Interrogating “privacy” in a world brimming with high political entanglements, surveillance, interdependence & interconnections

1 Introduction & orientation

More than 4 decades ago, Sociologist Daniel Bell in “The Coming of Post-industrial Society” [1] attempted to draw people’s attention to the impending transit of the United States’ from a smoke-stack, assembly line-industrial economy to something different -- quite different, a knowledge intensive creative economy, where entirely different skill-sets than those the ‘educational factories’ were dispensing to “future workforces” would be needed. Fundamentally, Information and Communications Technology (ICT) tool-chest dominated ‘knowledge creation’ economies were going to present different societal challenges.

24 years later, at the dawn of a new millennium, Sir Leon Brittan, then Vice-President of the European Commission, speaking at the EU-Japan Cooperation Week in Tokyo lamented that the European Community was “…managing a difficult transition to becoming post-industrial societies with aging populations” [2]. To be sure, in his speech, Sir Leon was surely not ruling out mal-adjustment among other nations outside the European Community. From germane observations, 20 more years beyond Sir Leon’s speech that day, all are still wrestling poorly with key transitional pathways into post-industrial societies.

History will judge humanity as not having been well equipped to deal with the self-created problems of the industrial world [3]. Could we blindly expect humankind to be anticipatory, and be prepared to deal with challenges we summon and make plain in a post-smokestack world? Beyond the historicity of the Industrial Revolution’s burning waters itself, is that ever unfamiliar ‘transition phase’ from one world into the next, where aging and inadaptive populations, failing educational systems and new skill-set demands, new thought directions, failure to systemically understand changes occurring at societal components,¹ and associated interfaces² have only exacerbated running issues related to Personal Privacy and Security.

Privacy is a deeply misunderstood concept³; one that is experienced, protected, defended, adjudicated, and enforced in highly inconsistent ways across legislative, judicial, cultural, linguistic, economic, social, racial, ethnic and inter-national boundaries. Likewise, and to make matters worse, generally, parties fail to understand and to represent correctly, the linkage/relationship between privacy and security in models spoken of, or in those models that are employed in society. This aforementioned lack of understanding and representation is at least in significant parts, connectable to states of global transitions to informational societies, and attributable to our inability to transit, and acclimatize to a post-industrial world. Collectively, given the aforementioned paradoxes,⁴ where, pervading failures to understand the meaning of Privacy, and failures to properly orient Privacy actions and reactions to necessary security concepts and constructs, combined with shortfalls in each of our ‘very personal configuration,’⁵ make for exceedingly potent barriers to clarified and universal expressions of Privacy as a desired and cherished value in societies. Our ‘personal configuration’⁶ tends at least be a significant barrier to organizing and building Privacy relations with others in the world. All shortfalls in our ‘personal cultivation’ therefore, lead to a strengthening and amplification of the difficulty we commonly have toward affirming and promoting Privacy and Security ideals in our individual living environments.

Former U.S. Supreme Court Associate Justice and social justice champion Louis D. Brandeis left behind some resplendent perspectives for contemporaries, and to aid future Americans and people in the world over, some fertile thoughts and stable directions toward societal regularization and commeasurement, and essential themes and concerns to one’s personal cultivation to chance a more ideal “personal configuration” for all. One such thought of Brandeis was to urge U.S. States and their respective populations to address critical constitutional, political, and societal maladies through entrepreneurial experimentation and political risk management. Brandeis represented this thought through a dissent he had formed, hoping that by such experimentation, accompanying experiences and learning would expose all - to more qualities befitted to maintaining a stronger, more idyllic republic, and would collectively leave behind a stronger people. Nonetheless, in the same breath, he acknowledged how difficult a task such ‘experimentation’ would likely be, without an appropriate ‘personal configuration’ and the need ‘to be measured’ in the course of experimentation itself. Delivering his dissent, Brandeis emphasized, “[t]o stay experimentation within the law in things social and economic is a grave responsibility…” and added, “[i]n the exercise of this power, we should be ever on guard lest we erect our prejudices into legal principles. If we would guide by the light of reason, we must let our minds be bold” [4]. Apart from other things, society is forced to have to look to Brandeis again, if we are to follow his counsel and place into practice - those means to defend against the injection of “our prejudices into legal principles” capable of easing the disappearance of fundamental human rights everywhere. In, and for similar endeavors, Brandeis directed that “[t]he first essential of wise and just action is knowledge” [5]. Therefore, following a beckoning from Brandeis, and to infuse several Privacy fundamentals as an introduction to the totality of the information from our valued contributors to this Special Issue on Privacy and Security, this Editorial Chapter shall aim to present a more wholistic and foundational understanding of Privacy attributes - universally desirable among the participants in the “Fourth Industrial Revolution” [6].

This writing will examine “un-fused” aspects of Privacy; composings of human evolution, nature of our ‘civilizing;’ personal constitutions and degrees to which we think ourselves to be civilized, our behaviors, organizations, national and cultural identities, personal preparation and coping abilities in the face of rapidly evolving technologies, shifts in labor forces, systems of governance and governments. Consequentially, this collection of thoughts will not be a preoccupation with listing all the latest information system’ compromises/penetrations, or how many of those compromises/penetrations occurred in this past year, rather, it will be a representation of certain Privacy and Security aspects that are not often discussed. For example, by taking account of the many Socio-Economic-Political happenings in India and the country’s rich history, we begin to understand the Privacy and Security imperilment the nation and her people now face, despite the ‘global waypost’ of a Privacy ruling rendered by the Supreme Court of India [7]. Also, a brief background examination to Privacy related developments in Rwanda, in a post genocide time is included. Lastly, a significant portion of this writing will be devoted to an examination of Privacy/Security values and the human dimension. Examinations will attempt to cover broadly, some of the Digital Century’s “Human Resource” (HR) challenges in terms of “organizing” to protect Personal Privacy, and “organizing” to ensure the Security of sensitive information. Contextually, the author will aim to highlight specific factors deemed to be detrimental to the composition and retention of effective, productive, and efficient ‘knowledge teams.’ The examination will also inspect how interconnection and interdependence of “information age” HR challenges are expected to affect institutional abilities to leverage capacities judiciously, capabilities, and resources gravely to protect and preserve Personal Privacy and Information Security for the future.

2 Interrogating “privacy”

Does Privacy know, who, or what, Privacy is? Since a conversation with “Privacy” per se is impossible, the next most logical step must be one aimed to catechize ourselves on the subject of Privacy. We must examine the very nature of our frangible understanding of Privacy, the texture and temperament too. Let us begin with Annabelle Lever’s sentiment relating to the general difficulty and the inability to gain the pulse of Privacy. Lever says, “the challenge of providing a philosophically satisfactory account of privacy—assuming that such an account is possible—is to find some common starting point from which we can articulate and evaluate competing intuitions and perspectives on privacy—on what it is, on how it differs from related concepts such as liberty, on whether it is valuable, and on whether it deserves legal protection as of right. Otherwise, we are left with the trading of intuitions, which dominates much of the philosophical literature on privacy…” [8].

This author could certainly agree with at least one aspect of Lever’s writings, which is, we have mainly been trading intuitions this far, and we shall continue to do the same for a lot longer, unless some strong intellectual horsepower is applied to the problem. There are solid pathways by which, productive and clarifying discussions related to Privacy can be had. Why then, are such pathways not being utilized? It is because we are too busy clouding those pathways with casuistry and prevarications, only to lead to the production of subjective and whimsical reference points for the sake of penning scripts, which might prove to be ‘syntactically correct, yet semantically meaningless.’⁷ The reader should be reminded of Lever’s statement once more, wherein she highlights the need to evaluate competing intuitions and perspectives on privacy; and emphasizes in a way, that differences between the concepts of Privacy and Liberty (for example) will need reconciliation, for advancement to surface.

For the purposes of this Privacy interrogatory, it would be appropriate to seek and find a directional beacon to orient Privacy and Security considerations and discussions properly. The one universal substrate onto which ‘Privacy values’ could be properly docked, is the Universal Declaration of Human Rights (UDHR),⁸ which is now widely agreed to be the foundation of international human rights law. If the UDHR is to be the foundational basis for all considerations related to Privacy (and it is), then, as an example, all need to ensure that “esteem for human life” ⁹ does not become a value target, or a negotiable goal that could ever be mutilated by the presence of clashing or competing intuitions, or perspectives (as offered by Lever) – driven for instance by, cultural or religious differences within populations.¹⁰ Lever correctly observes that the World of Privacy has been clouded with competing intuitions and perspectives of people. Continuing, extending ‘respect for life’ is a value that is universally acknowledged and accepted as being durable and unchangeable. Yet, in many parts of the world, and as the reader will become acquainted, people’s lives are forcibly taken from them. When people are not willing to respect life, how then can such people recognize Privacy as a desired human value, or as an integral part of Human Rights universally?

Approaches to the framing of modern day Human Rights¹¹ has been with us for Centuries,¹² and essentially began with man’s desire to be emancipated from the savage beast that he is, and to foundationally organize practicable, illuminated, vibrant and nonbelligerent societies -- taking into account, moral and legal thoughts, also considering concurrently, vast knowledge from other branches of Philosophy such as Logic, Ethics, Epistemology etc., Therefore, it is proposed that nations and their respective populations that chose to accede to the principles made clear in the UDHR would not have done so lightly, and must have been prepared to abide by said principles. Privacy as a privilege under the UDHR was never intentioned to receive a lesser consideration or treatment in view of other principles. To that point, Lever has sought considerations from her readers to take note of the challenge associated with affording formalized legal protection to Privacy.

Quite surprisingly, on 24 August 2017, in the world of Privacy, the North, and South Poles swapped places, when the Supreme Court of India declared that Privacy was a fundamental right for nearly 1.4 billion people of the world. To that time and space, no country and certainly no court in the world, had declared ever so plainly and importantly that salient fact, so fundamentally rooted in the UDHR. Still, what will the Indian Supreme Court ruling mean to all Indian citizens? Many fundamental human rights still elude Indians, and the ways in which ordinary citizens are able to seek redresses for wrongs committed, and those other wrongs to be prevented, are in an entirely primitive or corrupt state; moreover, both institutions and pathways necessary to address wrongs committed and to the prevention of others, could well be considered to not exist. It can perhaps be said, and safely, that, India will be least prepared to advantage all Indians by way of the landmark legal Privacy ruling, primarily due to near overwhelming social and politiical challenges.¹³

Elsewhere in the world, and purely in terms of identifying our very personal ‘Privacy’ meanings and its valuable tinctures, each of us are bound to be confounded by terms such as ‘liberty,’ and ‘freedom,’ in relation to the Privacy, which continues to be part of the “semantics” battle, and ‘…the trading of intuitions,’ which is at the very least, an activity that trades in “pure passion” [9]. Fmr. Dean of the Yale Law School, Robert C. Post has summarized the involvedness surrounding Privacy in the following way. Post said, “[p]rivacy is a value so complex, so entangled in competing and contradictory dimensions, so engorged with various and distinct meanings, that I some-times despair whether it can be usefully addressed at all” [10]. In writing as regards “competing and contradictory dimensions on Privacy, to what does Post reference? Could Post be speaking of Lever’s [11] “competing intuitions” and the many “perspectives on privacy”? In the here and now, you must be the judge. However, Privacy related societal progress appropriate for the Digital Century could only emerge from resolutions to, and reconciliations in, confoundings surfaced within the many perspectives on Privacy.

As an example, a basic confusion, durable in contemporary discussions related to privacy involves the Late Associate Justice of the United States Supreme Court Louis D. Brandeis and his scholarship on Privacy with Samuel D. Warren. For many Privacy practitioners and scholars the world over, the “go to” tree-root of Privacy seem to be is their 1890 article that appeared in the Harvard Law Review, titled: “The Right To Privacy” [12]. No question that the world owes a great debt of gratitude to Warren and Brandeis for their very important legal scholarship on Privacy however incomplete or evasive (as posed by Richardson) [13] Warren, and Brandeis were in their scholarship. Also, there can be no question, that Louis D. Brandeis was a social justice champion. Brandeis’s legal writings and his role separately in the American Judiciary as an Associate Justice of the United States Supreme Court further advanced key Privacy ruminations around the world. However, there exists no karmic dictate, which declared it necessary for all Privacy epistles to begin, or end, with hurried and mechanical references to Warren and Brandeis. The subjects of Privacy, and indeed Security of personal information and of-self, have been important topics for discussion since before Warren and Brandeis. There need be little argument that the title of Warren and Brandeis’s scholarship has at the very least, assured their body of work a safe passage into the after-life [14].

Another point of confusion involves the origin of certain core ideas in relation to Privacy. To clear-up these elements of confusion, consider for a moment that Warren and Brandeis had noted in their writing that “[t]he press is overstepping in every direction the obvious bounds of propriety and of decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery” [15]. They then published their work in December of 1890. Meanwhile, the Anglo-American editor and newsman E. L. Godkin penned a collection of thoughts, and he too, published it widely in the month of July - also in 1890. Godkin wrote: “The chief enemy of privacy in modern life is that interest in other people and their affairs known as curiosity, which in the days before newspapers created personal gossip.” In addition, Godkin said, “[c]uriosity, in its larger and nobler aspect, lies at the root of Western… civilization. In its smaller, pettier, and more ignoble shape, it became the passion of the Paul Pry and the scandal-monger [16]. Perhaps the reader is able to distinguish a trace of similarity in thought - from both sets of authors.

In that which amounts to be no more than a diminished reference in their writing (in footnote number 48), Warren and Brandeis managed to speed by Godkin’s thoughts, largely as something that was published earlier, in 1890. However, notably missing in any of their joint article related to Privacy is the foresighted, down-right oracular text that Godkin had written and published in 1880; a decade earlier than Warren and Brandeis’s writings that began to popularize the notion of the right “to be let alone.” In his writings of 1880, Godkin said, “…we must admit that nothing is better worthy of legal protection than private life, or, in other words, the right of every man to keep his affairs to himself, and to decide for himself to what extent they shall be the subject of public observation and discussion” [17]. At least on surface, these ideas appeal similarly, in all manners of form.

In addition, while Warren and Brandeis made note in their article that Jurist Thomas Cooley originated the thought: “to be let alone” in 1888, copious writings on Privacy since, point to Warren and Brandeis as originators. Cooley, In “A Treatise on The Law of Torts,” [18] had asserted that “to be let alone” can be said as, a right of “complete immunity.” The following statement by Cooley is far more significant in spirit, and in moral weight, than most things that were written at the time, and is perhaps not well surfaced or discussed at all. With respect to Privacy, Cooley said that, “[t]he corresponding duty is, not to inflict an injury, and not, within such proximity as might render it successful, to attempt the infliction of an injury” [19]. These points are intended to convey certain simple yet non-trivial facts that weighty Privacy discussions did occur prior to Warren and Brandeis’s writings in the Harvard Law Review, and two, we must investigate what it is that we truly understand of Privacy in relation to longstanding discussions. These are not minor points in relation to this Journal’ Special Issue.

2.1 Need for a Lingua Franca ¹⁴ for privacy

Privacy desperately needs a common language, and a universal frame of reference, but it lacks for one. The Universal Declaration of Human Rights (UDHR) is perhaps the most appropriate axis of rotation to unify the many, if not most, Privacy and Security elements and corresponding bases. Despite many signatories to the UDHR, and the number of nations that have ratified the International Covenant on Civil and Political Rights (ICCPR) and the International Covenant on Economic, Social and Cultural Rights (ICESCR), tangibly expressed practices of respect for Privacy, in relation to the UDHR has still to be seen universally. In many areas of the world, including the most developed - there are strong desires to subjugate fundamental human rights in the name of security. Widespread misunderstanding in the meaning of Privacy, and of the scope on being able to apply Privacy principles in society, aid in the perpetuation of societal and situational conflicts and consternations.

Moving into this section, the most important leading question to be asked is, if people around the world are to protect Privacy and they do not have a well-articulated, universally logical, and comprehensible framework for Privacy decision-making and protection, how will it be possible to extend Privacy protections across multiple borders, languages, cultures belief-systems etc., especially when, questions or concerns related to “Security” are not (or cannot be) reconciled or resolved. Privacy meanings, orientations, societal valuation, laws, situational evaluations, actions, etc., must all have some universal connection, meaning, emphasis, and alignment. As it is said in the United States military, one must train, as one is likely to fight. If there is a mis-match between acquired training on how to protect, and the real conditions encountered in the ecosystem where the protective training is to work, then there is likely to be a failure in protective measures deployed. A pair of comparable instances, highlighting process and procedure errors is disclosed below to demonstrate the weight of aforesaid needs, and the fragility that likely surrounds Privacy and Security protections.

Dateline: 5 December 2001. For the United States, the conflict in Afghanistan has begun. “Texas 12,” a U.S. Special Operations Force (SOF) team consisting of CIA operatives, U.S. Army, and a USAF Combat Air Controller is inching toward Kandahar from northern Afghanistan.¹⁵ Grouped to “Texas 12” is another team, similarly composed - designated “Texas 17,” also working its way toward Kandahar from the Southeast, near Pakistan. This day, the task for both teams is to keep Hamid Karzai (the man who would later become President of Afghanistan) and those others associated with him - out of harm’s way, and allow him to arrive in Kandahar, and to negotiate the Taliban’s surrender. “Texas 12’s” Air Controller had been on continuous duty for a long while. Owing to this, he was relieved by an Enlisted Terminal Attack Controller (ETAC), who was unfamiliar with the equipment being used. It was then, that “Texas 12” was drawn into a close terrain firefight with the Taliban, at which time, the ETAC summoned USAF Close Air Support (CAS). During the firefight, the ETAC decides to change the batteries in the local GPS unit as a precautionary measure to prevent ‘loss of GPS track’ for the Close Air Support (CAS), not realizing that after any battery change, the GPS unit would reboot/reset, and when it did, it would start to transmit the location of the home-team, “Texas 12” (default setting), as opposed to the enemy’s coordinates as necessary. An orbiting USAF B-52H ‘Stratofortress’ answers the call for CAS, and releases a GBU-31s, a 2000 Lb. (908 Kg.) inertial navigation and GPS guided Joint Direct-Attack Munition (JDAM) toward the received coordinates. The result? Three U.S. Special Forces soldiers and 23 Northern Alliance fighters are killed. Luckily, Karzai is only knocked unconscious in the melee’ The ‘smart-bomb’ impacted - a mere ~110 Yards (roughly 100 Meters or 330 Feet) from those who were killed, when the ‘margin of safety’ distance for friendly forces in the case of such a munition use was, ~1334 Yards (~1219.81 Meters or 4000 Feet).¹⁶ If the people were better trained on processes and the technology, these “friendly-force” deaths could have possibly been avoided. That is a sentiment that is heard repeatedly, in relation to fratricide events. It has been identified that, carelessness; disorientation; confusion; poor leadership; inadequate training and experience on such things as procedures and communications; language barriers; lack of appreciation of technology, technology deployment area, and action ecosystems are some of the problem facets behind fratricide [20]. Nevertheless, does training fix such problems in the modern world? Recognizing that this is not a writing to present an analysis or a critique of U.S. military operations, that which is about to be presented is being done so, considering a forthcoming concentration upon the quality of people employed in the enterprise, and particularly in connection to “mission centeredness.” Mission success in Close Quarters Combat (CQC) or Close Quarters Battle (CQB) requires continuous flow of information/communication, and situational clarity. Operationally, the need for continuous flow of information/communication and clarity is not a request; it is a requirement. Surprise, speed, and lethality - applied correctly upon the desired target are at the heart of CQC/CQB. A CQC/CQB “win” is necessarily a by-product of good people, strong skill-sets, resources, capacities, capabilities, and highly integrated teamwork. A “Lingua Franca” ¹⁷ is a foundational ingredient necessary to manifest precision and clarity in the continuous flow of information/communication between members of a highly integrated team. Regardless of situational specificity, operationally, “Lingua Franca” ¹⁸ in the command, control, and communications chain critically enables the ability for qualified interpretation, assessment of situationals, validation, verification, tasking, monitoring, and assessment. Naturally, “Lingua Franca” ¹⁹ is not a substitution for other valid components being present, and/or meeting the appropriate standards, as in the need for the presence of highly capable people. “Fidelity” in actions taken to Protect Privacy, and the Security of Information requires no less preparation and readiness than the attention to detail, which is exercised in a battlefield to win against the enemy.

Phillip Barks (Lt. Col. USAF) wrote in a 2009 research report that, as in the aforementioned event near Kandahar, military history has continuously shown the demand for Close Air Support (CAS) being crucial in every major U.S. military action since World War II, in Korea, Vietnam, Kuwait, Afghanistan, and Iraq, and that each operation has resulted in some form of air-to-ground friendly fire incident [21]. Barks also noted that “[f]rom the first day of training, individuals involved in the planning and execution of CAS have it implanted in their psyche that fratricide is tantamount to mission failure” [22]. If, in a national military situation, such a strong imprint is made on trainees, where then – by it, a united recognition exists that fratricide was “not to stand,” and in addition, they are told that fratricide would result in “mission failures,” why does fratricide still happen, and happen so predictably? What can we expect in the Privacy and Security world in this respect? What can be learned? One thing is certain, enterprises must not permit carelessness; disorientation; confusion; poor leadership; inadequate training and experience on such things as procedures and communications; language barriers; lack of appreciation of technology and technology deployment in theater/combat area and combat actions in integrated information ecosystems [23]. These entrenched contributors to “mission-death” must be driven-out from the enterprise (See Fig. 1), in this case, for such purposes as the protection of Personal Privacy and Security. This primarily means organizations, teams and objectives must be constituted appropriately to quash “human errors”; [24] people involved in critical activities must be of a much higher professional caliber, pronounced personal quality, and fully capable of higher productivity. The low-quality of workforces has long been of interest to employers, at least in two respects: 1) in terms of employer demands and employee qualifications and competence mis-match in the labor force, and 2) quality of employee outputs/productivity in the enterprise [25].

Fig. 1

The “Swiss Cheese” Model of Human Error Causation. (“Human Error,” James Reason, 1990) In: The Human Factors Analysis and Classification System – HFACS. Shappell & Wiegmann (2000)

As an adjacent note, the world of warfighting has advanced significantly since World War - I. General Alexandre Percin (France) wrote in his book “Le Massacre de notre Infanterie,” that, two artillery shells out of every ten (20%) in World War - I that fell on the soldiers in trenches were from friendly artillery [26]. During World War - I especially, Percin did not have command over a standardized French military, and did not have the ability to manage the quality of forces to improve them, for Operational-Tempo among other things at the time did not permit it. Today, despite the many advances that have been brought to the battlefield, including multiple ways to improve the quality of fighting forces, fratricide, or “friendly-fire” as it is called, continues to claim lives. Since 5 December 2001 near Kandahar, fratricide continues to occur. On 17 April 2002, it happened again near Kandahar; then again on 23 March 2003; 28 March 2003; 22 April 2004; 6 April 2006; 26 August 2006 and 5 December 2006, and on, and on, and on. Focus upon people, upon what they do, and how they do, must be a pre-eminent concern at all times. At least in one specific incident involving the death of a high-profile soldier named Pat Tillman on 22 April 2004, the U.S. Army attempted to cover-up the details of that fratricide [27].

From an Interoperability ²⁰ point of view, every actor, organization, and resource in the chain-of-command and the chain-of-action - should be highly coordinated to be mission centered; being confused or disoriented are not acceptable conditions or outcomes in any action-chain. One wrong move and lives are lost, as it has been made clear, and repeatedly. Operationally, people, processes, and technology trains require tight integration at every level. Imagine a Medical Operating Theatre where everyone except the surgeon is focused on something other than the primary task, which is the surgery; what is bound to be the outcome? The ability to offer protection to Privacy & Security requires such tight integration. In the Armed Forces, sequential and continuous training, and employing the concept of “training as they fight” minimizes the risk of individuals in a team becoming lazy, confused or disoriented, increases the ability of identifying poor processes and procedures early, and in familiarizing personnel to precision in communication, action demands and personnel focus to tasks – to avoid deadly mistakes. To be able to focus ‘combat power’ upon the enemy requires ‘applying’ among other qualities, good battlefield judgement (which comes from levels of training) and high degrees of operational competence; Privacy and Security demands no less from operators at any involved level. Everyone has to be aware of, and be certain of, the actions that are being taken, or those that will be taken, in matters related to Privacy protection.

