How privacy activists sold our sovereignty
Apple and Google have blocked updates to the NHS app. Who gave them this right?
Privacy activists have been shocked to discover that Google and Apple can dictate to governments the design of their health apps, while anonymous engineers in Silicon Valley create policy with far-reaching social consequences for British citizens. Shocked, perhaps, like Captain Renault in the movie Casablanca, who needed to proclaim very loudly his dismay at discovering ‘gambling is going on in here’, while he pocketed his winnings. For this is a power arrangement that many privacy campaigners worked hard to achieve, in a battle they won in the UK a year ago.
The NHS has found this week that updates to its digital apps have been rejected by Google and Apple’s app stores – gatekeepers to the mobile world – as they were deemed to breach their privacy terms. Sovereign states who signed up to the Google-Apple ‘privacy protecting framework’ for contact-tracing must now sit like children on the naughty step, awaiting parental approval. And before you applaud that someone – anyone – is irritating a government that seems so reluctant to return us to freedom, and is toying with ‘vaccination passports’, there is a point or two to consider.
Not all countries chose to comply with the fait accompli for contact-tracing apps that Google and Apple and our digital intelligentsia thrust on politicians last April. The list includes liberal democracies that take privacy seriously. A leading French privacy technologist told me he was delighted his country had not surrendered to Google and Apple’s terms, which the platforms had insisted were a necessity. India and others had been able to retain what they called ‘digital sovereignty’ – retaining the ability to make decisions. Their developers could ensure, for example, that the entire app was fully open source and transparent (while what goes on behind the Google-Apple API is opaque, a mystery).
What the story reveals is a peculiar state of mutual interdependence between tech giants and our digital intelligentsia. Activists and academics (and activist-academics – it’s hard to tell the difference in this incestuous world) not only developed the Google-Apple interface, effectively handing Big Tech enormous political control – they then lobbied furiously for it too, while claiming to be dispassionate, disinterested experts. This self-appointed priesthood viciously dismissed an emerging standard which would have allowed elected politicians to retain some control, and answer to us for their decisions. The UK had tried to go its own way, like France, but threw in the towel. Some activists even claimed new conflicts at the Irish border would arise if we didn’t dutifully troop into the Google-Apple compound.
It comes as no surprise that privacy activists tend to make Big Tech stronger, for that’s about all that their signature legislative achievement – the European Union’s GDPR regulations – has managed to do. Trillions of popups have been batted away since it was introduced in 2018, but our privacy has not been enhanced, and Big Tech has gone from strength to strength. Few would mourn this hated and ineffective law if it were repealed tomorrow. Like GDPR, Google and Apple’s rejection of the NHS app reveals how symbiotic the Privacy Priesthood and Big Tech have become, and how much they depend on each other for their authority and influence.
Could money be behind this mysterious symbiosis? It’s true that many privacy researchers now depend on the tech giants for their grant funding – and the fact that the lead developer of the breakaway specification which eventually became the Google-Apple API had just received a $75,000 award from Google doesn’t make for great optics. Via the cy-près settlements in the United States over the past decade, many privacy and ‘digital rights’ NGOs and academic departments became accustomed to receiving Google and Facebook cash. They sued the tech companies, then received settlement payouts that they ‘kept largely for themselves. But this isn’t really about the money.
Our digital intelligentsia in liberal-academic civil society now luxuriates in a role which it often professes to despise. Tech civil society has conditioned itself to be very alert to abuses of privacy by nation states, but it is more relaxed about the same abuses by tech corporations. Yet nation states can be made to be accountable to the public, their behaviour proscribed and limited. By contrast, nobody voted for Google, and it isn’t even accountable to most of its shareholders, pioneering the two-tier equity model (recently endorsed in a review for the government by Lord Hill) that means most shareholders can’t vote on anything that matters.
Now imagine a world where the individual is sovereign, and an individual owns their data as much they own their body, or the poetry and songs they write. Even the smallest, most minimal state – a minarchy – can ensure that its bureaucrats and law-enforcement agents are accountable. Why can’t we? Partly, perhaps, it’s because individual data ownership is an idea many privacy activists seem to fear and despise. Partly, too, because we cynically expect institutions to do their worst, so they live down to our low expectations. And partly it’s because the digital intelligentsia still hankers after a pirate utopia, and sees Big Tech as their allies and enablers.
New thinking and ambitious new goals are needed in making both politicians and Big Tech accountable for how they use data. It just isn’t clear that our Privacy Priesthood – or very many members of today’s tech civil society – can begin to provide it.
Picture by: Getty.