Germans have long been stingy on privacy. Could their history be the future of data protection?
Tucked on the outer edges of East Berlin lies a series of complexes. They’re typically modern, massive blocks in the shapes of Ls, Is and Ts — an alphabetic topography built by the Soviets. Step into the building at address Karl-Liebknecht-Straße 31/33, and you’re greeted by a nostalgic palette of pale yellows and retro wooden furniture. In the left side of the room is a bronze bust of Karl Marx.
In the center of the foyer is a glass case spread out over a table you could fit a family of five around. Inside you can see a scale model of where you’re standing, the small plaza just out the doors, and three or four blocks in either direction. From a bird’s eye you can envision tiny people walking to shops, small RC cars clogging the streets at peak drive time. For the officers working inside this building not even twenty years ago, this level of omnipotence was not imagination, but calculated reality.
To Gilbert Radulovic, the rooms would have been opaque; it’s fair to assume he never set foot in the building. He was born in 1945, the end of World War II. He was a vivacious political voice, which oftentimes got him in trouble — in 1971 he relocated from historic Leipzig to East Berlin after expulsion from Karl Marx University.
As it turns out, the Stasi — short for Staatssicherheitsdienst (State Security Service) — were greatly involved in Radulovic’s life, whether he was aware of it or not. They were in charge of surveilling the newly cleaved East Germany as an arm of the German Democratic Republic (GRD). Today, Radulovic is the marquee story told by the Stasi Archive museum.
The Stasi immediately attached themselves to Radulovic, who was taking part in a “Thursday Circle” discussion group on the humanities, science and current events. The secret police identified them as a “hostile-negative group,” an identifier which allowed them “…to criminalise and punish the voicing of almost every critical opinion…” the museum writes in a booklet on Radulovic’s life.
This opened the door for an investigation into the group, where their clandestine meetings would be infiltrated by undercover plainclothes Stasi officers. In the end, the investigation was quietly closed. Radulovic’s group committed no crimes; they weren’t given the chance. The Stasi’s Kopernikus operation — designed to surveil and control — had successfully intimidated the group into submission.
Painstakingly meticulous forms were compiled for every case the Stasi brought in, each designed to detail covert reportage, photos and recordings. Reports could detail a ten-minute walk down the street.
The case spanned1979–1980. The paperwork was archived in Stasi headquarters, located at Karl-Liebknecht-Str. 31/33.
In this building lie enough of these files to run 160 kilometers (roughly 100 miles). It includes more than five million names, all marked, in some degree, like Radulovic: “anti-state agitators” dangerous to the GDR.
For perspective, this was nearly a third of all East Germany. Index cards bearing name, occupation and age are filed next to big chrome spools of recorded conversations. A short metro ride away, Berlin’s iconic TV tower, its own all-seeing eye into the lives of West Berliners stranded on their oasis of linden trees, towers as a relic panopticon of Soviet might.
Stasi surveillance was decades before monitoring people was relatively easy thanks to Facebook, Twitter and Instagram. It comes as no surprise, then, that one of the more tempestuous relationships Germans have today is with an invading force of everyday life: social media. Before the Stasis it was the Nazis who categorized, stalked and built an empire of information on those they found their adversaries. The value of information is built into the German constitution in spite of this history, and as media giants such as Facebook continue to build distrust in the value of our growing interconnectedness, the German model offers an opportunity for reflection and education.
The value of data
The information important to us has remained relatively consistent. When we look at our profiles, we define ourselves along traditional lines of where we are, where we work and where we’ve been. We put out pulsars of location check-ins, advertise our hobbies with limited screen space and character limits. We invent ourselves to the world.
It’s the same information the Stasi found so compelling — and definitive. Had the internet existed during those tumultuous years, it isn’t hard to fathom it would be used by authoritarians to surveil potential threats to power. Yet today, human connection has radically changed through the advent of the internet — and with that power comes a concerning level over who gets to know who we are.
The level of concern generated from this agreement was the subject of a 2015 study from the Harvard Business Review, which found most internet consumers are aware of data collection as they journey online. When a terms and conditions agreement appears we scroll, click, and most certainly don’t read.
On its surface, data collection is designed to improve the services of the world around us, allowing fine-tuning to product experiences from an Amazon wish list to a Google-powered thermostat.
“The rich new streams of data have also made it possible to tackle complex challenges in fields such as health care, environmental protection, and urban planning,” The Review writes.
Yet, with breaches to Equifax, Sony, Home Depot, and Facebook (among others), the security of that information is increasingly questioned — and not only in the case of a hack, but in terms of what companies themselves are doing with our earnest information.
