The vulnerability of information and technology infrastructures is becoming more visible and alarming by the day. Earlier this year, two separate malware outbreaks – WannaCry and Petya – affected hundreds of thousands of people and organisations around the world. WannaCry crippled over 230,000 computers across 150 countries, with the UK’s National Health Service, Spain’s phone giant Telefónica and Germany’s state railways among those hardest hit. Thousands of machines running on Windows, including ATMs, ticketing machines, hospitals and numerous industrial control systems across the globe were also compromised. First reported in Ukraine, Petya affected government services, banks and power utilities, along with Kiev’s airport and metro system. The radiation monitoring system at Chernobyl was even taken offline for fear of an attack. Petya also affected operations at India’s largest container port JNPT, in Mumbai; data put out by Symantec suggests that India was the worst affected country in Asia.
Researchers initially blamed the shutdown on ransom-ware – which seeks to make money by holding data hostage unless the victim pays a hefty ransom fee. But soon after, a bleaker conclusion emerged – that the malware was a ‘wiper’ with the objective of permanently destroying data. The aim, in other words, was to create chaos. Earlier this year, data of 17 million Zomato users was stolen in India and supposedly re-sold on the dark web. An IBM-Ponemon Institute 2017 study notes that the average cost of data breach in India has grown from Rs 9.73 crore in 2016 to Rs 11 crore in 2017. And, as a report by the Centre for Internet and Society, New Delhi, notes , the Aadhaar numbers of over 13 crore people and bank account details of about ten crore have been leaked through government portals in India because of poor security practices.
At the same time, human dependency on these very systems is increasing. At an individual level, Fitbit and other such devices tell users if they are walking enough, eating too much or sleeping soundly. Many people would be lost without Google Maps, even in cities they call home. As technology becomes more invisible and omnipresent, and interactions more seamless – think Alexa or Siri – the dependency will only increase. At a social level, people already increasingly rely on social media platforms to make friends, find jobs, decide where to go on holiday and even make electoral choices. For many, social media is the primary portal to the internet. In rural India, for example, Facebook is typically the platform through which most users access the internet. With the Internet of Things, 26 billion devices will be connected around the globe – smart appliances will communicate with each other and preemptively respond to user preferences, and public utilities will be integrated and made responsive to population movement and consumption patterns. The dependency is so great that some studies have noted the rise of ‘digital amnesia’ – people are beginning to use their computer devices as extensions of their brains and in the process, are ready to forget important information in the belief that it can be immediately retrieved from a digital device. Such dependency amid such vulnerability seems unwise. Yet, in India, as in some other parts of the world, this dependency is in fact being mandated and enforced by the state – from demonetisation and the push to digital finance, to the Aadhaar number and India Stack (a series of connected systems that allow people to store and share their data).
Indeed, data is the new oil. A staggering 90% of the world’s data has been created in the past four years. When the dot-com bubble burst in the late 1990s-early 2000s, Silicon Valley desperately needed a new business model. Then, in 2001, the World Trade Centre was attacked in New York, convincing the US government that its traditional methods of intelligence gathering were no longer working. Julia Angwin, in her book Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance, convincingly argues that the coincidence of these two events created a common interest between government and technology companies to track Internet behaviour. Both the US government and Silicon Valley technology companies “arrived at the same answer to their disparate problems: collecting and analysing vast quantities of personal data,” writes Angwin. This confluence of interest, she argues, led to the birth of the ‘surveillance economy’. ‘Cookies’ became central to this new model, as they tracked web users across sites and collected data on individuals.
Growing amounts of data and technological advances have now ushered in an era of ‘Big Data’, allowing advertisers to not only provide curated product suggestions, but also predict present and future preferences and capacities. Most websites now have a tracker inside: at any given time, unless a user’s browser is protected by a robust anti-tracking extension, the personal computer is making between 50-100 connections – if not more, and without consent or prior knowledge – to other websites that track, store and share data. Consent in fact is rendered almost irrelevant – it is almost impossible to obtain consent from an individual when data that is collected can be used for multiple purposes by multiple bodies. It is further rendered meaningless with the Internet of Things – billions of devices will be connected and sharing data, but the data may not always be encrypted, making it easily vulnerable to third-party usage.
As people create their digital selves – making profiles, listing habits and preferences, choosing to ‘like’ and ‘retweet’ certain items – they allow business to extract value from their preferences, personality, lifestyle, relationships and ambitions. Social media presence has itself been commoditised by companies that measure influence on social networks and give chosen users ‘perks’, or free products from various brands, ostensibly piggybacking on the users’ ‘reach’. Facebook is unsurprisingly a prime staging ground and profiteer in the surveillance economy. A recent speaker at the Aspen Ideas Festival shared a story that highlights how the surveillance economy in fact exploits our deepest vulnerabilities. Concerned she might have a drinking problem, she searched on Google for symptoms of alcoholism; a few hours later she received an advertisement on Facebook for her local liquor store.