The second comparable instance of ‘wrong targeting’ is as follows.

“Using a standard military map, a forward observer calls in grid coordinates for a fire mission. The field artillery battery receives the mission and the fire control crews initialize their state-of-the-art ballistic computer in accordance with the operations order (OPORD). The rounds impact[ed] 200 meters short of the target.” – Major Richard J. Manning (USAR) [28]

Major Manning wrote in the Journal of Military Intelligence, that, “the problem was human error.” Manning added that, “the misuse of datums and grids is a problem in our [U.S.] modern military. Many soldiers and leaders do not understand and are often mystified about how to employ datums’ and grids properly.” In the situation above, coordinates generated from a current map with the North American Datum 1927 (NAD-27) was used, all the while, the fire control battery was using the military standard World Geodetic System 1984 (WGS-84) datum in their computers. To clarify, Manning went on to say that, “datums are like different languages—without a translator they are incompatible with one another, in this case providing a different physical view of the earth for what appears to be identical grid coordinates” [29].

When engaged in the protection of Personal Privacy, or ensuring the correct employment of Security measures, none can afford to be speaking different languages. At present, we simply are. The proper use of technology tools, techniques, processes etc., becomes the responsibility of human beings. The language in this case, and more fundamentally, any semantic inconsistencies with regard to the language of choice employed in communications, is the responsibility of the adults on the scene. In the situation described above, the people-processes-technology train related errors have struck again. Such errors cause core missions to become compromised, and casualties and/or collateral damage to pile-up. Each component in the people-processes-technology train should be afforded deep attention always.

Considering the ‘people component’ only, we would all be well served to acknowledge, and to be reminded that in the absence of a universal reference, Privacy, and Security assurance, endurance, and reliability in large part will be attributable to, and be influenced by, aspects of human behavior and various societal norms; introducing great inconsistencies, and far less assuredness. At least within a military, there are standards of reference, methods of assessment, and means of operations etc., to ensure safety and the security of personnel, and overall operational quality and consistency. Even when there is the high-probability for less organizational, process, and procedural errors more specifically, there are likelihoods of human errors, which, a national military, or the likes of Medicine as an area/field cannot afford to have present within its personnel ranks.

Quite unfortunately, the misconstructions and categorical mix-ups involving Privacy and Security that can occur among people are not minor issues. The lack of axiomatic comprehension of Privacy and Security themes, topics, problems, and the absence of solid and reliable wholistic analytical systemic frameworks [30] and the absence of solidity and reliability in laws and judiciaries protecting against encroachments [31] etc., makes the upholding of Privacy and Security value in societies very difficult, if not downright impossible.

To ensure Privacy protections, and to strike a balance between use of Privacy, and Security instruments in society, there are no scientific, concretized means -- even those means that are at least comparable, to be relied upon to establish such a balance. The absence of more universally judicable and expressible Privacy and Security measures and/or equivalents are material barriers to properly assuring privacy and security in every instance, and is of great societal significance. Said in another way, “[i]n centrally considering Privacy [or Security], and how one might safeguard against encroachments upon it, or its loss, one must well appreciate that no entity can be protected adequately if the value of that which is to be protected, and/or the consequences related to its loss are not well understood” [32].

Imagine that there is an intention to insure an item of some value. At a minimum, an insurance company must be provided with a reliable description of the item, an assured assessment of the item’s inherent value, and all protective precautions that will be in force to keep the item safe, before any insurance company will consider undertaking the issuance of an insurance instrument of indemnity. After more than 50 solid years of contemporary discussions related to Privacy and its relationship to Security, why has it not been possible to establish a similar framework of obligations for Privacy and Security, as it has been the case in insurance to indemnify properly? The answer is quite simple. Fields of scientific study and practice have not advanced sufficiently in the multiple areas of concern.

However, Science – in the matter of needing to assure Privacy and Security, must advance, and appropriately, if the “Fourth Industrial Revolution” [33] and the Digital Century, both of which we are now immersed in - is to be of service to humanity. We must leverage scientific principles to humanity’s advantage, to assert conditions of Personal Privacy. However, science cannot be leveraged to advantage Privacy “… at the expense of ‘wisdom-in-debit’; true wisdom empowers us with the ability to observe ‘a matter,’ to be reasoned to it, and from it, in all manner, to be prudent, discerning, relational, expressionally lucid, and analytically incisive of the whole, and not just any single part, or a collection of select parts” [34]. We can neither “observe ‘any matter’,” such as Privacy or Security, nor adequately “be reasoned to it” as stated above, if we are not equipped with the proper knowledge, tools, and the correct subject matter orientation most of all.

In his seminal book on the subject, the Late Alan Westin²¹ spoke of this eminently. Upon the motivating of the Special Committee on Science and Law of the Association of the Bar of the City of New York, and with financial support from the Carnegie Corporation, in 1967, the Late Professor Westin directed research on the subject. Much of that research has since been represented in “Privacy and Freedom,” [35] a durable and exact writing, if any, on the subject of Privacy. In it, he wrote: “[f]ew values so fundamental to society as privacy have been left so undefined in social theory, or have been the subject of such vague and confused writing by social scientists.” Years later, Westin’s sentiment was echoed plainly by the moral philosopher Judith Jarvis Thomson, who said, “[p]erhaps, the most striking thing about the right to privacy is that nobody seems to have any very clear idea what it is” [36].

It is from such bounty of Privacy²² and Security²³ conundrums that societal values are identified and formalized, frameworks for encouraging or discouraging social behavior are founded, and instruments of social justice, behavioral guidance, and punishment have been crafted. Foremost however, the situational inability to reconcile Privacy and Security conflicts in society stem from our limits of knowledge, the existence of false knowledge in these matters, and from our constant use of improper interpretations, techniques, tools, and services in relation to the area. A couple of analogously useful worldwide examples must be discussed to demonstrate the strength of this adversarial force.

2.2 Privacy knowledge boundary and its implications

In forewords to a 1970’s seminal book on Privacy, then Chairman of the United States Senate Subcommittee on Constitutional Rights, U.S. Senator Sam J. Ervin, Jr., pushed for “…all Americans to claim their constitutional legacy of personal privacy and individual rights and to demand an end to abuses of computer technology before the light of liberty is extinguished” [37]. However, how is anyone to venture forward in attempts to put an end to “personal privacy” abuses, if one cannot rightly qualify and quantify privacy, as either a privilege or a right first, and/or if one cannot identify the correct lawful vehicles that one might use as a route to remediate one’s loss of privacy, second?²⁴ Additionally, how is anyone able to hold those responsible for breaches in one’s Personal Privacy and informational Security responsible? How is one to reclaim some semblance of that Privacy or Security lost, through the courts, when courts require “proof of harm,” [38] and when such proofs are difficult to factually produce, or even forensically prognosticate beforehand, given that, those that were responsible for the breach may exploit the compromised information differently, and at during times, that are not immediately knowable, or mappable. Given the precarious nature of reclamations/repossessions of sensitive personal information and values associated, it is even more important to know, and to exacting details, one’s privacy, and security profiles. If we are to follow-up on the Late Sam Ervin, Jr’s advice to prevent “….light of liberty [from being] extinguished,” we have a long way to go to bridge the gaps in our knowledge to prevent Privacy and Security related encroachments.

How do any of us comprehend fully, the limits of our knowledge related to Privacy and/or Security? And, how are Privacy and/or Security knowledge limits likely to affect for instance, our ability to guard against the loss of Privacy and/or Security? To understand these questions better, and in terms of those contributions within the Special Issue, we must dedicate ourselves to dissecting a building block or two, in the steps involved in gaining mastery of knowledge. The first step in the process is to inspect/test our directional orientation. Are we oriented correctly, and do we have the building-blocks to the totality of the knowledge necessary?

2.3 How we presently view the world in which we live

This section intends to present to the reader that fundamentally, epistemological and ontological flaws - in that which we identify to be knowledge, will always holds us back from progressing rightly. How do we know, that which we have identified as being foundational to our knowledgebase is correct, and adequate, to be able to proceed ahead? This section asks that question of you – the reader, in a very basic way, by presenting for your consideration that the very world in which we have lived all our lives, has been incorrectly represented. Our “world view” as such, is essentially incorrect, unless you are viewing the Earth and the landmasses on a globe. Do you believe in the views that you possess of Privacy, and Security?

In “A History of The World in Twelve Maps,” Jerry Brotton depicted the evolutionary history of World Maps in 12 steps [39]. Studying Brotton, one comes to understand at some level, his deeply held belief that a map “always manages the reality it tries to show” [40]. Brotton has performed a good service for the world of map inquisitors, noting that the evolution of maps of the world essentially depicts the desires of map producers to stage the powers of their respective States, colonial ambitions, or ambitions of empire etc. Albeit not cartographically, Privacy and Security perspectives have been expressed in ways and as part of people’s morals, rituals, customs, system of laws, etc., along national and ethnographic boundaries; real or perceived. Map flavors, and the depictions of mapmakers as such, can be better understood for the intended purposes, if we consider at least two key bordering issues. One is to consider that which Siobhan O’Flynn has termed as a “auto-topographic metanarrative” [41]. In this case, it is humanity’s need to articulate in some manner,²⁵ a close relationship to one’s own “place”, and one’s “identity”, but done so, in relation to the degree one senses to be “out-of-place” elsewhere, from being in contact with another race, culture, ethnicity, and gender. The other is to consider properly, the perspective offered by political scientist Jordan Branch. In “Mapping the Sovereign State: Technology, Authority, and Systemic Change” [42], Branch writes: “[i]n the modern international system, both the character of states and their interactions are structured by exclusive territorial sovereignty” and accompanying “territorial authority”… and “.... new mapmaking technologies changed how actors thought about political space, political organization, and political authority. This change was fundamental to the creation of modern states and international relations, which were built around exclusive territorial sovereignty, discrete boundaries, and formal equality” [43].

If observations by Branch were combined with those of O’Flynn and her “auto-topographic metanarrative,” [44] to represent one’s own “place” and “identity” in relation to a sensing of how “out-of-place” one should be/is elsewhere, having come into contact with another race, culture, ethnicity, and gender, it is not a far stretch to envisage how value differentiations (such as personal valuations that we sense, and/or experience in relation to Privacy) could have become unaligned along topographical boundaries. It is as John Dee in the 1500s wrote in the leaves of the Preface to Euclid’s ‘Elements of Geometrie’, “… some, for one purpose; and some, for another, liketh, loveth, getteth, and useth, Mappes, Charts and Geographical Globes” [45]. Maps therefore, became a means to projecting or expressing professed differences between peoples, their societies, and their respective landmasses.

The Mercator projection²⁶ charted by Gerard Mercator in 1569 served any navigator well, and all else - improperly. Famously, the projection created the infamous “Greenland Problem,” which, to this day, vulgarly misrepresents the geographic topography of the Continent of Africa against Greenland, when in fact, Africa is 14 times larger than Greenland (See Fig. 2). Despite the abundance of Space-Based Terrain Surveillance, Unmanned Aerial Vehicles (UAVs) and satellite based observational platforms, and an extensive mapping of the Earth’s surface by satellite over many decades, Google-Maps and Microsoft’s Bing-Maps still utilize the nearly 500 year old Mercator Projection, continuing to electronically propagate existing errors in the way people perceive our living world.

Fig. 2

An Amended Depiction of Long-Standing Distortions Concerning Geographical Proportions of The African Continent. Kai Kraise; “The True Size of Africa: A Small Contribution In The Fight Against Rampant Immappancy”, January 2015

In a similar fashion, the silhouettes and curves of Privacy vary across cultures and landmasses, not merely for want of clarifications, and precision in definitions, but also for a better understanding of Privacy’s value - in relation to Universal Human Rights. In the “Have Distortions Will Travel” department, is the odd case of Google, and the way in which Google Maps represent disputed areas of the world for specific populations, and on the fly, reflective of a country’s central government policy on geographical disputations [46]. It has been reported that in at least 12 regions of the world, Google presents national border representations dissimilarly, based entirely on where the search/audience is located. Seeing that “Google Maps has the most comprehensive map set, and the largest map readership in the world (still) —with a billion users each month” [47], serving-up such customized geographic representations amount to the opportunity to continue propagating errors, at a rate of 1 billion times a month.

These examples simply serve to signify to the reader that each of us, more than less, believe we are seeing the world as it really is, when we are not. Such is the case with Privacy and Security also. Consider disputed northern areas of India as an ideal example where incongruity of visuals is well represented.

Northern-most to the Indian Sub-Continent are certain disputed areas; some of which China claims, and another that Pakistan claims. Given these disputes, if anyone performs a map search on India, from India, Google Maps proceeds to present the entire Indian Sub-Continent as having ‘normal international boundaries with Pakistan and China.’ On the other hand, if one were to perform the same search, from either Pakistan or China, the Indian Sub-Continent and the disputed northern areas are presented having mutual borders that ‘are in dispute’, with both Pakistan and China; in a manner that reflects the internal view from each country. For instance, if one performs a search related to Indian territories from inside China, the disputed territory is drawn by Google Maps as a territory that is a part of China (See Figs. 3, 4, and 5). Why is this, and other actions such as these, important? It is perhaps understandable that Google as a “vendor,” to curry favor with the central government of a nation, could/would represent information in a way that is congruent with central government ideology. How is the receiver of the represented information to determine - what is correct and appropriate? Similarly, and analogously, there are many trans-national Privacy views, which are not harmonious with others[48].

Fig. 3

Disputed Northern Indian Territories As Seen From Inside India

Fig. 4

Disputed Northern Indian Territories As Seen From Pakistan & Others Outside India, Except China

Fig. 5

Disputed Northern Indian Territories As Seen From Inside China

Aside from propagating errors, in this case, consider that the U.S. Intelligence Community identifies the northern territory of Kashmir as the site of the world’s largest, and most militarized territorial dispute with portions under the de facto administration of China (Aksai Chin), India (Jammu and Kashmir), and Pakistan (Azad Kashmir and Northern Areas).²⁷ Therefore, from purely an educational point of view, will it be important for those curious geo-politicos, to understand the fine points of the contention among three nuclear powers? Why this discussion of Maps?

Firstly, the similarity in the nature of the muddles caused by the map errors, and the related implications generate a larger “influence,” that is truly global in nature, and inter-generational in its extent. Secondly, the effects of interpretive errors, in how we view our world, experience it, and then possibly continue to propagate views in error – assist to entrench and cement corrupted cultural, economic, political, geo-political views, even to the extent that such views can worsen the standing (friendly/adversarial) relations with nation states and their respective populations. In short, without proper geographical knowledge, we cannot comprehend, to the extent needed, the “crises” and the series of flourishing chaos in places such as the Syrian Arab Republic, Occupied Palestinian Territory, The Sahel, The Democratic Republic of The Congo, Nigeria, Chad, Ethiopia, Somalia, Kenya, South Sudan, Iraq, Yemen, Libya, Afghanistan, Myanmar, or the Philippines.²⁸ Lastly, and again, views related to Privacy and Security also have similar taints, which must be corrected before proper Privacy protections and Security configurations can be instantiated.

3 High political entanglements and the subjugation of privacy and security

Entanglements are referred to herein as quagmires of a moral, or an ethical nature; or a consequence created by an action of government, such as a political enactment that inflicts a destroyingly cleaving effect on all surrounding things, including in this case, Personal Privacy and the Security of persons. Moral prevarication in society creates ethical quandaries; and ethical quandaries created, then make it possible for us to easily violate the Personal Privacy or Personal Security of another. This section will attempt to demonstrate to the reader, the need for ‘universality’ surrounding the ideas and ideals of Privacy and Security. Drawing upon certain thought-provoking cases, the author will attempt to demonstrate to the reader for instance, how and where - the once oppressed, was able to turn into “the subjugator,” or at least be a facilitator of subjugation of others. The reader is to gain thereby, an appreciation for the wide-ranging types of entanglements, societies are capable of creating, and under what circumstances such entanglements are sustained, causing a depletion of Personal Privacy and Security for all.

Ultimately, the section is a reveal to the nature of human corruptions that affect Privacy and Security of persons directly, and the greater need for the civilizing of man; a need for universal calibration of our moral and ethical compasses. C.S. Lewis once said:

"We all want progress. But… if you have taken a wrong turning, then to go forward does not get you any nearer. If you are on the wrong road, progress means doing an about-turn and walking back to the right road; and in that case the man who turns back soonest is the most progressive man… We are on the wrong road. And if that is so, we must go back, Going back is the quickest way on."²⁹

There are entirely too many ‘Privacy and Security’ related misfortunes that humanity has brought about, and by way of the quagmires created, which we have then assisted to escalate, and to intensify. Despite the amount of time that has passed, and in full view of painful histories, those same histories have near-faithfully repeated. Therefore, at least within the greater context of presentations within this Special Issue dedicated to Privacy and Security these histories deserve a brief mention. Individual knowledge, combined with individual awareness, and a very personal desire to act upon that knowledge and awareness combination, can result in “the quickest way on,” toward progress.

It is frequently presented that a government has the right to collect information on citizens for the betterment of societal welfare all around. History has also proven it true that collected information by government is not always used correctly; in fact, governments of the United States, China, Germany etc., have abused “the confidence,” “expectations,” and “charge”³⁰ of Citizens [49]. In view of such corruptions and turbulent government-citizen relations, can citizens be certain, and at any time, that government use of collected citizen information will be strictly confined to purposes originally stated when information was first collected, and would thereafter be accessed or distributed only by those individuals who have an ‘oath-borne’ and legally clarified and bounded responsibility to access such information?

At present, no government in the world supplies their citizens with concrete assurances and corresponding recourses (in case of offenses) against any of the information that government collects, and that which may become compromised later. Even Estonia, that nation known to be the world’s first e-Society, has yet to fully comprehend, and confront the range of digital insecurities that can prospectively inflict that state. The State of Estonia has neither the type, or the scale, nor the specialized and defined expertise and resources necessary to defend against, or to quell the nature and the possibilities of threat vectors. Just one such threat example that could affect Estonian e-Society was made clear recently, which has required the Estonian State to revoke all State issued Digital E-Certificates beginning in late 2014 [50]. The Estonian Public Broadcaster reported in October of 2017 that, “[o]n Aug. 30, an international group of researchers informed the RIA³¹ that they had discovered a security risk affecting all ID cards issued in Estonia beginning in Oct. 2014, including ID cards issued to Estonian e-residents. Nearly 750,000 ID cards are affected by the issue” [51]. The Estonian Public Broadcaster also noted the Head of the Estonian Police and Border Guard Board’s Identity and Status Office (PPA)³² saying that, “[i]n the event that there is sound evidence that the risk (digital certificate compromise) has materialized, the PPA as the issuer of the document will revoke the certificates of all the cards affected by the security risk” [52].

Since the original notification of the security risk to the Government of Estonia in August, the government identified 136 critical services nationwide that would be affected by the reported security risk; 44 of 136 critical services were deemed high priority [53]. As of late, the Government of Estonia determined that it is best to invalidate all Digital Certificates (issued since Oct 2014) in circulation and use; in healthcare, in government service, and in general life, than to risk widespread compromises [54]. Still, globally, risks will remain persistent, and pervasive, in such areas as Healthcare, Banking and Finance [55], for systems and vulnerabilities are not well scoped, or understood. The reader is reminded that Estonia’s recent decision to withdraw digital certificates represents just one threat example that nationally deployed government controlled systems will face, in the present and the future, and those that the likes of U.S. Government is presently considering deploying in the United States. From Argentina to Ukraine and to Zimbabwe, identity and identification systems are in place that can suffer serious compromises, and governments have little inhouse abilities to prevent breaches of their systems.

The hazardous informational breach of the United States Office of Personnel Management (OPM) represents a prime example of a government system compromise, where there exists no possible way for the millions of Americans whose most sensitive information have been compromised to be able to seek legal restitution. Some of the most sensitive types of information collected on various persons to whom the United States Government has granted Clearances (so that such persons may then handle sensitive government information on behalf of the government in the course of their duties), has fallen into the hands of those who compromised OPM’s Systems. Even if somehow, culpability in relation to the OPM systems breach could be asserted, and some type of financial restitution for the breach of highly sensitive information belonging to millions of Americans could be made, how could anyone still prevent the use of the information that was stolen?

The type and scale of information kept on people with clearances by the U.S. Government are of a nature that is incredibly more sensitive, and incredibly more invasive than any credit bureau file kept on the same people. Essentially, the only recourse in relation to the breach of sensitive information amounts to Credit Monitoring by Credit Bureaus. The reader must be informed that the OPM intrusion is not well represented or discussed [56]. That said, we are now on to the Equifax breach, which, as a company is now responsible for having left bare the credit files on what is now known to be 145 million Americans. For what it is worth, Equifax is also one of the companies responsible for offering Credit Monitoring services in relation to the OPM breach.

What is the “knee-jerk-reaction” from the wise representatives of the people on such matters? Get rid of Social Security numbers! [57] Let us understand somethings that are quite fundamental to the issue. U.S. Social Security numbers were to have never been used as identifiers, for any other purpose than those originally deemed to have been necessary to fulfill those purposes of the U.S. Social Security Administration (SSA). Second, getting rid of Social Security Numbers from its widespread Public & Private usage will not strengthen any ‘weak and poorly administered system’ that is presently deployed in the field. Elimination of Social Security Number use within U.S. Public and Private sectors will not, and cannot rid systems of their most fundamental “people-process-technology” flaws. Besides, one of the key things that the United States needs (as do many other countries), is comprehensive data protection regulations and enforcement, that is neither half-baked, nor one that mimics another circus of fools. [58].

On another note, and to be certain, it is being emphasized here to the reader that Equifax was notified 6 months prior to the now “publicized” time of compromise, that their systems were vulnerable [59]. The Fmr., and current CEOs of Equifax CEO appeared before U.S. Congress to report that they are vulnerable, and cannot prevent attacks launched against it by Nation States [60]. It is not at all clear that Equifax was breached by a Nation State. Just the same, how could Equifax be prepared to defend against anyone, or any type of an informational breach, attempted by anyone, when the company blatantly failed to act even minimally, on key warnings of systems vulnerabilities being present, months before the system compromise?

The former CEO of Yahoo!, Marissa Mayer testified before the same Congressional Committee, as did the Equifax personnel, stating before the Committee that, even stronger corporate information system defenses cannot stop breaches that are attempted by sophisticated and persistent actors [61]. If this is so, why then was a scrapping of ‘Social Security Number use’ discussed by the Committee at all? What was the purpose? The inconceivable naïveté, and the mind-boggling opacity that tech CEOs, lawmakers and regulators display on such matters, especially in light of the fact that tech companies, lawmakers and regulators represent a nucleus behind “public-private” partnerships and engagements that are routinely seen to be working on emerging prospective avenues of protecting the public -- is at the very least, tragic. Lastly, on this subject, Equifax was as of recent, and as ‘arsTECHNICA’ made note of it, “borked again” [62]. This time, visitors were exposed to a possible Malvertising (Malware in an Ad) campaign during a visit to the Equifax web site. The range and scope of institutional failures ³³ that permit such extensive deficiencies in moral, and ethical accountabilities, and operational competence in companies, is not surprising.

3.1 In the land of the free, home of the brave -- the interned

Before the taking of the 15th Census of the United States, then President Herbert Hoover proclaimed: [63].

