(APEC) aims to promote interoperability of privacy regimes across the 21 APEC countries. In contrast to Europe’s GDPR, the APEC Privacy Framework [APEC, 2017] is not a law but rather defines nine privacy principles, based on the OECD privacy guidelines, APEC countries can choose to subscribe to. The Framework further defines Cross-Border Privacy Rules (CBPR) as a code of conduct to enable cross-border data transfers among countries committing to the CBPR. The CBPR requires a local accountability agent (i.e., a governmental institution) that certifies organization’s CBPR compliance. As of 2018, six APEC countries are participating in CBPR, namely the U.S., Japan, Mexico, Canada, South Korea, and Singapore. In addition to the CBPR, the APEC Cross-border Privacy Enforcement Agreement (CPEA) facilitates cooperation and information sharing among APEC countries’ privacy enforcement authorities.
2.2 MOTIVATING PRIVACY
When the UK government in 1994 tried to rally support for its plans to significantly expand CCTV surveillance in Britain, it coined the slogan “If you’ve got nothing to hide, you’ve got nothing to fear” [Rosen, 2001]—a slogan that has been a staple in counter-privacy arguments ever since. What is so bad of having less privacy in today’s day and age, unless you are a terrorist, criminal, or scoundrel? Surely, people in Britain, with its over 6 million surveillance cameras (one for every 11 people) [Barrett, 2013] seem to be no worse off than, say, their fellow European neighbors in France or Germany, which both have nowhere near that many cameras.16 Would those who maintain an active Facebook page say they are worse off than those who only use email, text messages, or, say, written letters, to communicate with friends and family? Why not let Google monitor all Web searches and emails sent and received, so that it can provide better search results, a cleaner inbox, and more relevant targeted advertising, rather than the random spam that usually makes it into one’s inbox? Who would not want police and other national security institutions have access to our call records and search history in order to prevent terrorists and child molesters from planning and conducting their heinous crimes?
One might assume that making the case for privacy should be easy. Privacy is one of the leading consumer concerns on the Internet, dominating survey responses for more than 20 years now (e.g., Westin’s privacy surveys between 1990 and 2003 [Kumaraguru and Cranor, 2005], the 1999 IBM Multi-National Consumer Privacy Survey [IBM Global Services, 1999], or recent consumer reports from KPMG [2016] or International Data Corporation (IDC) [2017]). Everybody seems to want privacy. However, when separating preferences from actual behavior [Berendt et al., 2005, Spiekermann et al., 2001], most people in their everyday life seem to care much less about privacy than surveys indicate—something often called the “privacy paradox” [Norberg et al., 2007]. Facebook, with its long history of privacy-related issues [Parakilas, 2017], is still growing significantly every year, boasting over 2.23 billion “active monthly users”17 at the end of June 2018 [Facebook, Inc., 2018]. Back in 2013, with only about half that many active users (1.2 billion) [Facebook, Inc., 2018], Facebook users already shared almost 3.3 million pieces of content (images, posts, links) per minute [Facebook, Inc., 2013]. Within the same 60 s, Google serves an estimated 3.6 million search queries [James, 2017], each feeding into the profile of one of its over 1+ billion unique users18 in order to better integrate targeted advertising into their search results, Gmail inboxes, and YouTube videos. Of course, more privacy-friendly alternatives exist and they do see increasing users. For example, a service like the anonymous search engine DuckDuckGo saw its traffic double within days19 after Edward Snowden revealed the extent to which many Internet companies, including Google, were sharing data with the U.S. government. However, DuckDuckGo’s share of overall searches remains minuscule. Even though its share had been on the rise ever since the Snowden leaks of June 2013, its current20 11 million queries a day (roughly seven times its pre-Snowden traffic) are barely more than 0.3%21 of Google’s query traffic.
