Permanent Record(100)

In my current situation, I’m constantly reminded of the fact that the law is country-specific, whereas technology is not. Every nation has its own legal code but the same computer code. Technology crosses borders and carries almost every passport. As the years go by, it has become increasingly apparent to me that legislatively reforming the surveillance regime of the country of my birth won’t necessarily help a journalist or dissident in the country of my exile, but an encrypted smartphone might.



* * *



INTERNATIONALLY, THE DISCLOSURES helped to revive debates about surveillance in places with long histories of abuses. The countries whose citizenries were most opposed to American mass surveillance were those whose governments had most cooperated with it, from the Five Eyes nations (especially the UK, whose GCHQ remains the NSA’s primary partner) to nations of the European Union. Germany, which has done much to reckon with its Nazi and Communist past, provides the primary example of this disjunction. Its citizens and legislators were appalled to learn that the NSA was surveilling German communications and had even targeted Chancellor Angela Merkel’s smartphone. At the same time, the BND, Germany’s premier intelligence agency, had collaborated with the NSA in numerous operations, even carrying out certain proxy surveillance initiatives that the NSA was unable or unwilling to undertake on its own.

Nearly every country in the world found itself in a similar bind: its citizens outraged, its government complicit. Any elected government that relies on surveillance to maintain control of a citizenry that regards surveillance as anathema to democracy has effectively ceased to be a democracy. Such cognitive dissonance on a geopolitical scale has helped to bring individual privacy concerns back into the international dialogue within the context of human rights.

For the first time since the end of World War II, liberal democratic governments throughout the world were discussing privacy as the natural, inborn right of every man, woman, and child. In doing so they were harking back to the 1948 UN Universal Declaration of Human Rights, whose Article 12 states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.” Like all UN declarations, this aspirational document was never enforceable, but it had been intended to inculcate a new basis for transnational civil liberties in a world that had just survived nuclear atrocities and attempted genocides and was facing an unprecedented surfeit of refugees and the stateless.

The EU, still under the sway of this postwar universalist idealism, now became the first transnational body to put these principles into practice, establishing a new directive that seeks to standardize whistleblower protections across its member states, along with a standardized legal framework for privacy protection. In 2016, the EU Parliament passed the General Data Protection Regulation (GDPR), the most significant effort yet made to forestall the incur sions of technological hegemony—which the EU tends to regard, not unfairly, as an extension of American hegemony.

The GDPR treats the citizens of the European Union, whom it calls “natural persons,” as also being “data subjects”—that is, people who generate personally identifiable data. In the US, data is usually regarded as the property of whoever collects it. But the EU posits data as the property of the person it represents, which allows it to treat our data subjecthood as deserving of civil liberties protections.

The GDPR is undoubtedly a major legal advance, but even its transnationalism is too parochial: the Internet is global. Our natural personhood will never be legally synonymous with our data subjecthood, not least because the former lives in one place at a time while the latter lives in many places simultaneously.

Today, no matter who you are, or where you are, bodily, physically, you are also elsewhere, abroad—multiple selves wandering along the signal paths, with no country to call your own, and yet beholden to the laws of every country through which you pass. The records of a life lived in Geneva dwell in the Beltway. The photos of a wedding in Tokyo are on a honeymoon in Sydney. The videos of a funeral in Varanasi are up on Apple’s iCloud, which is partially located in my home state of North Carolina and partially scattered across the partner servers of Amazon, Google, Microsoft, and Oracle, throughout the EU, UK, South Korea, Singapore, Taiwan, and China.

Our data wanders far and wide. Our data wanders endlessly.

We start generating this data before we are born, when technologies detect us in utero, and our data will continue to proliferate even after we die. Of course, our consciously created memories, the records that we choose to keep, comprise just a sliver of the information that has been wrung out of our lives—most of it unconsciously, or without our consent—by business and government surveillance. We are the first people in the history of the planet for whom this is true, the first people to be burdened with data immortality, the fact that our collected records might have an eternal existence. This is why we have a special duty. We must ensure that these records of our pasts can’t be turned against us, or turned against our children.

Today, the liberty that we call privacy is being championed by a new generation. Not yet born on 9/11, they have spent their entire lives under the omnipresent specter of this surveillance. These young people who have known no other world have dedicated themselves to imagining one, and it’s their political creativity and technological ingenuity that give me hope.