Engadget Job Board
Director of Engineering at Shopkick
Shopkick - Redwood City, CA, United States
Engadget Backend Developer at Engadget
Engadget - San Francisco, CA, United States
Technical Project Manager at Ampersand & Ampersand
Ampersand & Ampersand - London, United Kingdom 
Following the revelation of the NSA's massive data collection efforts by Edward Snowden in 2013, the nation – and in fact, the world at large – engaged in discussions about the efficacy and morality behind warrantless government surveillance. While the NSA contends that it is not actively spying on American citizens, investigative reporting revealed that the threshold for differentiating Americans from foreign actors was incredibly low; and that with only 51 percent certainty, the NSA would collect massive amounts of metadata about what you search, who you call, the websites you visit and much, much more.
But it should not surprise you to learn that the NSA is hardly unique in their efforts to collect data on individuals. In fact, the corporate world has been eavesdropping on you for years and selling your information to advertisers for a pretty penny. Even more revealing is that nine major U.S. internet companies (including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple) were in cahoots with the NSA to turn over live and stored information about their users to the intelligence agency.
Is this a breach of trust or just good business? Is this a healthy marriage between corporate America and the agencies who protect us, or some Orwellian nightmare with a private-sector twist?
One of the most common clichés defending cyber surveillance is to say 'if you have nothing to hide, you have nothing to fear.' But it isn't that simple. Obviously, no one is defending the right to privacy for known or suspected terrorists and criminals. But there is something rather disconcerting about using sites and services which actively track your movements, analyze your behavior and turns over their findings to third-party advertisers or government agencies without a warrant.
The burgeoning Internet of Things market is stoking these fears as more than 30 million web-connected devices are expected to influence our lives by 2020. Can you imagine having an argument with your spouse about money, only to turn on your smart TV to advertisements about debt consolidation? Do you realize that children's toys are recording conversations in your home to a remote database? What if your innocuous search terms are flagged by a U.S. intelligence agency and you get a knock on your door by a special taskforce?
This is not the plot of dystopian Phillip K. Dick novel; this is the world we live in. And we need to at least entertain the costs and benefits of corporate/governmental surveillance programs.
Pros & Cons
To be blatantly honest, there are no easy answers on this subject. In the case of state surveillance, amassing data points on American citizens takes an extraordinary amount of time and resources; and, to date, domestic surveillance has "had no discernible impact" on preventing terrorist attacks. That being said, it is extremely doubtful that we will see an end to NSA surveillance anytime soon.
When it comes to businesses, however, there are really two ways of viewing cyber surveillance: consumer-based and internal. Facebook, Google and other services make a business of tracking users' locations, interests and habits. They have been accused of regularly obscuring their privacy and security features and, with each update, expanding their reach to encroach on our privacy – something Al Gore calls the "stalker economy."
As Bruce Schneier, from Schneier on Security, says, "If these features don't sound particularly beneficial to you, it's because you're not the customer of any of these companies. You're the product, and you're being improved for their actual customers: their advertisers."
In the 2015 science-fiction thriller Ex Machina, the CEO of a Google-esque internet company develops a robotic AI. To make his invention more compelling, he bases the AI's physical allure to match the protagonist's idea of beauty based on his search history. While technology has not yet advanced to this level, it is hardly a stretch of the imagination by today's standards.
Companies often implement internal surveillance and security measures to reduce the risk of data leak, low productivity and insulate themselves against lawsuits. For example, an employee might be terminated for spending an inordinate amount of time shopping online or visiting adult sites, and the surveilling company could prove this. But Big Brother for business takes things a little further.
Did you know the majority of data breaches (52 percent) are due to employee negligence? Similarly, internal sabotage by low-level employees is a more worrisome threat to cybersecurity than sophisticated hackers. If an employee knows they are being watched, they may be less likely to scroll through their Facebook feeds or do a little job hunting, yes; but the bigger goal should be preventing incognizant behavior from endangering corporate and customer information.
Of course, implementing surveillance policies might prove deleterious to company culture; especially among Millennial workers who do not see clear lines between personal and work activities online. In fact, certain industries rely heavily on a user's ability to freely peruse the internet and keep up to date with culture, trends, social media and more.
Still, there is another group watching you as well – cybercriminals. By opening a spam email, downloading a fraudulent application or simply visiting a site with drive-by malware hidden in its pages, you could fall victim to one of the many hacking scams out there, including spyware, keystroke loggers and compromised webcams. Even legitimate desktop and mobile applications can be used to spy on users' contacts, location and messaging services.
Which is why it might be more beneficial for companies to work with cybersecurity agencies like Shape Security to protect their most valuable assets from internal and external threats rather than to engage in cyber surveillance.
Still, some cybersecurity agencies are taking advantage of behavioral analytics to greatly reduce the threats posed by hackers and cybercriminals. According to experts at Shape Security, if an AI program can understand how to differentiate between malicious activity and a normal user, cybersecurity agencies can automatically block bad behavior before it causes damage to your business.
And so we are left with a conundrum. Is cyber surveillance effective or preferential? Like any tool, it can be used to help or harm depending on the hands that hold it. If you are considering using cyber surveillance to improve your internal security, at the very least disclose it to your employees. Be sure to explain the goals of the program, the extent of its reach and how it can mutually benefit the company and its employee; the same can be said for customers. In the end, communication is key.
If you hate the idea of being tracked by advertisers, hackers, the government or your employer, consider downloading a Tor browser to protect your anonymity. Similarly, encrypted messaging services like Signal, WhatsApp and Wickr work to protect your communications from prying eyes. And alternative search engines, like DuckDuckGo, allow you to peruse the web without sharing your personal profile with anyone else.