Privacy and security online are hot button topics in America today, as a new survey by the Pew Research Center survey confirms (see Public Perceptions of Privacy and Security in the Post-Snowden Era). Looking at the results, we were excited to see that some responses mirrored results from two different privacy and security surveys conducted by ESET, notably the erosion of trust in institutions that deal with personal data, in both the public and private sectors.
Privacy and surveillance awareness
Over the last 12 months a lot of researchers and policy makers have wondered what effect the Snowden/NSA revelations have had on the American public's attitude to privacy and security. For example, how many people are even aware of such things? "Most Americans" would seem to be the answer from Pew's study. Asked if they had heard about “the government collecting information about telephone calls, emails, and other online communications as part of efforts to monitor terrorist activity" close to one in 10 respondents said that they had (87%). Those responses ranged from having heard “a lot” (43%) to a "little” (44%).
Compare that to the Harris survey we commissioned, at about the same time, in which 85% of respondents said that they were at least somewhat familiar "with recent NSA news about secret government surveillance of private citizens’ phone calls, emails, online activity, etc." The breakdown there was 50% responding “extremely”, “very” or “fairly” familiar, with an additional 35% saying they were "somewhat familiar".
So how do Americans feel about this situation? Pew found that 80% of adults “agree” or “strongly agree” that "Americans should be concerned about the government’s monitoring of phone calls and internet communications." Only 18% “disagree” or “strongly disagree” with that notion (PewResearch Internet Project). Compare that to our finding that a majority (81%) of Americans familiar with the NSA revelations believe there should be new laws implemented to better regulate government surveillance (Harris Poll commissioned by ESET).
Privacy attitudes
While it's not yet clear what changes, if any, politicians and government agencies will make in response to this very high level of concern about government surveillance, you can bet that some citizens are making changes. Consider social media. Pew found that "70% of social networking site users say that they are at least somewhat concerned about the government accessing some of the information they share on social networking sites without their knowledge." ESET found that 47% of adult Americans who were aware of the Snowden/NSA revelations agreed with the following statement: "Given the news about the NSA, I have changed my approach to online activity in that I think more carefully about where I go, what I say, and what I do online."
Specifically, 26% said they had done less online shopping. A similar percentage said they had done less banking online, and one in four said they were less inclined to use email (which is still the backbone of much commercial Internet activity).
Pew Research also found that people had doubts about email, with 57% saying they "feel insecure sending private information via email." Even so, email fared way better than social media in the trust stakes, where 81% said they feel “not very” or “not at all secure” when using social media sites "to share private information with another trusted person or organization." Instant messaging and SMS were also untrusted as Pew found "68% feel insecure using chat or instant messages to share private information" and "58% feel insecure sending private info via text messages."
While many of these attitudes reflect concern over revelations about NSA surveillance, the attitudes registered by both ESET and Pew Research extended to commercial entities as well. Indeed, every business that handles personal information needs to take the following Pew Research finding to heart as it considers its privacy policy and security strategy:
91% of adults in the survey “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies."
Backing up that Pew finding is our survey data showing that the public's concern "over surveillance and data gathering by companies for profit" is far greater than the concern over government activity.
There are many fascinating aspects to the Pew study which explored areas beyond our research on these topicss. Indeed the initial nine page report, which I highly recommend reading, is a very valuable contribution to the public debate about privacy and online security.
One aspect not addressed in the Pew study is the relative level of concern between government surveillance and criminal hacking. The Target security breach occurred not too long after the first few rounds of Snowden revelations. As many legislators who went home for the holidays in December of last year discovered, just about everyone in America has shopped at Target, and knew about the massive theft of credit card data from the retailer's systems. Maybe that's why criminal hackers far outweighed government snooping as a worry for our survey respondents.
Why does ESET survey privacy attitudes?
(This section is a minor appendix to put our work on this subject in context.) In September of 2013, ESET commissioned a small survey of American adults (563 respondents) to assess a range of public attitudes in light of the Snowden revelations about mass electronic surveillance by the NSA. We did this as a sanity check ahead of Andrew Lee’s keynote at Virus Bulletin 2013 in Berlin where the CEO of ESET North America wanted to talk about ethics and the antivirus industry (there is a recording of the keynote on YouTube).
For example, it was clear that many information security professionals were following the Snowden revelations very closely, but we didn't know what percentage of the general population were aware of them. The answer, in September of 2013, was 87% (responding at least somewhat aware or more). We asked a lot of other questions, the answers to which were reported in two blog posts: Survey says 77% of Americans reject NSA mass electronic surveillance, of Americans and NSA and Wall Street: online activity shrinks, changes post-Snowden.
These findings were widely reported but several observers noted that the sample size was small. There was also skepticism as to whether or not the awareness, and the behavioral changes that we uncovered, such as doing less shopping online, would fade over time. So in February of this year, six months after the initial survey we commissioned a much larger Harris poll which went out to over 2,000 people. We felt that those early indicators of changes in online behavior, which might have an economic impact, were worth confirming or denying. The changes were confirmed, and we learned a lot more besides that, notably the extent to which consumers worry about cybercrime. Those findings were reported here New Harris poll shows NSA revelations impact online shopping, banking, and more and here NSA revelations shake faith in U.S. tech firms as Harris poll shows public conflicted.
We hope to continue researching this topic in 2015. As the debates about privacy and surveillance, encryption, law enforcement, and cybersecurity evolve, we will ask the tough questions, like: Is the contribution of digital technology to global economic growth being impaired by a shortage of trust? And what can be done to preserve the benefits of technology?
If you have thoughts on privacy attitudes and how they impact your life, or the life of the country, please share in the Comments below.
Note 1: The rather creepy image at the top of this article is a larger-than-life mechanical horological automaton representing Peeping Tom, the man who broke the promise made by the citizens of Coventry not to watch Lady Godiva's naked ride through the city to protest taxes imposed by her husband, the Earl of Mercia. Peeping Tom appears every hour as the figure of Lady Godiva rides by under a large clock in the center of the city. Legend has it that Tom, a tailor by trade, was struck blind after peeping, a fairly dire punishment for a single act of privacy invasion.
Note 2: When we quote survey figures we like to provide the survey methodology. For the ESET survey referenced in this article, it was conducted online within the United States by Harris Poll on behalf of ESET from February 4-6, 2014 among 2,034 U.S. adult adults ages 18 and older, among which 1,691 are at least somewhat familiar with the NSA revelations. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables, please contact esetpr@schwartzmsl.com