather than prey on us, and how can so doing help their bottom line?

In this book, I aim to explore both the overarching concepts and principles about why this is important, and offer practical solutions for companies, policymakers and individuals to empower them to push back against these known threats, as well as to future‐proof themselves going forward.

Technology is developing and expanding exponentially. The rate of change is unprecedented and it is only accelerating. What you will find in the coming chapters is information we all need to know and apply in the fast‐evolving technologically driven world we now live in.

Untangling the World Wide Web

One of the challenges for anyone discussing our rights, privacy and data ethics in this digital age is unpicking the many threads that form the web of both threats and solutions in our digital world. As we move through the chapters, I will untangle some of the main threats we all face and explore solutions that can improve our privacy and safeguard both our data and our human rights.

I like to visualise this process as a starburst, with our rights, privacy and data ethics at the centre. A multitude of threats, choices and solutions shoot out of this starburst, which represents a utopian future where we are safe and free to live as we please, both on‐ and offline. These concepts, stories and ideas all interlink, too, creating the web that now supports so many aspects of our lives. Some of the threads within this web can be sticky, and others can lead to unexpected places.

To help you navigate the final section, where I present the best solutions available to us at present to reduce these threats, I have split the information as best I can to relate to individuals, businesses and governments. In each of these chapters, I explore the solutions that are most applicable at each level, although some of these invariably interweave. There is one common thread that connects all of these areas, as well as many of the solutions and threats I will talk about: education.

Education for an Empowered Future

The internet and online world as a whole is, in many ways, amazing. It has allowed us to live our lives like never before and gives us unprecedented access to other people, cultures and communities around the world. We have the power to share and exchange information, perspectives and knowledge in an historically revolutionary/novel way.

I use technology and appreciate all that it brings to my life. However, through my own experiences and journey of discovery, I know how damaging it can be to live in a world without privacy, one where you feel your basic human rights have been eroded. Rather than warning you off technology, I want to help educate you so that you can live your life, on‐ and offline, in a way that empowers you and protects your human rights, including your right to privacy.

While I will explore the multitudinous threats we face in our lives as a result of the shift to digital living, I also provide you with solutions that you can implement as individuals, in your businesses and even at government levels if you are involved here. One bastion of our privacy and rights in an online world is open‐source software. This is one of the key countermeasures that has applications for us at every level of society.

Throughout this book, I will explain how open‐source software (and hardware where it is available) can be applied to help guard against many of the threats that we face to our privacy and human rights. My aim with all the solutions I share is to give you a choice. I am not saying that you have to live your life online in a particular way. My hope is that by reading this book and better understanding the threats in your world you are able to carry out your own risk assessment and make choices about what levels you want and need to go to in order to protect your rights and privacy online.

For example, if you are a female journalist in Afghanistan or a human rights activist in Hong Kong, your threat assessment will probably be more stringent than that of a peace activist in Norway. However, your risk assessment is down to you and what I aim to do later in this book is provide options for your personal security.

Let's start by looking at why data ethics and online privacy are topics that should concern all of us, and why there is no such thing as “digital rights”.

PART IPrivacy and Why We Should Care

There is no escaping it – we live in a digital world. In some ways, that is a wonderful thing. We are more connected to other people and cultures around the world. We have opportunities to learn from and work with people who are the best in their fields from the comfort of our homes. We can maintain and strengthen personal relationships, even with those who are geographically very distant from us.

While the internet presents many opportunities and technology has changed (and is continuing to change) the way we live our lives in positive ways, it is important that we do not dismiss and ignore some of the very real threats it can present, too. I am not here to tell you to bin your smartphone, delete all your social media accounts and disconnect yourself from the online communities you are part of. How much technology you introduce into your life is very much your choice.

As I have explained, I want to educate you about some of those threats and share practical solutions that you can implement if you see fit. This is about all of us feeling as though we have some measure of control over shaping our digital, as well as our physical, lives. You may never have considered your digital privacy before, or thought about how the rights you have online intertwine with your rights in the real world.

I want to help you see the whole picture, so that you are informed in your choices of both when and how you use technology in your life. In this first part of the book, I will explain why there is no such thing as digital rights, because these are simply our human rights, and share an insight into some events that have happened since the birth of the internet that have contributed to where we find ourselves today, in an increasingly digital society.

I also know from personal experience what can happen when technology is used against you to erode your privacy, which is why I am so passionate about our human rights in a digital world and ensuring we all have privacy, both off‐ and online. I share my story, as well as some of the things I learnt through my experiences, in Chapter 2.

