Privacy scholars and activists were worried about surveillance capitalism at least as far back as 1995, when DoubleClick was founded. We tried to warn the public before it was too late, but mostly failed, at least in the U.S.

What went wrong?

Privacy advocates correctly feared that only a privacy Pearl Harbor could stir public action. It took two⁠—the Snowden leaks & Cambridge Analytica—plus the unending onslaught of privacy scandals and the public's realization of the power that big tech has over our everyday lives.

Many groups dropped the ball, including academic computer scientists. Imagine if CS curricula had started emphasizing the ethical implications of digital tech decades ago. The kinds of employee protests we’re seeing today could have happened early enough to shape tech culture.

In the U.S., privacy scholarship, activism, and regulation has traditionally had a strong focus on government surveillance. The realization that corporate surveillance is a bigger threat — and that even governments today piggyback on commercial data collection — came too late.

Regulators in the US seem to start from the view that if it leads to lower prices it's probably a good thing, which is maddening for privacy advocates. Who can argue with free? Only after Cambridge Analytica did people realize that the countervailing value is democracy itself.

Absolutely. I lead a research team that aims to discover and expose online privacy violations. At first we were surprised that the most devious privacy violations we found got the least press. Then we realized it's because they are too hard to explain!

https://twitter.com/BethanCantrell/status/1155157859492978688

Another factor is the speed of the tech. The environmental movement took several decades to fully gear up. The digital privacy movement hasn't had that luxury.

Most privacy advocacy comes without a clear call to action, except to be careful with your data. Instead of putting the burden on individuals, we should enable collective action, such as privacy-respecting apps built by nonprofits who use their revenues for pro-privacy lobbying.

My goal in this thread wasn't to point fingers. Rather, I wrote it because privacy won't be the last issue where we'll need to deal with the negative impacts of tech, and we should learn from the missteps we've made. Many other tech ethics challenges are coming — let's be ready!