An Argument for Using Schools in the Fight for Digital Privacy
I have recently been thinking, writing and discussing about the problem of privacy tools. The If you build it, they will come approach in the privacy communities has worked well for me. Once I woke up to the importance of privacy, and realised we are heading for a surveillance society, I was able to find and learn from excellent teachers, and download and try out tools developed specifically to avoid data collection.
However, I suspect our group is very small - a kind of Rebel Alliance hiding in a massive Empire. I am not sure that is an approach that will be successful in the end.
Problems with privacy tools
I have recently begun presenting charitable versions of privacy-skeptical arguments (here and here), and have used the story of a friend giving up on Tutanota email to explore how digital privacy might be perceived from the outside.
Many of these tools come with small frustrations, often due to the extra complexity of offering a service while preserving privacy. Tutanota mail encrypts your data, but that encryption makes searches discouragingly tedious. Efficient email searches is something we have come to expect. The importance of privacy tools enables me to push through these low-level barriers to workflow, but I suspect many will not.
Having examined some of the arguments against the adoption of privacy tools, and having read the discussions in various places on this topic, I want to explore one potential solution for wider adoption of privacy tools: education.
Privacy taught in schools
I have recently stepped out of high school teaching, but I taught young people for over two decades. When I developed an interest in issues around default data collection, and the actions and tools that can give users back control, I began sharing those ideas with my students. I showed them how to change browser settings, add plugin extensions and how to search for and evaluate FOSS alternatives.
I did not spend a lot of class time on this. I would show my students how to go to their browser settings, and switch the search engine to DuckDuckGo at the start of one lesson. Or I would take 10 minutes to explain to them why I am not on social media.1 I invited and encouraged them to explore these options, but never used my position as a teacher to enforce adoption of these tools.
Another example is blogging. I really like using student blogs for written tasks, and I used to get students to submit work on WordPress.com and various education-specific platforms, none of which were truly privacy-conscious (or even safe). I looked for better alternatives, and tried out Standard Notes with Listed with one group of students, and BearBlog another year, emphasising why I was doing this and that their feedback was important. Some of that student feedback I then passed on to the developers, along with my own experiences. I showed my students these email communications with the developers, which they found interesting.
In these simple ways, one teacher can introduce good privacy tools and ideas, without being overbearing or evangelical, to around 100 or more students per year. In the end, the students will need to decide which tools they like best themselves, but I believe being exposed to options is key, and that is not happening enough today.
Google in schools
Jesper Graugaard understands the impact government decisions on education can have on society, both positive and negative. He has initiated a protest against the use of Chromebooks in schools in his town in Denmark, which has led to an actual ban of the devices! I hope to tell you more about him soon.
My children are loaned Chromebooks by their schools, and expected to do their work on them. All their peers do, and, in fact, all the children in their schools do. Young people attending any school in the entire province are loaned Chromebooks at the start of each year. That is a whole next generation of society adopting Google's tools...through schools.
Parents have to sign an agreement promising we won't alter the Chromebook's digital environment. This means that my children have to use the Chrome browser and a Google account to do their schoolwork, which seems unnecessary and wrong. My children use Firefox at home, and they do their searches either on DuckDuckGo, or, now that it is up and running again, our own Whoogle instance run from a Raspberry Pi. Why can't they download Firefox on their Chromebooks?
The grand scope of the education system
While schools are starting to move towards better systems for protecting stakeholder data, education ministers and leaders are currently still onboarding children en masse to a corporate, data-hoarding digital environment via widespread Chromebook programmes.
Education touches almost everyone. Only 12% of the world's current population has not had formal basic education.2 The filter of education has an awe-inspiring scope, and therefore it has the potential to redirect society's momentum away from normalised surveillance.
We are currently heading towards that total surveillance environment. Corporations are devoting their energies into finding ways to lure users into handing over personal data willingly, while hiding the process, monetising that data, and making it difficult to opt out. Governmental institutions are also moving towards mass data collection, with chips in ID cards, face-scans at airports, and centralised medical databases.
