The 13 Biggest, Most Controversial Privacy Stories of 2016

From warrant canaries to WhatsApp.

WASHINGTON, DC - FEBRUARY 23: Organized by Fight for the Future, about a dozen protestors demonstrate outside the Federal Bureau of Investigation's J. Edgar Hoover headquarters in support of Apple and against a move by the federal government to force the computer company to create a "backdoor" to the iPhone February 23, 2016 in Washington, DC. Last week a federal judge ordered Apple to write software that would allow law enforcement agencies investigating the December 2, 2015 terrorist attack in San Bernardino, California, to hack into one of the attacker's iPhone. Apple is fighting the order, saying it would create a way for hackers, foreign governments, and other nefarious groups to invade its customers' privacy. (Photo by Chip Somodevilla/Getty Images)
Organized by Fight for the Future, about a dozen protestors demonstrate at FBI HQ in support of Apple resisting putting a backdoor on the iPhone. Chip Somodevilla/Getty Images

2016 will go down in history as the year that many Americans learned the meaning of words like “encryption” and “metadata.” It was a year of government spying, corporate lurking and software-powered eyes (and ears) snooping into our real lives. As it gets easier to follow people around, privacy becomes more salient.

Sign Up For Our Daily Newsletter

By clicking submit, you agree to our <a href="">terms of service</a> and acknowledge we may use your information to send you emails, product samples, and promotions on this website and other properties. You can opt out anytime.

See all of our newsletters

Does the ability to keep your personal businesses (where you’ve been, whom you’ve spoken to) ensure a free and fair democracy by ensuring that minority voices can formulate criticisms and find allies? Or does it threaten public safety by masking the intentions of terrorists and criminals until it’s too late? This is the debate we live in. What follows are the top events that have shaped it.

As 2015 came to a close, Hillary Clinton called for a Manhattan Project to break encryption—the use of incredibly large numbers to mask the content of messages so that no one but intended recipients can read them. In that world, no one could ever securely share a private thought again. It would set a tone for a debate that would continue through an election year. Activists would become more concerned about surveillance by state level actors, while technologists would sound the alarm about how much shadowy companies with code hidden on every website already know about us.

In that spirit, here is a countdown of 13 of the most defining privacy stories of the year:

Reddit CEO and co-founder Steve Huffman at The Next Web: Momentum, in New York City.
Reddit CEO and co-founder Steve Huffman at The Next Web: Momentum, in New York City. Brady Dale for Observer

Reddit’s 2015 Transparency Report lacks a warrant canary. Many requests for information from national security agencies forbid companies from notifying users that such a request has been made. One way to work around this is by making regular transparency reports in which organizations write that they have never received a letter from federal law enforcement requesting user information. Called a “warrant canary,” Canary Watch tracks services that have published such notices. In Reddit’s 2014 Transparency Report, it said, “As of January 29, 2015, Reddit has never received a National Security Letter.” However, this language did not appear in 2015’s report. An email service popular with activists, RiseUp, also failed to publish its quarterly warrant canary in November, as ZDNet reported.

Internal Revenue Service Commissioner John Koskinen speaks to members of the press after speaking at a luncheon at the National Press Club March 24, 2016 in Washington, DC.
Internal Revenue Service Commissioner John Koskinen speaks to members of the press. BRENDAN SMIALOWSKI/AFP/Getty Images

The IRS asks Coinbase for a huge list of users. After finding a (very) few tax dodgers who used the leading bitcoin wallet, the revenue authority asked for all its user records from 2013 to 2015. It’s doubtful the agency actually expects to get all that it has asked for, but cryptocurrency enthusiasts will be watching closely to see what Coinbase does. Jerry Brito, director of the digital currency think tank Coin Center, wrote in American Banker that the request sets a dangerous precedent. As we’ve previously reported, bitcoin buyers don’t owe any taxes until the digital currency gets turned back into dollars, but once it does investors have to pay up if they make money, just as they would if they sold equities at a profit.

Google vice president of product management Mario Queiroz shows off a Google Home virtual assistant device that could challenge the Amazon Echo at the Internet firm's annual developers conference in the Silicon Valley city of Mountain View, California on May 18, 2016. / AFP / Glenn CHAPMAN (Photo credit should read GLENN CHAPMAN/AFP/Getty Images)
Google’s Mario Queiroz shows off a Google Home virtual assistant device that could challenge the Amazon Echo. GLENN CHAPMAN/AFP/Getty Images

 Millions of consumers pay money to bug their homes. Somehow, the most unlikable fake family in product launch video history made the Amazon (AMZN) Echo into the must have home gadget of 2016. And now Google (GOOGL) has a knockoff device, Google Home. Look, we don’t know that these devices actually record when they haven’t been given a command. Nevertheless, these are giant, super sophisticated microphones that people spend over $100 to have shipped to them. Spies used to have to sneak around for this kind of access. At least some companies actually pay people to let them listen to everything they say and do. Speaking of which, people are literally lining up to buy cameras that go on their faces which share video exclusively with an app that is not end-to-end encrypted. Discretion, it seems, has become quaint.