Let's start by looking at our human rights in the context of our digital lives, what those rights are and why they are so important for each and every one of us.

CHAPTER 1Our Human Rights Online

What does the term digital rights mean to you? Have you ever stopped to consider your rights in the online world and what those might (or might not!) be? Do you equate them with your human rights? If not, then now is the time to start, because there is no such thing as just digital rights. The lines between our physical and digital selves have blurred and that means our rights in a digital world are simply our human rights. You cannot separate the two; they are intrinsically linked. A quick history lesson into the origin of the Universal Declaration of Human Rights, which was put in place in 1948, will show you why.

The Universal Declaration of Human Rights was adopted by the United Nations (UN) General Assembly in the aftermath of World War II, when there was a strong focus on the social levers and mechanisms that had allowed Hitler to seize power and for Nazism to take root in Germany. The intention of this declaration was to put protections in place for both individuals and society, to mitigate against potential threats like this going into the future.

This was largely a mantle taken up by Western democracies, with other countries and cultures taking longer to go down the same path. In these Western democracies, there was very much a consensus that individual human rights were important to allow individuals and societies to push back against governments that might be sliding down a path towards totalitarian rule. The most important right within the declaration is, of course, the right to life.

However, in terms of our human rights in a digital world, the two that are most interesting and pertinent are the right to privacy and the right to freedom of expression. As a coda to that, the right to freedom of conscience is also important. Without those three rights, it becomes very difficult for society to reform, push back or move forward as necessary.

You only have to look back at movements for the abolition of slavery, universal suffrage or LGBTQ+ rights to see how important those rights are. If the people involved in those movements had been living under totalitarian, surveillance regimes, they would not have been effective. They would have been shut down and stopped – without freedom of expression, nobody else would have known what they were thinking. The point is, progress can be very easily stopped by surveillance and suppression. There are many examples where this is happening around the world even now, as I write this book. In 2020, Beijing imposed the National Security Law on Hong Kong, severely curtailing media and internet freedom in the territory and pushing Hong Kong towards an authoritarian system.1 Under Saudi Arabia's male guardianship system, women are denied the freedom to make critical decisions about their lives and their freedoms are regularly curtailed.2 Saudi Arabia also utilises its anti‐cybercrime law to sanction those suspected of having extra‐marital relationships as well as those in the LGBTQ+ community.3 There has been a dramatic resurgence in digital authoritarianism in 2021, with Access Now and the KeepItOn coalition documenting 182 internet shutdowns across 34 countries. This is a sharp increase from the 159 shutdowns across 29 countries recorded in 2020. Ethiopia, Myanmar and India were among the countries to shut down the internet in a bid to quell the dissent brewing among their citizens.4

Free access to information and a place where people can express themselves freely is what enables people to mobilise and gives them the ability to connect and educate themselves about different issues, wherever they are based in the world. This, in turn, enables them to take a stance and campaign effectively to (hopefully) change the world, or the laws in their country.

However, to do this, journalists and dissidents need access to tools that enable them to communicate securely, because without these secure means of communication they are risking not only their liberty but also their lives.

These totalitarian regimes exist in our world today. They are not a theoretical construct or something conjured from the pages of a science fiction novel. Even if you do not live in one of these countries, it is not too much of a stretch to imagine you might visit a country where such a regime is in power and therefore be subjected to that regime's rules. Look at Nazanin Zaghari‐Ratcliffe, who was detained by the authorities in Iran in 2016 and accused of being a spy. She has always denied the charges and maintained she was simply visiting her parents. Yet, she was imprisoned for six years and released in 2022 only after much political wrangling.5

Why Does This Matter Now?

Since the birth of the internet and its widespread adoption in the early 1990s, technology has developed rapidly. I remember those early days of the World Wide Web, when it seemed like some kind of utopia, where people could communicate, ingest and share information freely. You did not have to worry about online predators. It felt like a safe space. By the end of the 1990s the dot‐com bubble had reached its peak and then burst, and this gave way to a new era of technological development, most notably around social media giants in the first half of the decade and then smartphone technology.

At the same time the technology was rapidly developing, the big technology and social media companies were just starting out. We saw the emergence of Google, Facebook and Twitter, as both corporate entities and the social media platforms we now all use and take for granted. The development and dissemination of smartphone technology made it very easy for us to press a button, download an app and live our lives through it. This has resulted in a very dangerous erosion of our sense of privacy.

I will explain precisely what these dangers are as we move through the book and share steps that you can take to protect against the risks you face. Awareness of these threats is the most important part, because if you do not know about them you will not even consider what you can do to protect yourself, or be able to assess whether you need that protection.