It is possible little of this is pernicious or orchestrated. I don't believe those in charge are able to align and organise themselves as well as some conspiracy theories might have us believe.
My concern, however, is that with these incremental changes, many of them built for convenience, we are sleep-walking into a Matrix-like infrastructure, one which it will be impossible to escape from once it is fully built. The precise tracing, documenting and collating of an individual or group's ideals, desires, movements and purchases is a perfect mechanism for mass control, waiting to be misused.
The Rebel Alliance may not win the day
I sometimes worry about the current state of privacy communities. There is a lot of preaching to the choir. We are out of touch with just how little our language is understood by outsiders. I sometimes see gleeful anticipation of doomsday scenarios by privacy-concerned individuals in a fight against the state, a type of 'Bring it on!' rhetoric, especially pervasive in crypto communities.
Underground resistance is not a desirable position to be in. Most people don't want to live their lives on the run, or in hiding. They have families, jobs. People generally don't like stress, and living with a constant threat of getting caught is stressful. A better solution is the utopian one: a society where privacy values are widely accepted and built into digital tools and commercial transactions by default. That sounds idealistic and far-fetched, but we already have a system in place that can help us move towards this ideal. School affects almost everyone and can shape our collective thinking, for better or for worse.
The filter of education
Education has the potential to bring us closer to the utopian privacy model. Governments can create legislation that would guide schools to build IT competence and data privacy and security awareness into the curriculum. Provinces or states can adopt Linux and FOSS tools (which are free, by the way!) for schools and run those on refurbished hardware dumped by offices and corporations, giving all that hardware a second life, systematically, rather than sporadically.
This way, all schooled individuals would:
- understand how and why companies collect data for financial gain
- learn how to change settings in software tools
- learn that 'the cloud' is not ethereal but a bunch of computers in warehouses
- discover open source
- examine and articulate arguments for and against centralised data collection models
- learn why encryption matters
- learn what decentralisation is
- learn about current laws for personal data protection, or lack of them
- be introduced to a range of excellent privacy-preserving tools for word processing, note-taking, browsing, photo editing, film editing, sound editing, finance, collaboration and communication
- learn about third parties
- understand that they can choose for themselves whether or not to participate in data collection processes
- discuss how privacy and security might play out in domestic environments
- learn what a threat model is
- learn basic terminal commands, and what a graphic user interface is
- learn about legal control over corporations, and data and crime
- learn about finance and digital privacy
- discover how common data breaches are and how they affect schools, hospitals and individuals
- learn about protecting against ransomware attacks
- learn how to install Linux
None of this is being taught in any systematic, comprehensive way (similar to all students learning how to read today), as far as I am aware. We are getting to a point where these skills and insights are as important as being able to read, being able to read maps, read time, and being able to do maths.
The IT and privacy course should not be an elective, but compulsory for all students, and spread throughout their schooling. One or two single lessons per week for at least a semester per year should be enough. The content can be presented in more playful ways to elementary students.
If governments were to introduce IT and privacy awareness as a compulsory subject in schools, then pro-privacy advocates wouldn't have to work so hard to try and spread these ideas by word-of-mouth or online. After their schooling, young adults might still decide to stick with convenience and mainstream tools, but at least they will be aware of the choices available to them, and the consequences of their decisions.
Jesper Graugaard's fight against ChromeBooks: A Danish City Built Google Into Its Schools—Then Banned It
And the resulting ban on Chromebooks in schools: The Danish DPA imposes a ban on the use of Google Workspace in Elsinore municipality
-----Discuss on Reddit-----
Subscribe to my blog via email or RSS feed.
Find me on Mastodon and Twitter.
Back to Blog
I imagine my students would probably roll their eyes at my estimate of my own conciseness.↩