To start, the Review’s study showed roughly a quarter of people polled knew data was used for their friends’ lists, location and web searches. These are used to triangulate preferences, potential purchases and customers; it’s optimization for products that, as the Review points out, we’d be hesitant to hastily ditch.
Yet only 18 percent realized their chat and web history were being watched as well. That’s not far off from the other factors, but switch the framing and it’s more imposing: anywhere between 75–85 percent of people polled were not aware of what types of data were being tracked.
This study took place before the bombshell revelation in early 2018 that the consulting firm Cambridge Analytica was siphoning off user data for political campaigns. Through a series of investigations by the New York Times, The Guardian, and Channel 4 News, the British-based organization was given access to user data from over 50 million Facebook profiles, and was using that data in conjunction with numerous political campaigns — Donald Trump’s being the most publicized.
At the 2018 World Press Freedom Day conference in Accra, Ghana, I heard Job Rabkin from Channel 4 News discuss what their undercover investigation into Cambridge Analytica confirmed: by skimming data from social media giants, the firm could serve as a consultant to global political campaigns by tracking personality profiles and exploiting them.
The firm used data tools to misdirect search engines throughout the developing world — namely, Trinidad, Kenya, Ghana and Nigeria. These optimization campaigns resulted, in Kenya’s case, with a court nullifying an election after it was found Kenyan voters were directed to websites spreading deliberate falsehoods when searching for campaign information. Data mining was fundamental to rigging election cycles throughout the world.
“You can work out people’s personalities, you can work out their fears and their hopes,” Rabkin said, “and then use that information to manipulate.”
Rabkin explained data can be used to create a complete profile of your personality and tendencies, even going so far as to predict what kind of information you respond to and how that can be used for targeted political means. In Kenya’s case, candidates were falsely characterized as wanting to allow terrorist organizations to run the country. The goal was to stoke fires inside platform echo chambers.
Small rigged elections were some of the earlier ventures Cambridge Analytica made into wielding data for political means. Channel 4 discovered more illicit acts after undercover investigations with Analytica officials.
“They told us that they could use, and had used, an array of dirty tricks: bribery, entrapment, smear campaigns,” Rabkin said. “And they could do it all secretly using shell companies and fake names.”
Cambridge Analytica operatives enlisted former Israeli and British spies to seek information on political opponents, all under the radar of regulators and government officials. They boasted of campaigns in Brazil, Mexico, India and of winning Donald Trump an election in the United States.
What Analytica showed the world was how data at its strongest could be used as a tool to fundamentally disrupt global democracy — with tangible results. At this point, any kind of legal action against this new tactic was too far gone.
“People with a political agenda are using these new tools to bombard people with fake news, propaganda and lies,” Rabkin said. “Designed to achieve their political ends, the technology is changing so fast and spreading so wide that the law in most countries is far, far behind.”
As investigations into the 2016 election have turned up, Analytica’s data profiles were a critical part of the 2016 election by pinpointing strategic online information. For a decade Americans were on high alert regarding their own government’s data policing; today, voluntary participation played into the hands of skillful foreign operatives.
In the wake of a series of revealing news stories, comfort in our online presence is beginning to take a step back, and users likely feel more ownership toward their data today. Unfortunately, the revelation took place after major elections in countries across nearly every continent. The lesson was learned.
The German method
So how do consumers value their data? We’ve seen how consumers are largely ignorant over what kind of data is being watched online, and that, in a step further, this ignorance can play out to serious consequences. Yet this doesn’t show how data is valued from a consumer level — and a step further, what can be done to secure data on a large scale.
To further understand this, The Review, as part of the earlier study, surveyed 900 people across five diverse countries to understand attitudes about data. This included China, India, the United States, United Kingdom and Germany.
Results showed that Germans expressed the most concern over the use of their data (80 percent), followed closely by Americans (72 percent). These are countries with the most diverse media landscapes and a stronghold on internet freedom, as opposed to more authoritarian regimes like China. Your location heavily influences your attitude toward privacy.
The Review then broke down data security in terms of purchasing power: how much a prospective internet consumer would pay to protect certain kinds of data.
The result was diverse. On average, Germans were willing to pay more across the board — most notably related to health history ($184 U.S. dollars compared to $59 in the UK). They also expressed a similar willingness to protect digital communication, credit card information and government identification ($100+ U.S. Dollars). Americans expressed the same concern over government identification, while China and India were willing to pay virtually nothing in each of the categories. In China, at least, a consensus that online activity has always been surveilled is most likely present.
“The cultures of India and China, for example, are considered more hierarchical and collectivist,” writes The Review, “while Germany, the United States, and the United Kingdom are more individualistic, which may account for their citizens’ stronger feelings about personal information.”