Technology companies also adjust pricing and product promotions on the basis of past buying history and known traits – Amazon, for example, differentially prices goods depending on pin code and expected income level. Last September, Google received a patent on technology that lets a company dynamically price electronic content. For instance, it can push the base price of an e-book up if it determines that a shopper is more likely to buy that particular item than an average user; conversely, it can adjust the price down as an incentive if the user is judged less likely to purchase.
The current business model for many websites thus offers ‘free’ content in exchange for personal data. But, in the process of volunteering data for free, users have become the labourers of the digital economy. Writing about immaterial labour in the mid-1990s, Maurizio Lazzarato warned that capital’s grip would only grow tighter as it sought “to involve even the worker’s personality and subjectivity within the production of value.” In 2012, Facebook reached more than one billion users and generated revenue of $5.1 billion. It is the first social media website to be traded on the stock exchange wherein all content on its site is created by its users. Might what users do on Facebook be called a form of work? A recent and very popular campaign, titled wagesforfacebook.com, is worth quoting at length: “They say it’s friendship. We say it’s unwaged work. With every like, chat, tag or poke, our subjectivity turns them a profit. They call it sharing. We call it stealing.” The point is not to demand actual wages from Facebook, but to initiate a way of thinking, a political posturing, that recognises how its users have become the subjects of their own commodification.
Despite the fact that less than 40% of India’s population is online, the sheer size of the Indian population means that India has one of the highest numbers of internet users. Most of the data generated, however, is held in servers outside Indian borders. The top five data storage facilities are in the US; and more than half of the world’s rentable cloud storage is controlled by four major corporations – Amazon, Microsoft, IBM and Google, each of which adopts a similar global pattern of server farms. India is thus one of the largest exporters of data worldwide, and with rural India being ushered into the digital economy via social media platforms, on shared devices and often without knowledge of, or access to, privacy software, this trend is poised to continue. To make matters worse, India does not have a data protection regime, which means the interactions with social media apps are governed only by a contract – or the dense and often overlooked terms of service. And again, the state seems to be interested in institutionalising the commodification of personal data – already, organisations in India are looking to build new businesses on the capabilities of Aadhaar and India Stack. The Economist reports that venture-capital firms are funding hackathons to encourage software developers to come up with new ways to use the technology.
So, as TV news channels report on the ‘most-watched videos online’ and hashtags are the new symbols of protests across the world, the online and offline worlds are getting increasingly enmeshed. Governments are furthering this enmeshment as they digitise governance services and make “citizenry” conditional on digital enrolment. But this system is deeply fragile and vulnerable to external shock and disruption, and this is without even bringing in the geopolitics of cyber security. And the real rot lies within – people are dependent on a system in which they are themselves the labour, in which their subjectivities and relationships are being commoditised and sold back to them.
Where is this headed? Probably a tiered internet, where the rich can afford secure internet, accessed through VPN networks and patched with the latest browser extensions to keep hackers, trackers and advertisers at bay. This is already happening of course, with most major newspapers now offering either a monthly subscription option or a free-service with advertisements; the paid-for content is typically of much better quality as well. The rich will also insulate themselves from day-to-day digital dependencies; many in Silicon Valley send their children to tech-free schools and digital detox programmes are booming across wealthy cities around the world. Netropolitan, the “Facebook for the rich”, which had a $9,000 joining fee and promised no advertising, closed down eventually but was probably premature. The masses, on the other hand, will be unable to afford their freedom or privacy and will continue to perform digital labour – accessing the internet through insecure free servers. Without the knowledge or financial means to safeguard their data, they will mine their own preferences, so that products can be continued to be sold back to them. At least click-workers – that other set of invisible and exploited labourers supporting the internet – get paid for their work, albeit often less than a decent wage.
Headed down this road, the internet will soon become the staging ground for a new kind of class war. Unless, of course, societies choose the more sensible route of recasting the internet as a critical public utility, revisiting government initiatives that parcel citizenship and economic participation into a digital bundle, implementing stringent data protection laws, investing in robust security infrastructure as a prerequisite not an afterthought and finally, on a broader level, recognising technological trajectories as social choices that should not be left to market forces alone, even if in the name of innovation.
This article was originally published in Digital Debates, CyFy Journal (4): 2017; Observer Research Foundation and Global Policy.
Urvashi Aneja is the director of Tandem Research, research fellow at the Observer Research Foundation, and associate professor at the Jindal School of International Affairs.