How do you feel about technology? How do you view the digital world? Your answers to these questions will likely be different than mine. They will also likely depend on when you were born, and whether, like me, you remember a world without the internet or whether you are part of a generation growing up as a digital native. If that is the case, you will have never known a world without the internet or this kind of technology. Anyone born since the early 2000s will have had access to technology and the online world from an incredibly young age. If you (or perhaps your children) fall into this generation, do you think about what that means for your privacy or your human rights? It is understandable if you have never questioned it like this before. For you, I imagine using the internet and technology is simply convenient, fun and an additional way of expressing yourself. Of course, it can be all of those things. Not all technology, or uses of technology, are bad; far from it. However, that is not to say it is all emojis, likes, shares, views and easy shopping experiences. There is a different, darker side to all of this that we need to be aware of, so that we can continue to use it in a positive way while feeling secure and protected.

Many of us (digital and non‐digital natives included) do not think about the hardware or software through which we are carrying out a range of activities, whether it is downloading and watching films, socialising, having sex and relationships, or organising political activism. Many people also do not consider how much these activities say about them as a person, intellectually, emotionally, politically, sexually and in many other ways. Digital natives in particular do not think about these issues because they know no other way of being; this is just their normal.

In the past it has certainly been easy to think of our digital rights as separate from our human rights, but now that we live in an increasingly digital world, it is harder to pull apart the threads that separate the two. In fact, they have become intrinsically intertwined over the years, a process that was only accelerated by the Covid‐19 pandemic.

Over the past 30 years or so, the internet and technology have developed exponentially, but until Covid‐19 hit, there was still pretty much a choice in terms of how and when you used it. You could choose which systems and apps you preferred, and how much of your life you lived online. However, when the Covid‐19 pandemic struck, everything we did – be it health, finances, taxes, socialising or work – was forced online, particularly those of us living in Western countries. Using the internet was no longer a choice, it was a necessity. For many who found themselves working online, the systems, programs and apps they had to use were chosen for them by their employer.

This simply highlights why it is more important than ever before to consider our human rights in a digital context. Our online communications are an extension of ourselves and they need to be protected in the same way that our personal integrity in the physical world is. We require our human rights to be protected for every form of expression, both online and in the physical world, and if we are too complacent and just give up on those rights, we are putting ourselves in a very dangerous position, as I will explain in Part Two when I explore the Dark Triad of government agencies (spies), corporations and criminals.

We need to start thinking about our personal human rights and society's basic rights in terms of how we interact with this new technology. We also need to make sure we are not only looking at what has already happened, but also looking to the future to identify potential threats and try to protect against them to ensure there are laws in place to protect our human rights in this new, increasingly digital world. We also need to explore how we can gently nudge the cultural tanker in a different direction, as we did through universal suffrage, so that we, as individuals and a society, can take back some of our power and have much greater control over practices like endemic surveillance or data harvesting, rather than these being activities that need to be prevented by laws that could well be unenforceable.

The Privacy Versus Security Debate

For decades, intelligence agencies have trotted out the clichéd argument that if you want security, you have to be prepared to give up your privacy, but this simply is not true. In fact, if you want proper security, you need informed, educated and interacting citizens to act against potential security threats. In order for our citizenry to behave in this way, they need their privacy, be it in the real world or online.

It is only when citizens are informed, educated and able to interact with a certain degree of privacy that they can effect social cultural change and nudge the cultural tanker in a better direction. However, there is a balance to be struck and sadly it is one that all too often tips into Orwellian territory. The UK's Prevent programme is a good example of where the balance has tipped in the wrong direction.

Prevent was introduced during the height of the war on terror as a way for citizens to report concerns over radicalisation. Initially it focused solely on Islamic extremism, but over the years it has expanded to include considerably more activity on the far right, as well as any other potential terrorist threats. It is a draconian approach, because it requires people within communities to snitch on one another. It has also failed to prevent many terrorist attacks in the UK. An investigation by Channel 4 found that, of the 13 terror attacks in the UK between 2017 and 2022, seven were carried out by individuals known to the Prevent programme.6

The Prevent programme has also faced multiple accusations of systemic human rights violations7 and has been found to inhibit the will of certain communities to speak up against extremist behaviour because they feel they are under undue levels of surveillance. This is clearly counterproductive and demonstrates why widespread surveillance is not the answer to many of the threats we face in society.