Alibaba's Jack Ma presents on his company's use of facial recognition for payments in Hanover, Germany.
Alibaba’s Jack Ma presents on his company’s use of facial recognition for payments in Hanover, Germany. Sean Gallup/Getty Images

The rise of facial recognition as a commercial category. We spoke to N-Tech Lab, which hopes one day to place cameras inside retail stores that identify visitors in order to target them for sales later. Google experimented with using faces with its payment system. In China, Baidu is all in on using faces for ticketing events. Facebook (META) has been acquiring companies with expertise in this field, and it’s hard to believe their only motivation is adding zany new features. Meanwhile, facial tech is old news for law enforcement (but still very big).

WASHINGTON, DC - June 15: Senator Cory Booker (D-NJ) leaves in an elevator after assisting Senator Chris Murphy (D-CT) in waging an almost 15-hour fillibuster on the Senate floor in order to force a vote on gun control on June 15, 2016 in Washington, DC. Murphy wants the Senate to vote on a measure banning anyone on the no-fly list from purchasing a weapon. (Photo by Pete Marovich/Getty Images)
Senator Cory Booker after waging an almost 15-hour fillibuster to force a vote on banning anyone on the no-fly list from purchasing a weapon. Pete Marovich/Getty Images

 Normalizing terrorist watch lists. After the shooting in Orlando, both major presidential candidates called for expanding terrorist watch lists in order to prevent lone wolf attacks, as NPR reported. The so called “no-fly list” became a hot topic, particularly as Congressional Democrats pushed to ban listed individuals from buying guns, but political cartoonist Jen Sorensen did a comic for the ACLU about what it’s like to be on that list, which amounts to a form of punishment without any trial or appeal. Security researcher Chris Vickery found an old version of another, private list kept by Thomson Reuters of potentially risky people. Inclusion in the list could prevent individuals from closing contracts or getting jobs, and they might never know why. This spring, the US government’s top privacy watchdog charged with overseeing the pursuit of terrorist suspects prematurely resigned.

Director Microsoft India Windows Business group Vineet Durani speaks during the launch of Microsoft Windows 10 in New Delhi on July 29, 2015. Microsoft is aiming to build lasting relationships with Windows 10, the operating system launched and seen as critical to reviving the fortunes of the once-dominant tech giant. For the first time, Microsoft is making a major new version of Windows available free as an upgrade to anyone using either of the prior two generations of the system. AFP PHOTO/MONEY SHARMA (Photo credit should read MONEY SHARMA/AFP/Getty Images)
Windows 10 launches in India. MONEY SHARMA/AFP/Getty Images

Windows gets nosy with its 10th version. The software giant has been sharing telemetry data with third parties, for example, but don’t worry: the company was very careful. Its Cortana functions are all built to answer questions before users have to ask, but to do so it needs to get permission to create a profile of the person by tracking their behavior. It’s very similar to the sorts of surprising insights that Android users find on Google Now.

Protesters hold a rally to support "net neutrality," a precursor battle leading up to this year's fight over selling user data.
Protesters hold a rally to support “net neutrality,” a precursor battle leading up to this year’s fight over selling user data. KAREN BLEIER/AFP/Getty Images

 Regulating Internet Service Providers, the most important boring companies online. A new UK law requires ISPs to keep records of sites people visit. Here in the US, we basically assume that the NSA has already been logging data like that, but—thanks to the FCC—at least ISPs can’t sell your browsing data. We’ve also reported on an unknown wireless carrier selling location data of its customers to SAP.

 Linking names with behavior, for Google users (that is, everyone). Google erased its commitment not to share personally identifiable information, as ProPublica reported. Now, Google has permitted itself to link what it knows about a user on email to what it knows from watching them search around the web. In other words, it can pretty much build a complete profile, linked to a name. Any company in a position to gather almost any data at all can probably figure out who someone is, anyway, but the search giant has given itself permission to eliminate any internal friction.

People dressed in black clothes rally to support the Black Lives Matter movement on July 17, 2016 in Melbourne, Australia. The rallies were organised in support of the Black Lives Matter following a spate of police shootings of African American people in the United States last week. The rallies are also aimed at highlighting Indigenous Australian deaths in custody. (Photo by Scott Barbour/Getty Images)
The Black Lives Matter movement reached Australia this year. Scott Barbour/Getty Images

Tracking activism. Color of Change filed suit against FBI and DHS over surveillance of peaceful protesters participating in the Movement for Black Lives. The nature of the case is that we don’t know what they know. The Intercept confirmed last year that everything from fairly dull events to major protests get followed by DHS. The organization and its partners followed up by making another Freedom of Information Act request for more details and got met with a wall of silence. Many civil liberties advocates argue that surveillance can have a chilling effect on speech and assembly. Americans have already seen this movie.

