At the latest GovLab Ideas Lunch, Doc Searls, author of The Intention Economy: When Customers Take Charge and co-author of The Cluetrain Manifesto: The End of Business as Usual, and visiting scholar at the Arthur L. Carter Journalism Institute at New York University, discussed Maintaining Independence and Privacy in a World of Security and Surveillance.
As Senior Editor of the Linux Journal and a fellow at the Center for Information Technology & Society at UC Santa Barbara and the Berkman Center for Internet and Society at Harvard University, Searls has spent the better part of his career thinking and writing about how technology impacts and changes society and how people interact with and through different technologies – especially the Internet.
Searls’ talk focused on a topic with which we have become intimately familiar in the last year: our independence and privacy online. According to Searls, in an age in which the Internet has become both ubiquitous and indispensable, there are three main Internet-related trends that jeopardize the integrity of people’s identities: lack of privacy, peak surveillance, and the problem of centralization. At the conclusion of his talk, Searls described some recent developments that can empower netizens to regain both their independence and their privacy online in response to these trends.
Lack of Privacy – “The Internet is framed as an ocean with ‘giants’ like Google and Amazon –and us as little worms”
Searls pointed out that while we can create privacy in physical space – for example, clothes are a form of privacy — it is much more difficult to create privacy in virtual space. The modern landscape of Internet applications and services is one in which users’ independence and privacy are constantly challenged. Services like Google, Facebook, Amazon and Twitter gain greater and greater access to information about users because they have become “identity services” – proxies that mediate our interaction with other services and with each other. Searls argued that while the Internet is often framed as an “ocean with giants like Google and Amazon, and us as little worms,” we are not just minor players but in fact the products sold by these giants. In order to provide better and more customized online experiences and content, these companies must collect more and more data about us. As we give up information about ourselves, we also actively lose our independence and privacy, which is especially problematic when a large part of the business of companies such as Google and Amazon is to sell advertising, and even more problematic when users are not even aware of what is being done with their data.
Peak Surveillance – “How do you put umbrellas on people so you don’t get ‘hit’ by all the splatters of surveillance activity?”
Searls launched into a discussion of surveillance by showing a New Yorker cartoon of a government head sitting at a military planning desk saying into the telephone, “get me everything on everyone.” The point of the cartoon is that what the man is calling “everything” is laden with assumptions that compromise both the integrity of information that is collected (and therefore the ways in which it is used), as well as the integrity of netizens’ independence.
Searls pointed out that the harm of data-collection is not always immediately obvious – instead, it creeps gradually. He took as examples the cookies websites use to track users’ activities and behaviors online; the infection of personal devices by bots; and “silo’d” data-collection (for example, the FitBit collects data in a way that is not interoperable with other personal fitness devices like RunKeeper). Each of these examples is a technology that assumes that the user-data being collected is accurate when in reality many of these examples collect incorrect data points and create incorrect profiles of individuals. Searls argued that the results produced by false data collection practices are themselves false – “garbage in, garbage out,” as the saying goes.
The Problem of Centralization – “We now can assume ‘zero distance’ between all of us”
The Internet was designed to be a distributed network. Today, the protocols on which the Internet is built –such as Transmission Control Protocol and the Internet Protocol (TCP/IP) — allow for packets of information to be transferred across networks in ways that are non path-dependent; that is, if one path is removed, all the others can still be used to relay packets, and thus allow communication to happen. Searls argued that this underlying design “puts us all at zero functional distance from each other” and called this the “giant zero.”
However, the “Information Superhighway” that such a distributed network structure was supposed to bring about never materialized, in large part because of the way Internet Service Providers (ISPs) are organized and deliver Internet access. Searls pointed out that “Internet provision is at odds with its original design” because ISPs commercialized Internet access in a centralized and hierarchical model (local ISPs get their own Internet access from larger national ISPs, which in turn get their Internet access from regional and continental ISPs). Today, debates around “net neutrality” highlight this exact problem, where ISPs are considering ways to allow content-providers to pay extra for greater amounts of bandwidth, making it difficult for smaller Internet companies and startups to compete in delivering their content and services to users – and giving users little choice in the matter.
The Internet – “We made our own nature and we’re living it”
Searls concluded his talk by pointing out some examples of projects and softwares that are intended to help netizens reclaim their independence and privacy online by addressing the three challenges he laid out. Searls believes that in order to break out of a world of security and surveillance, the most important thing is that we recognize that our computers are now much more sophisticated than “dialup” and that “we need to think in those terms of what the Internet is and what it can do and build towards that.”
Some developments towards independence and privacy include:
- According to Searls, there are two kinds of identity –administrative (this is “what we think of as identity”) and sovereign (this is “who we are” –our core, indisputable identity). Moreover, identities are not identifiers. There are very interesting research projects underway exploring the relationship between these two kinds of identity and how identifiers can be used both on and offline to signify different identities in ways that are both private and secure. One example is the Core-ID project by Dazza Greenwood at MIT, which is exploring methods to “give people direct control over each persona of their life”.
- A big concern with our personal data – for example, our healthcare and financial information – is how we can govern such data in a way that puts governance in the control of the individual. This concern extends to both the collection, storage and use of data. “Personal clouds” are a new development in this area trying to give users more control over their data. For example, the Respect Network is both a company offering a service as well as a network of companies, individuals and organizations with a common goal to make personal cloud services more private and secure. The Respect Network seeks to offer a service where users’ information, devices and apps all feed data into a a secure personal cloud, through which the user can log in to manage each of these devices and apps securely, with no middle-men –i.e., users can host their own personal cloud and do not need to rely on an intermediary cloud service provider.
Truly Private Data and Communications
- Searls emphasized that “most of the email services we use,” like Gmail, “are not secure; we have no confidence when we send mail that it cannot be observed.” In response to this lack of security, projects like the Electronic Frontier Foundation‘s “HTTPS Everywhere” are working to create safer and more secure environments for Internet users by encrypting communications through user browsers such as Mozilla Firefox, Google Chrome, or operating systems like Android.
- “Intentcasting” is the opposite of “advertising” because it reverses the message in the marketplace so that people can broadcast what they want in secure and effective ways that allow for user-specified degrees of anonymity. Because such requests are targeted, intentcasting does not lend itself to spamming, and in such a dynamic it is the seller that responds to the demands of the marketplace –demand “advertises” supply, and the seller does not need to guess what the customer wants.
The Internet of Me and My Things
- Searls argued that, to date, the “Internet of Things” is more like the “Google of things,” the “Facebook of things” and the “Apple of things.” Searls pointed to the work of Phil Windley on creating interoperable “Internet of Things” services as being particularly promising in this area (see Windley’s blog, Windley’s Technometria). For example, Windley is working on CloudOS, an open-source operating system for personal clouds that “enables cooperating networks of products and services” through “intercloud channels” (allowing for data interchange and interoperability between various user devices and services) as well as user control of data.