Roosevelt Institute | Cornell University

The Data Conundrum: the U.S. Government and Internet Privacy

By Elizabeth ZelkoPublished October 24, 2014

Following the advent of Edward Snowden, the American public was acquainted with the exact extent of private Internet data collection by the U.S. government. As controversy rages on and the market for private data grows, the government will need to construct a definitive meaning for "Internet privacy."
By Elizabeth Zelko, 10/24/14

Data follows us everywhere. Today, on almost every major website you may visit, there is someone behind the scenes collecting information on everything you do. When you browse the internet, it's as if somewhere along the way you stepped in mud and left a trail of dirty footprints for anyone to follow. So who exactly wants this information? The answer is pretty much everyone. Facebook uses browsing data and personal information collected from your page to display customized ads, the NSA collects such data directly from the servers of Facebook and Google for surveillance purposes, and hackers seek to exploit new vulnerabilities daily (a la Heartbleed) to acquire valuable user information.

Interestingly, one organization has long predicted the rise of data collection and the need for protected internet browsing: the U.S Navy. In 2002, the U.S. Naval Research Laboratory launched The Onion Routing project, today commonly known as "Tor," which introduced a concept its creators coined "anonymous browsing." Put simply, Tor is a browser which prevents users from being tracked by sending data through a complex path of "relays." Ordinarily, data sent from one device to another must travel over the network through a series of third party devices. This means that any one of these devices has access to certain information about the data, including its size, the addresses of the sender and recipient, and sometimes the data itself.

Data travels differently over the Tor network. Every "relay" device in the network path has access to only two pieces of information: the address of the device from which it received the data, and the address of the next device in the relay. Therefore, no device knows the data's complete path and consequently cannot track the sites you're visiting, acquire personal information, or access your location. The Tor Project website gives many examples of uses for Tor, such as open source intelligence gathering (the original reason Tor was created), law enforcement surveillance of suspicious sites, and escaping censorship under oppressive regimes. The problem is that, for all of Tor's legitimate uses, there are equally many illegitimate ones. Because Tor allows its users to avoid detection and create sites which are nearly untraceable, it has become a hub for child pornography, illegal marketplaces such as Silk Road, and, famously, the likes of Edward Snowden, who leaked classified information using Tor.

The question now becomes whether the good that Tor can accomplish outweighs the bad. At the very center of this debate is the U.S. government itself. According to the Tor project's most recent financial reports, over 60% of Tor's development is funded by the U.S. Government, namely by the State Department, the National Science Foundation, and the Department of Defense. Given Tor's various applications to law enforcement and intelligence, it seems logical that the government continue to fund its development. On the other hand, the NSA has also spent several years and significant resources trying to destroy it. This also makes sense, since Tor undermines the NSA's ability to conduct surveillance via Internet data collection. This is especially of concern since Tor protects some of the internet's worst offenders.  Ultimately, this means that the government is both attempting to build up and destroy the Tor project using U.S. tax dollars.

The issue of Internet privacy has only started to gain nationwide attention and will get progressively more tangled as the internet grows and data collection becomes more sophisticated. If the government does not take the time now to develop regulations or policies regarding privacy on the web, it is likely that the Internet will grow out of their control. If it decides to protect the right to browse the web freely and anonymously, legislators must also consider that they will be enabling criminals to operate beyond the reach of the law. If they choose to enact such a policy, they could propose a less invasive way to police cyberspace, or require warrants to access data in the same manner warrants are required to search property. Conversely, the government could choose to adopt a policy of transparency in which people are required to track and make accessible a certain amount or subset of their internet data. Nevertheless, while the government continues to support both sides of the argument, it is only inviting chaos. The longer two such agendas are allowed to cancel out the actions of the other, the more effort will be wasted trying to implement two policies which cannot reasonably coexist.