Why are not more people using a privacy-friendly search engine like DuckDuckGo? Does this mean people do not care about privacy? Several reasons come to mind. First, not many people may have heard about DuckDuckGo. Second, “traditional” search engines might simply provide superior value over their privacy-friendly competitors. Or maybe people simply think that they do. Given that the apparent cost of the services is the same (no direct charge to the consumer), the fact that one offers more relevant results than the other may be enough to make people not want to switch. Third, and maybe most important: indirect costs like a loss of privacy are notoriously hard to assess [Solove, 2013]. What could possibly happen if Yahoo, Microsoft, or Google know what one is searching? What is so bad about posting holiday pictures on Facebook or Instagram? Why would chatting through Signal22 be any better than through WhatsApp?23 Consider the following cases.
• In 2009, U.S. Army veteran turned stand-up comedian Joe Lipari had a bad customer experience in his local Apple store [Glass, 2010]. Maybe unwisely, Joe went home and took out his anger via a Facebook posting that quoted a line from the movie he started watching—Fight Club (based on the 1996 book by Palahniuk [1996]): “And this button-down, Oxford-cloth psycho might just snap, and then stalk from office to office with an Armalite AR-10 carbine gas-powered semi-automatic weapon, pumping round after round into colleagues and co-workers.” Lipari posted the slightly edited variant: “Joe Lipari might walk into an Apple store on Fifth Avenue with an Armalite AR-10 carbine gas-powered semi-automatic weapon and pump round after round into one of those smug, fruity little concierges.” An hour later, a full SWAT team arrived, apparently alerted by one of Joe’s Facebook contacts who had seen the posting and contacted homeland security. After a thorough search of his place and a three-hour interrogation downtown, Joe assumed that his explanation of this being simply a bad movie quote had clarified the misunderstanding. Yet four months later, Joe Lipari was charged with two “Class D” felonies—“PL490.20: Making a terroristic threat” [The State of New York, 2018b] and “PL240.60: Falsely reporting an incident in the first degree” [The State of New York, 2018a]—each carrying prison terms of 5–10 years. Two years and more than a dozen court appearances later the case was finally dismissed in February 2011.
• In 2012, Leigh Van Bryan and Emily Bunting, two UK residents just arriving in Los Angeles for a long-planned holiday, were detained in Customs and locked up for 12 h in a cell for interrogation [Compton, 2012]. Van Bryan’s name had been placed on a “One Day Lookout” list maintained by Homeland Security for “intending to come to the US to commit a crime,” while Bunting was charged for traveling with him. The source of this were two tweets Van Bryan had made several weeks before his departure. The first read “3 weeks today, we’re totally in LA pissing people off on Hollywood Blvd and diggin’ Marilyn Monroe up!”—according to Van Bryan a quote from his favorite TV show “Family Guy.” The second tweet read “@MelissaxWalton free this week, for quick gossip/prep before I go and destroy America?” Despite explaining that “destroying” was British slang for “party,” both were denied entry and put on the next plane back to the UK. Both were also told that they had been removed from the customary Visa Waiver program that is in place for most European passport holders and instead had to apply for visas from the U.S. Embassy in London before ever flying to the U.S. again [Hartley-Parkinson, 2012].
In both cases, posts on social media that were not necessarily secret, yet implicitly assumed to be for friends only, ended up being picked up by law enforcement, who did not appreciate the “playful” nature intended by the poster. Did Joe Lipari or Leigh Van Bryan do “something wrong” and hence had “something to hide”? If not, why should they have anything to fear?
“Knowledge is power” goes the old adage, and as these two stories illustrate, one aspect of privacy certainly concerns controlling the spread of information. Those who lose privacy will also lose control over some parts of their lives. In some cases, this is intended. For example, democracies usually require those in power to give up some of their privacy for the purpose of being held accountable, i.e., to control this power. Citizens routinely give up some of their privacy in exchange for law enforcement to keep crime at bay. In a relationship, we usually show our trust in one another by opening up and sharing intimate details, hence giving the other