Hoover’s pronouncements upon U.S. Government’s then installed measures safeguarding Census information then, and since, have rung hollow. As Anderson and Seltzer have noted, despite several such Presidential Proclamations, U.S. Census Directors, who served Presidents from both major U.S. political parties have violated Presidential proclamations, having inked lawful guarantees [64]. Anderson and Seltzer also concluded that, “interagency pressures and perceived national security needs” [65] imposed upon the Census Bureau – launched the violations that led to the internment of Japanese-Americans in droves (See Figs. 6 and 7).

Fig. 6

Some First-Graders of Japanese Ancestry - Weill Public School, San Francisco, California Pledging Allegiance to the United States. They Were Soon Interned For the Duration of WW-II. Source: U.S. Library of Congress

Fig. 7

Japanese-Americans transferring From Train to Bus at Lone Pine, California, Bound for ‘War Relocation Authority Center’ at Manzanar. Source: U.S. Library of Congress

If Census Directors were bound by law, and clear, lawful prohibitions in purveyance and exploitation of Census data were in existence, how is it that a Census Director, appointed to protect persons from harm under heavy penalty (judging my Hoover’s Proclamation) can effortlessly succumb to “interagency pressures and perceived national security needs” and violate the Privacy and Security of persons? Authors of “The Dark Side of Numbers The role of Population Data Systems in Human Rights Abuses,” [66] claim that bureaucratic opportunism and professional zeal were to blame for Privacy and Security violations; which indicates to this author – the common occurrence of pre-meditation, as associated with bureaucratic opportunism and professional zeal do not logically complement ‘interagency pressure’ and ‘national security need.’ Besides, official excerpts from Census Bureau conversations from 1942 places then Census Bureau Director J.C. Capt as a willing participant, and who, according to Seltzer and Anderson, is known as having said, “We’re by law required to keep confidential information by (sic) individuals. But in the end, [i]f the defense authorities found 200 Japs missing and they wanted the names of the Japs in that area, I would give them further means of checking individuals”… [67] And Capt is noted to have also said that, “[t]hose who got [Census Data] thought they were pretty valuable. That is, if they knew there were 801 Japs in a community and only found 800 of them, then they have something to check up on...” [68].

By the aforementioned statements alone, any reader could characterize then U.S. Census Director Capt, and the staff under his supervision as being “motivated” to violate the law, and to acquire full details of all the people who were Japanese, or of those who were Japanese-American. Naturally, later research has revealed that Census Bureau did violate law and hand over confidential data on Japanese-Americans to the United States Secret Service [69]. Much later, when the information of the violation became public, Christa Jones, the Chief of the Office of Analysis and Executive Support at the U.S. Census Bureau seemed to provide assurances that the ‘present-day’ Bureau cannot use the information as it once did, and that stronger protections are in force at present. The Los Angeles Times cited Jones as saying, “[i]t’s our commitment to protect the confidentiality in everything we do” [70]. Perhaps, in saying this, Ms. Jones was hoping that those with historical knowledge and memory would overlook, or simply gloss over the facts, that despite Presidential Proclamations and ‘protective Laws-in force’ against harm in the use of Census information collected by U.S. Government, Japanese-Americans were interned; and that internment cost many, their life foundations; their homes; their businesses/farms/trades, and all means by which they and their families could be sustained. U.S. Government reparations for the internment - came along “too little, and too late.” At the time, Ms. Jones was also heard saying that under a “War-footing,” sharing of such information was legal. These and other such contradictions issued by sycophantic and unlearned bureaucrats should never be considered by citizens as being assurances of available protections. As the reader, you will have to make the decision to whether any government can, or will, under the premise of exigent circumstances, invade your Personal Privacy and/or Security. In light of all that has been revealed by Edward Snowden in the post 9/11 era, many government actions have been very telling.

During his tenure, Kenneth Prewitt, Fmr. U.S. Census Bureau Director (1998 to 2000) issued a public apology to the American people (an action no other Census Director has done, before, or since) for the misuse of Census information. In a review of the new research evidence, which Prewitt claimed to be “a remarkable piece of historical detective work,” [71] he also said, “[a]t the time, available evidence (and Bureau lore) held that there had been no … release of microdata .... [t]hat can no longer be said” [72].

3.2 Thomas J. Watson’s Lagniappe to a 1000 year Reich

International Business Machines (IBM), perhaps once most powerful American archetype of an information technology company may very well be noted by historians as having ushered in the modern Surveillance State. IBM, through its German subsidiary DEHOMAG, sold Hollerith Card devices to Germany, to the nationalists, who then proceeded to use that technology with the explicit knowledge and assistance of IBM-HQ and Thomas J. Watson, its Chief Executive, to near mechanized perfection; a state sanctioned killing machine that ultimately claimed the lives of more than 6 million human beings. As Edwin Black has assembled in his well-researched work on IBM’s involvement in murderous activities of the National Socialist Party in Germany, IBM systems and methods did not simply track prisoners in massive camps, but aided in the management of the entire camps through instrumented camp logistics governed by IBM technology.

As Black has noted, on any given day, total camp population was ~700,000, which required IBM’s technology and methods for population management. And as “slaves within camp confines died or reached the limits of their utility to the Reich the prodigious task of efficiently scheduling deportation from cities and ghettos in many countries, the daily work assignments, and outright extermination timetables would have been impossible without the daily strength reports” [73]. These described tasks fell to IBM’s Hollerith technology and methods (See Fig. 8).

Fig. 8

The “All Seeing” State “Beyond Fences,” It Says, “With Hollerith Punch-Cards” (DEHOMAG) Source: Drawn from Pubic Domain and Incorporated Into Author’s Privacy Presentation for IFMBE – Global Citizen’s Safety & Security WG Session, IUPESM World Congress 2015, Toronto, Canada

In a bizarrely spun, morally disinfected, and innocuous sounding statement, Willy Heidinger, DEHOMAG’s German Executive is cited as having made the following remark, upon the inauguration of a DEHOMAG center in Berlin, in January of 1934. Heidinger is cited saying. “[t]he physician examines the human body and determines whether… all organs are working to the benefit of the entire organism.” … “We [Dehomag] are very much like the physician, in that we dissect, cell by cell, the German cultural body. We report every individual characteristic… on a little card. These are not dead cards, quite to the contrary, they prove later on that they come to life when the cards are sorted at a rate of 25,000 per hour according to certain characteristics. “These characteristics are grouped like the organs of our cultural body, and they will be calculated and determined with the help of our tabulating machine”… “We are proud that we may assist in such task, a task that provides our nation’s Physician [Adolf Hitler] with the material he needs for his examinations” [74].

Yes, indeed, no Hollerith card was dead then, as Heidinger had told, when their journey began. Ultimately though, each card served the Reich to strip every ounce of usable energy, in every person to benefit an ‘evil’ and ‘crumpled’ vision of immortality forged by a madman -- until the very last breath every person had, was exhausted.

Captivating are the details of IBM’s operational history during this period as investigated and corroborated by Black; it indicates a very sinister moral compass at the core of IBM, at the core of its chief-man: Watson. Black discovered that as Hitler carved and pillaged through Poland, Holland and Vichy France, IBM had followed, and in some cases was there first – in anticipation of carrying on, the business of carrying on. As Black further notes through research, when signs of atrocities toward the Jewish people were all around, IBM simply turned a blind-eye to all of it, where the order of the day was “don’t ask, don’t tell” [75]. In reality, as Black notes, Thomas Watson’s personal representatives “were almost constantly in Berlin or Geneva, monitoring activities [in Germany], ensuring that the parent company in New York was not cut out of any of the profits or business opportunities Nazism presented” [76].

IBM profited tidily from a business that was fundamentally padded with money that came from giving support to State sanctioned terror and Murder enterprise operations, designed to dispossess every targeted man, woman and child, of their dignity, humanity and, at last, their life [77]. The deprivation that people experienced, where they lost their personal Privacy and their personal Security were, in the scheme of things, minimal, when considering their pre-ordained fate; death by IBM Punch-Cards. Finally, Black determined that “IBM’s business was never about Nazism. It was never about anti-Semitism. It was always about the money. Before even one Jew was encased in a hard-coded Hollerith identity, it was only the money that mattered. And the money did accrue” [78].

In reviewing these examples, the author is in no manner implying that national security needs of a State are unimportant. As a State, at any time, if State instruments - either singularly, or collectively ceases to concern itself with the very purpose of its existence (service to the people), and principles (Constitution) by which it/they are made to exist, then it is time to re-calibrate structures, and re-direct and/or re-purpose the personnel within them. Old Germany represented a different case, where extermination of a group of people was the objective of the State, here, the major point of concern is that terror enterprises such as the Reich, almost always, cannot operate without assistance. In this case, IBM provided the critical component; the training, and support for the component -- to keep the terror enterprise humming effectively and efficiently.

3.3 The case of Guatemala: where, the once oppressed, gamely facilitated brutality

On 20 May 2015, a lynch mob consisting of ordinary Guatemalans gathered outside the Municipality of Rio Bravo in Suchitepéquez Department (County). The mob got hold of a 16 year old girl suspected of having had a hand in the murder of a 68 year old taxi driver, the crowd then encircled the 16 year old, proceeded to beat her brutally, doused her with petrol, and burnt her alive, all while the crowd of adults and the young stood by watching [79]. According to INACIF, the Guatemalan National Institute of Forensic Sciences, between the month of January and May of 2015, there were 2343 murders in Guatemala. The land area triangulated by El Salvador, Guatemala, and Honduras is now the most violent non-war zone in the World. Why is it essential to discuss this matter in relation to Privacy and Security of citizen information? The point of great importance to present and discuss in terms of Guatemala and elsewhere is: if anyone has chosen to not respect human life that same party could not ever be expected to be respectful of the “human rights” of others. Secondly, it is important to discuss the happenings in Guatemala, and the background to those happenings, as they are both necessary to discuss the evolution of surveillance states in modern times. Additionally, Guatemala and certain other Central American nations were in essence ‘groomed’ or ‘developed to be’ the violent states they are now, over a period of time, and are fundamentally organized to be antithetical to Privacy and Security values.

Guatemala, once at the center of the glorious Mayan Civilization, is now an environment not alien to total communal violence. Guatemala suffered extensive mutilations by a civil war that raged on for more than 30 years. Guatemala is a country where ‘extreme close contact violence’ inflicted by one despot after another upon the people, entrenched and widely-spread, institutionalized corruption, failed institutions of governance etc., all of which nurtured the growth of a societal degeneration, which has shaped the likes of that savage killing of the 16 year old as stated before, insensitivity to human life, and lawlessness. The author’s intention here is to assist the reader in the realization that semblances of Personal Privacy and Personal Security are dependent on so much more than the mere existence of Data Privacy and Security laws. An examination of situations as they have been in existence in Guatemala will afford yet another rich indicator to the reader, of the need for solid societal foundations for Privacy and Security. To make matters of discussion related to Privacy and Security more suited to the reader in terms of Guatemala, and the rest of the world, the author intends to demonstrate in brief, how certain seeds of societal destruction were sown, and how all are now reaping its harvest.

Viron Vaky was once United States’ Deputy Chief of Mission (DCM)³⁴ in Guatemala. Upon his return to the States, and re-assignment to the Policy Planning Staff (S/P)³⁵ at the Department of State’s Policy Planning Council, Vaky wrote a Classified and candid memo to Covey Oliver, then Assistant Secretary of State for Inter-American Affairs, regarding observations on happenings in Guatemala since his departure as DCM, and of U.S. Involvement in Guatemala. In the memo, which has since been Declassified, Vaky is seriously troubled by the ostensibly perpetual actions by Government of Guatemala (GOG), and of U.S. culpability in it. Vaky defined the actions being taken by GOG as having a “terribly corrosive effect on Guatemalan society and the nation’s political development” (See relevant excerpts from the Vaky memo in Appendix). Vaky stated, and with bluntness not usually seen, to Oliver that, continued GOG actions have “just deepened and continued the proclivity of Guatemalans to operate outside the law. It says in effect to people that the law, the constitution, the institutions mean nothing, [and] the fastest gun counts” (See Appendix). In other words, Vaky was informing Oliver that the U.S. was helping to groom a lawless society. In 1977, citing the continued prevalence of horrendous human rights violations, the Carter Administration in the U.S. pulled-back, and in fact, ceased supplying Guatemala with arms.

Since Vaky dispatched his concerns and critique of U.S. engagements with Guatemalan entities and of in-theatre events in 1968, to have it served-up to U.S. Secretary of State Dean Rusk in a Policy context, still other flows of (then) Classified reports from both the U.S. Embassy in Guatemala, the Central Intelligence Agency (CIA) and the Defense Intelligence Agency (DIA) came into U.S. Government in Washington, regularly, relating the brutality of the violence, extrajudicial killings, political murders and corruption among other things. However, immediately after Ronald Reagan became the President of the United States, succeeding Jimmy Carter, both Reagan and his administration wanted to, as quickly as possible, restore military aid and training to the repressive Guatemalan Government that was killing its citizens in the name of fighting communism. And eventhough a steady stream of information was coming in from the field - into the possession of the Reagan Administration, ‘retelling tales of horrors,’ internally advising continually, ‘no involvement’ with Guatemala, the White House secretly made overtures to Guatemalan officials of the new administration’s desire to want to support (See Fig. 9). Regan’s own Ambassador to Guatemala, Frederic L. Chapin, by way of giving a status report in February of 1984, urged Secretary of State George Shultz to take the moral high ground (See Fig. 10), asking as Vaky did in 1968, to ponder upon our (U.S.) values and to not be ‘duplicitous’ on Guatemala, given the barbarism on the ground; to no avail.

Fig. 9

Reagan White House Action Items. Source: Ronald Reagan Presidential Archives

Fig. 10

Excerpted Declassified State Department Cable From Amb. Frederic L. Chapin to U.S. Secretary of State George Shultz, Urging Taking a Moral High Ground on Guatemala. Source: The National Security Archive The Guatemala Project

Back in 1977, when the Carter Administration ordered a U.S. military assistance pull-back, an arms-sales vacuum was created, and Guatemala did not have to look for long to have the void filled, for it was very speedily and happily filled by Israel, who had a growing defense industry to maintain, beginning in 1967. Beyond Israel’s arms sales, the country provided technology transfer and technical assistance too. In “Israel and Latin America: The Military Connection,” Bahbah and Butler record that “the importance of Israel’s assistance ha[d] not been so much in terms of arms sales, but in what [was] loosely [to] be called “services,” i.e., various forms of cooperation and use of advisors.” [80] Bahbah and Butler also documented that during that time, with Israel’s assistance, Guatemala’s “military government subdued its guerrilla challenge and…the government attribute[d] the success of its efforts in this regard to the lack of U.S. oversight and advice, [that] enable[ed] it to find its “own solutions.” Such solutions-widely agreed to have been unparalleled in violence-included scorched earth campaigns, the bombing, burning and bulldozing of entire villages, massacres in the countryside, and death squad killings in the city” [81].

Israel was fully aware of the repressive history of the Guatemalan Government. Yet, Israel’s defense establishment supported by the central government, was eager to do business in Central America. Yohanah Ramati, a former member of the Israeli Foreign Relations Committee during the 1977–1984 ‘Likud’ government, branded Israel’s willingness to work unscrupulously with anyone in the world, in the following fashion. Of Israeli policies regarding the matter, Ramati observed, “Israel is a pariah state. When people ask us for something, we cannot afford to ask questions about ideology. The only type of regime that Israel would not aid would be one that is anti-American. Also, if we can aid a country that it may be inconvenient for the [U.S.] to help, we would be cutting off our nose to spite our face not to” [82].

As a side note, Bahbah and Butler assert in their writings that Israel had an unbridled willingness to do business with unsavory regimes in Central America. They wrote, that in such dealings, Israel chose to “impose no restrictions for reasons of moral and political distaste (e.g., human rights),” and that “Israel supplying the anti-Semitic military junta of Argentina in the 1970s and early 1980s [represented] one of the more unsavory…” [83] example of such relationships. Additionally, while a UN embargo was in place, violating it, the Israelis armed Bosnian forces who then perpetrated massacres; it supplied arms to Chile and Nicaragua and more recently to the evildoers in South Sudan [84]. Israel’s cooperative arrangement with the then oppressive Guatemalan Government served to entangle its whole population in a web of surveillance (as it will be seen below), and to immerse Guatemalans into a generation or more of bloodshed. Figure 11.

Fig. 11

Dossiers of Two Victims of Guatemalan Death Squads, Surveilled and Tagged. Source: National Security Archive - The Guatemalan Project

“The bureaucratic procedures for approving the killing of a dissident are well-established. “A local military commander has someone they think is a problem,” the officer explains. “So they speak with G-2, and G-2 consults its own archives and information from its agents and the police and, if all coincide, it passes along a direct proposition to the minister of defense. They say, 'We have analyzed the case of such and such a person in depth and this person is responsible for the following acts and we recommend that we execute them.'” …“Prominent Political dissidents get special consideration. "When there is a big fish, G-2 makes a presentation, they review all the problems with the person, the objective of the mission, and their recommendation. They can give three options—disappear [kidnap and execute] them, eliminate them in public, or simply invite them to leave the country.” [85]

Around 1979, An Israeli defense industry firm Tadiran, installed information technology service tools for the notorious and ruthless Guatemalan Police Intelligence unit, the G-2. The G-2 systematically amassed electronic dossiers on all those who were considered sympathizers, collaborators, aiding and abetting voices, actors in, or supporters of governmental opposition, such as those that were suppliers, transporters, facilitators/brokers; any and all.

On one hand, the electronic dossiers served to identify specific Guatemalan persons for execution. On the other hand, the information technology and the surveillance network to which it was connected served to identify ‘out of the ordinary’ use of utilities (water, electricity etc.) by those among the population who could be anti-government radical operatives [86]. Subsequent to the information technology installation in Guatemala with the assistance of Israeli Intelligence (who, according to Jane Hunter, “text-booked the operation” in-line with Israel’s “experiences in Palestinian areas”), the Guatemalan Government began the registration of the entire population in 1983. By 1985, Guatemala had registered 80% of all adults in their population [87]. In El Salvador, the same equipment was supplied by Tadiran to catalog people there.

The world began to see the possibility of the 35 + year civil war in Guatemala coming to an end, as steps toward peace were formally underway in 1996, when under the auspices of the United Nations, Government of President Alvaro Arzu Irigoyen signed Peace Accords with rivalling factions in the country, with optimism of restoring peace and tranquility through a reconciliation process.

For the purposes of this Editorial Chapter and more direct Privacy and Security considerations, it is vital to be reminded that in the instance of Guatemala, the people of Guatemala, through its government was a signatory to the Universal Declaration of Human Rights in 1948. In that regard, the following conclusions, which the United Nations sanctioned “Commission for Historical Clarification” (Guatemala) arrived at, will be important to reference herein. The Commission concluded that the killings, the genocide in Guatemala over 35 years amounted to be “grave violations of international human rights law whose precepts the Guatemalan State ha[d] been committed to respect since it approved the Universal Declaration of Human Rights and the American Declaration of the Rights and Obligations of Man in 1948” [88].

Moreover, the Commission explicated that “[a]s regards international humanitarian law, which contains the obligatory rules for all armed conflicts (including non-international armed conflicts), the [Commission] concludes that Guatemalan State agents, the majority of whom were members of the Army, flagrantly committed acts prohibited by Common Article III of the 1949 Geneva Conventions, particularly with respect to attacks against life and bodily integrity, mutilation, cruel treatment, torture and torment, the taking of hostages, attacks on personal dignity, and particularly humiliating and degrading treatment, including the rape of women,” and “that many massacres and other human rights violations committed against […] groups obeyed a higher, strategically planned policy, manifested in actions which had a logical and coherent sequence” [89]. The Commission placed the blame squarely upon governmental structures and parties within them, for driving and the administrating of horrific crimes in Guatemala, declaring, “the State of Guatemala holds undeniable responsibility for human rights violations and infringements of international humanitarian law” [90].

Realization of Privacy and Security as basic values in a modern society, in the Digital Century, will ultimately be the byproduct of having a “civil” society, where a “civilizing” of humankind has permeated to each individual in society, and a ‘high-bar’ has been set in relation to Privacy and Security as ‘must-have’ values, where persons will be, and are, held accountable for transgressions and outright criminalities done against ‘high-bar’ values. Instead, what we have is the following. From such long-lasting civil-wars as in the case of Guatemala and El-Salvador, violent elements, and indeed, a culture of “total violence” and all its components have since transcended Salvadorian and Guatemalan borders, and has rooted itself around the world in the form of a gang termed as ‘most ruthless,’ the ‘Mara Salvatrucha’ or MS-13. As this Editorial Chapter was being written, gang and political violence of a close-contact nature is once again claiming “wrong-place at the wrong-time” innocents in Guatemala. Corruption is running rampant. No respect for anyone’s Privacy, Safety, or Security can be expected in such volatile and corrosive environments. Lastly, beyond political, social, military, and economic entanglements, lay a more foundational entanglement -- of a moral nature. Beyond arming unsavory regimes, facilitating torture and murder, and clandestinely looking the other way, is that moral entanglement, where, “one hopes forever,” that none will lay blame for the more foundational moral lapses made.

Consider that the United States signed the Universal Declaration of Human Rights, as did Guatemala, and as did Israel. Yet, more foundationally, the Declaration was violated, and substantive acts (some of which are detailed here) by all involved, assisted to careen an entire ancient civilization toward a modern moral and ethical abyss. Reminding Israelis that the Jewish State had ratified the Universal Declaration of Human Rights, and that the Declaration itself “was drafted in the shadow of the Holocaust horrors and in view of millions of homeless refugees,” a Israeli Newspaper had warned its readers in 2011, that by nature of Israel’s involvements and specific activities, the State was now jeopardizing the very existence of human rights in Israeli society [91]. More recently, the same newspaper through an Editorial, told its readers to be aware that their nation was arming the repressive Government in Myanmar [92], acknowledged by the international community as conducting violent ethnic cleansing actions against the Rohingya, a minority population.

Throughout, the author has made attempts to demonstrate that a mere presence of laws in society is grossly insufficient, while pursuing to lay esteem to Privacy and Security as prime values in society, and detailing of the need for a watchful eye, and invigorated actions toward sustaining Privacy and Security values over time. As an example, among other essentials components that must exist in the mix would include law enforcers who have good training - in the full range of their duties and a clear comprehension of the range of laws they must enforce. They must have appreciation and respect for law and order, borne out of a personal understanding of civility and Constitutionality, and must have demonstrated their ability to be moral and ethical in their actions. [93] Most of all, the central message within this section has been that Society, and those who are in it, must be civilized. Without a very individual “civilization,” the possibility to uphold and/or express “human rights” meaningfully, at any level will be questionable. All along, we must also ask, what becomes of the Privacy and Security of citizens in a State, when vast instrumentations of the State are organized against its citizens? What is to be the result of a foundational deterioration, or corruption in the way a State is organized; intellectually, legally, or say, morally?

4 Re-establishing human rights foundations in the long shadow of atrocities - the Rwandan experience

There are particularly good reasons as to why this Journal’s Special Issue on Privacy has featured within it, key contributors from the Republic of Rwanda, and the Republic of India. Before exploring those reasons and examining the cases of Rwanda and India, the author wishes to petition the reader to ponder the extent to which our Personal Privacy and Security standards have become developed, and have, or have not become expressible, in terms of the Universal Declaration of Human Rights (UDHR) is a reflection of how civilized we have become as a society. The aforementioned matter of “civilizing” will at least be peripherally discussed, and to the extent possible, within the scope of this editorial in order to demonstrate the basis for that assertion. Figure 12.

