I find it hard to believe it has been 20 years since the 9/11 terrorist attacks shocked the United States and world. Like countless others, I seem to remember every minute of that surreal and alienating day. At the time, I was beginning a new adventure with friends, freshly graduated from college. We were about to embark on a two-month road trip across the U.S. After passing by New York City with its picturesque skyline Sept. 10, we woke up the next day in the city of Philadelphia only to learn of the horrific news.
In the two decades since, the world has changed dramatically. With subsequent wars in Afghanistan and Iraq, mixed with the incredible rise of digital technology, social networks, divisive politics and increasingly ubiquitous surveillance, that sunny Tuesday morning serves as an irrevocable turning point in history.
Of the five of us on the road trip that day, only two owned a mobile phone — imagine that! We didn't yet know about "doom scrolling," "retweeting" or "trolling." We gathered our news from listening to public radio and picking up an occasional newspaper. We wanted to get away from it all by camping and hiking in national parks.
Of course, none of us could escape the implications of that day. Twenty years later, we still haven’t.
For privacy and data protection, 9/11 catalyzed a chain reaction that continues to ripple throughout the world. With the USA PATRIOT Act, the U.S. took measures to increase its surveillance capabilities and connect its law enforcement agencies under one umbrella: the U.S. Department of Homeland Security. It adopted the “no-fly list” and opened Guantanamo Bay. The U.S. and its allies also invaded Afghanistan and then Iraq with arguably disastrous results. It is difficult to ignore the fact that less than two weeks ago, as the U.S. and its allies left Afghanistan, we saw disturbing images of young Afghanis falling to their death from a U.S. transport aircraft, disturbingly reminiscent of those souls who were forced to jump from the twin towers 20 years prior.
In addition to the physical war on terrorism — which challenged our notions of a “traditional war” involving national borders — and because of the Snowden revelations in 2013, we know that U.S. intelligence agencies enacted a vast surveillance apparatus that traversed national borders. With the wounds of 9/11 weighing down heavily, some intelligence programs sought to locate the terrorist-needle in the haystack by collecting the entire haystack — not just data on suspected terrorists, but also data on all of us.
By June 2013, as a fairly new IAPP staff writer, I watched as each day brought forth another seismic revelation from the Snowden leaks. It was a hell of a time to be a privacy reporter. On June 6, we learned of a top-secret court order allowing the U.S. National Security Agency to collect telephone information from millions of Verizon customers. The very next day, we learned about PRISM, which effectively established a backdoor into major U.S. technology companies. On June 8, we learned of the NSA’s Boundless Informant program. The steady rush of leaks over the following weeks was astounding.
Words like metadata, XKeyscore and PRISM became part of the privacy vernacular.
In addition to opening our eyes about the incredibly powerful surveillance capabilities of the U.S. and other “Five Eyes” governments, the Snowden revelations effectively stunted global data flows of personal information.
First, the so-called “Schrems I” ruling by the Court of Justice of the European Union invalidated the EU-U.S. Safe Harbor program. At the heart of the matter was U.S. government access to EU citizens’ data. After intense negotiations between both regions, the trans-Atlantic Privacy Shield arrangement came to fruition only to be sacked again by the CJEU, this time under the “Schrems II” ruling. Beyond just EU-U.S. transfers, "Schrems II" has global implications, placing responsibility on companies to conduct transfer impact assessments on third countries' surveillance laws.
We now face a digital ecosystem splintering around national boundaries and burgeoning with complexity, something that would have been hard to imagine just 10 years ago.
As more companies employ increasingly powerful biometric technology and artificial intelligence systems, we stand on a precipice. Will we continue down the road of division, prompted by misinformation on social networks, as was seen Jan. 6 during the attacks on Capitol Hill? Or will we find ways to use technology and the digital world to maintain our humanity and compassion for each other? Can we truly use data for doing good? It’s possible, but it's not going to be easy. It's going to take privacy by design, ethical frameworks, strong data protection, transparency, diversity and inclusion. It’s going to take hard work, communication and vigilance.
When my friends and I were on the road 20 years ago, we wanted to experience life and all its richness, to see new places, eat new food and meet new people. Sure, we also wanted to get the hell away from the northeast at the time, to escape the horrors of 9/11, but we also felt a sense of unity and common decency with the people we encountered.
The gut punch that was 9/11 is still palpable to me 20 years later. With political division, a global pandemic and climate change in full swing, it's been challenging to keep a positive attitude, but hopefully we learn from our mistakes, heal our wounds and use technology for good so that we can treat each other with dignity and respect. It's incumbent upon us to do so.
Photo by Eric Mok on Unsplash