How Our Data Became Weaponised

The end of the 20th Century marked a period of uncommon optimism, at least if you were on the side of liberal democracy. The fall of the Soviet Union in the early 90s was feted as a turning point: the political idealogical battles that had marred that century had been fought and won — comprehensively.

The political scientist, Francis Fukuyama, famously heralded this departure with the bold assertion that this marked ‘the end of history’. His thesis contested that liberal democracy was the ultimate form of government and universal attainment of this was not only the desired outcome but the most likely. He posited that this tipping point had already been achieved and thus everything else would be a historical postscript.

At the same time, the internet was about to enter widespread adoption and usher in ‘the age of information’. With the free flow of ideas, opinions, and data, against a backdrop of growing globalisation, there was a sense that the world wide web would be boundless and borderless and impervious to censorship. That the internet in, say, Europe or the US would be the same as China, Russia, or Iran. Bill Clinton, in 2000, even rubbished the idea of the Chinese government trying to police the internet as ‘like trying to nail Jell-O to the wall’.

With hindsight, we can now see how this optimism bordered on naivety. What’s more, it underestimated the will and survival instincts of one-party authoritarian states to hold onto power. The CCP, for example, rose to Clinton’s challenge and concentrated a huge amount of its efforts into its Great Firewall in the early 2000s, limiting online access to content it deemed subversive.

But there was another fundamental sea change at the turn of the millennium  — September 11th. The terrorist attacks that day precipitated the digital revolution into becoming a means for monitoring. In their aftermath, efforts naturally centred around preventing the next tragedy, and a host of legislation was passed that gave access to intelligence agencies in the US to eavesdrop on would-be terrorists — what would become known as ‘Total Information Awareness’. This apparatus would broaden during the war on terror to encompass surveillance on all citizens, guilty or innocent. For many, this was an overreach and overreaction.

At around the same time, private companies such as Google began harnessing information on its users (through cookies and the like) to turn into behavioural data. Handy tools to predict what a consumer might buy next if the right advertising prompts were placed in front of them. This ushered in what came to be known as ‘surveillance capitalism’ (coined by Shoshana Zuboff), where your personal data was treated as a commodity by tech companies. This won’t be news to anyone who’s fleetingly familiar with the business model of, say, social media companies. What’s more surprising is that we gave over this information so willingly.

Arguably, it was a mix of ignorance on the part of consumers and sclerotic action on behalf of legislators that led to this complacency. For example, it took the European Union’s personal data regulation, GDPR, until 2018 to be implemented. And beyond a more jarring browsing experience, it remains vague how effective it’s been in protecting our data. That’s not to say that Big Tech’s obfuscation of its practices and preoccupation on profit didn’t contribute to this climate.

As our lives moved irrevocably online, framed on one side by a permissiveness to online snooping in the name of national security, and, on the other, passivity towards an unregulated Silicon Valley big data gold rush, it set the tone for what would happen next. And this inertia stands to reason — why withhold data if we have nothing to hide, and what possible value could there be in one’s everyday activities? But it opened the door to a question — by knowing exactly what you’ve done, can we predict what you’ll do next? In this instance, there is a twofold benefit for being able to anticipate future actions: commercial as well as criminal. Can I sell you something based on your interests, or can I prevent you from committing a crime? In short, can I influence or control you?

Whilst these appear to be disparate ends, as technology proliferated and became more dominant in our lives, that line came to be blurred and then weaponised. Ultimately it depended on who was seeking to exploit this data — a commercial entity, a state, a regime, an ideology. Eventually the two would wholly converge or, at least, become indistinguishable from each other.

The Arab Spring in 2011 was arguably the first widely reported case of online activity impacting the ‘real world’. Through social media, the population was able to amplify their plight as well as mobilise. This was social media at its best, and perhaps Fukuyama’s prediction come true. Unfortunately, the rejection of authoritarian rule and a push for democracy in Arabic and Middle Eastern states largely failed. It did, however, serve as an alarm for dictatorships worldwide — online actions could have large scale real-world effects and be a threat to one’s rule. Data would now become a way of tracking your dissent. Monitoring and ring-fencing content that might stoke political unrest would now become a political priority. In some instances, a matter of regime survival.

Whilst the Arab Spring demonstrated that online activism could alter and influence geopolitics, a scandal with interference at the heart of elections for financial gains was to emerge.  In 2018, The New York Times and The Guardian broke the story about Cambridge Analytica. A company that gained thousands of data points across millions of unknowing Facebook users. They then packaged this information to microtarget campaign messaging at them, having tracked what was most likely to influence users in elections. Cambridge Analytica’s interfered with several elections worldwide, most notably the 2016 US presidential election.

The scandal further muddied the world of surveillance capitalism, and the lawlessness of the data economy. The worlds of commerce, security, and politics were now inexorably intertwined. Whoever was motivated, savvy, and well financed enough could exert influence. But the 2016 US presidential election brought another unwanted reality to the public consciousness — that foreign states (Russia in this instance) — could interfere in democratic processes, and not in some circuitous way, but straight into our feeds. Of course, foreign election interferences were hardly new, but using social media to try and sway the electorate was something of a novelty, at least to the broader public.

In 2018, and in direct response to the Cambridge Analytica scandal, there was something of a reckoning for tech companies when they had to face members of the US Congress. But apart from public dressing downs for the CEOs, there was was little in the way of recriminations for companies that collect and sell data. They had simply grown too rich, powerful, and ubiquitous.  That they had an outsized influence on public discourse and, by proxy, their voting outcomes, seemed to mean little. And neither comprehensive legislation to curb their influence or unanimous boycotting from their user bases were ever meaningfully enacted or achieved.

The data economy is so lucrative, cottage industries have emerged — such as data brokers — that buy, exploit, and often sell-on their learnings to other unaccountable entities. What’s considered surplus is fed into machine intelligence that further mines any value from it.

Meanwhile in China, not only had the Great Firewall succeeded with a prescriptive version of the internet being the de facto one, datasets had been compiled which would inform their infamous ‘social credit score’. This means of social control though algorithmic rankings and underpinned by their powerful ‘Skynet’ CCTV network, with cameras numbering northwards of half a billion. Alongside other measures, the CCP had achieved the most successful and sophisticated mass surveillance apparatus aimed at its own citizenry the world has ever seen. It is the envy and the blueprint for any autocracy that wishes to stifle dissent and enforce strict social control.

Concurrently, private companies have began working in lockstep as contractors with governments to refine and broaden their spying capabilities. Like most government contracts, it’s incredibly lucrative. These companies don’t often discern between states that align with democratic traditions and those that don’t. However, even states that are ostensibly democratic have also been known to use them. In this maelstrom, activists, politicians, journalists, have all been targeted. In short, anyone who can make a difference.

In recent years, as geopolitical hostilities have escalated, cyber attacks, hackings, data and financial theft, and have become more common — often in lieu of outright aggression. Mostly committed by gangs that are state-sponsored or state adjacent — leaving a degree of separation for plausible deniability. These are complex and sophisticated attacks that cause widespread disruptions to integral infrastructure.

It’s easy when confronted with all this to feel a sense of hopelessness with the current state of affairs. Particularly when recalling that misplaced sense of optimism at the turn of the century. A mix of carelessness and greed got us to where we are, and, so far, there hasn't been an appetite or pressure for systemic change. And as with anything that becomes entrenched or ubiquitous it becomes harder to imagine an alternative. As the stakes get more severe, it may be time to start imagining and building its successor. But this time, marshal a sense of pragmatism alongside that optimism.