Fig. 12

President Paul Kagame of Rwanda gesturing at “The Transformation of Tomorrow” Session at the annual meeting of the World Economic Forum in Davos, Switzerland, Jan. 20, 2016. Courtesy of: Reuters/Ruben Sprich

More generally, we must take note that, the travesty that humanity as a whole must now unambiguously and totally confront is the verity that the human race cannot logically lay claim to be civilized, to be ‘ improved ,’ whilst being incapable of expressing through actions, the very essence of ‘ a civilizing ’ to which we lay claim. Respect for human life is paramount in terms of the Universal Declaration of Human Rights; and Privacy is a sub-set of the UDHR. Examination of current conditions within the Republic of Rwanda, and the Republic of India - in the overall – amount to teachable moments for the human race, in relation to Personal Privacy and Security.

Rwanda today is a nation that offers nearly universal health care for its citizens, and 12 years of public schooling for all children, and as a Republic with limited resources, they have managed either to meet, or to exceed the United Nations’ Millennium Development Goals.³⁶ The nation has managed to successfully halve for instance, “the proportion of people suffering from hunger, and has made good progress toward reducing by half, the proportion of people living below the national poverty line and those living in extreme poverty.”³⁷ Rwanda today is a rising economic force on the Continent of Africa, and among one of the fastest growing Sub-Saharan, and African economies in the overall [94], while Kigali, the Capital City is considered the cleanest and safest on the Continent. Perhaps none of these achievements will have been possible, if the Republic and her people had not made the decision, and to thereafter be determined to follow-through on national commitments to repair and heal from the horrors of the past; to rise from the ashes.

From that nation’s colonial histories, to the genocide against the Tutsi, in 1994, Rwanda has had to bootstrap new beginnings from the stampings of a failed state. Rwanda has had to re-invent itself from a state where many instruments of central government had once organized, and had aided, in the cordoning of citizens for massacre among other things, to the challenge now of having to drag an agrarian population along [95] into a democratized future with newly established constitutional foundations and all other relevant instrumentations of a modern society. Such an effort is not something that an unprepared mind can sufficiently comprehend, not only due to the level of social and economic complexities involved, but due to the level of governmental discipline, and also the sheer level of sharp and determined focus that needs expending toward re-institutionalizing a type of focus that is constantly and consistently required for transformative purposes.

In these highly troubled times, Rwandan Government’s participation in the Special Issue represents great personal courage on the part of the particular participant personally, and is additionally a sign of a promising direction for people and those instruments of national governance.

At the 2015 and 2016, World Economic Forum (WEF) meetings in Davos, President Paul Kagame was visibly engaged in informing and educating WEF attendees that Rwanda was committed to be a forward-thinking and forward-looking country, with many strategic initiatives underway - to rapidly transform the nation. During the meeting, President Kagame urged participants to consider the Economic promise of Rwanda, and that within the Continent of Africa as a whole. In hearing the President’s perspectives and appeals, the author was starkly confronted with the high-contradictions, and the several devils that Kagame had to have been battling – even before he got out of bed that morning for the WEF meeting in Davos, on 20 January 2016.

On one front, Kagame and his administration were clashing [96] with entrenched accusations of political repression, muzzling of the press, and criticism, extrajudicial killings, and authoritarianism among others [97]. On another front, Kagame had arrived in Davos, intent on gaining international support and commitment for his social and economic visions [98], one that entailed the transformation of a struggling small African nation with its agrarian economy into an Information and Communications Technology (ICT) driven powerhouse on the African Continent. On yet another front still, Kagame, who is largely recognized as having been³⁸ responsible for ending the large-scale massacre of civilians in 1994, has had to look beyond his nations past, in order to lay the first cornerstones for a new Rwanda, to be built upon blood-soaked soils.

Listening to President Kagame at the time, this author had concluded, and perhaps not unlike other political scientists [99] that, in all manner of activities endeavored and accomplishments achieved by Rwanda would likely be viewed by the world through the lenses of the “ghosts of horrors past,” and that the use of those lenses would perhaps be unavoidable, given the nature of the horrors that transpired. Yet, there was a sense of hope, vitality, and conviction in President Kagame’s message, which he presented in Davos, on behalf of his people.

The challenge that ran through this author’s mind at the time was, how it will be possible for the world to assist the Rwandan people advance, in relation to ICT, and in relation to Privacy and Security, and still ensure that the horrors of the past have fewer than any chances at all to revisit [100]. This was particularly important going forward since core to Rwanda’s plans to transform its national economy involved thoroughly modernizing the nation’s internal ICT capacities and capabilities.

Given the tragic history of the Rwandan genocide against the Tutsi, in 1994, where: 1) government issued national ID cards with ethnic identifiers (See Fig. 13) facilitated the mass killing Rwandan citizens, and 2) where the government had once organized itself and aided in the killing of civilians, the present day government’s commitment to creating large-scale national operational efficiencies and sufficiencies based on ICT modernization could be very troublesome, if the improved ICT infrastructure, various components, and functionaries were to fall into the wrong hands at any point in the future. The view, with respect to Rwanda’s running initiatives to modernize, imposed a larger consideration, that with specialized ICT infrastructure, facilities, operational modalities, capacities, and developed capabilities, and the scope of proposed Rwanda ICT penetration into government and civil sectors could enable an iniquitous future government, where it’s proscribed arms or agents, could once again bring evil acts upon innocents.

Fig. 13

Rwanda National Identity Card circa 1994 - Identifying a National by Race, a Tutsi. Source: Genocide Archive of Rwanda - Aegis Trust, Kigali, Rwanda, 2017

Fittingly, subsequent to the WEF meeting, this author sought cooperation from the Government of Rwanda to ink for the Special Issue, a contribution that would highlight the transformative efforts being undertaken by the Rwandan Government, shedding light on corresponding lawful and constitutionally protective measures that the government has been planning and implementing in relation to ICT modernization, for the sake of the Rwandan population. The intention was to have the Rwandan Government indicate to the scientific and policy communities, the ways and means through which the Rwandan Government had planned to protect and safeguard the life and limb of present and future citizens of Rwanda from malevolent ICT use, regardless of persons in power.

Following consultations, His Excellency Jean Philbert Nsengimana, Rwanda’s Cabinet Minister for ICT, tendered a composition reflecting Rwandan Government efforts to protect the Privacy, Safety and Security of Rwandan citizens and residents, given the Republic’s strategic ICT initiatives and plans. Minister Nsengimana’s contributions will undoubtedly stand as a small testament to not only his personal courage, but also to the government’s desire to share with the world, their commitment to instituting ongoing robust measures of national unification, reconciliation, reconstitution and the establishment of protections for citizens and residents of Rwanda from the perils of ICT use. The author has been advised that the nation’s strategic ICT plans are based upon a leadership vision to have Rwandan national revitalization and ICT modernization efforts co-exist with the evolution of governmental channels and processes - undertaken to establish systems and laws to assure data safety and protections for all within its national boundary. His Excellency, Minister Nsengimana’s contribution to the Special Issue details [101] much of these efforts.

5 The case of privacy in India

Privacy and Security evolution in the case of the Republic of India should afford each of us distinct opportunities to discover world-fissures that prompt a questioning of our individual constitutions in relation to the world in which we live, chiefly tagged these days (wrongly) as being “too complex or too violent and crazy to deserve serious reflection” [102]. Narcissism, isolation, racism, xenophobia, extremism/nationalism, fanaticism (religious, political, economic, militaristic), and authoritarianism/fascism are indeed on the rise the world over, but, there must be push-back; for within improving societies, such sociopathies must be reversed through intensified vigilance at the individual level, very sensitive public awareness, education and the intellectual transformation of every member in our society. After our total examination of Privacy and Security states here, founding a ‘reconciliation’ process in the context of a larger need to establish civil societies might be a good beginning. However, before we can inch toward any ‘Reconciliation’ process, even symbolically, each of us collectively must examine those things that are preventing us from categorically understanding the true depth and the scope of the intellectual misunderstandings related to Personal Privacy and Security in relation to the world we inhabit. Figure 14.

Fig. 14

Registering Participants in the Aadhaar The World’s Largest Biometric Identification Program (India) Courtesy: Reuters

At the present, Privacy and Security inconsistencies are outgrowths of society’s incorrect focus and posture - only upon those concerns involving misconfiguration(s) in/of, instruments of law and/or their foundations. This is not where our attention should be solely. Societal weaknesses to establish, and durably maintain Personal Privacy and Personal Security keystones are more a function of how society is not organized (or is largely unorganized), and has been inadaptive to rapidly occurring globally inter-connected changes. Observing and being students of occurrences and experiences emerging in the Republic of India will likely hand to each of us greater clarity and the motivation to elevate Personal Privacy and Security appreciably to needed levels where the global struggle to meet and exceed knowledge economy related challenges can be fulfilled without compromising ourselves any more.

5.1 Privacy ruling in India: one small step for man -- one giant leap for mankind, or is it?

On 24 August 2017, with the words, “[l]et the right of privacy, an inherent right, be unequivocally a fundamental right… [t]his is the call of today. The old order changeth yielding place to new,” [103] the highest court in that Republic, ruled that Privacy was a fundamental right for nearly 1.4 billion of the world’s human beings. To an onlooker, however, the Privacy situations and the plethora of Human Rights issues that the Indian people are wrestling with, presents enormously perplexing and deeply conflicting pictures.

On one hand, preceding the Supreme Court ruling, the Government of India under the leadership of Prime Minister Narendra Modi had unconstitutionally been fully committed to, and was in the middle of, administering to every Indian citizen, an officiated permanent digital implant that w/could permit routine and persistent surveillance of the whole population.³⁹ On the other hand, the Indian Supreme Court ruling has philosophically reversed the natural poles of the planet, for no court of any kind, anywhere has ever affirmed, and done so concretely, that Privacy was someone’s elemental right. Not only was this ruling, one of an inter-stellar proportion for humanity everywhere, but, the Supreme Court essentially sowed the seeds to apply the brake, even to arrest - all personally intrusive measures that the Government of India had undertaken to that date, and that the Government was fully intentioned to have continue. Despite the Supreme Court ruling, the Indian Government still actively maintains efforts throughout the country to register Indian citizens into its Biometric ID program called the Aadhaar, considered the largest in the world, which (when, and if completed) will have registered and tagged nearly 1.4 billion people.

How was it possible for the Indian Government to implement a largely unconstitutional program among 1.4 billion people, in “the world’s largest democracy,” and by a machined legislative decree? Better still, how exactly did India swiftly get onto the surveillance super-highway? Such are the questions that should be asked, and some of them will be explored further in this section, giving sufficient granularity into India’s current experiences, also with due considerations to that long-lived land, her rich and celebrated history and her wise peoples.

Given India’s 4000+ year history, if anything, she should, by all accounts be one of the most advanced Republics on the planet, with firm foundations, principles, practices and practitioner wisdom to pass on to the rest of the world not only in the area of Privacy but, in all matters related to Human Rights. However, in every such respect, in the present days, the Republic of India is a nothing short of a conundrum. This author has determined that there exists a critical necessity to discuss a number of key areas related to India, and her history, which will be relevant to any broader discussion on Personal Privacy and Security, worldwide.

As a Parliamentarian, the Honourable Tathagata Satpathy from the Republic of India has accustomed us in “The Aadhaar: “Evil” Embodied as Law,” [104] that India is known the world over for many things; the origin of human languages, grammar, literature, music, medicine, mathematics, physical sciences, art, etc. In a matter quite directly related to the ‘civilizing of the human race’ more broadly, the following aspect related to India’s history must surely be considered, for it is a matter that contributors discussing dilemmas now faced by Indian people have not covered. Those discussion points are highly relevant historically, and contextually, in terms of all considerations related to the establishment and maintenance of Personal Privacy and Security environments everywhere..⁴⁰

5.2 “World’s largest democracy” and a glimpse into India’s privacy related human rights conflictions

“The Greeks before the time of Pythogoras, travelled to India for Instruction. The signs of the seven planets and of the seven metals are still almost all over the earth, such as the Indians invented. The Arabians were obliged to adopt their cyphers. Those of games, which do the greatest honor to the human understanding, incontestibly come from India; as elephants, for which we have substituted towers, evince. In fine, the people who were the earliest known, the Persians, Phenicians, Arabians, Egyptians, went from time immemorial to traffic in India, in order to bring home spices, which nature has given to those climates alone; but Indians never went to ask any thing from other nations,” said Voltaire [105].

Eventhough India’s history (some of which is obscure), is vast and rich, the untrained Western mind is tuned to receive only chronological signals of History since Indian independence in 1947. It is for this reason that a delving into India’s early periods must be performed to better contextualize discussions related to Personal Privacy and Security.

Despite colonial and post-colonial efforts to blur historical chronologies [106], India, is arguably the seat of the world’s oldest [107] Republic [108], which also gifted to the world, the Arthashastra [109], the ancient world’s tome on matters of statecraft, and the administration of Empire. The Arthashastra [110], was antiquity’s manual of polity and governance; on establishing and maintaining accountability, details related to economics, finance, manufacturing, trade, commerce, laws, punishment, strategic actions for Empire/Nation etc., written by the Indian philosopher, visionary statesman, and political economist Chanakya/Kautilya (350–275 BCE). The Arthashastra [111], was in essence, part of a framework created for an Empire to establish and maintain social order, economic and military superiority, peace, sovereign borders, and a guide to the maintenance of individual moral qualities and expected societal behaviors.

In full view of modern-day Nation State mass surveillance activities, studying that which Philosopher/Teacher/Kingmaker Chanakya had once inscribed in Arthashastra [112], will be important to consider, especially since the text amplifies the need for good government and good governance, among other things. One example of good guidance from Chanakya is, where he said, “[i]n the happiness of his subjects lies his [the King’s] happiness; in their welfare his welfare; whatever pleases himself he shall not consider as good, but whatever pleases his subjects he shall consider as good.” In the land of the Arthashastra then, how could the central government foist upon the Indian population, anything that could have become a source of great malady to the public’s welfare?

Algernon Sidney once compelled us to comprehend that “if governments arise from the consent of men, and are instituted by men according to their own inclinations, they did therein seek their own good; for the will is ever drawn by some real good, or the appearance of it. This is that which man seeks by all the regular or irregular motions of his mind. Reason and passion, virtue and vice, do herein concur, tho’ they differ fastly in the objects in which each of them thinks this good could consist. A people therefore that sets up kings, dictators, consuls, pretors or emperors, does it not, that they may be great, glorious, rich or happy, but that it may be well with themselves and their posterity ” [113]. So, did Indians knowingly direct their government representatives to decide unpropitiously in the matter of the Aadhaar legislation, which was destined to inflict upon the people, a treacherous and problematic posterity, or were they somehow fooled into electoral action? If the Indian people were fooled, how could such distress and misfortune arise, given their age-old experience with governance, and in many flavors? On the other side, the side of those elected Indian government representatives, did they forget that “[g]overnment is not instituted for the good of the governor, but, of the governed; and power is not an advantage, but a burden”? [114]

5.3 Is India an Ochlocracy [115], and what are the privacy and security implications?

India’s Constitutional Preamble states: “WE, THE PEOPLE OF INDIA, having solemnly resolved to constitute India into a [SOVEREIGN SOCIALIST SECULAR DEMOCRATIC REPUBLIC].”⁴¹ Why is an analysis of the Indian governmental orientation and organization of importance to a Privacy and Security discussion? If the task of protecting Personal Privacy, and ensuring the Security of citizen information is to fall to the government, to what extent, and how well, will the Government be able to perform those functions? Stated in another way, the manner in which the government is organized, its many instruments are aligned or misaligned (to facilitate governance), its laws, how government administers etc., is all functionally important to how well Privacy and Security as desired values are, or can be, protected and cherished. In this vein, constitutionally established descriptions and authorities are very important for the purpose of daily operations; but, by no means should a national constitution be considered a limiter, for constitutions can be modified to fit changing needs over time. Nevertheless, it is a guidepost to present-day thought, and accompanying instrumentations to be in place to facilitate governance. Therefore, when constitutional elements present foundational confusion, there are bound to be structural problems integrally, that follow. Briefly then, the following points are noted to give the reader an appreciation of the seriousness, intricacy and the range of the problem set. Terms like “Democracy,” “Republic” and “Socialism” remain all-too confusing for the layman, and have remained so. If the United States is to be used as an example to illustrate the point, and it should (as a more mature modern Republic in comparison to India), the following points are extremely important contextually, to the establishment of Privacy and Security protections, maintaining reliability structures and originating citizen benefits that are now constitutionally protected in India.

As an example, let us examine the term “Democracy,” for the prevailing confusion the term generally announces. Concentrating on the United States as an example, many ‘Founding Fathers’ of the nation loathed the notion of an enshrined “Democracy.” The antipathy that John Adams had for “Democracy” is made obvious to us - in this time – by reading Adams’ letter to John Taylor, wherein he says, “Democracy never lasts long. It soon wastes, exhausts and murders itself. There never was a Democracy yet, that did not commit suicide” [116].President George Washington communicated similar feelings of revulsion as Adams, so noted the first, and the most venerated Chief Justice of the United States Supreme Court, John Marshall, in his writings on the life and times of Washington. Marshall penned, that Washington was of the belief that, “[b]etween a balanced republic [representative structure] and a democracy [rule by the people], the difference is like that between order and chaos” [117].

The United States is structurally not a “Democracy.” Still, the “Democracy” fallacy runs deep and wide, especially among many mandarins (elected representatives, political appointees, department and agency heads etc. etc.) of the day in U.S. government, who neither understand the function of government, nor the precise manner through which government functions are to be carried out for the benefit of the people to meet constitutional sufficiencies [118]. In “Democracy Not the Crowd: Our Popular Delusion,” political theorist and philosopher Mary Follett wrote“[when] we define democracy as the “rule of the whole,” this is usually understood as the rule of all, and unless we fully understand the meaning of “all,” we run the danger of falling a victim to the crowd fallacy. The reaction to our long years of particularism, of “individual rights” and “liberty,” which led to special privilege and all the evils in its tram, has brought many to the worship of the crowd” [119].

While what is about to be said, should not be interpreted as a book review, in agreeably more plain language for the non-social science person, that philologist, the political scientist, political economist, public administration scientist, or students of political constitutions and political constitutionalism, Viscount Richard Haldane once encouraged a reading of Follett’s astute awareness, and acumen on Democracy. Of her writing, Viscount Haldane said, “[i]t is the exposition of a principle which is not stated for the first time, but which, in the form and connection in which she states it, seems to place many difficulties in a new light, and to lay to rest controversies, some at least of which have arisen out of misinterpretation of what is fundamental” [120]. Haldane’s perception related to “Democracy” related misinterpretations as noted by Follett (and others), persists today, and is more common. The unmistakable spreading of “Democracy” falsehoods by pseudo-intellectuals, is at least partially responsible for government mal-orchestration and inoperability, and uninteroperability. Philosopher of History, Cornelius Castoriadis has written much about this [121]. That said, a layman could potentially comprehend the terms, “Sovereign Republic” and a “Secular Republic.” But, what clearly is a “Democratic Republic,” or a “Sovereign Socialist Secular Democratic Republic,” given the problems that lay-people have with “Democracy” as a word?

Wisdom on government and governance from Chanakya, the martyred Whig Algernon Sidney, John Adams, Marshall, and Washington aside, the contemporary frame of reference for considerations and discussion on Personal Privacy and Security is the Universal Declaration of Human Rights of 1948.⁴² The most interesting aspect of the Universal Declaration of Human Rights, beyond the declaration itself is the fact that this document broke the world record for being the most translated document in the world, in 1999, at 370 languages and dialects [122]. Today, there are over 500 distinct translations available. Quite obviously, the world is eager to have this document and the message it contains; the world must feel a great kinship with the value of the message within. Relationally, it is worth observing that in Arthashastra, Chanakya had captured the quintessence of UDHR as indispensable cornerstones to advancing just, peaceful and thriving societies. Chanakya had inscribed that, “[h]armlessness, truthfulness, purity, freedom from spite, abstinence from cruelty, and forgiveness are duties common to all.” .... “For the world, when maintained in accordance with injunctions… will surely progress, but never perish.” ⁴³ This is the backdrop against which, we must consider the challenges that Indian society is/will be facing, and considering further, just what, and how, we can learn from these ongoing Indian experiences, to restructure and modernize international safety and security frameworks.

5.4 Forward political climate

The first component to consider is the current political climate in India. Former Reserve Bank of India⁴⁴ Chairman and academic, Raghuram Rajan, took the opportunity to illustrate, what India will have to look forward to, if India continued down a path of political disorder, and if institutionalized corruption continues to advance unabatedly. Rajan diplomatically admonished the mandarins, saying, “[b]y killing transparency and competition, …[a]nd by substituting special interests for the public interest, it is harmful to democratic expression” [123]. Curbing of one’s freedom of expression hurts a Republic. Privacy and Security of personal information related insecurities fall under actions of States to curb personal freedoms, such as expression.

Corruption is a front-runner in a list of maladies that plague the Indian republic, and its very existence. Corruption at every level of society has threatened individual freedoms in India for decades; and now, its continuation, aided by ideologies and the machinery of political extremism rearing prominence (See Fig. 15) in the Digital Century - makes India’s very existence, and the vibrant potential of every individual resident in India, at threat. Extremism/Tribalism and corruption has had a long co-existence in the Indian society. The effectiveness and performance of Privacy and Security protective foundations in law, and all other means of remediation will for example, be ultimately hinged to the government’s ability to work past ‘hard-entrenched’ corrupt functionaries and their instruments, which are completely unreliable. Interestingly, one World Bank research report had characterized the nature of country’s corruption as, “widespread,” and that “…corruption within India’s legal system and government significantly weakens legal protection in practice” [124].

Fig. 15

Hindu nationalist summer camps for girls take place across India, all operated by an organisation called the Durga Vahini. (In: “India’s Hindu Fundamentalists). Courtesy: Al Jazeera

Recently, Milan Vaishnav of the Carnegie Endowment for International Peace wrote from his research that “it is clear that criminality in politics [in India] is widespread” and that “candidates linked to crime appear to have a hefty electoral advantage” [125] In reference to the same topic, Vaishnav noted, and more importantly that, “a candidate with a criminal case was, on average, almost three times as likely to win election as a candidate who faced no cases” [126]. This is the living and breathing political constitution and governmental environment within which Personal Privacy and Security must find it possible to land, survive, and thrive. Consequently, a sensible individual is forced to ask if India, and her nearly 1.4 billion people are part of a Republic, or an Ochlocracy [127]. The author herein shall aim to make note of a limited number of examples that will support the need to have that question answered, and properly, without evasion. There are many reasons to why such questions are eminently pertinent, in terms of Personal Privacy and Security.

Political stability, and the economic future of India (at the least - as a regional power) in the Digital Century are of great concern to many external to India, apart from those within. The need for concern and pause emanates from the understanding had, that, “[w]ith weak government administration at the federal and state levels, poor intelligence, and growing corruption, criminal elements have gained opportunities in India’s political system, and criminal-state and criminal-communal nexuses have emerged” [128].

The new Prime Minister was elected making uncompromising promises (at least superficially) declaring that he would, and could, tackle the rampant corruption in the country [129], where 70% of the population now pays a bribe to obtain the most basic of services [130]. In terms of discussing how effectively Human Rights (of which Personal Privacy and Security are components), or the UDHR are, and will be honored, extended, and preserved in the Indian society, a short discussion of key societal aspects foundationally essential to buoying and defending of the “Indian democracy” (such as it is), and of the upholding of key principles will be prerequisite.

Narendra Modi was sworn in as the 15th Prime-Minister of the Republic of India, in May of 2014 upon the back of a rising Hinduistic-extremist tide. Prior to Modi’s ascension into the role as the new Prime Minister of the Republic, he had been banned from entry into the United States, since 2005, for his political role in not curbing religious riots, and particularly in not preventing the loss of life in said religious riots. Modi has been the only political entity to be banned entry into the United States, for: as the United States Department of State put it, “any foreign government official who “was responsible for, or directly carried out, at any time, particularly severe violations of religious freedom” [is] ineligible for a visa to the United States” [131]. Hindu nationalism is on the rise in India, and as never before in recent memory, and in part, Modi’s win has surely given rise to the same. A member of the “Rashtriya Swayamsevak Sangh” (RSS), a Hindu nationalist organization since childhood, Modi rose through Party ranks, artfully constructing the party message along the way, communizing and popularizing the notion of creating a new India; a Hindu nation, with a dominant Hindu ideology; shunning pluralism and secularism. Since his installation, Modi has promoted his ideas for a new India, as in the case of rejecting secularism (in line with RSS political orientations), and encourage and even endorse India-wide cretinism through “Saffronization,” a process of causing adhesion to revisionist histories by way of creating select textbooks [132] and machining an educational curricula suited for such a purpose [133].