When looking at the history of Germany, however, a general distrust toward entities gorging on data isn’t surprising. It all goes back to the Stasi, and the Nazis before them.
Since the online advent, pushback is routine. Google faced rebuke from German lawmakers as early as 2002, when 113 websites with extremist content were scrubbed from both German and French search results. Denying the Holocaust is a felony in both countries.
This battle is also physical. Last October, amidst fears of gentrification, Google’s projected addition of a building for tech startups in the multicultural Kreuzberg neighborhood were abandoned due to outcry from local Berliners. There’s a fear that increased internet reach disrupts both public and private life, and if you peruse the streets of Berlin on Google maps you’ll find many a home blurred out because of this.
Facebook also had a difficult year in Germany. In February, a regional court determined the platform’s use of private data to be illegal. Heiko Duenkel of the Federation of German Consumer Organizations, who brought the suit, argued several default settings on Facebook violated German privacy rights.
“Facebook hides default settings that are not privacy friendly in its privacy centre and does not provide sufficient information about it when users register,” Duenkel told The Guardian. “This does not meet the requirement for informed consent.”
These are all problems the General Data Protection Regulation attempted to proactively curtail. The policy, which took nearly six years to craft and took action in May, is an overhaul in data protection across all European Union member states and the greater European Economic Area (EEA). It puts the onus on tech companies to properly obtain consent from users, anonymize collected data and ensure the protection of data across international borders.
This policy comes after an already difficult battle with Google in 2014, when European legislators fought over “the right to be forgotten.” The policy was an early attempt to allow personal information to be completely scrubbed from the internet at the request of users, who found the near-perfect memory of the internet directly restricting their ability to move on in life. Some argue the passage of the right elevates data protection to an issue fundamental to human rights.
The GDPR made ubiquitous the right to be forgotten, among other guidelines, across the 28 member states. This is especially important as Facebook houses their European data center in Ireland, a country which — prior to the GDPR — had more relaxed data protection laws.
These rights are nothing new for Germans, who have lived under the cliche of the “fearful German” for many a decade. In 1970, the German state of Hessen passed the first data protection law in the world; in 1983 the German Constitutional Court bound such protection to the German constitution. The Bundesdatenschutzgesetz (BDSG), or federal data protection act, aims to protect the rights of Germans from injury because of their personal data. In an age of invented online personalities, Germans have the “fundamental right to informational self-determination.” To be remembered or forgotten is a vital human right in the German consciousness.
It was because of German history, the battles with the Nazis and the Stasi, that the GDPR came to fruition. In anticipation, companies began barraging their consumers with updated privacy agreements; entire websites for media giants such as NPR and USA Today were simplified and restricted to account for potential breaches in EU law. At the moment, many international companies consider it the baseline for global privacy policy. Lawsuits against Facebook, its subsidiaries and Google were launched hours after the policy took effect.
The United States is already showing signs of jumping on the privacy bandwagon. In June of 2018, California’s legislature passed the California Consumer Privacy Act of 2018. The law features similar protections to those outlined in the GDPR, with added protections against “take it or leave it” systems that block users who don’t want to share their data. The law will take effect in 2020.
Even the Goliath of Silicon’s industry, Apple’s Tim Cook, is calling for national legislation to fight the invisible “data brokers” selling off user data.
“Consumers shouldn’t have to tolerate another year of companies irresponsibly amassing huge user profiles, data breaches that seem out of control and the vanishing ability to control our own digital lives,” Cook wrote in a Times magazine op-ed on Wednesday. He advocates similar consumer controls like the right to be forgotten.
“Technology has the potential to keep changing the world for the better, but it will never achieve that potential without the full faith and confidence of the people who use it,” Cook wrote. Legislators are approaching the issue with reservation.
From its origination in 1970, data privacy is continuing to gain traction as trust in the benefits our data brings us turns sour. While Facebook faces repeated questioning by investigators, one option is becoming increasingly clear: to forge data protection as a constitutional right and not merely a social concern. While investigations reveal these institutions are siphoning off more information than they’re advertising, the extent of damage that scrapping induces can seem distanced. It’s an invasion of privacy, yes; but the ramifications are oftentimes disconcerting and not alarming.
Gilbert Radulovic’s story didn’t end with the Stasi’s first investigation. A second was opened after he was found distributing punk booklets to West Berlin, his file growing as agents followed his every move and meeting. In his case, information was domination. Cambridge Analytica is a reminder of that power in our contemporary era. So in an age of transparent media, where worth is measured by follower counts and virality, perhaps it isn’t too late to turn back to our memory — and remember how good it is to be forgotten.