MUNICH, GERMANY - SEPTEMBER 06: In this photo illustration Google's Chrome browser shortcut, Google Inc.'s new Web browser, is displayed next to Mozilla Firefox shortcut and Microsoft's Internet Explorer browser shortcut, on an laptop. (Photo Illustration by Alexander Hassenstein/Getty Images)
Google Chrome’s launch icon, shown with that of Firefox and Internet Explorer. Alexander Hassenstein/Getty Images

Google plays hall monitor on securing connections. Google is a weird company. Sometimes it seems hell-bent on wrecking privacy. Other times it goes way out of its way to defend it. If there’s one way Google has been on the side of truth and justice, it’s HTTPS, the software that connects a website securely to your browser. HTTPS ensures that criminals or spies don’t serve web users phony or malicious content. In 2014, it started lowering SEO scores for sites that didn’t implement the secure protocol. We reported on one of the few adult sites that has. In September, it announced that it would soon make sites look scary in Chrome should they fail to get on board with security. Time to get religion, slowpokes. Visit Let’s Encrypt to get started.

MOUNTAIN VIEW, CA - NOVEMBER 08: Actress Lily Collins (L) and CEO/Co-founder of WhatsApp, Jan Koum speak onstage during the 2016 Breakthrough Prize Ceremony on November 8, 2015 in Mountain View, California. (Photo by Steve Jennings/Getty Images for Breakthrough Prize)
WhatsApp co-founder Jan Koum onstage with the actress Lily Collins at the Breakthrough Prize ceremony. Steve Jennings/Getty Images

 Unbreakable encryption reaches 14 percent of humanity. Statista estimates that a billion people use WhatsApp, the messaging app. In April, it completed migrating all users to Open Whisper Systems’ standard-setting encryption. Boom! Whether they knew it or not, a major portion of the world started messaging privately—not even the service’s developers could read users’ messages. It’s ironic because WhatsApp is owned by Facebook, whose founder famously once said privacy was no longer a “social norm.” As Bruce Schneier has written, even if you have nothing to hide, there are those that do, and every encrypted message helps protect them (such as the folks two stories above). By the way, the United States has so many vague computer laws that almost anyone could be prosecuted as a felon if the cops were determined to do so.

LOS ANGELES, CA - NOVEMBER 14: President and CEO of Yahoo! Marissa Mayer speaks onstage at Glamour Women Of The Year 2016 LIVE Summit at NeueHouse Hollywood on November 14, 2016 in Los Angeles, California. (Photo by Matt Winkelmeyer/Getty Images for Glamour)
This is awkward… Matt Winkelmeyer/Getty Images

 Confirmation that the Feds read our email. Yahoo scanned piles of emails at the behest of federal law enforcement, Reuters reported. The Intercept reached out to a number of other email providers to ask if they had been met with a comparable request. Under U.S. law, any information a person shares with a third party is fair game for government search, though Justice Sonia Sotomayor has argued that this third-party doctrine should be revisited in a connected world. A Verizon lawyer agrees.

Federal Bureau of Investigation (FBI) director James Comey testifies before the House Judiciary Committee on the encryption of the iPhone belonging to one of the San Bernardino attackers on Capitol Hill in Washington, DC, on March 1, 2016. / AFP / Nicholas Kamm (Photo credit should read NICHOLAS KAMM/AFP/Getty Images)
FBI director James Comey, perhaps overcome by topping the list. NICHOLAS KAMM/AFP/Getty Images

Apple (AAPL) v. the Feds. The number one privacy story of the year had everything: a Silicon Valley titan, terrorism, the globe’s favorite gadget and G-Men galore. On December 2, 2015, Syed Rizwan Farook and Tashfeen Malik went on a shooting rampage in San Bernardino, California, that left 14 people dead. The FBI subsequently recovered an iPhone held by Farook, but it could not access any of its data because it had been encrypted with a lock screen. Cupertino refused to find a way to break encryption on the device because it would have created a backdoor that cybercriminals would have promptly found a way to exploit. In the end, the FBI was able to get into the phone without Apple’s help. Local law enforcement has plenty of locked iPhones that they would also like a look into, if the FBI would be willing to show them their one simple trick.


We reached out to a number of contacts in the privacy and security world in order to check our blind spots as we made this list. Anyone who thinks this is in the wrong order or missed a huge story, please weigh in. No one expects a list like this to be definitive.

Astute readers may notice a distinct lack of one kind of story: breaches. The initial draft included one of the year’s biggest stories—period: The Panama Papers. Various contacts also suggested including stories like the DNC email breach and Wikileaks’ publication of what it called the “Erdogan Emails.” Somehow, it didn’t seem like these fit as privacy stories, because they didn’t reflect a systematic program either to keep secrets or to uncover them. They are important stories, but they didn’t seem right here. Those who disagree should please say say so.

We expect privacy to become more important as we head into 2017. For example, the blockchain could make it possible to use online services without giving them intellectual property forever. Meanwhile, the quantum age of computing will either make everything secure or nothing. And, unfortunately, the new year will almost certainly bring more tragedies to investigate and technologies to scapegoat.

It will probably be even tougher to keep next year’s list to a reasonable length.

The 13 Biggest, Most Controversial Privacy Stories of 2016