I arrived at 8:30 to begin observations and interviews, and was met by Bill, the company’s chief privacy officer, a man in sneakers and jeans roughly in his mid-sixties.1

Inside the information industry, management leverages the tools of coercive bureaucracies to routinize work that serves data-extractive ends. Corporate bureaucracies work subtly to set privacy discourses among company employees, inculcating corporate-friendly understandings of privacy as frontline workers approach their work. Organizations hobble privacy offices and amplify voices that interpret privacy law in ways that serve corporate interests. Management also constrains designers in the design process, feeding software engineers’ ambivalence toward privacy and using organizational structures to make it difficult for anyone to build better privacy protections into the designs of new technologies.

Privacy’s performances begin with discourse. This is an important step. By influencing how we think about privacy, by inculcating definitions of privacy that are so narrow, outdated, and corporate-friendly, tech companies can ensure that even those employees who consider themselves privacy advocates will nevertheless end up serving data-extractive business models in the end.

The information industry’s discursive performances have influenced everyone, including policy makers, privacy professionals, and ordinary users of technology. The campaign has seen its greatest success in the United States, where tech companies and their allies are actively undermining the push for a comprehensive national information privacy law, where studies show many people have given up on the hope that they can adequately protect their privacy online, and where many privacy professionals see corporate-friendly privacy discourses as ordinary, routine, and common sense.1

This book has been about the tools the information industry uses to routinize an antiprivacy ethos and practice through its organizations. Of course, not all tech companies use all of these tactics: some use a few, some use more, some use none. But these strategies are in use, and they have the effect of marginalizing privacy throughout the everyday work of law and design. More than just a collection of strategies, they are features of informational capitalism. They help explain how data-extractive capitalism persists.

Through a long campaign to inculcate corporate-friendly discourses about privacy, the information industry tilted our legal consciousness away from privacy and enlisted even those employees who see themselves as privacy advocates in their data-extractive missions. This softened the discursive ground on which we think and talk about privacy and weakened the privacy laws we manage to pass. Technology companies then took advantage of public-private partnerships explicitly built into those privacy laws to undermine their effectiveness. They used coercive bureaucracies and took advantage of power asymmetries to develop compliance programs that reoriented and recast privacy laws in ways that served their surveillant interests. As a result, the information industry undermined the institutions that are supposed to protect our privacy.

How can privacy law and corporate commitments to privacy be on the rise without it having a significant effect on the designs of new technologies? Tech companies use the tools of coercive bureaucracies to routinize antiprivacy norms and practices in privacy discourse, compliance, and design. Those bureaucracies constrain workers directly by focusing their work on corporate-friendly approaches to privacy. As information industry workers perform these antiprivacy routines and practices, those practices become habituated, inuring employees to corporate surveillance even as they earnestly profess to be privacy advocates. The result is a system in which the rank and file have been conscripted into serving the information industry’s surveillant interests, and in which the meaning of privacy has been subtly changed, often without them even realizing what’s going on.

We are told that accepting widespread corporate surveillance is a natural progression for human civilization. Peter Schwartz, a senior vice president at Salesforce: “Gradually, we will accept much, much greater surveillance. And in the end we won’t be too bothered by it.” Thomas Friedman in 2014: “Privacy is over.” Mark Zuckerberg in 2010: “The age of privacy is over.” Sun Microsystem’s former CEO Scott McNealy in 1999: We “have zero privacy anyway. Get over it.”1

Chapter 10 concludes the book by asking the question of whether we are heading for a smart, collected or modulated world. The smart world is an uncritical one where the technological wonderment of sensorised devices and seamless service provision is accepted without question. The collected world provides a different view of the smart world, albeit largely descriptive, which highlights the underlying logics at play in relation to ubiquitous collections of sensor data. The modulated world is defiantly critical and is intended to surface the normative basis of embedded power that flows in modulated forms of knowledge production and prescriptive governance. One of the simple ways we can create a world that ensures greater benefits from technological integration, including sensorised data collections, involves our unceasing ability to tinker and play, especially in data collecting institutions.