What is the real issue brought up by this whole PRISM debacle? It’s not that the government is willing to overstep its role using national security as an excuse. That’s been going on for thousands of years. It’s not that companies in a position of power are willing to throw those that rely on them under the bus in order to get ahead. Again, that’s nothing new. And it’s not that the institution of journalism has crumbled into a dismal wreckage of its former glory. Possibly true, but beside the point.
The issue central to all of these is that the fundamental balance of power when it comes to control of information has been allowed to shift unthinkably far away from the individual and towards a set of institutions with motives that are at best mercenary. It’s about time we fixed that, don’t you think?
To address the PRISM scandal itself briefly, I think we will be less surprised at the existence of such a program than, as I think will inevitably transpire, the incompetence and inefficiency that almost certainly define its methods and usage. Allegations of a massive conspiracy that goes so deep that the most powerful tech companies in the world are muzzling themselves and spitting lies out of fear and legal obligation assume, as other theories often do, that this shadow government pulling the strings is both massively effective and operates totally in secret, two things that are highly incongruous with the likely reality of incompetent civil servants, out-of-date methods, and bureaucracy choking everything in sight like the inextinguishable weed it is.
But whether they are siphoning our private data well or poorly is beside the point. The important thing is that they (whether “they” is defined as the NSA, Google’s marketing department, or malicious hackers and organizations) have access to your data in bulk and on demand. Why do we allow this?
And I don’t mean “why does the law permit it?”. It also doesn’t matter much whether the government is doing it legally or illegally, because “abuse” is difficult to define and easy to justify in retrospect. What matters is that they are even capable of viewing and collecting our personal, private data in this way. Why is it even possible that Verizon has this level of data to disclose? Why is it even possible that Apple can infer and cache our locations based on metadata? Why is it even possible that our emails can be skimmed for advertising opportunities? If we did not explicitly permit these things, then we have implicitly done so by choosing to go ahead and use the Internet this way either because the pros outweighed the cons. But now the cons are starting to add up.
Think about this. When we decided we wanted to keep our personal matters separate in the real world, we built walls. Walls we bought or built ourselves, with means to peer out, grant ingress and egress, and so on at our own discretion. What’s more, walls work whether they are legal or not, whether the government wants them to or not, and no matter who you bought them from or what brand of mortar you used. They’re really quite effective.
Fast forward a few thousand years. The Internet brings a massive decline in the importance of physical objects and presence. A huge proportion of human interaction is now non-physical, and consequently physical walls can no longer effectively cordon off the private from the public.
So naturally, we built virtual walls, right? Not quite.
The Internet (and later, the web) was not built with the isolation of data in mind — quite the opposite, of course. Practically everything that makes the Internet worthwhile is based on the idea of transmitting information between two or more points. Of course, if you’re not in control of those points, you essentially surrender control of that information. A bit like how in walking outside your home, you surrender a degree of your privacy. So far, so expected.
First we reached out and took things that were stored elsewhere. But the advances in storage, bandwidth, and processing power over the last 10 years or so have made it so that we use the Internet as a sort of phantom extension of our own computers, putting things where they are accessible to us but we are not responsible for them. This was the so-called web 2.0: every personal computer and device, vastly more powerful and connected than ever before, yet acting as a thin client.
Clearly, this is where we began to lose touch with reality.
How did we decide we were in control of the data we sent Google or Facebook? Why would we submit to such an obvious delusion? Does anyone really believe that these companies have our best interests in mind to any greater a degree than a dairy farmer and his cows?
We submitted because they were the only option. Like turkish delight, the future they proffered was too tempting not to try, and once we had a taste, we would take nothing else. A familiar story that rarely has a happy ending. And so it progressed, and the people running their own servers and encrypting their hard drives and eschewing cloud services were mocked as paranoiacs, nostalgia junkies. Get with the program, we said! Look how well Gmail works! Look how easily we can share plans on Azure! How fun it is to track each other on Foursquare! Stop living in the past, when you had to look after your own data. Someone does that for you, now, and you don’t have to pay a dime.
