May 22 - Privacy

~~~ This week’s discussion is brought to you by Eduardo and Dylan~~~
~~~ hence, it’s a greek dialogue ~~~

[Eduardo] Privacy is d-e-a-d. Get over it, go read Brave New World or something. I never cared anyway, what difference does it make? Privacy is not meaningfully feasible anymore - and I’m talking about the free world.

[Dylan] Dude, privacy is totally feasible. Just look at me. No facebook, basically impossible to contact, disable javascript on all websites making the internet really painful to use. Easy.

[Eduardo] And that’s why you’re a social pahriah.

[Dylan] …”Pariah.”

[Eduardo] “Pariaaah?” “Puhhriah?” Regardless, you see my point. You bring all these hurdles upon yourself, and to what end? Is any aspect of your life significantly better? And you don’t even have any assurance of real privacy - Google sure is collecting all those gmails and gchats, so gg (padum-tss). Really, the only tangible result that it’s a pain to find any real picture of you online. And I made sure to ruin that. Lol and also the Chens.

[Dylan] Look I sleep better at night like this ok? And at least they can’t target advertise me.

[Eduardo] That’s because you block javascript. Anyway, meaningful privacy is not feasible. Look, when push comes to solve, what matters (in a land with a modicum of rule of law) is that there is decent legislation in place that governs what governments and corporations can and cannot do. That is a more reasonable hope, and I’m skeptical about it. In America, just look at the Equifax debacle, nothing happened. (also: I can never understand how everything came to be designed around social security numbers being “secret”).

[Dylan] See! The SSN debacle highlights the dire need for better, secure authentication systems! It is possible to build better, private systems! We just have to build all this software infrastructure for decentralized services that will take loads of resources and which is totally untenable under the current system of incentives of surveillance capitalism. But something like Tim Berners Lee “new internet” is exactly what I’m talking about.

[Eduardo] Yeah dude. Even Hacker News trashed it. Listen, all I want are convenient services! Centralized, decentralized, Google Facebook NSA or CCP, I don’t care in whose servers it is! If only it was as easy to send an instant message as it was to send an email! But alas, in the cyberworld of today we can’t have nice things. Because everyone is building walled gardens, and everyone thinks “privacy” is the problem, and so what scant attention the earth’s somewhat participative legislative bodies have, it’s devoted to bullshit like this. Or this. Or even worse stuff which is the opposite of common sense.

Convenient, interoperable services. People keep saying open source is the solution, we just gotta get together and build it, that somehow it’s possible to overcome the structure of incentives and greedy corporations with some kind of grass roots wishwashy movement. The only grassroots movements that ever changed the world are religion and communism, and look where those went. No. We need something else, but the techno-libertarians within us blind us to this self evident solution. We need…regulation.:scream:

The problem is, all attention and regulation that is focused on the cyberspace is on the wrong things, which will solve nothing and create more burdens for the government, corporations and society. I’ve never heard people talk about the most common sense solution: What if we had regulations to force service providers to provide APIs and interoperability in their services? What if messaging someone on Facebook from Google hangouts was as easy as sending an —

[Dylan] Yo! Eduardo… I- I’m really happy for you. Immaletyoufinish, but TAILS and Tor have some of the best encryption of all time! I mean, they’re precisely what St. Edward Snowden (my favorite refugee) used to leak more than 1,000,000 NSA documents and expose the existence of unconstitutional surveillance programs, such as XKeyscore, even as the officials who were appointed to oversee these programs publicly denied their existence. Looking at the source code of these programs reveals that the “extremists” who are targeted by them include anyone who visits sites that provide useful privacy software, like Tor and Tails. [Editor’s note: So, if you clicked on either of those links earlier in the paragraph, you’re literally now on an NSA list.]

So, Eduardo-san, if you’re ok having all of your porn searches indexed by the Brazilian government, so long as you can seamlessly send your poop emojis from gchat to messenger, that’s one thing. And if you’re ok with the American government recording every fart, fight, and fuck that’s within earshot of your telephone, so long as you don’t have to click “OK” on really convoluted licensing agreements, then fine. But, as the dramatic 20th-century revolutions in Germany, Russia, and elsewhere demonstrate, “life comes at you fast”, and today’s benevolent pr0n-overseer can become tomorrow’s economically-backwards, xenophobic theocracy. That’s when privacy really starts to matter.

[Eduardo] Look. Privacy is like guns. It’s actually exactly like guns. It is important to have it at hand when you need to make a stand off against the tyranny of the federal government trampling on your god given right to let cattle graze on federal land. But that does not make a sustainable modus operandi, if you piss off the feds enough they have the army and you can’t win on brute force. Those tools you described are like the guns in the right to bear guns thing. In a right to bear privacy setting, the analogy would be to legally safeguard the usage of such tools by enshrining them unto law. The government shoots people all the time, and for as much as it is necessary to push for constitutional accountability of the kinds of things like St. Snowden’s revelations, we should consider it as an operational reality that big brother has access to all the data, unless you go above and beyond to ensure it doesn’t, and again only if you don’t piss off the feds that much.

My point is: assume that big brother et al have all the data, and then push to regulate the behavior you don’t want see (from government, corporations, individuals). I think the current privacy-centric approach is doomed to failure, because it is akin to regulating the means and not the ends. It is impossible to exhaustively list how agents should/should not deal with data, especially because technology keeps changing and legislators always lag behind. But it is possible, albeit imperfectly, to regulate behavior with respect to the end goal. My favorite example on this kind of policy making is the SEC, whose sisyphean task is basically to regulate markets to prevent externalities and ensure fairness. Something like that in the data realm sounds far fetched because truly, the information age is pushing us into unchartered territory. But, at least in America, there is some inkling of precedent: in 1970 the government passed the Fair Credit Reporting Act (FCRA), which says things like:

  • You must be told if information in your file has been used against you
  • You have the right to know what is in your file
  • You have the right to ask for a credit score
  • You have the right to dispute incomplete or inaccurate information
  • Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information

It has limited effectiveness, and 50 years later this is a far cry from what we might need, but the gist of the law is correct: it attempts to curb how information that is essentially public could be used by agents that operate within the framework of the law to negatively affect you.

[Dylan] You’re saying privacy is like gun rights because, in so far as either even exist, they’re only grudgingly tolerated by the government and can be taken away at any time. You’re WRONG. Once people have a similarly defeatist mindset about their ability to keep either of those things, it’s actually the guns which are easier to take away. This is because it’s very difficult for any individual to make anything but a 3D printed single-shooter. Can you imagine a dozen neighborhood watch volunteers armed with 3D printed pistols staring down a squad of National Guardsmen with AR-15s? Wouldn’t go well.

By comparison, every individual with a decent level of technical training (I’d guess ~10% of people) can figure out how to encrypt all of their online communication using the best algorithms in the history of human civilization. That means that you and I can play on a (nearly-)level playing field with the literal United States Military-Industrial Complex when it comes to privacy wars. I’m willing to take those odds.

As is recorded in the sacred book of 2013 Surveillance Revelations, Chapter 6, Verse 17, St. Snowden spoke thusly: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.

[Eduardo] "Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it." - St. Snowden, next sentence.

This is what I’m talking about. For the right to bear privacy to hold out, yes, it is necessary to leverage the tools available, but even more so, to enshrine the right to use them in law, and to push, constitutionally, for the government to curb abuses of power, and enact safeguards against them.

[Dylan] Well this dialogue is getting too long already. For those of you still in the audience, join us today 6pm on Sovereignty Lounge, BBB B101 for the next chapter!