Despite persistent accounts (among other things) of “Hindu-Muslim” conflict, India’s history has seen secularism finding a reasoned and near dominant place in society, especially since the Mauryan Emperor Ashoka, in 270 BCE. It is not a minor point, nor is it an accident, that Ashoka promoted secularism as a core ideal for his Empire and encouraged its thriving beyond, for Ashoka was the grandson of Emperor Chandragupta Maurya, whose was tutored and advised by Chanakya.

Also not a minor point is the fact that Prime Minister Modi, since his inauguration has, carefully engaged in the entrenchment and proliferation of nationalistic ideology by disquieting means. Carefully massaged political messaging and party posturing has seen an expert whitewashing of certain critical aspects of contemporary Indian history in the march toward a ‘new India.’ One such act by Modi, nearly unthinkable among reasonably minded people and circles, was to replace an image of Mahatma Gandhi, a near worshiped icon of national struggles for independence and freedom – with his own image – in a key symbolic venue [134]. Another action, seen as equally extreme, but subtle – vicious, and yet clever, is more prognostic still, of new directions for India. In a recent speech before the Indian Parliament, the Prime Minister did not mention one of modern India’s well-known freedom fighters, and her first Post-Independence Prime Minister, Jawaharlal Nehru; [135] remarkable, considering that the speech concerned itself with a subject and action, which had intimately involved Nehru, whereby, both Mahatma Gandhi and Jawaharlal Nehru were imprisoned for their ‘joined’ action.

The reasons behind Modi’s reluctance to speak of Nehru were two-fold. One, Modi had sure-fire intentions not to further elevate the account of histories and profile of personages associated with the Nehru-Gandhi political dynasty in the known space-time continuum [136]. Two, eventhough Nehru was well habituated with centuries old Hindu-Muslim rivalries in his time, he intentioned unity among the many population segments of what was to be post-independence India, and their peaceful co-existence in one India. Nehru promoted a philosophy of national unity through the adoption of the Ashokan principle of secularism.

Powerfully, and perhaps even insightfully, Nehru has knit himself into the very fabric of present-day identity of India; an identity too deep and weighty to either dislodge, or to de-frame. A key example of the knit as described before concerns Nehru’s involvement in the making of symbological choices for the national insignia, the Ashokan “Wheel of Law” [137] to be situated in the middle of the national tri-color flag, and “‘the lion’s roar of the Buddha’” as India’s national emblem [138]. Of the national flag with the Ashokan “Wheel of Law” as the centerpiece, Sadan Jha described its evolution as a “triumph of history over the past, precision over ambivalence, singularity over multiplicity, standardization over fluidity and knowledge over the experiential dynamics of seeing” [139]. Fundamentally, these value-centered perspectives and directions are at odds with the running perspectives of the day in Indian government and in many aspects of Indian public life.

Regardless of India’s rich evolutionary history, the bulky rise of intolerance, nationalism and isolationism, is now ever-present [140]. Alarmingly, Ram Madhav, the ruling political party’s (BJP) General Secretary, and Director of the India Foundation, proclaimed in a major national daily that, “[f]or the first time after independence, the dominant idea of India is rooted in India’s genius.” It is very difficult to parse the meaning of Madhav’s verbiage regarding “the dominant idea of India” in the first, and the idea of “India’s genius,” that Madhav is specifically referring to, in the second. That said, it is not difficult to comprehend what his next assertion means, when he stated that the liberals of India, have, as he put it, a “palpable… demophobia — fear of the mob.” Madhav went on to say that “[t]he mob… are behind Modi. They are finally at ease with a government that looks and sounds familiar. They are enjoying it” [141].

5.5 The Aadhaar program: a case of thriving political paternalism

The Aadhaar, India’s biometric ID program is said to be the largest such program in the world. At a 2014 conference in New York, Pramod Varma, Chief Architect and Technology Advisor to Unique Identification Authority of India (UIDAI), the creator and implementer of the Aadhaar, was heard saying that the inability to prove one’s identity is one of the biggest barriers that prevents the poor from accessing such things as the US$50 billion that India spends yearly on direct subsidies (food coupons for rice, cooking gas, etc.) to aid the poor [142]. At the very least, Varma’s ‘proof of identity’ apprehension is directionally mis-leading. By reading to this point, one will have arrived at an elemental deduction, which could potentially be associated with Varma’s own, that the UIDAI’s and indeed, the Indian government’s core anxieties relating to “authenticating” [143] a government benefit recipient is a valid concern. Reality is, there is corruption within the system of government disbursements; a severe country-wide problem, that the Aadhaar cannot, and will not technically fix. To this, Varma and others in the Indian bureaucracy have perhaps ignored the variety of reporting originating from India itself, on how problems such as pension fraud has persisted [144]. Corruption is the more dominant, entrenched and more persistent problem, somewhat of a custom, really, one that the Indian government cannot possibly wish-away by waving an Aadhaar wand, or by some illogical and wayward legislative act of churlish politicians who are generally moonlighting as “buzzword & bumper-sticker phraseology-fed” Aadhaar “sweet-sellers.”

Corruption within the system enables those intent on advantaging themselves to use that corrupted system’s mechanics and/or channels to one’s self-enrichment, through “fraud, waste and abuse.” Such things occur, even in more developed nation states and economies such as the United States, where “fraud, waste and abuse,” cost taxpayers a bundle, each year [145]. The Aadhaar cannot, and will not curb, or cure the systematized manner of corruption that has long existed in India; the cancer that is now eating India, from the inside out.

India is terribly ill equipped -- technically, legally, and governmentally, to afford its citizens the protections that they need to actively participate in a globalized digital century. This author’s professional assessment is that the Indian Supreme Court took into account, diligently and perceptively, the country’s future economic predicament (its trade with the EU as an example), in terms of ICT, in their Privacy deliberations, before rendering a ruling related to Privacy’s status on the whole in India. Meanwhile, the Indian Parliament largely remains technically and operationally clueless, and doctrinally, organizationally, and electorally adrift regarding the implications of ‘being backwardly informed’ in this regard, leaving members of the Central Cabinet, with the ample opportunity to politically machine negative outcomes, such as the act of pushing the Aadhaar legislation through as a “money-bill” [146]. The European Union remains India’s largest trading partner, and the EU General Data Protection Regulation (GDPR) to be fully enforced by the Union in 2018, represented a high-watershed moment for India. Co-incidentally, before the momentous Supreme Court Privacy ruling, India did not have the prospect for placing forward, a countrywide unified system for data privacy and data security guardianship, active accounting, laying down modern laws and mechanizations for protections, auditing etc., etc., etc., that would meet or exceed international standards.

With respect to India’s future abilities to exchange information on European Citizens under the GDPR, if the Court of Justice of the European Union (CJEU) should rule against the employment of Standard Contract Clauses (SCCs) [147] that at present can still be relied upon to enable the transfer of sensitive personal information of EU citizens, such a ruling would be a big-blow for the Indian Tech Industry - hoping to rely on the ability to use SCCs as a work-around for the present day data protection conditions, systems and schematics that India presently has in place, in view of global standards.

While the message of ‘creating self-sufficiency’ [148] from Mahatma Gandhi’s time is very pertinent and incredibly important to the national psyche even now, more fundamentally, fact remains that India’s future economic prosperity is linked with globalized business environments that require India to be more interconnected with the rest of the world, and to be more modern. There is a vital need for those vestiges of old isolationism, and any of the entrenched “self-licking ice cream cone” style political machinery, economic assembles, and intemperate functionaries to be banished -- to enliven the Indian Constitution and the accompanying legal, economic and social instruments, to the extent that data Privacy and Security needs can be satisfactorily met, and swiftly.

It must not be forgotten that unworldly and paternalistic politicians and other career government bureaucrats who have ostensibly sworn to uphold the Indian constitution, have been the ones insistent on the initiation and proliferation of a corrosively intrusive program, of which, they had possessed little to no understanding. Complimentarily, in argumentation before the Supreme Court, the Chief-Law Enforcement Officer of India, the Attorney General, cluelessly but, audaciously presented, that Citizens of the country had no absolute right to their bodies (See Figs. 16 and 17), and that upon demand by the government, a citizen had to submit to Government demands, in relation to the citizen’s person.

Fig. 16

On July 22, 2015, Fmr. Attorney General of India, Mukul Rohatgi, Presented Before the Supreme Court of India That a Right to Privacy Was Not Guaranteed under the Indian Constitution. The Supreme Court Has Since Ruled Otherwise

Fig. 17

Reaction from a Parliamentary Staffer after the Attorney General Pronounced Before the Supreme Court That Indian Citizens Had To Submit To Government Demands for Mandatory Iris and Fingerprint Scans on 2 May 2017

Fundamentally, and with respect to Privacy and Security matters directly, the following realities surrounding the Aadhaar must be studied, if only to understand the need for consistent and constant vigilance on the part of populations against runaway instruments of governance.

Some key facts related to the Aadhaar program launch are presented, and are as follows:

1. 1)

   At the time of the Aadhaar program launch, the Republic of India did not have in place, a comprehensive, national Privacy and Information Security law that definitively asserted information privacy, safety and security protections commensurate to the type and scope of sensitive information that the Government of India wanted to acquire and use from citizens.

2. 2)

   Prior to the Aadhaar program launch, Citizens were not informed of the potential risks related to Privacy, Safety and Security of highly sensitive Personally Identifiable Information (PII), its collection, distribution, storage, its authorized uses, or the possibility of compromises and risks of loss of PII.

3. 3)

   Prior to the Aadhaar program launch, Indian citizens were not informed on types of recourse (if any) that were available to them, in the event of a PII compromise or loss

4. 4)

   Indian citizens were prohibited from being able to bring complaints against the government in relation to the Aadhaar program’s administration, operation, or maintenance.

How was it possible for the Indian government to bring into existence, a program that fails to protect the personal privileges of nearly 1.4 billion people in this way? How is the Indian government going to reign itself in, given that Privacy is a Constitutionally guaranteed privilege, and where government’s unschooled and metagrobolized Aadhaar gaffers are still ebulliently ‘sweet-selling’ the phantasmical prospects of the Aadhaar initiative to the nearly 1.4 billion Indian citizens?

The Aadhaar legislation was bundled and introduced into the Parliament as a “spending bill/money bill,” [149] which, without significant opposition, could stand a better chance of becoming a law. MP Tathagata Satpathy was the lone-voice of opposition to this money bill, and in-turn, the Aadhaar legislation within Parliament deliberations.

There are several other reasons as to why the Indian government was able to navigate the Aadhaar legislation concealed within a ‘spending bill/money-bill’ through the Indian parliament without much opposition. As MP Satpathy notes well in his Special Issue contribution [150], India is largely a “Privacy unconscious State.” Satpathy also presses that his peers in Parliament had been supportive of the Aadhaar program deployment, in the majority.

There is another ‘unsaid’ reason as to why, such legislation was able to sail through the Parliament without so much as a whimper of opposition from the majority of the Indian lawmakers in both houses of Parliament, and for that matter, it is also largely the reason behind the absence of public outrage after the Aadhaar legislation was enacted. Going into that reason, the reader is reminded that Algernon Sidney had written in 1698, to remind, “[g]overnment is not instituted for the good of the governor, but, of the governed; and power is not an advantage, but a burden” [151]. To understand the character of that power, we must understand, how in India’s case, it is constituted, and why it is used in the manner, it is.

UNESCO has determined that 37% percent of the world’s illiterate live in one region of the world; they live in one single country -- India [152]. UNESCO’s report also detailed that in India, less than half of children are learning the basics, placing India in a category where the learning crisis is now extensive [153]. This profoundly limits even the minimal participation of Indians in a Digital Century, not to mention that the same in society will also be unaware of the many components that make-up the digital ecosystem in which they too have, or will have, a significant foot-print. At a minimum, this debilitating statistic can only be seen as ‘a paralytic agent,’ being administered slowly to a segment of Indian society, where many have consequently been rendered incapable of evaluating properly, 1) the individual Privacy and Security risks in the Digital Century, and 2) the array of long-term impacts from their participation in the government mandated Aadhaar program, among other things. In keeping with Sidney’s statement – Power can only be focused and used for the good/benefit of the people, when populations are educated, made knowledgeable, and are empowered to act upon the knowledge they possess for a larger national good.

How has the Indian government served the Indian people, in accordance with the Indian constitution, in the case of the Aadhaar? A larger and perhaps more persistent question is, how does the Indian government hope to emerge the sub-continent as anything more than a regional economic power? How will the Indian people get beyond massively tribal mentalities, crippling illiteracy, lack of fundamental respect for human rights, social disorder, and incivility?

5.6 Privacy and security in the time of mob lynchings, vigilantism, and witch hunts

Within a country whose Constitution presently states that it is a “Sovereign Socialist Secular Democratic Republic,” ‘Secularism’ seems to be on the outs, as vigilantism and lawlessness has become quite a common place in modern India. “Cow Vigilantes” -- in ‘Hindu-on-Muslim’ violence have imposed staggering consequences that outwardly expresses a colossal contempt and disregard for rule of law. One Indian newspaper noted recently that since 2010, 86% of all those killed in cow-related violence (See Fig. 18) have been Muslim, and 97% of all attacks have happened since Narendra Modi has been in power and 52% of the attacks were based on rumors [154].

Fig. 18

[*] Lynching of Innocents in India by Cow Vigilantes. Photo: Somnath Sen

In 63 cases, 28 Indians have been killed, and over a 120 injured. In the first six months of 2017 alone, there were 20 “cow-terror attacks;” more than 75% of the total 2016 figure [155], and there seems to be no end in sight. The author wishes to note, perhaps mischievously that a reporter claimed by way of a reputed worldwide broadcaster that, “the lynchings are giving Narendra Modi’s government a bad name” [156]. The author would cheekily submit that “a bad name” for Modi should be an item of least concern for all Indians. Perhaps it is not apparent to those in the Indian government, civil leaders, and others, in, or about the thrones of power that the savagery emanating from many corners of India has diminished India itself. There is no going back. The criminal, cowardly, reprehensible, and debauched acts that are being carried out in the name of religion, in a State that claims itself to be “secular,” will only go forward to confirm Winston Churchill’s wholly offensive statement regarding Indians, from a long-gone era, where he spouted, “… [t]hey are a beastly people with a beastly religion” [157].

Many of the savage and beastly acts of murder and mayhem have also been televised in “Bollywood” style media segments to many parts of the world, by Indian media outlets themselves [158]. Foreign broadcasters (outside India) have re-broadcast segments of that reporting from Indian broadcasters also [159]. Series of political killings [160], silencing voices of reason in opposition [161], execution of outspoken journalists [162] have all become very prominent activities. How is it possible to be a Republic, where “the law” can be seen to be an integral part of the tapestry of mayhem and destruction? How are the very best intentions imbued into a constitution to be upheld by weak governmental structures and leadership, weak command and control structures, not-professionalized/poorly trained/unethical law-enforcement officials who are many times party to offenses and crimes that include rape, murder, rampant scales of corruption, and are party to events that demonstrate no respect for human life?

This is the environment in which, India has to consider now, how to proceed toward implementing ‘Personal Privacy’ protections. India has initiated a “Giant Leap for Mankind” regarding Privacy. However, as a nation, perhaps it is the least prepared to offer its citizens the very protections they must absolutely be afforded. The educated masses of India must now act, and lift an entire country out of quagmires ignorance has made to exist, those that cloud the country’s promising futures. India’s bureaucrats will be well advised to remember Mahatma’s gift of a social conscience to the future of India; one that is incorruptible. His talisman for successive generations constituted a simple instruction, to be deeply introspective, regarding forward actions. Mahatma said,

“Whenever you are in doubt, or when the self becomes too much with you, apply the following test. Recall the face of the poorest and the weakest man whom you may have seen, and ask yourself, if the step you contemplate is going to be of any use to him. Will he gain anything by it? Will it restore him to a control over his own life and destiny? In other words, will it lead to swaraj [freedom] for the hungry and spiritually starving millions?” [163]

In terms of the UDHR more basically, and all relevant concerns associated with the proper establishment of internationally relevant data Privacy and Security measures oriented to empower Indian citizens to ‘self-sufficiently’ participate in the digital economy and the digital century, Mahatma’s foundational and encouraging counsel should be heeded. All in all, regardless of India’s rich history that once pointed to ways of good government, and the most current national claim to be a secular government - among other things, and the recent ruling by the nation’s Supreme Court, India is still ill organized to provide its citizens the privacy and security they will need, both from a human rights perspective, and as a constitutionally mandated right.

6 Surveillance, interdependence and interconnections

“Experience should teach us to be most on our guard to protect liberty when the Government's purposes are benificent. Men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding.” -- Louis D. Brandeis, Associate Justice - United States Supreme Court (Olmstead v. United States) ⁴⁵

57 years after Justice Brandeis wrote the aforementioned statement, U.S. Supreme Court Associate Justice William J. Brennan Jr., stood before the graduating class at Brandeis University in Massachusetts, to deliver an unambiguously stern warning that the “modern age posed special dangers of Government encroachments on freedom” [164]. In a time much before the data-rich forces⁴⁶ of Facebook, LinkedIn, Twitter, Instagram, Pinterest, Tumblr, Reddit, Skype, WhatsApp, Snapchat, Tinder, Wickr, YouTube, etc., the 80 year old Jurist delivered a final instruction to the departing class that the threat to the free-society that is the United States lay in that ‘suchness,’ where “we have given Governments more power over our lives than ever before” [165] … and to the quiddity in that suchness, where “we seem not more concerned, but more indifferent to the consequences of this surrender” [166]. In his address, Justice Brennan re-iterated Justice Brandeis’s decipherment of society’s prime ‘personal freedoms’ challenge, pronouncing with an unwavering tenor that “‘[w]e seem to have forgotten Justice Brandeis’s admonition, ‘[e]xperience should teach us to be most on our guard to protect liberty when the Government’s purposes are benificent.’ ‘” [167]

Yet another generation since Justice Brennan’s re-registration of Brandeis’s initial written act of dissuasion in Olmstead v. United States, ‘the conviction’ embedded in Brandeis’s dissent should appeal to us all the more, be more relevant, and found to have been made brilliantly and beautifully timely. Yet, that which we observe constantly and consistently is that there are insidious invasions of liberties all around us, and we are culpable in the surrender of our personal freedoms. We gladly cede freedoms to others in exchange for a smidgen or two, of trifling gewgaws, and an even more egregious act, viler and more contemptible, is that act which Justice Brennan had been uproarious of, when he said, “we seem not more concerned, but more indifferent to the consequences of this surrender” [168].

Nowadays, we are the ‘least-on-our-guard’ against the elements to which Justice Brandeis’s premonitory avowal, and Justice Brennan’s 57-year exhortational follow-up to that which Brandeis had once pointed. And, despite humanity’s encounters with ‘slips-and-slides,’ people have the inherent capacity to overcome⁴⁷ the worst atrocities levelled against them. Modern-day Rwanda is an outward example of such a ‘turn-around.’ On the other hand, despite our inherent capacity to overcome, borrowing from Brandeis, the tensions between “men born to freedom … [who are] alert to repel invasion of their liberty” are bound to suffer an unending tensions and conflict with “evil-minded rulers.” In such regard, the world once witnessed a type of a “power of the people” expression in China, during “the June 4 incident,” at Tiananmen (See Fig. 19). A number of events, more than those that met the public eye, seeded the occurrence of those events of 4 June 1989, which originated in 1987 (See Fig. 20), and changed the very ‘texture of Politics’ [169] in China. The death and funeral of reformer, and Party General Secretary Hu Yaobang’s in 1989, triggered an outpouring of affection from student demonstrators who were in support of reforms Yaobang had wanted see initiated - that June, spawning the Tiananmen confrontation. Many in Chinese Committee ranks considered the Student protests to have been unsuccessful then. In times that are more recent however, the 19th National People’s Congress has once again turned China toward a “strong-man” hardline archetype for the years to come. Moreover, the inertia within those bodies of College/University Students that were once behind social and governmental reforms have been dissipating due to government crackdowns ordered by new Chinese leaders since Tiananmen [170], combined with people’s fading historical memories, diminishing degrees of political consciousness and actions by people [171]. That is how freedom always dies, drawing its nourishment for growth from apathy.

Fig. 19

Photo of The “Tank Man” (Wall Mural), Tiananmen Square. Mural Photo taken - 5 June 1989. Source: Public Domain

Fig. 20

Excerpt of Declassified Cable from Command Intelligence Center Pacific (COMIPAC-Honolulu, HI) on Party Gen. Sec. Hu Yaobang’s Resignation. Source: National Security Archive

Today, with the National Development and Reform Commission, and People’s Bank of China leading the planning of the system, the government of China, with 35 of its government departments cooperating and supporting it, the “Construction of a Social Credit System (2014–2020),” [172] is fast underway, covering four major fields of public life: politics/administrative affairs, business/commercial activities, society/social behaviors, and the justice/judicial system. The rationale provided by the government for the deployment of this system to fit 1.3 billion people of planet Earth is, that, China’s national security is at stake, and that China’s population is suffering from a moral and ethical compromise and decline. The conversational perspective that the Chinese government has put forward to advance the instantiation of the system is simply that “[w]hen people’s behavior isn’t bound by their morality, a system must be used to restrict their actions.” In the assessment of this author, with this system, the government will aim to monitor, and evaluate - all present and future Communist Party members, ensure Party cohesion, cement party loyalty, conformity, and social order in general,. It is intended to be a Party instrument, a foundational system for political control. Whether citizens of China will again assert their inherent powers remains to be seen.

The author is compelled to consider a bit of Jeffersonian wisdom therefore. In a personal correspondence, Thomas Jefferson once provided some founding-fatherly advice, saying, “I know no safe depository of the ultimate powers of society but the people themselves, and if we think them not enlightened enough to exercise their control, with wholesome discretion, the remedy is not to take it from them but to inform their discretion by education” [173]. In Jeffersonian spirit therefore, the author will aim to demonstrate for the reader and attempt to enlighten upon the unusual web of interconnections and interdependence between key players on the Digital stage, the nature and texture of surveillance potential and/or political control; the susceptibility of modern populations to agents, mechanisms, methods, depth, scope and the opportunities and the frequency of surveillance. The only vaccine for the susceptibility (in whatever manner) and as mentioned is, the peoples’ acquisition of knowledge, which in turn shall permit their ‘exercise of control,’ to which they are rightfully entitled, aided by their wholesome discretion - acquired through a proper education.

6.1 Road to ‘high trials’ in privacy and security

That which seemed unthinkable before, has yet again happened. Building and assembling information infrastructures such as undersea fiber-optic data cables have long been the province of joint ventures, and large consortia of telephone/telecom firms. Such associations were necessary because beyond the costs of just placing an asset such as an undersea cable into service, there are many other costs related to business activities as client and capacity administration, management and maintenance, and various business risks that require distributed adequately to realize profitability from operations. So, what type of a message is telegraphed when an unconventional trio organizes to build something that, just 2–3 years ago would have been thought as an eccentric and cracked business decision? What would be the answer? For one, the expected business return must have been seen as an activity worthwhile doing, and the other reason probably had to contribute in some way to operational stability and reliability.