And now, after we voluntarily put all our data in someone else’s keeping, alternately trusting and ignoring them when they told us how they can read it but wouldn’t dare, could sell it but don’t need to, might disclose it to the government but only if they have to, we’re finding out they’ve been doing all this and more the whole time. We’ve been pouring our data into the river for years and just pretending there was no one downstream.
We never built walls to keep ourselves safe and separate online because we bought a line years ago that it wasn’t possible. Funny how the ones who told us it stood to benefit immensely if we thought it was true.
So now we’ve come miles and miles down a path that minimizes every individual’s control over his or her private data. Just try to look at it objectively: in a day and age where we have gigabit connections, insanely cheap and spacious digital storage, and processing power that puts supercomputers of the recent past to shame, we decide not to store, process, and serve that data ourselves, but to hand it over to companies to index and sell ads on, with a few trivial benefits almost certain to be replicable by more trustworthy platforms.
Here, then, is the real question: where is the breakthrough device or software that decouples our data from the oppressive web 2.0 superstructure with no loss to functionality? One might ask: where is the Napster for privacy?
And no, I’m not talking about HTTPS everywhere, or good data security practices, or even something like TOR. I mean where is the total upset in basic popular understanding of privacy and how files and data are transferred and stored online?
Not that Napster was some avenging angel, raining down digital retribution on the abusive media companies. Broadband and decent compression were the tinder and Napster was one spark among many — but it’s true that Warner Brothers, EMI, and all the others have been trying to put out the fire ever since. Once digital distribution was out of the box, there was no putting it back in. (At the bottom of the box in the legend of Pandora, there was the pale specter of Hope; for the studios, the last thing left in the box was “modest profits,” and they have yet to truly accept this.)
Interestingly, now, the roles are reversed. In the early 2000s, technology allowed people to get a jump on “The Man” and force an industry into accepting the modern era. Now it’s the other way around: the technology we’ve trusted has gotten a jump on us and is forcing us to rethink the choices that led us into this undesirable position. And until we take control, we’re just going to keep getting abused — again, and again, and again. In a way, we want the opposite of Pandora’s box. Something that, once shut, no one can open but us: Pandora’s lockbox.
So here we are, cursing the gods and waiting for Prometheus to deliver us from our servile dependence.
Where’s the big idea, the big change that obsoletes the idea of trading privacy for convenience, and moots every standard cyber-eavesdropping technique in the NSA’s playbook? The thing that gives people the same confidence in the security of their data as walls give them in the security of their homes?
What will be the combination of new (or forgotten) technologies or ideas that produces something totally unexpected? Will it be personal encryption keys and mesh networks? Will it be self-hosted data havens? Quantum transistors? Smoke signals?
I wish I had a better idea. But over a huge proportion of the web-oriented sites, startups, and new technologies I’ve encountered during the last decade has been aimed at microscopic conveniences, further abstraction of possession and control, and iteration of existing services — fundamental problems intact. Their primary improvement has been platitudes on the landing page. I realize this is a bit “We can put a man on the moon, but we can’t do this?” but the direction of development in the tech sector really does seem geared towards trivialities.
I don’t have answers, but I can at least speculate. I believe we are going to decentralize and cellularize once we realize how needlessly dependent on distant and dubiously beneficial third parties. Why are the equivalent your Facebook timeline, your Google Docs items, your Instagram account being stored and served by anyone other than yourself? One breakthrough will be in making a self-hosted and totally secure email address, Dropbox clone, or what have you as easy as signing up for an email address, and as simple to operate.
The other breakthrough I expect will be a tool that renders of data transmitted to and held by third parties totally unintelligible to them, like files stored on Mega. Mega did it to avoid self-incrimination. We will do it to prevent the likes of Facebook and Apple from even seeing the information they once held hostage. If that means the collapse of countless companies that rely on such methods — good. Their service was a bad service and I hope they break when they hit the bottom.
The networks that we have come to rely on were once only possible through powerful intermediaries. But what was once symbiotic has become parasitic, and those intermediaries have now outlasted their usefulness and squandered whatever trust they conned out of us when we were given the choice between tainted privilege and safe obsolescence.
We did it their way. It’s time to take the highway.