Tomorrow’s Surveillance: Everyone, Everywhere, All The Time

Everyone is worried about the wrong things. Since Edward Snowden exposed the incipient NSA panopticon, the civil libertarians are worried that their Internet conversations and phone metadata are being tracked; the national-security conservatives claim to be worried that terrorists will start hiding their tracks; but both sides should really be worried about different things entirely.

Online surveillance is the one kind that can actually be stopped. One interesting thing we learned from Snowden: “Encryption works.” Right now almost all Internet traffic is completely unencrypted, or badly encrypted, or only encrypted until it reaches the first set of servers, or your host encrypts all data with the same key. But these are all, in theory, solvable problems.

If we don’t want governments (or anyone else) spying on our Internet traffic and our phone conversations, then we can stop them from doing so. Tools that seem to successfully ward off the full might of the NSA already exist: PGP for email, OTR for instant messaging, RedPhone for voice calls.

Now, these tools are all, to varying degrees, a huge pain to use. This is partly because security is hard and partly because the world could really use an anti-surveillance Jony Ive. But as time goes on, they and their ilk will become more user-friendly, and it’s only a matter of time before tools which can withstand (most of) the full might of the NSA become simple enough that their use is fairly widespread.

CyanogenMod is Adding Secure End-to-End Encryption to Messaging Apps http://t.co/eDDdjvPUQV #CyanogenMod #Android

— TechNorms (@TechNorms) June 27, 2013

As long as a critical mass of techies and civil libertarians make a point of using end-to-end encryption, its mere presence won’t be enough to trigger extreme suspicion. One day quantum decryption will crack today’s codes, but the smart money is still on quantum encryption beating it into widespread use.

As for metadata — well, you can already hide your Internet metadata by using Tor. I expect similar “metadata muddying” networks to spring up for voice calls; maybe they’ll onion-route calls a la Tor, maybe they’ll just be apps that cause your phone to make encrypted calls with no actual content to other phones in the network at sporadic intervals, so that large quantities of fake metadata gets mixed in with the real stuff. Either way, the data gathered by governments can be corrupted.

To an extent, this may help explain the disproportionate and vindictive persecution of hackers like Andrew Auernheimer, Aaron Swartz, and Jacob Appelbaum. (Disclosure/disclaimer: I haven’t seen Jake for years, but I count him as a friend.) These are exactly the kind of people who are capable of throwing monkey wrenches into the gears of the online surveillance machine.

What civil libertarians should be worried about isn’t online snooping and wiretapping. It’s the surveillance that’s already becoming pervasive, if not ubiquitous, throughout the real, physical world.

Wired reports: “A Silicon Valley startup is launching a fleet of imaging satellites that are cheap, small, and ultra-efficient,” giving us “up-to-the-minute snapshots of the planet.” DARPA already boasts “a 1.8-gigapixel camera that will be attached to unmanned drones to spot targets as small as six inches at an altitude of 20,000 feet.” The Supreme Court just made it easier for the police to collect DNA samples without a warrant. The FBI is building a biometric database which includes facial and voice recognition, and using drones for surveillance on U.S. soil; the Border Guard, which effectively claims jurisdiction over two-thirds of the US population, is rapidly scaling up its own drone fleet; and cameras on police cars are already busily vacuuming up data en masse for local law enforcement.

Meanwhile, even if you’re wearing an anti-facial-recognition visor to protect yourself against software that can identify you in real time, that won’t help; gait recognition is amazingly effective these days. Oh, and by the way, you’re carrying a uniquely identifiable, always-on, remotely controllable tracking device with a microphone and a camera wherever you go; it’s called your phone. I realize that phrasing sounds a bit tinfoil-hat…but at the same time, it is an inarguable technical fact. That’s why Snowden had his Hong Kong visitors leave their phones in his fridge.

So. Connect the dots. Put all the above together, add in the gargantuan data centers the government is building to analyze and cross-reference all that Big Data, and then imagine the next generation of all these technologies — and what do you get? Something a whole lot like a panopticon.

Sure, the NSA isn’t allowed to spy on Americans (well, mostly, sort of, kind of, maybe, some of the time) but other government agencies can. Since most Americans actually want more surveillance, and phone metadata (from which your location can often be deduced) isn’t considered private … we can conclude that in relatively short order the U.S. government will be maintaining near-real-time tabs on the location–and to some extent the activity–of almost every single person in the country. Other countries will soon follow. And there’s no way to encrypt our way around that.

That’s what the civil libertarians should be worried about: A government that knows where you are at all times, and has an indelible record of everywhere you’ve ever been, and everything you’ve ever done in any public space. It’s claimed that most Americans commit “three felonies a day” thanks to overbroad statutes. Even if that’s not true, there’s little doubt that with so much on record, there will always be a way to persecute if not prosecute anyone who isn’t a saint. Everyone will be guilty of something, so the powers that be can simply selectively enforce the laws against the people they don’t like.

The national-security conservatives who claim to be worried about terrorism should really be worried that their attempts to protect their nation are in fact damaging it; that their quest for security, and their war on leaks, have begun to slowly corrupt their democracies into police states.

I know, I know, tinfoil hat. And yet: “unfortunately in the past decade the United States has moved toward police-stateness in small but key ways.” It’s crucially important to realize that today’s technologies make it much easier to build the infrastructure of a police state, and tomorrow’s will make it easier yet — and once those tools are in place, whatever their original intent may have been, someone will seize them and abuse them.

(Of course, many people who claim they’re worried about crime and terrorism are being disingenuous and actually do want much less in the way of freedoms and liberties, and much more in the way of authoritarian control and draconian laws. Not surprisingly the police often fail to see what the problem with a police state is exactly. What, don’t we trust them?)

The problem isn’t that our governments have surveillance programs. The problem is that they lie about them and keep them so secret that it’s all but impossible to determine whether they have gone beyond any reasonable remit, or, indeed, whether they are in fact illegal.

"They filed suit, and the government quickly said that they wanted out. They didn’t need this information after all." http://t.co/m86CJtDPZE

— Jon Evans (@rezendi) June 28, 2013

Their defense of this secrecy consists entirely of: “There are some benefits somewhere! Of course, we cannot tell you exactly what they are.” There appears to be no consideration whatsoever of whether these alleged benefits exceed the costs.

It’s essentially an engineering problem: government initiatives need feedback mechanisms to check their excesses and keep them on course, but the NSA’s current so-called feedback mechanism, the FISA Court, is so ridiculously inadequate that it would be laughable if the ramifications weren’t so serious. Only one side gets to bring cases, show evidence, argue before the court, and then interpret its decisions, which are zealously protected from any public scrutiny. And what’s more:

https://twitter.com/csoghoian/status/349178501036929024
https://twitter.com/csoghoian/status/349957877164806144

The national-security conservatives claim that this secrecy is required to track down terrorists, but first of all, that doesn’t even pass the laugh test:

Terrorists are so smart, we must upend the Constitution to stop them. But they're so dumb, they just learned we read their emails last week.

— Trevor Timm (@trevortimm) June 26, 2013

And second, even if it were true, it still wouldn’t be worth it, because this kind of secrecy damages the feedback mechanism that ultimately makes it possible for democracies to work. Tomorrow’s vastly more powerful surveillance technologies, combined with today’s level of secrecy, may well put the very existence of that feedback mechanism at risk. That’s something we all need to be worried about.