The right to privacy has traditionally been considered a domestic issue. Countries have enshrined their citizen’s right to privacy in various constitutions throughout the globe. Democracies such as the United States have enshrined the right to privacy in constitutions, while judiciaries in countries such as India have made attempts to counter the strengthen safeguard on citizen’s privacy. Threats to privacy by governments have usually been addressed through protest and domestic reform by citizens of said country. In today’s digital age, the attack on peoples’ privacy by foreign forces has accelerated to a point where countries have not been able to protect their own citizen’s personal information and privacy adequately.
The dilemma before countries who have fallen victim to the anonymous nature of cyberspace is how to address a threat in a digitally over-dependent society, which is becoming increasingly problematic due to technological advances. Studies have shown that 80% of millennials will continue to trust and share personal information online on networks owned by companies entrusted to store their information securely. Some have dubbed this problem “the end of privacy” and simply see the right to privacy in the digital world as a “lost cause.” This theory contends that how private information is gathered is no longer important and that countries should focus on the how our data is used after its collection. They believe the solution is for countries to “regulate what organizations and governments can actually do with our data.” This policy would make organizations inside countries legally liable for the data they collect from people using their services.
Both this theory on the use of people’s private information in the digital age is missing the forest for the trees. Privacy is a thing of the past, no matter what network any country’s people find themselves connected to. This is an inherent consequence of society’s widespread use of digital technology. Restricting how private data is collected or used does not solve the problem of countries’ inability to react to threats to private data and protect the data already being stored and used. Rather, the bigger threat to privacy is not coming from within countries due to a lack of domestic regulations or oversight resulting in misuse, but from outside countries due to lack of cyber deterrence and protection.
Countries are experiencing an increasing number of security breaches by seemingly unknown foreign actors. Last May, French elections fell victim to Russian digital intrusions. North Korea was suspected to be behind the massive WannaCry ransomware attack that hindered the United Kingdom’s business sector and National Health Service (NHS) with damages being estimated at $4 billion. Russia’s biggest anti-virus software developer, Kaspersky Lab’s, has recently been attributed to assisting in Russian espionage against the United States, creating more legal and ethical implications for the privacy of those who use Kaspersky’s software. Private information in the form of data whether being stored by businesses or governments is under attack around the globe. The solution for such threats to citizens’ privacy and private information is rooted in their country’s ability to protect them from outside threats to this information.
Deterring cyberattacks has recently been considered to be the best way to thwart the threat to foreign cyber attacks. But to adapt Thomas Shieling’s theory of deterrence, countries must be more willing to voice their opposition to foreign threats and efficiently follow up with conventional force. Failure to deter foreign cyberattacks threaten the very foundations by which the right to privacy is supported. According to Susan Hennessey, a fellow in National Security Law at the Brookings Institution, responses to cyber attacks need to contain less ambiguity and clearer lines which foreign threats must not cross. Governments must be willing to act, more publicly, and more aggressively in response to those threatening the private information and fundamental rights of their citizens.
Democracies like the United States who tout their right to privacy and the protection of this right have been insufficient in responding to cyber attacks resulting in a failure of deterrence. This is evident by the lack of public response to the hacking of the 2016 presidential elections. The Obama administration did declare a “proportional response” to Russian cyberattacks, leading to the ejection of 35 suspected Russian intelligence operatives. It is noteworthy though that this response was only after the “line” had been crossed and failed to deter an attack on American networks. American cyber deterrence adaptation came after the Trump Administration’s new cybersecurity plan. Democratic governments can protect the right to privacy through codifying privacy rights in constitutions, and citizens through their right to protest in defense of their privacy. However, countries must adapt their conventional safeguards to deter the unconventional threat facing their networks before attacks happen. Only then can countries debate privacy issues within their country.
Kevin Hill is a graduate student pursuing a Master’s in Diplomacy and International Relations. He specializes in international security and foreign policy analysis and is currently working on research analyzing the vulnerability of states’ cybersecurity.