This is a “divide and conquer” approach, which is an alienating force. We saw this in East Germany, where the notional idea of trust was eroded within society because so many people were snitching on others that no‐one felt they could communicate freely. This atomises society, rather than allowing it to be cohesive. To effectively guard against threats, we need to create a cohesive democratic community, where we can take action politically and potentially make a meaningful difference, because this makes us all more invested in that community and democracy.

However, we know that intelligence agencies and governments have used widespread surveillance on activists throughout the decades. Certainly it was a prevalent tactic used against the civil rights movement and people like Martin Luther King in the United States in the 1960s and 1970s. Similarly, MI5 dedicated a great deal of resources to surveillance on members of the Communist Party of Great Britain and a bewildering array of Trotskyists, as well as many other groups deemed to be subversive between the 1940s and 1993.8 The difference is that back then it was very labour intensive to investigate and stop a very effective activist. Nowadays, it merely takes the flick of a switch to get a complete picture of someone's life and everything they are doing online.

As well as technology and the online world making it much easier for surveillance to be carried out, they make it much easier to disrupt an activist's activities. You can start planting fake news, or deep fake videos, to discredit someone (I will share stories of how these tactics have been used later in the book). You can set up a bot attack on social media and take someone down reputationally. It is very easy now for these predators with their own interests at heart, rather than society's, to restrict society's ability to protect itself and continue moving forward positively. I am not telling you any of this to scare you, simply to make you aware of the risks we all face as our lives become increasingly digital.

As we move through the book, I will share some simple steps you can take, whether as an individual, a corporation or a government, to help you protect your human rights online and make more informed choices about the technology you use in your daily life, whether that is a particular piece of hardware, a piece of software or an app.

Why Should I Worry About My Online Privacy If I Have Nothing to Hide?

Another argument that often gets thrown into the mix when people discuss human rights and privacy versus security is that if you have nothing to hide, then you have nothing to worry about. But now that many of us, certainly in the Western world, are largely living online, our digital selves are increasingly overlapping with our physical selves. It is a rather inelegant example, but would you want someone to be able to watch you while you were on the toilet? That would be considered a gross invasion of your privacy. Or do you want someone to have access to all of your financial records? Again, likely not something you would be happy about being accessible to other people.

But this is what the digital world offers, particularly in regions like Europe where we have ID cards that pull together various aspects of our lives and therefore allow a faceless bureaucrat to access pretty much any aspect of our lives, be it our financial records, health records or tax records. These are the kinds of things that most of us would prefer to keep private, particularly our health records.

As an example, in 2020 a private company that runs psychotherapy centres across Finland was hacked and the confidential treatment records of tens of thousands of patients were put up for sale online. The people whose records were stolen were not doing anything wrong, but nobody wants confidential details from therapy sessions to be available online for all to see. This is private information and should be kept private.

Now think about all the private information you readily make available in the digital world. I am sure you know that smart home speakers are listening all the time, effectively spying on you. There have been multiple stories from some of the big players (like Amazon) in the home smart speaker space where employees revealed they were encouraged to listen in to people's homes, to check that the technology was working.9 But that is incredibly invasive.

There is also evidence of smart speakers being activated by mistake, listening in and recording when they are not supposed to. In one trial of various different smart speakers, researchers recorded one erroneous activation every five hours.10 This begs the question, how much information are these companies collecting about you if they are recording your speech or conversations even when you have not activated them?

Similarly, the rise of video calls and long‐distance relationships means that many more couples have explored online sex. They are not doing anything wrong and this should not be anything to be embarrassed about, but there are programs available, such as Optic Nerve that was run by British intelligence services, that allow images from video conferences to be captured, regardless of their nature. In fact, the data to come out of the Optic Nerve operation revealed that around 10 per cent of video conference calls were of a sexual nature. The people having consensual sexual relations with partners in this way were doing nothing wrong, but how would you feel knowing that someone had watched you at your most intimate?

These are just a few examples of areas of our lives that most of us would prefer to keep private, even though we are doing nothing wrong, but that have become increasingly difficult to keep private as our lives have become increasingly digital in nature.

Many Western intelligence agencies have been grappling with trying to find the right balance between security and privacy for decades. They have been asking how to ensure accountability, transparency and proportionality in terms of what spies and the police can access to protect the vulnerable while allowing greater freedom for the majority who are doing nothing wrong. It is not an easy question to answer. Part of the challenge has been the vast acceleration in both the availability and use of technology since the big tech giants took off about 20 years ago, how that has allowed a greater information grab and how it has eroded our sense of privacy.

There are many strands to this particular thread of discussion, from vulnerabilities in software that have been used and