The trio of Facebook, Microsoft, and Telxius (a Telefónica subsidiary), have just completed the installation of the highest-capacity data transmission cable to have ever crossed the Atlantic. The cable, ‘MAREA,’ will connect Virginia Beach, Virginia (U.S) and Bilbao, Spain (another first), at a speed of ~160 Tbps.⁴⁸ Facebook and Microsoft anticipate a healthy jump in their data capacity needs, which would have been difficult to acquire in the commercial market at present. Total U.S. undersea international cable capacities topped ~120,000 Gbps.,⁴⁹ [174] and ~87% of that total capacity is already active [175]. It quickly becomes obvious, as to why, Facebook and Microsoft and Telxius joined-up in this venture. We know that from data that Google has gathered from Android users around the world and released, that 93 million selfies are taken each day, and devices that have Android installed as an OS are checked 100 billion times a day! [176] All those selfies, e.mails, Facebook posts, Instagram picture of lunch, WhatsApp calls/messages, Skype connections etc., need to be transported to interesting places. One can imagine of the rising Privacy demands that correspond to the climbing data rates and capacities. To be sure, to assure the safety and security of information throughout its use cycle, at either ends of such cables are institutions, organizations, people, processes and technology, all organized to interoperate competently, and is a running concern globally.

The world expects workforces to have wholesome, high quality learning and practical knowledge, which would consequently advantage those others, who are likely to receive services from them. Accordingly, in the Digital Century, the inviolability of Privacy and Security of information is principally fastened to an individual’s ‘internalized knowledge’ of information systems, informational backgrounds and practical information handling situations, appreciation of attentiveness to detail, action and reaction potentials, evaluating sense for cause and effect, self-control and self-restraint, among other qualities. Expressed in a different way, in the coming days, it would need to be made evident for one and all that those in society to whom we entrust our personal and private information will be able to regard, handle and safeguard information, in all the ways that would be needed, to ensure the safety and security of personal and private information for which others accept custodial responsibility, in addition to their professional specialties.

However, what if the evidence of being able to maintain the safety and security of conveyed information, or the continued assurance of its safety is not available, nor will it be possible to obtain? How should anyone act, or react? The scope of this writing is unfortunately restricted to revealing only a sub-set of the comprehensive risks, which, when and if given the opportunity to take hold and ripen, can still make Personal Privacy and Security of information incredibly vulnerable. An immediate fulfillment of the most basic understanding concerning how risks compose, and how the composed risks then have the potential to affect operations of critical Privacy and Security preserving components, institutional segments, or divisions and their respective informational ecosystem must exist. There is also the necessity to be acceptably configured to be able to address rapidly proliferating risks within the informational ecosystem through threat/risk management and mitigation strategies.

In the interest of suitably considering Privacy and Security risk mitigation and management strategies, we must patiently consider many underlying organizational and operational information. Some of those organizational and operational considerations are viewed within this Editorial Chapter from a human resource centered perspective. Human Resource executives and managers straddled with the responsibility of furnishing enterprises with properly qualified and competent staff are acutely aware of the many workforce related problems. Some of those problems will be situationally addressed here, in view of rising Privacy and Security demands. As is, aspects addressed in this section represent very real problem-spaces for society’s forward march into time, with technology as co-traveler, and with populations that are not versed to realizing and comprehending, the philosophical, social, moral, economic, technical, safety and security parts of technology, and technology related-use, which when configured correctly, can originate benefit to society, as in terms of data privacy and security.

6.2 Selected sociographic representation of the millennial workforce majority in terms of privacy and security futures

To protect Personal Privacy and Personal Security properly, a wholistic examination of problem dimensions within modern surveillance societies must be made, especially the many qualitative features of those who are targets of surveillance must be made known. To begin, let us reflect upon the common reality that the demographical composition (diversity and education), the temperament (personal capacities and capabilities), integrity (commitment and quality output) of the global workforce is changing. In the United States, Millennials (18–34 yrs. of age in 2015) had surpassed “Baby Boomers” (51–69 yrs. of age in 2015), as the nation’s largest living generation -- 75.4 million, as opposed to the 74.9 million Baby Boomers in the USA [177]. Fundamentally, in the United States at least, this epochal shift has vividly altered the outward complexion, and the innermost constitution of the workforce. In the context of this epochal shift, and all else that form associated considerations (economic, as an example), including the Privacy and Security angle as well, the following aspects will be highly relevant for the United States -- as it will be, for the rest of the world. Here and now, how those who are doctors, nurses, teachers, judges, lawyers, carpenters, policemen, computer programmers, plumbers, contractors and spaceship builders, deliver qualitative and quantitative services (in this case, assuring the personal safety, and the security of personal privacy information), is for all of us to grasp, to appreciate, or to remediate as a society, if and when necessary.

The Millennial Generation/‘Digital Natives’, and ‘Generation Z’ [178] too, perceive those that are part of the ‘Greatest Generation,’ the ‘Baby Boomer Generation,’ and even ‘Gen-Xers’ as “digital immigrants” [179]. The underlying impression commonly “offered-up” is that, ‘Digital Natives’ are appropriately placed in space, time, and just so - in the chain of human evolution where, somehow, their generational configuration⁵⁰ aid and bolster them uniquely to indispensably enable societal digital transformations everywhere. The author completely rejects any arbitrary notion that idly proposes that ‘Digital Natives’ are either wholly proficient, knowledgeable (especially), or both, where their technology use is concerned. The author does concede that there are likely exceptions, as in other cases. More often than not however, that which is presented commonly is an artificial conflation of riotously differing authenticities (comfortability v. proficiency), by no-doubt, well-meaning parties.

Conflations aside, as concerns Digital Natives, it is plausible that they are more ‘at ease,’ in their use of technology.⁵¹ There is a difference between being comfortable with the use of technology and being proficient with the use of technology. Of course, a person can be both comfortable, and proficient, in the use of technology. The chasm between comfortability v. proficiency (and there is a chasm) in relation to technology use must not be casually dismissed as though there is not one, for there surely is that. Consider as an example - it is possible to be fluent in a language (mostly in a colloquial sense), and still use the language, gracelessly and downright offensively. Technology use comfortability is no substitute for proficiency, at work. In view of these and other points, a brief discussion of the widely visible lack of preparedness in today’s workforce can serve to be a cautionary note to Privacy and Security planners, and practitioners. Furthermore, the discussion can potentially sensitize parties to, the nature of the demand for qualified and capable staff configurations to suit institutional preparedness, and by that, effectiveness in data safety and protections.

Enterprises that have significant dealings with Intellectual Property, various forms of proprietary information, highly sensitive personal/institutional information, and or classified information, have very legitimate reasons to at least be apprehensive of misguidedly hiring a thief, to be the “ship’s” (enterprise’s) purser. Whether preservation of Personal Privacy, the Security of sensitive information, or some other purpose is the central mission, modern organizations strive to design a gestalt -- in human resources that shall succeed in the delivery of mission centeredness, and mission successes. In contrast, advancing confutations for hiring a thief, as the ship’s purser will likely be most unwelcome, especially while an enterprise is on its way to insolvency.

In relation to Digital Natives then, the author has chosen to present an aspect of the awareness and understanding that the U.S. legal community has gained on Millennials, given that community’s sensitivities to key items to be considered in relation to the standing-up of ‘Juries’ for court trials. In “The Generation X and Y Factors,” [180] authors who are Courtroom-trial strategists have written to advise trial litigators interpreting Juror selection considerations, and of tangible actions to be taken before impanelling Juries, especially when Generation Y candidates may have to be impaneled. In the article, the authors characterize Generation Y (Millennials) as the “entitled generation,” “naïve,” “whiny Peter Pans, nurtured by helicopter parents,” “demanding,” “poor communicators,” “socially digitally connected,” “distractible” (“prone to suffering “withdrawal symptoms from not being “connected” while on a jury.”), [having] “short attention spans,” and as “the products of the “everyone gets a trophy” mentality.” The authors also note importantly that, “Generation Y rarely challenges the reliability and source of information,” and finally, that “[their] entitlement character, juxtaposed with their underemployed and unemployed status, [would create] … a Jekyll and Hyde dynamic.” Through their writing, the authors have attempted to alert and instruct their peers to the need to compensate for these potential Juror characteristics.

6.2.1 Digital behavior characteristics of millennials in relation to privacy and security futures

Societal use of Information and Communications Technology (ICT) to realize productivity, to achieve quality in professional work, and in personal life, has dramatically increased in the span of a single decade. The arrival of smartphones, development and growth of applications, fast growing radio spectrum use - spawning greater voice and data application development, and convergence of technologies have all made that which was once impossible, now possible. Notions of “possibilities,” have fueled individual, collective, and global “informational thirsts,” and the many ways by which we consume our “bits of data” daily. On one hand, these “thirsts” have rudimentarily altered, re-formed, and improved humankind. On the other hand, the same “thirsts” have transfigured, misshaped, tainted, and fouled our professional and personal ecologies. Those foulings are now threatening the very fiber of Privacy and Security operations in enterprises, and at a practical level, the same are functionally affecting various age groups in our society, especially millennials. Some of the contributing elements to the aforementioned problem areas will be examined below.

6.2.2 Informational access behaviors and their relationship to the future of privacy and security

The Mobile Mindset Study [181] broadcast that ‘a new mobile mindset’ had materialized in societies, largely shaped by many technologies and types of technological use, where our emotions, thoughts, and behaviors are for instance, predisposed to being molded by the presence (or at times by the absence) of smartphones. The survey uncovered that 80% of all men felt either ‘desperate’ or ‘panicked,’ as compared to 94% of women, who acknowledged feeling that way upon their discovery that they had misplaced their smartphone. Such is the nature of behavioral response, when we misplace an ‘extension of our physical selves;’ yes, an extension of our physical selves [182]. 54% of those surveyed admitted to being on their phones checking it while lying in bed: before they go to sleep, after they wake up, and even in the middle of the night. 40% of those surveyed admitted to checking their phone while on the toilet; 30% admitted that they checked their smartphones when having meals with others; 24% used their smartphones while driving, and nearly 10% of those surveyed used their phone while in a house of worship. This is the type of unacceptably aberrant mindfulness and etiquette that users have developed through their seemingly “routine engagement” with mobile technology. If that were not enough, the study noted that many people have reported as having experienced “phantom smartphone twitches: the perception that [the] phone is ringing, buzzing or bleeping even when it’s nowhere in sight” [183].

6.2.3 Frequency of access to digital devices, interruptions, and productivity lossess at work

The frequency and range of technology use⁵² has completely immersed us into an ‘alternate universe,’ and has managed to create perversions in societal norms. Take into consideration an observation Tomi Ahonen, formerly of Nokia made. Ahonen said that people check their phones ~ 150 times in a day, which translates to ~6.5 times every hour [184]. All should wonder, how real “work” is going to be done, when there are so many interruptions in the span of one hour, and where there is a likely call for ‘a response’ with each interruption, and in either direction. If a worker has to attend to a demand from his/her employer for a solution that corresponds to a daunting problem, how could the worker provide to that problem - the proper mulling required, notably when the employer demand has to compete with those smartphone interruptions. In the United States, there are employers that mandate employees to not have a personal telephone on their person at any time during work hours, or at any other time while on company business. Many employers in the United States also mandate employees to not take, or make personal telephone calls while at work. However, there is no one universal approach taken by employers to curb unproductivity, interruptions, and disruption in the workplace from personal telephone use.

Science tells us that even an interruption less than 3 s (2.8 s) in duration will “double” the sequential error rate on a certain task [185]. Longer distractions such as a 5 min phone call is likely to take more than 20 min beyond the distraction itself, for one to be able to return to that point before the distraction [186]. Accordingly, with the high compulsion to be connected, and/or to check one’s smartphone as much as ~6.5 times an hour, how is any work done? Distractions and Errors can be prime causes for Privacy breaches. Various studies including one from the Computing Technology Industry Association (CompTIA) routinely found (especially since 2004), that “human error” is primarily responsible for industry security breaches/privacy breaches and that “management of human error should be of high priority in organizations” [187].

Beyond distractions and interruptions themselves, is the subject of access to social media and other digital services for personal use, by one’s own volition. Information that particularizes workplace productivity losses in relation to social media use at work is available, but not so much in depth. An example of that which is available in from ‘Harris,’ that interviewed 2000 hiring and human resource managers, and more than 3000 workers (18 yrs. +) in the U.S., on behalf of ‘CareerBuilder,’ uncovering that social media, cell phone/texting, Internet use, have all been identified as productivity zappers in a not well managed firm. [188] A Worldwide Kelly Services appraisal of 168,000 people from 30 countries [189] show that 49% of all surveyed specifically indicate that Social Media use at work, negatively impacts work output. Members of the Baby-Boomer Generation, Generations X & Y have all expressed decisively that Social Media use at work negatively affects productivity. Just the same, some 30% of all interviewed had indicated that they feel it is appropriate to access social media for personal use - at work. Again, this is the nature and texture of work ethic and personal commitment in emerging workforces. Such reflections must be at the core of workforce related planning, both in national security circles, and as they must be - outside of governments - in places like doctor’s offices, hospitals, genetics labs or schools, where the likelihood of extremely sensitive personal information being available, and the risk of exposures are both very high.

6.2.4 Psychosocial characterizations of the digital workforces in relation to informational access and use

It has been made clear that social media uses are more ‘addictive’ than cigarettes and alcohol [190]. Followingly, the world’s “unnatural” and “addictive” attachments to digital adjuncts have augmented boundaries in sociology and psychology, where new nomenclatures have now surfaced. Terms like NOMOPHOBIA [191], PIU (Problematic Internet Use) [192], IGD (Internet Gaming Disorder) [193], Internet Addiction Disorder (IAD) [194] and FOMO (Fear Of Missing Out) [195] etc., now populate and color the Digital Century’ lexis. The additive capability of the many tools in the Digital Century tool chest is of high concern to this author, specifically in terms of how addictions and distractions will increase the frequency and the scope of Privacy and Security compromises, not to mention the required productivity from employees at work. With expressed concern of addictions, a child health, behavior and development specialist at the Seattle Children’s Research Institute noted that, “[g]iven our current understanding that there is a genetic predisposition to behavioral addictions, we may be going a long way toward ensuring that the entire susceptible population develops them [digital device & services related addictions]” [196]. An individual’s susceptibility ⁵³ is an important consideration that the author will be addressing, as a way of demonstrating the need-be areas of sizable concern in the pursuit of protecting Personal Privacy and Security. Susceptibility⁵⁴ is a crucial psychological and sociological area of concern insofar as digitally connected individuals are concerned, especially if they are to be entrusted at all with sensitive information of any kind, which require prescribed handling, and protection.

Formally, there are few venues where a worker’s “digital addictions” has the prospect of being addressed effectively. No matter whom the employer, whether they are schools, hospitals, courts, the military, religions entities, and/or corresponding houses of worship, people have to be - both broadly and deeply concerned of such addictions. In many parts of the West, Internet Gaming Disorder, or Internet Addiction Disorder etc., are not recognized as mental health problems, whereas Italy, Germany, France, Korea, Japan, China, etc., are attempting to address it keenly as nationally relevant mental health concerns. As mentioned just before, since there are no formal treatment pathways that are sure to yield in the most effective outcomes for such issues, just a few treatment centers in the U.S., have been internally considering the matter, just enough to have at least a small footprint in the area [197], whereas, China is home to the Internet Addict’s Bootcamp [198]. Such are the type of concerns that must find its way into all meta-Privacy and meta-Security considerations and configurations this day. The author has already written of actively employed healthcare workers in the United States, who routinely did not perform their work as assigned in a healthcare facility, having wastefully spent their work times on digital devices [199]. Can we expect persons who are under the control of personal compulsions, and/or the prevailing nature and types of digital addictions, to be ethically and morally responsible for anyone’s private information, if such people were entrusted with it? Would it be plausible for susceptible persons in the workplace to mis-use/abuse protected information that is entrusted into their care?

In our societies, the existence of laws, frameworks and instruments of enforcement for those laws, and the presence of societal/professional norms and mores have generally posed a preventative effect (as an example), on alcohol and drug use at work [200]. As a way to understand that the ground upon that we have stood all this while has changed, it is important to note how dramatically, the aforementioned ecosystem has been altered. We should note that 70% of the ~15 million Americans who use illegal drugs are employed. This means, those Americans bring their habit to work. To crystalize that point, we should review that a large U.S. federal survey has demonstrated that nearly a quarter of all U.S. workers reported drinking during the workday at least once in the past year [201]. According to the National Council on Alcohol and Drug Dependence (NCADD), the problems that c/would accompany an employee with addictive behavior and habits into the workplace, are the following. They are: tardiness/sleeping on the job, after-effects of substance use (hangover, withdrawal) affecting job performance, poor decision making, loss of efficiency, theft, lower morale of co-workers, increased likelihood of having trouble with co-workers/supervisors or tasks, preoccupation with obtaining and using substances while at work, interfering with attention and concentration, illegal activities at work including selling illicit drugs to other employees, higher turnover etc [202].

In the case of constant texting/sexting or social media access at work, although organizations are attempting to adapt, still, few U.S. organizations have ‘top-to-bottom’ - tangible and unambiguous policies, and/or management action frameworks regarding the use and abuse of employee owned devices (tablets, cell phones and laptops brought into the enterprise under a BYOD⁵⁵ plan), or company provided mobile devices [203]. Although there are management and auditing “schemes” in many organizations, to prevent the risk of exposure, loss of privacy and security of data more generally, in light of the “degree of depravity in mankind which requires a certain degree of circumspection and distrust” [204] it is worthy saying that protective schemes have a long way to go still, given the seemingly limitless landscape of data collections, data keeping, manipulations, and use.

6.2.5 Digital predispositions effecting privacy and security cause for concern and guardedness: insiders who are unaware they are a threat

While people outwardly express great concern and contempt for violations in privacy, the same parties often avail themselves to data services with little concern for privacy, and are also many times, completely unconcerned of privacy all together [205]. Taking a wide-angled perspective of Privacy and Security, given that, today - those in government and industry are required to protect the personal data of others that they handle, institutional pathways for protections must exist that will be able to endure assaults, and attempts at infrastructure infiltration, and data exfiltration. The very same protective methods and means must also ‘combat’ the proclivities of those persons that work in government and industry⁵⁶ to compromise the safety and security of others’ Privacy. Will organizations succeed in their efforts to combat deep-rooted and undesirable ‘psychosocial’ personal tendencies? This is a vastly different question than the one that people and organizations are generally disposed to asking currently, when references to “insider threats” are made. The dimension surfaced below is one often omitted, or unperceived, winked-at, pushed-aside, varnished or simply camouflaged due to the nature of an organization’s misunderstanding of standing issues, overall unpreparedness to meet threats, or most importantly – the lack of internal experience and expertise.

Let us examine a few more underlying and contributing psychosocial vectors, which complicate those measures undertaken by organizations to curb informational exposure, and any loss of Privacy. It was stated before that the subject of susceptibility would be explored more. While the many aspects of personal susceptibilities cannot be fully explored here, or be restrained only to that context as it could be applied to the safeguarding of Privacy and the Security of information that belongs to others, the following dimensions will be helpful to surface. Consider that Studies have revealed that there is a linkage between “Internet usage,” “dissociation” (time distortion), “disinhibition,” and “psychoactivity” – which in turn promotes and cements highly addictive predispositions. Thus, it is important to ruminate upon the following findings.

In “Psychological characteristics of compulsive Internet use: A preliminary analysis,” [206] responses from more than 17,000 people were analyzed, revealing that 83% of those whose answered met the criteria for Internet addiction, having reported “loss of boundaries,” while 39% of ‘non-addicts’ also reported the same condition. Moreover, in the study, 80% of the respondents who were addicted - reported “disinhibition,” as opposed to 43% in the case of ‘non-addicts.’ In the case of “dissociation” (time distortion), the probe disclosed the non-addicted in the group, admitting to “sometimes loosing track of time,” while the addicts described that they lost track of time, “almost always.” At this juncture, the reader is re-directed to those comments made earlier, which relates to employee loss of productivity at work, where employees find themselves distracted, or otherwise pre-occupied by non-work related Internet activity. The frequency with which people access social media outlets, and the tendency for workers to ‘barefacedly’⁵⁷ interface Internetted resources at work, which are non-work related, causing productivity and employer/job outcomes to suffer as a result is perhaps well explained by Ellen Toronto [207]. Toronto, citing Ogden,⁵⁸ says this dissociation from the real world and attachment to the fantasy world is a representation of “an impairment in symbolic thinking, a concretization of fantasy,” where “a dissociation of fantasy and reality, a state in which one [state] no longer informs the other,” and where “[t]he mind loses its capacity to move freely among affective and intellectual elements”. Moreover, Toronto says, the dissociation then “draw[s] us away from the essential characteristics of human development” John Suler [208] has proposed that such detachment, such dissociation from the real world, and an attachment to the virtual, where “avoiding eye contact and face-to-face visibility” ⁵⁹ disinhibits people more, and could promote the opportunity to act-out, and/or say something about oneself that which would not be revealed without disinhibition. In fact, the ‘mere’ perception of some veil of anonymity, or of some digital shield, and however false, appears to promote disinhibition [209]. Adjacently, it has been noted that, “[a] hallmark personality characteristic in substance abuse is impulsivity, and impulsivity is related to increased sensitivity to reward and decreased sensitivity to punishment” [210]. Zhou and Li have recorded that “[w]ithin neuropsychology and cognitive neuroscience, impulsivity is often equated with the term “disinhibition,” and that “…inhibitory control mechanisms may be disrupted … resulting in a predisposition toward impulsive acts.” [211] For quick considerations here, it should be central to thought linkages that such disruption in the neuropsychological inhibitory controls, as mentioned, leaves a brain in a jeopardized state, unable to distinguish many elemental matters, such as the very state of ‘cognitive compromise’ itself; hence at least in one significant respect - the dissociation/the loss of time while engaged in addictive activity.

To gain comprehensive fidelity in the scope and the direction of this rising problem, and how it will likely negatively affect institutions of all sizes, shapes and missions, a better understanding of the modern workforces must be gained, to that which this author designates as workforce’s ‘Digital Atomicity,’ ⁶⁰ or Digitomicy (digit–o-missy).⁶¹ The author recognizes that ‘Digital Atomicity,’ or Digitomicy will be of service to both direct, and to singularize a universe of ontological influencers, such as the confluence of intrinsic prerogatives and extrinsic attractors (as is the case with certain psychosocial elements), which can better characterize “human-ICT confluences” in the larger scheme of digital interactivity, all the while distinguishing the digital affinities of users, a physiognomy, if important. However, clarification must be had, and prior to proceeding that, in, or by Digitomicy, the author is not in any way proposing that present or future workforces be surveilled; quite the contrary. Abundant information regarding users and those services to which they are tied already exist, much of which will continue to exist, and can - as an example help enable the development of practical work-place systems, and the proper methods, which can combat unproductivity, and any prospect for information compromises, or losses. It is a necessity to mitigate risks related to the exposure/loss of sensitive information in all circumstances and situations where such care ought to be extended. There is also the need for organizations to develop more practical and more widely useful digital governance schemes, which are well coordinated with emerging population habits in the digital century.

6.2.6 More bits and more bytes: threat foundations of our digital future

More and more people are gaining access to the Internet by each year; an anticipated reality to be sure. There are 3.4 billion Internet users (46% penetration) globally, and in the United States, mobile phone usage has climbed from 1 h a day, 5 years ago, to more than 3 h a day in 2016 [212]. The number of devices accessing the Internet has doubled in the past 5 years to 3.6 billion, and will rise again, to 4.7 billion by 2020 [213]. “In 2017, one-third of the world’s population or 71.0% of all Internet users will access social media. Among those users, 60.8% are predicted to be on Facebook and 10.6% of them to be using Twitter” [214]. Therefore, Privacy risks and the Security risk of exposure and loss are not about to fade away. If anything, today’s employers are going to be straddled with those in the workforce, who have significant workplace maladjustments in this respect. How are employers, whether they be private sector firms or public sector entities, to cope with the onslaught of workplace productivity and quality related management concerns, resulting from effects generated from our collective foothold in the Digital Century. Will “smokestack” industry style management models, skill-sets, working principles, techniques, protocols, and organizations serve the Digital Century and needs within? The answer is, certainly not. Yet, organizations from top-level government entities to private sector entrepreneurial tracks, and venerated industrial ‘kahunas’⁶² appear to not only have their immunizations not up to date for travel into the Digital Frontier, but, they also continue to pack for a tropical vacation, when the local climate is quite cool.

Under such circumstances, national level attention to the need for user education will be essential. Existing organizations of all sizes, shapes and varieties will need to change considerably, or there will be the need for new organizations - with fundamentally different structural frameworks, management schemes and support systems to ensure significantly greater accountability in all operational areas related to cost, timeliness, and quality, without which, global economies are likely to experience as yet unseen, startling shrinkages. Correspondingly, and with direct respect to Privacy and Security of personal information in the enterprise, either a sizeable augmentation and/or reinforcing of the existing, and “in the pipeline” means of affording safeguards/protections for people’s Personally Identifiable Information (PII) must be made to exist. Lastly, it will perhaps become necessary in the short to mid-term, to invent and to deploy new means of protecting data, and ensuring the long-term safety and security of data uses.

6.2.7 Threats against privacy and security: new workplace considerations

Privacy and Security compromises routinely occur among technology users, due to many governing factors. The author wishes to remind the reader that “human error” is primarily responsible for industry security breaches/privacy breaches, and that “management of human error should be of high priority in organizations” [215]. “Human error” has its roots in both complicated and uncomplicated origins. Human Error is revealed both explicitly and implicitly within any organization’s workers. A ‘general lack’ of attention to detail by workers; their inability to think logically of needed operations; an inability to understand operational methods and those means arranged specifically to achieve goals; their inability to understand consequences of deviations from the required operational processes; a general lack of proficiency with technology and its operations etc., are prime causes for human errors, which manifest and propagate. Nevertheless, what are the root-causes to Human Errors? Once again, within an organization, there are likely to be many causes: beyond the issue of poorly structured organizations; underprivileged leadership skills at the helm; inadequate indepth, interoperable, interdisciplinary and wholistic subject matter knowledge by staff, are some of the core contributors that lurk behind propagating human errors.

Three <3 > Privacy and Security vulnerability characteristics⁶³ that contribute to a general inability to configure organizations, having explicit aims to protect Personal Privacy and the Security of sensitive information will be provided. However, to begin, the informational stage requires to be set such that interconnections and contextuality can be made visible best.

6.2.8 Disruptive generational shift and the evolving privacy and security threat landscape

To those observant, it is amply clear that securing and ensuring continued Personal Privacy in any enterprise is simply not a function or task of following the act of “compliance by check-marks/check-lists.” Historically, organizational staff and their collective capabilities have composed the backbone strength of any firm, their products, and their services. That criterion has fundamentally remained unchanged. However, ‘Privacy’ being the primary subject of discussion, the capabilities of modern workforce compositions in that respect is worthy of exploration. Restating, in the United States, Millennials have surpassed Baby Boomers within the U.S. workforce [216]. Elsewhere too, this is fast becoming the case. Also as stated before, how, those who are doctors, nurses, teachers, judges, lawyers, carpenters, policemen, computer programmers, plumbers, contractors or spaceship builders in our communities and countries deliver services - in this case, work to assure the personal safety and the security of sensitive personal information, is for all of us to grasp, to appreciate, or to remediate as a society, if and when necessary. Beyond the challenges that this author has already noted in terms of a generational shift in the workforce, one of the most important and fundamental ‘change elements’ inherent to the demographic disruption in the workforce - will be a most persistent challenge, one that will plague employers and workforces, and likely for the longest. The challenge facing organizations involve the need to take key steps to prevent and/or stem any loss of “institutional memory,” [217] crucial to the continuity and survival of organizations, both large and small. Such a task will be made more difficult, given the present-day quality of workforces, and the nature of development to be had [218]. Naturally, challenges are not insolvable, as solutions exist, and the solutions are certainly implementable [219]. Not unlike dealing with other generations however, there is a certain amount of wholistic discretion to be applied, to arrive to the most appropriate personnel configurations in the enterprise.

6.2.9 Some sector-side breach characteristics

Data breaches are fast arriving to “go… no-go” points, where a single informational ‘breach’ could prove to be an ‘extinction-level-event’ [220] for a firm, costing the company, quite possibly its last breath [221]. Juniper Research forecasted that cost of data breaches would surge upwards to $2.1 trillion per year by 2019 [222]. Meanwhile, a brief broadened view of ‘breach realities’ on the ground should be ‘mapped-out’ in the following manner. Willis Towers Watson, a global consultancy, in interviewing U.S. employers discovered that 85% of those surveyed had said, ‘cybersecurity was a top operational priority,’ yet 53% of them lacked a formally articulated cyber-strategy [223]. Yahoo was a good example of such a problem, where, as it has been reported, ‘every user account ever created’ was compromised. When the problem struck, top management tried their level-best to manage and contain the news of the compromise and the ‘internal toxicity’ [224] it alone was responsible for creating [225], and instead of warning its subscribers/users, the company attempted to “slow-roll” the bad news [226] in increments, hobbling an Internet veteran, and an widely identified brand. In perusing results of a ‘Human Element & Risk Culture Survey’ from the global consultancy Willis Tower Watson (WTW), the findings may allow us to better understand compromising circumstances that arise, as it did in the case of Yahoo, a bit better. The WTW findings indicate that breached environments/companies have shown to lack “comprehensive training especially among IT staffers, a fundamental lack of awareness of the value of customer centricity, domain-relevant knowledge and the importance of business integrity” [227].

Still, that WTW information does not comprise the complete picture regarding the vulnerability of information systems, and in the vulnerability in protective super-structures and sub-structures too. Still, another WTW assessment of insurance data revealed that, 90% of all cyber-related insurance claims are prompted by (as stated before) some type of “human error or behavior.” And, adjacently, we will want to consider that IBM’ security research has determined that “60% of all cyberattacks are carried out by insiders and three-quarters (3/4) of those involve malicious intent, while one-quarter (1/4) is attributable to inadvertent actors” [228]. And 56% and 54% of IT professionals in the U.S. and UK respectively identify disgruntled employees as those that could deliberately compromise systems and steal customer/client data.⁶⁴ These “indicators” designate the message clearly that, where protection of informational assets in an organization is concerned, employers worldwide (whomever they are), need to secure “appropriate people” who possess “appropriate qualities and skills” for the task. For example, conscientious Healthcare employers should certainly avoid a certain sort of candidate who is surely not well configured to work within a healthcare environment, and its many demands [229].

7 Examples of varied pathologies in that “breachable” ecosystem

Somewhere between the month of May and July of 2017, one of the largest credit reporting companies in the world was electronically penetrated by parties yet unknown. It is not likely to be confirmed, when exactly the penetration happened, and naturally then, if it happened between May and July of 2017. What is known however, is the following. Equifax did claim that personal details [230] of approximately 143 million Americans have been compromised. It is also known that senior executives of the company sold a certain percentage of their personal holdings in the company [231], before the breach was announced (a good reflection of the company’s overall commitment to fiduciary responsibility). Finally, Equifax offered free credit monitoring and identify theft protection service, with a catch; if you decided to accept Equifax services, you had to give-up the right to seek redress from the company (See Fig. 21). After a public tongue-lashing, Equifax stated that their indemnification statement would not apply to this incident. How is any or all of this possible in our time? Should not, the likes of Credit Reporting Bureaus be temples, sanctuaries, for sensitive information? The reality is, no entity has demonstrated it can claim assuredly to be “safe,” for any of your valuable information to be housed within. When the reader completes this reading, and comprehensively, the universal malignancy and menace related to informational insecurity will perhaps be better revealed in terms of Personal Privacy.

Fig. 21

A Portion of the Twitter Posting by U.S. Senator Elizabeth Warren, Regarding Equifax’s Protective Offering Upon Credit Information Breach. Source: Official Twitter Account of U.S. Sen. Warren

At the time of this writing, ‘The Guardian’ newspaper was reporting that one of the “big four” accountancy firms Deloitte, was targeted by malicious intenders, and was penetrated, which resulted in the exposure of private and confidential data belonging to their “blue-chip” clients [232]. Deloitte, a leading global Risk Management entity, predictably, and in-line with the running industry trend, had not noticed the infrastructure and data compromise for months [233]. How is it possible, that one of the world’s largest accountancy and consulting companies with a global footprint, while handling agglomerations of sensitive documents belonging to individuals, or governments, and everything in between, suffer a compromise at all; especially since, the consultancy also houses a Risk Management business? ISACA (founded as the Information Systems Audit and Control Association)⁶⁵ has some answers for us in this regard. First, in a global study of 461 cybersecurity managers and practitioners ISACA found that ~25% of all those that were primarily responsible for security in their organizations, were entirely unaware, if their corporate infrastructures were compromised [234]. Year after year, security personnel remain unaware of breaches. In this regard, ISACA offers that, “the large number of individuals who do not know if their enterprise had been breached…” despite important advances in cyber-security approaches, means, there is “…a broader systemic problem” [235]. These systemic matters constitute the full universe to which all must present full attention, as the information regarding these and other adjacent matters grows dire and direr. Let us consider the following matter. The General Data Protection Regulation (GDPR) in the EU was considered⁶⁶ the greatest sea change in the area of Privacy. Surely, the GDPR will significantly alter the face of Privacy from both, theoretical and practical points of views. Undoubtedly, GDPR mandates practical changes to Privacy related considerations and in the way protective processes, procedures and systems are emplaced and run. All EU member states will need to enforce the General Data Protection Regulation very soon. Each, and every entity in the EU that has, and/or will handle sensitive data of European Union citizens will need to abide by the many aspects of GDPR. So too will non-EU countries, and those entities within the respective borders of non-EU countries that have, or will have economic and trade relations with the EU, or their counterparts in the EU. The following study will be of good interest, at least in terms of the enforcement related issues, and the liabilities that could arise in terms of GDPR non-compliance.

In an assessment performed by Vanson Bourne and commissioned by McAfee that involved 800 senior global business professionals in relation to GDPR enforcement, only 47% were confident of fully knowing where (in the world) their data was stored/located, and only 2% of management personnel on the whole said they understood relevant Data Protection regulations as applied to their specific organizations [236]. Reading such a statement, we are forced to have to ask, who, and how anyone can “protect assets,” when the location of those assets are unknown – even for a second. In addition to the McAfee assessment, the following ISACA determinations should also be studied in terms of the systems yet to be configured, to protect both information and systems.

ISACA candidly admits that most organizations having open cybersecurity positions fully expect them to remain vacant for extended periods, as most candidates presenting themselves for employment in the field these days are unqualified [237]. The organization, having performed an ‘Enterprise Privacy Function,’ review among the organization’s global membership of Privacy and Risk professionals additionally learned that less than one-third of the Professionals are very confident in their own Enterprise’s ability to ensure the privacy of sensitive data [238]. Contiguously, more than half of those ISACA Privacy Professionals studied - do not think that consumers today should feel confident that enterprises are adequately protecting their personal information [239]. As this author has asked previously, should none among us ask, why, the ‘experts and professionals’ who are being paid to secure highly sensitive personal information ‘in the belly’ of their respective companies are “not confident” in the very mechanics and machinery they imagined, conceived, developed, deployed, and now maintain; the very same mechanics and machinery, we are imperiously instructed from time-to-time by entities (both public and private) as “needing to exist” -- to protect us from the loss of our most sensitive and private information? [240]

ISACA’s candor in the matter is to be commended. With respect to the industry as a whole, much more remains to be done.

8 Some examples of the threat ecology working against privacy and security

Susceptibility of persons, to informational compromise, to surveillance etc., has been discussed herein, to the extent that it must be, to provide the reader an adequate coverage generally warranted to allow comprehension of just how the interoperability of vital “individual attributes” matter to fittingly ‘structure’ knowledge-workers into organizations, and directing missions. There are many sides to susceptibility, such as the psychographic contours and/or features of the informational and personnel ecosystem, as in the systems of planning and instrumentations related to the execution of organization objectives in any operational ecosystem. As an extension and representation of this aspect, consider that 58% of information infrastructure attacks in the Financial sector, and 71% in the Healthcare sector, originated from the inside [241]. On face value at least, it appears the Healthcare sector is more susceptible to informational compromises from insiders, than the Financial sector. So, why are insider attacks higher in the Healthcare sector?

Another important consideration of a vastly different character and shape is that 64% of Americans are agreeable to paying a data extortionist’s demands, whereas, globally (except U.S.), only 34% are agreeable to the same [242]. A study involving U.S. consumers, small, medium, and large-scale enterprises have Americans being ~ 60 agreeable to paying a data ransom [243]. Notwithstanding the existence of any system or practice vulnerabilities, it is readily deducible that U.S. operators will be more susceptible to data extortionists by way of their agreeability to pay data-ransoms. Another informative and highly connected piece of this puzzle is the state of U.S. Small and Medium sized Enterprises (SME)/Small & Medium-Sized Businesses (SMB) to be able to repel ‘victimization’ by a data extortionist. Ponder for a moment that, at a time when 1 in 131 emails dispatched are malicious (the highest rate in five years) [244], only 33% of all SMBs feel that they have the capability to ‘detect and block’ attempts to penetrate their respective information infrastructures, while 69% of all SMBs have neither the institutional budget, nor the internal expertise to lay down any measure of defense, or the protective cover against attempted infrastructural compromise [245].

The last element of susceptibility shared in this section will be the multiple aspects of susceptibility of the modern knowledge-worker in relation to global business needs. Composing highly productive workforces and organizing their skill-sets to be practitionally sensitive to data protection and personal privacy demands - is not a trivial task. Once again, it is necessary to reflect upon the generational shift in workforces, and the preparatory steps employers will have to take to adequately qualify, and to make exist those suitable mechanisms for institutional protections more universally, and to have all specific and sufficient indemnities as necessary.

8.1 Nature of susceptibility and the enterprise’s first line of defense

Data protection to result in Personal Privacy and the Security of personal information is ultimately the product of engineered convergence of many technical, organizational and managerial foundations; foundations associated to Access Controls, Data Validation, Data Verification, Data Integrity, Rights Management, Data Classification, Data Storage/Re-Use/Distribution, Data Manipulation Tools & Services, Protective Services Foundations (such as Encryption) etc. There is so much more to all of this, than meets the eye, or the ear. The engineering of the convergence of foundations - is most often left in the hands of those that are not sensitive enough to threats, not situationally aware, not professionally knowledgeable (as it has been shown) or perceptively attentive -- to be sufficient, efficient or effective, in actions that must be taken to protect Personal Privacy and Security.

Symbolically at least, the challenge of staff composition needs in organizations and the engineering of the aforementioned convergences of the many foundations are, in a conservative estimation, at least correspondingly as large a challenge as T.E. Lawrence’s need for crossing the Nafud (Al-Nafud) Desert; a challenge that needs undertaking, and completing. In Lawrence’s case at least, we know that that the Arab forces that he had advised and had assisted to mold, defeated the Ottoman forces at Aqaba. Here, on the other hand, we know not, what prospects hold for employers faced with the demand of needing to organize and shape a superior informationally secure enterprise. Let us look at a few broad-spectrum problem points relating to personnel that information rich environments will have to overcome in order to be better protectors of Personal Privacy and Personal Security.

8.2 On righting the next generation human resource pool

‘Human Resources’ and ‘Management’ literature seem to have at least fashionable interests in the Millennial generation’s entry into the workforces, imposing “mega-shifts” to the organizational edifices and core, intended to have companies remain engaged and relevant in the market – well into the future. Most of the available literature in this regard is U.S. centered and lack great empirical fidelity. Judging by the information that is available, it is easily determinable that workforce transitions are not going to be pain-free. The implications visible through the information available shows implications that are global in nature. As new employees, when millennials stream-in to the core of today’s enterprises, those large-scale structural and operational adjustments that were needed to have been placed into service - to ease and expedite a productive initial co-mingling of the new and the old workforces, and the subsequent co-existence of inter-generational transitioning workforces will not have been in place. Management and staff will have largely been caught “flat-footed” in their inter-generational workforce transitioning preparations.

Yet, in the midst of all workforce mingling and adjustments that is needed, wheels of government, finance, of commerce, industry etc., must keep churning, being productive, being efficient, and being effective. For instance, the task of preserving and maintaining Personal Privacy and Security of persons cannot stop, nor can it be interrupted while adjustments in the workforces are being made, when training is being carried out, or during any mending of unfortunate organizational hitches, or a glitches. The main employer objective regarding the highlighted staff adjustments necessary is, to circumvent business/operations/market disruption as a consequence of said staff adjustments. Unfortunately, for those who are seeking specific wisdom in such matters, from oracles of Human Resources, and/or Management Consultants and Organizational Specialists etc., in relation to Millennials, their presence and integration into workforces, performance metrics etc., the empirical evidence is scant, eventhough there is good interest in Millennials becoming the dominant workforce. Therefore, organizations find the need to muddling through, as operably able. Herein are few diagnostic entries, included here for their broad-stroke relevance to the composition of renewed workforces that would be able to support and to maintain Personal Privacy and Security demands.

8.3 Righting the perspectives on modern workforces

All-purpose characterizations and discussions of Millennials regarding denote them being volunteer minded/community oriented, being purposeful, caring, and politically engaged. The one empirical study (as it has been possible) in particular, worthy of greater inspection, dissection and analysis, originates from Psychologist Jean Twenge. Twenge and her colleagues in “Generational Differences in Work Values: Leisure and Extrinsic Values Increasing, Social and Intrinsic Values Decreasing,” largely dismiss common claims of generosity and concern expressed for their fellow-man by Millennials. Twenge and colleagues have determined that Millennials are more concerted on achieving extrinsic goals,⁶⁷ than intrinsic goals,⁶⁸ and that there is less Millennial’ concern for others, and for civic duty, as noted commonly. As a side note, as it was recorded last by the U.S. Bureau of Labor Statistics, millennials had the lowest national volunteering record, at 18.4%.⁶⁹ Another key aspect of personnel characteristic that employers need to concern themselves with is that quality of the employee to be able to apply personal and professional skills to fulfill employer’s mission-centered objectives.

In relation to aforementioned points, results from the “Wave 2 National Epidemiologic Survey” of the “Prevalence, Correlates, Disability, and Comorbidity of DSM-IV Narcissistic Personality Disorder” [246] will need to be analyzed contextually. This comprehensive national (U.S.) analysis enunciated affirmatively that Narcissistic Personality Disorder (NPD) “is a prevalent PD (Personality Disorder) in the general U.S. population.” How prevalent? The study had discovered that people in their 20s, suffered Narcissistic Personality Disorder nearly 3× more than those over the age of 65 [247]. In a meta-analysis of American college students who undertook the Narcissistic Personality Inventory (NPI) examination between 1979 and 2006 showed almost two-thirds of the more recent college students demonstrating a 30% increase in narcissism scores [248]. In “Narcissism Epidemic: Living in the Age of Entitlement,” [249] the authors identify modern day narcissists as those people who, “strive to create a “personal brand” (also called “self-branding”), packaging themselves like a product to be sold.”

Why should we discuss Personality Disorders? Personality Disorders are hard to sense, detect, and most importantly, confirm. The author has broadly, but briefly, introduced the reader to insider threats, and consequences. Narcissism and Impulsivity are closely connected [250]. Moreover, the presence of narcissism would certainly prevent a candidate from adequately interfacing with the enterprise and its many segments properly. Moreover, an employer’s gamble - that narcissism could not/will not spawn a series of informational compromises having already presented certain psychosocial characterizations herein, is a risk that simply cannot be taken.

The millennial workforce entrant is forced to have to co-mingle with people of other generations already within the enterprise. While millennials are considered to be ‘social beings,’ they are not so - in the social norms sense; they are ‘virtually social;’ where societal norms governing human connections and relationships are not correspondingly the same, as they are in the real world. When millennials co-mingle, and interface with the existing workforce, there are no guarantees in advance that there will be any acceptance of millennials at all by other generations in the workforce mix. Some are likely to “fit-in” while others remain on the margins, never integrating into the whole as part of a larger team [251]. An even larger organizational issue of concern, that is likely to cause significant clashes⁷⁰ in the workplace involve people’s roles and their work-values, as in their ‘presence,’ ‘communications,’ ‘accountability,’ ‘production,’ ‘output quality,’ ‘diligence,’ ‘sense of commitment’ etc., between generations. All such considerations are important when organizing to safeguard and secure Personal Privacy and Security of informational enterprises. When values are not aligned, conflict emerges, and dis-synchrony propagates throughout the establishment, resulting in significant failure modes [252]. Consider, if one is prone to be afflicted by NOMOPHOBIA, PIU (Problematic Internet Use), IGD (Internet Gaming Disorder), Internet Addiction Disorder (IAD) or FOMO (Fear Of Missing Out), ⁷¹ and to also prone to checking their mobile device ~ 150 times in a day, or ~ 6.5 times every hour⁷² how will it be possible for the “umbilicalized worker” ⁷³ to be part of a larger enterprise team, more institutionally engaged, and more mission-centered? If a worker is disconnected from institutional needs, mission-centricity and is constantly prone to be interrupted by Social Media activity, and disturbances from family, friends, or others how is such a party to integrate with the whole that is more institutionally centered, and focused upon achieving missions? Who precisely will be the responsible party to the human errors/process errors that such a person will likely introduce into ‘mission-flows’ that has the potential to weaken or destroy mission-centricity? The reader is reminded that “[n]arcissism was found to be positively related to Millennials’ reported belief that others are interested in what they are doing and the desire for others to know what they are doing” [253]. Also, that “[t]he online environment allows narcissists to effectively manage their image by controlling the information and activities that are displayed. This control allows narcissists to hide their inadequacies and, thus, bolster their self-esteem.” [254] All of this simply means, employers must be devoted to mission-centricity more, and hold employees accountable to the performance of assigned tasks as required, in this case, to those duties that are related to the protection and preservation of people’s Privacy, and their Security.

Three <3 > characteristics associated with the millennial workforce that should be part of all important considerations relating to protection and preservation of Privacy and Security specifically concerns that generations’ potentiality to meet performance expectations in the workplace. First is the matter of “Engagement.” Broadly, elements of engagement can provide steady insight into some key aspects of labor affairs. The research arm of the Gallup organization performed engagement analyses upon the Millennial generation, their presence, and their performance in today’s workforce. Gallup revealed that only 29% of all Millennials are connected to their work, are engaged, and are delivering for their employers, while 71% are “disconnected” and are “disengaged” from their commitments to their employers [255]. Disturbingly, Gallup stressed that 16% of the 71% are directed to do ‘damage to the companies’ in which they are employed [256]. Gallup finds that “[t]he millennial workforce is predominantly “checked out” — not putting energy or passion into their jobs” and that “[t]hey are indifferent about work and show up just to put in their hour,” costing the U.S. economy at present, US$ 30 billion/yr. in turnover costs [257].

The Second characteristic of concern regarding the millennial generation involves their use and command of information technology -- a double-edged sword. On one side of the sword, millennials are reported as being enthusiastic tech-users. Inspite of their reported enthusiasm for information technology and its use, they are criticized often for not being conscientious of technology related security demands. Technology industry channels quite often reports on this subject, albeit wrongly [258]. On the other side of the sword, is the often-reported broad falsehood that millennials are “tech savvy.” The desire, and a general inclination to use technologies in no way substantiates proficiency, nor is technology use by millennials (or frankly, one from any generation), any evidence of working knowledge of the many aspects of technology, or of the insides of those aspects. This author’s experience in government and industry is that millennials are predisposed to liking technology use, but their skills associated with technologies and their proficiencies in and of technologies are not universal, not unlike those from other generations. That which is a generally acknowledged problem among employers with larger numbers of Millennial staff is that there is a general reticence by Millennial employees to follow instituted safety and security policies. Evidence that is more empirical is warranted - to understand precisely the reasons for safety and security policy violations by the Millennials. Anecdotal evidence points to a general sense of invincibility, dislike for authority, dislike for procedures and processes, short-attention span, failure to be able to think analytically and judiciously, failure to comprehend fully - the consequences and/or repercussions, general insensibilities lending to being unable to understand rules function etc. If some, many, or all of these characteristics are present among workforces to whom responsibilities to protect sensitive information are entrusted, the likelihood that aims to protect the safety and security of private information will be negatively affected - will remain high.

The Third characteristic of a Millennial generational concern is their level of preparation to enter the workforces. At least, in the United States, over the last century, public educational systems have been machined into a corn-fed parasitic leviathan, primarily existing to serve itself, and the bureaucratic elements within [259]. 74% of students questioned believe their college/university is failing them when it comes to job preparation.⁷⁴ In a survey of 500 Senior U.S. Executives by Aberdeen, 92% of them declared that American workers are not as skilled as they need to be, and 59% of them blamed the education system for the gap in U.S. Worker skills, while 64% of them were of the assessment that due to the lack of properly skilled U.S. workforce, there will be less investment in U.S. firms in the overall.⁷⁵ In another survey by Aberdeen,⁷⁶ of more than 500 C-Suite Executives globally, 80% of all employers believed that the ‘skills gap,’ that gap between much needed skills, and those skills that are presented by employee candidates in the market - is real, and 76% of all organizations were using contingent labor to enhance their workforce and close talent gaps [260].

Regarding technology use, the mere ability to interface with and to use technology - does not mean, nor should it be strangely correlated to proficiency. The same can be said for education. To have been commissioned at a college or a university infers neither mastery nor proficiency in any subject. Historically, in the United States, grade inflation ⁷⁷ has ‘glued-on,’ the veneer of college preparedness, when there is an overall lack of competence [261]. More and more, the underpowered ⁷⁸ and over-confident college graduate covets to be part of the “skills economy” without skills, and fancy to be part of a “knowledge economy,” without knowledge.

In a “Workforce-Skills Preparedness Report” by human resources firm “PayScale Human Capital,” for instance, 87% of recent graduates had a self-appraisal that they were prepared for their job, while only 50% of their managers had similar confidence. The recent graduate and prospective employees is largely suffering from severe deficiency of skills crucial to the workplace. 60% of all hiring managers stated that recent graduates/applicants lacked “critical thinking/problem solving” abilities, while 56% of all hiring managers said that applicants lacked “attention to detail,” and 46% of the managers stated that applicants lacked “communication skills,” and 44% said applicants lacked the skills to establish maintain “ownership/accountability.”

Looking forward, the overall capabilities of institutions to protect people’s Personal Privacy and Security, and the large-scale workforce’ generational transitions underway, the overconfident estimations of technology comfortability and savviness of the millennial generation will need to be better examined. For a U.S. perspective on this, and how it might apply to parts of the world elsewhere, the author has chosen to rely upon the work of the ETS Center for Research on Human Capital and Education. In a report that uses Program for the International Assessment of Adult Competencies (PIAAC) data, and one that is uniquely focused upon millennials, “America’s Skills Challenge: Millennials and the Future,” the knowledge and skill-sets of U.S. millennials are compared for the first time to their international peers. The findings wipe off the superficially artisan, cheery, defective, and dubious ‘reporting’ that grace the opinion pages, describing how effectively U.S. education is competitively preparing tomorrow’s workforces. The authors of the said report present that the ‘singularly important message’ emerging from the report is that, “despite having the highest levels of educational attainment of any previous American generation, these young adults on average demonstrate relatively weak skills in literacy, numeracy, and problem solving in technology-rich environments compared to their international peers.” As it has also come to be known, “[e]qually troubling is that these findings represent a decrease in literacy and numeracy skills for U.S. adults when compared with results from previous adult surveys.”

The report has uncovered that, “[i]n literacy, U.S. millennials scored lower than 15 of the 22 participating countries. Only millennials in Spain and Italy had lower scores.” “In numeracy, U.S. millennials ranked last, along with Italy and Spain.” And this is where the findings get even more interesting, in Problem Solving in Technology-Rich Environments (PS-TRE), “U.S. millennials also ranked last, along with the Slovak Republic, Ireland, and Poland.” Remarkably, the report states, the “[t]op-scoring U.S. millennials (those at the 90th percentile) scored lower than top-scoring millennials in 15 of the 22 participating countries, and only scored higher than their peers in Spain.” And, “[l]ow-scoring U.S. millennials (those at the 10th percentile) ranked last along with Italy and England/Northern Ireland and scored lower than millennials in 19 participating countries.” This represents a broad view of the landscape as it relates to workforce preparation for the Digital Century; more specifically, to that ability to be able to protect and defend Personal Privacy and the Security of informational enterprises.

These findings should ring alarm-bells in the mind of modern day employers who must now make significant institutional adjustments to satisfy legal responsibilities related to the protection and preservation of Personal Privacy and Security of information. Such is also ‘the’ “composed nature” of workforce’s surveillance susceptibility, and the ways in which interconnections, and interdependence among people, processes and technology will go on to affect the ways Personal Privacy and Security of information will/can be assured.

9 Conclusion

Two intellectual branch offenses are routinely committed against populations with respect to Personal Privacy. One routine offense is of a psychological nature, and the other, sociological [262]. Psychologically, we are instructed by those all-knowing, that ‘some amount’ of liberties must be forfeited for the sake of safety and security, as it is “essential” for the larger good [263]. Sociologically, we are instructed that in increasing security measures, we become safer, and that any consequential erosion in “Personal Privacy” (for instance) is being adequately compensated, by added security measures [264]. As if situations surrounding Privacy are not hard-enough to parse already, Privacy learners also have to routinely content with security “apologists” and “false prophets” of Privacy, who, apart from being responsible for other types of violations (concepts, language – its syntactics, pragmatics, semantics etc.), continue to attempt their hand at presenting the aforementioned psychological and sociological propositions. It is for such reasons that this editorial has been written, to service the reader with a more comprehensive informational arrangement, that will likely materialize a broader, relevant, timely, intellectually fuller, and more clarified perspective on Personal Privacy and Security.

Privacy desperately needs a common language and a universal frame of reference, as in many areas of the world (including the most developed), there are strong desires to subjugate fundamental human rights in the name of security. Within this editorial, the author has attempted to provide a logical, agreeable, and durable proposition for our most basic Privacy consideration and discussion orientations, referenced around the Universal Declaration of Human Rights (UDHR). Personal Privacy and Personal Security are values that are broadly treasured by humanity. However, man is chiefly responsible for the compromise of both, as in other things.

Human “error” is the biggest culprit. Although the use of the word “error,” given the range of human misconceptions, ill-adjustment, maladjustment, disorganization, corruption, and sordid unethical and unequivocally immoral behavior sets that may/could be involved, is severely unfitting. In a very broad sense, this editorial wholly concerns itself with society’s preparedness (rather, the lack of it), to protect and defend Personal Privacy and Security going forward. Consider India as an example, in part, an ancient land and cradle to human civilizations. Its Supreme Court has ruled that Privacy is a constitutionally protected right for nearly 1.4 billion people of planet Earth and citizens of India. Yet, India is a country that is, in this author’s estimation, the least prepared to make Privacy (now a legally protected constitutional right) realistically applicable in society, and make it viable for the long-term for all Indians, given the present day national directions, as they have been shown herein. The Aadhaar, known as the world’s largest biometric identity program, and its nationwide implementation is an example of how incredibly ill prepared (tactically and strategically) the Indian economic, political and social ecosystems are especially situated to fully enter and to inter-operate within a digital century. On the other hand, in the case of Rwanda, from known information, the country is organizing and orchestrating to provide Privacy protections for all in Rwanda eventhough the country’s constitution does not enshrine Privacy as a basic right for citizens. In both of these country situations, it remains to be seen still, just how protected their respective citizens will be - in time.

Meanwhile, this editorial has aimed to provide a broad-stroke layout of possible failure modes in the human dimension in relation to activities mounted with intentions and designs to protect Personal Privacy and the Security of information for the immediate, and many, many approaching years. Herein, several “un-fused” aspects of Privacy not intuitively considered, as in our individual behaviors when interacting with digital tools and services, emplacement of those behaviors in organizations, struggles experienced by some in evolving national and cultural identities, and human preparations to face demands of evolving and integrating technologies, economies, systems of governance and peoples have been reflected upon. In this conclusion, the value of Personal Privacy and Security related ‘self-awareness’ and the now inordinate need for higher states of global self-preparedness for the protection of personal rights, and to the defence against encroachments upon the same, is briefly highlighted and discussed.

In section “3.3. The Case of Guatemala: Where The Once Oppressed – Gamely Facilitated Brutality,” the role of technology supplier Tadiran was discussed, as having aided the establishment of a surveillance society in Guatemala. In El Salvador, the same equipment that was supplied by Tadiran to Guatemalan officials was used to catalog people in a different way. Author Jane Hunter, in “Israeli Foreign Policy,” described that, El Salvadorian Police blocked-off many parts of the nation’s downtown areas from time to time, and set-up police checkpoints, where information from ID’s of all who passed through these checkpoints were routinely harvested and analyzed with technology provided by Tadiran. From the harvested information, the Police analyzed the travel patterns of all the people. According to Hunter, if the Police determined that a person was in an area, where and when “he was not supposed to be,” that right away made the person a suspect [265].

In the here and now, in New York City, according to the New York Civil Liberties Union (NYCLU), New Yorkers have been subjected to such a type of “stop-and-frisk” by police authorities, 4 million times since 2002, where nearly 9 out of 10 ‘stopped-and-frisked’ New Yorkers have been completely innocent. NYCLU notes that Black and Latino communities continue to be the majority target of these New York City police tactics overwhelmingly. Meanwhile, in one of the many thousands of such instances, an innocent bystander Hadiyah Charles was arrested by New York City Police for filming a “stop and frisk” encounter. The New York Civil Liberties Union (NYCLU) reported Charles was shoved by NYC Policemen, who proceeded to subsequently handcuff her, arrest her, and hold her in a jail cell for 80 min for video-recording the event. A lawsuit filed in U.S. Federal District Court [266] by Charles, against the New York City Police Department, the Chief of Police, and several Police personnel has been settled. But, why discuss Police? Police are discussed due to the nature of Charles’s encounter with an agent of the government, also because the agent is one that is authorized to maintain law and order. We also discuss Police Agencies and members of their forces in this conclusion because they have the power to use force -- force to confront, force that imposes upon a person a certain exigence – able to breach one’s personal civil/constitutional privileges (perhaps involuntarily), force to question, cordon, detain, arrest, and to discharge deadly-force. In many ways, the qualifying temper and dispositions of ‘Police-Public’ encounters in many ways define the strength of civil society and its structures. Within the discussions herein, and to this conclusion, an encounter with Police as Charles did, begins to outline and describe for us - the background, design, structure, and composition of protective ecosystems, and those remedies to be put into place to strengthen and assure protections in those ecosystems. With specific regard to Personal Privacy and Security for instance, we must pose if Police routinely detain, question and/or search public without any “reasonable suspicion,” or the existence of warrants issued, or as in the case of Charles, plainly interfere and impede in constitutionally protected activities, and or otherwise engage in unlawful arrests and detentions of law-abiding citizens.

Lack of transparency into Police forces and their activities for instance, has historically precluded the conduct of research on effective Policing - more generally. For example, in the U.S., no comprehensive statistics exists on problems relating to Police integrity, and furthermore, no government entity gathers and represents data adequately, related to criminal arrests of Policemen and women. However, in a recent groundbreaking study of law enforcement entities in the U.S., performed with support from the U.S. Dept. of Justice, uncovered that of all criminal arrests made of Policemen and women in the U.S., 54% of the total were serious enough to warrant dismissal and separation from the Police forces [267]. Police agencies are merely a reflection of the communities, and the people within the communities they serve. It is said that the problem with Police Departments are no different from those that are experienced by corporations, universities, labor unions, and government agencies [268]. David Dorfman disclosed that one known and indelible aspect of Police operations is that, “Police lying is no “little secret.”” [269] Dorfman adds that corrosively, Juries are thoroughly capable of overlooking, completely ignoring, or side-stepping the fact that Police testimony can in fact be, “unbelievable, unreliable, and even mendacious,” that “[j]udges, prosecutors and defense attorneys report that police perjury is common-place,’ and… police officers… concede that lying is a regular feature of the life of a cop.” [270]

Regarding “search and seizure” activities by Police in particular, examining Melanie Wilson’s thoughts in “An Exclusionary Rule for Police Lies” will be prudent with respect to discussion of Personal Privacy and Security. Wilson tells us that, “[e]ach police lie that manufactures a reason to support an otherwise “unreasonable” search or seizure deprives all citizens of their confidence in the [U.S.] Fourth Amendment’s protections against government intrusions into privacy, liberty, and dignity” [271]. Regardless of where we live, all actions taken by those such as the Police, in violation of constitutionally granted privileges, erode the very stability of our societies. A landmark “abuse of Police authority” study performed in the U.S., has determined that “[t]he potential abuse and actual abuse of Police authority remain both a central problem for Police agencies and a central public policy concern” [272]. This simply intimates that the risk/chance of “Police-Public” encounters ending poorly will continue to be high. The study found the following particulars relating to Police Departments, and Police Personnel cultures.⁷⁹ The same particulars can be judged contributing to the persistence of poor “Police-Public” encounter outcomes. Findings showed that 67.4% of all Police personnel either agreed or strongly agreed that if one policeman/woman reported another’s misconduct, s/he would likely be given the “cold shoulder” by others. 52.4% of all Police personnel either agreed or strongly agreed that it is not unusual for one member of the police force to “turn a blind eye” to improper conduct by another, or others. Moreover, 61% of all those who were studied either agreed or strongly agreed that they do not always ‘report serious violations involving abuse of authority’ by fellow Police personnel. None should be surprised at the number of formal complaints filed against members of the New York City Police force, where police personnel have come into contact with the public, and verbal threats, physical interference and intimidation as tactics were used to stop the public from recording Police’ interactions with public.

Due to the number of those types of cases, the New York City Police had to send a “reminder”⁸⁰ to all among its roll (message to New York’s Police force, see Fig. 22), to be mindful of U.S. constitutional privileges of a Citizen, which the Police are not to violate, when a civilian is seen recording ‘Police-Public’ encounters. A list of at least 2 dozen lawsuits have been filed against the City of New York,⁸¹ since that “reminder” was dispatched [273], which indicates at the very least, a ‘reading and comprehension’ problem among members of the New York City Police force (see Fig. 23)

Fig. 22

The Crucial Skill New Hires Lack. Source: The BBC - 29 August 2013

Fig. 23

Excerpt of a Memo from NYC Police Chief to Police Depts. on Acceptable Police Behavior in Relation to Public Encounters with Citizen Videographers. Source: NYC Citizen Complaint Review Board Report (2017)

.

As this editorial has been discussing, this issue of ‘Police-Public’ encounters is related to Personal Privacy and Personal Security, as any action by a Police force, to stop, detain and question members of the public has to be synchronous with the principles of the Universal Declaration of Human Rights -- being a basic instrument that supports the existence of civil societies. Respect for human dignity, and respect for the law, are not mutually exclusive principles or conditions. In this instance, subjugation of constitutionally privileged rights by Police represents an unacceptable, reprehensible, and roguish act in the least, especially when members of the Police force care to (as they so often do) announce themselves as a group of professionals who are responsible for the “enforcement of laws.” To be clear, while discussing this very American issue, none should construe that this discussion item could not be of interest to the rest of the world; it surely is. And naturally, the type of NYC Police behavior being discussed is not unique to New York City. The behavior of certain Indian Police officers have been discussed herein too, where staff from the local Police Dept., had stood-by as spectators, while a crazed mob, beat a man to death.

With respect to the “stop and frisk” actions of the New York City Police Department, on 12 August 2013, United States District Court Judge Shira A. Scheindlin of the Southern District of New York, determined that the constitutionally protected rights of the plaintiffs who brought a class action lawsuit against the City of New York, in “stop and frisk,” had been violated [274]. Judge Scheindlin ruled that the City of New York had been employing a “policy of indirect racial profiling” all along, and that the Police department “must have individualized, reasonable suspicion that the person stopped has committed, is committing, or is about to commit a crime” [275] Looking at this from a Personal Privacy and Security point of view, all the “stopping,” and “frisking” of ordinary citizens, had violated their Personal Privacy and Security. The important question to ask at this point is, why did it take more than a decade to get this ruling? Were there not enough courtrooms; judges; lawyers, bright minds and insights to map relevant points regarding violations and arguments, or was this simply a case of constitutional “foot-dragging,” “balanced” against politicized cries for “security”?

The author wishes to additionally remind the reader -- in case it is not readily obvious, that, the following actions had transpired. Importantly, more than a decade full of constitutional violations has taken place. Next, and equally important as the first, involve the points that an illegal, unconstitutional, and plainly rogue Police program was birthed in the City of New York, and by way of “sanctions” from the Mayor of the City of New York, and the Police Commissioner of the New York City, both of whom had separately and individually taken oaths to uphold the law, and the constitution of the land, but then proceeded to violate both. Still, officials have not even been reprimanded, let alone be punished under the law.

From whichever land you the reader may originate, and whichever nation you may be a national of, you will want to discover, how these factors that are being discussed regarding prevailing matters of constitutional interest to those in the U.S., and to her Citizens, affect your own compatriots, and your own rights. In relation to the U.S., one issue is very clear. Americans have historically found it difficult to assert constitutionally assigned privileges, to be able to advocate for those personal privileges granted to natural born citizens under the U.S. constitution. Why have Americans not been cogently assertive of birthrights?⁸² Again, an issue not confined to the U.S. Many of our readers can ask the same question of their respective citizens. As discussed earlier within this editorial, civic education, and personal cultivation are essential parts to the securing and continued preservation of one’s rights; our ability to sense any encroachment upon personal rights, or being able to discern the presence, or occurrence of, any outright violation of personal rights.

In the U.S., a significant portion of American population lack command knowledge of national institutions; institutional responsibilities; instruments of law and order; of processes, procedures, attributes and desired manners of governance; relevant national histories or how we are organized as a country, and as ‘common-cause’ people. Furthermore, we lack that knowledge, which is ‘inherently primary’ to citizenship [276], knowledge that would empower, to be able to informedly dispute, or to lawfully be able to advocate validly, on specific issues and/or cases, if necessary. Of these things, Robert Putnam has almost prosaically noted in his book that, “most Americans today feel vaguely and uncomfortably disconnected” [277]. Further, Putnam, borrowing from an early twentieth Century writing of Walter Lippman, suggested that perhaps, “we have changed our environment more quickly than we know how to change ourselves.” Reflecting upon Lippman’s remarks there, and in solely appraising the American situation now, this author finds a stern need to deviate from Putnam’s last observation, for the likes of detachment and the “dumbing-down” that America continues to experience [278], as Putnam’s own discovery has acknowledged, began long ago. This author notes, as does Putnam, that the quality of American public education over decades had been reaching a crisis [279], which this author submits as the prime cause for our inability to “change ourselves,”” and in turn also the prime cause for our lack of competence and preparedness to match societal needs forward. Putnam noticed that the [U.S.] nationwide decline in social connectedness and civic engagement in such activities as voting, giving, meeting, visiting, newspaper reading, volunteering, and being interested in politics has continued an almost uninterrupted decline for more than 40 years. Such lack of civic engagement and political disconnection result in a general inability to sense, determine and/or act on matters of high consequence, such as the protection of personal and collective rights.

At present, only a quarter of all Americans (26%) can name the three branches of U.S. Government (down from 38% in 2011), and 33% of Americans cannot name a single branch of Government [280]. 37% of Americans cannot name any of the privileges guaranteed by the First Amendment to the U.S. constitution [281]. When Pew Research asked Americans in 2010, to identify the Chief Justice of the United States Supreme Court [282], more than half (53%) claimed to not know, while another 8% identified former Associate Justice Thurgood Marshall as Chief Justice. It should be mentioned that Justice Marshall had expired in 1993, and had not served the U.S. Supreme Court since 1991, while yet another 4% of Americans identified then U.S. Senate Majority Leader Harry Reid as the Chief Justice. Reid never served in any capacity on the Court, and more importantly, Reid was in service at another branch of government -- the Legislative. Yes, to not make the mistake of assigning Reid wrongly, and more fundamentally, as a starter, one would have had to know the difference between serving in the Legislative, vis-à-vis in the Judicial branch of government. Once again, this ‘problem,’ is not localized to America. More widely, the rise of extremism (any variety) worldwide (as in India, Pakistan, Myanmar, Iraq, China, Germany, Austria, Hungary, Poland, Sweden, Norway etc.) is rooted in a multiplying of inter-generational prejudices, and a decline/erosion in ‘human cultivation’ at least, one that has fostered an almost willful blindness to the authentic nature of human conditions and compositions. Such blindness, and the character of accompanying subject matter ignorance as detailed herein - leave populations inherently incapable of defending against encroachments upon constitutionally granted privileges, by anyone, including those who believe they are delivering and enforcing ‘lawful instructions or orders,’ when they could clearly not be.

Success in the fight against injustice is largely dependent upon a heightened level of “knowledge boosted-awareness,” of one’s living states. An individual could only comprehend fully the severity associated with a sensitive data-breach at a Credit Reporting Bureau, for instance, if one possessed the critical background and the knowledge connected to the working components in the Credit Reporting enterprise and their inter-relationships among other things. In order to mount a capable defense against encroachments upon Personal Privacy or Security, one must understand, and have an appreciation for (without exception) the most basic privileges that are vested to each citizen by constitutions, personal knowledge of limitations or restrictions that can be imposed upon those privileges, and the terms and conditions under which any limitation and or restriction may be imposed. Such personal knowledge is an integral part to understanding the nature of basic citizenship, and being adequately informed on the way to sense, assess, and act on Personal Privacy and Security related encroachments and/or violations.

In the overall, the intention of this Editorial Chapter has been to unearth the many dimensions of the Privacy world, which are seldom surfaced, or discussed. Above all, the focus of the editorial has been to deemphasize the’ conventional spotlighting’ of Privacy issues that go on, and to highlight the more urgent and fundamental need for a deeper and richer common understanding of Privacy situations, and of the value Privacy poses to the individual, and to society. Another goal of the editorial was to amplify the need to acquire gainful personal knowledge to many important aspects of Privacy and Security, as to be maximally effective, and to be exceedingly valuable within the globally distributed yet, interconnected, interdependent, and interoperable digitomicy, ⁸³ as employers, employees, technology enthusiasts, and as Privacy and Security advocates.

Success in our individual and collective attempts to protect and preserve values such as Personal Privacy and Personal Security will depend largely upon each of us, “knowing” and “acting” through lawful and constitutionally privileged means, and by collectively organizing to defend personal freedoms. In motivation to that, we must re-introduce ourselves to the remonstrations of the Late Associate Justice of the Supreme Court of the United States, William J. Brennan, who chided us for being delinquent, and being cavalier in our consignment, or rather, the surrender of ‘our very personal powers,’ ‘the power of self-determination’ - over and into - the hands of governments. We must pay heed and homage to Justice Brennan’s sharp excoriation of our collective ‘stand and streak’ – our ‘bent and badge’ – for not investing the time and effort to learn; to command knowledge vital to our self-determination; to lazily and piningly take up instead: governmental maternalism and paternalism, consigning to ‘[g]overnments more power over our lives than ever before,’ and of it, ‘we seem not more concerned, but more indifferent to the consequences of …surrender.’ [283]

Change history

• 31 January 2018

  Figure 22 should not have been placed in Section “9 Conclusions” on Page 312. Fig. 22 should be correctly situated in Section “8.3 Righting the perspectives on modern workforces”.

Appendix