The Maginot Line

I’m sorry to say that I have succumbed to something like schadenfreude. It’s not that I really enjoy what is happening these days, what with institutions of the web shutting down, basic civil rights being ignored, and all the rest. It’s just that it’s all a little poetic.

The technocracy, hoisted by its own petard – out-technocracied! We’ve been lionizing the Internet full-time for two decades (with good reason, of course) while clucking at the government’s failure to understand or adopt it. We’ve circumvented laws both just and unjust with it, hidden ourselves in its obscurity, reveled in its ubiquity, and laughed at the poor, benighted functionaries we presumed were still toiling over carbon copies and rooms full of file folders. Yet somehow with their ostensibly outdated tools and notions they were in fact subverting our little utopia at its most foundational levels.

Did you know the Greeks had a god specifically for this type of situation? Nemesis, in charge of punishing hubris, often in especially apropos ways (Narcissus, for instance). The FISA court probably set up a temple in her honor. Please fill out form 617-B, allocation for a fatted thigh, the scent of which riseth to heaven and pleaseth the gods.

But let’s cast our eye instead on more recent and confirmed history: the 1930s, on the eastern border of France. An impenetrable series of bunkers, tunnels, and garrisons built with the object of preventing a German assault. It worked wonderfully, of course — so wonderfully that the Germans decided they should go around it.

The Maginot Line is what I think of when I hear about efforts to secure electronic communications, generally via increasingly complex encryption schemes. The battle is over, everyone. Believe it or not, we lost! In fact, we were completely routed, so to speak. And yet it seems like all anyone can think of doing is shoring up defenses which hardly came into play in the first place!

PGP? People can barely manage the privacy settings on Facebook, much less a stable of random numbers and the means to deploy them. Zero-knowledge storage? Great until a court orders you to decrypt your own data (in violation of the 5th amendment, likely, but how long until a friendly precedent on that account?). Self-destructing messages? Print screen says hello, at least until someone finds a nice exploit. End to end encryption? Lovely, so you get flagged as suspicious by the NSA and all your data is stored for five years — plenty of time for them to squeeze the keys out of you or a friend (identified by metadata), at which point they breach a whole network of trust. Tor? The feds are watching exit nodes like prohibition gangbusters outside a speakeasy. 256-bit WPA2 keys? If the password isn’t “password,” “admin,” or “123456,” it’s probably written on a post-it note stuck to the goddamn router! Come on!

It’s not that these methods are technically insufficient for the their own purposes — it’s that they’re simply not practical given the actual threat: ubiquitous, flexible, and resourceful. Each one is arrayed against an idealized attack vector, and even if someone were to adopt each and every one of these worthy measures, they’re still going to get flanked.

Of course, perfect security is just a dream. But when a burglar comes through the window, do you put more locks on the door?

Better to just acknowledge that we chose to live in a dangerous neighborhood. The existing infrastructure of the Internet, from the routers and switches to the browsers and apps we use, was simply not designed with privacy or anonymity in mind.

That wasn’t a problem until the volume and importance of our electronic communications hit some crucial tipping point, at which they ceased being yet another way to get data from here to there, and became an indispensable and historically unparalleled tool for free expression. Gradually, the dissonance of these two ideas — a tool built for shouting that must be used to whisper — has become clear. This whole surveillance debacle is only the latest revelation to disturb our cozy ignorance.

We will have to live with the fact that our data is not secure for a while. Considering the towering privilege that is the Internet in the first place, it’s not too much to ask that we cope with a few cracks in the foundation. People for whom anonymity is critical, such as whistleblowers and activists, will be at risk, as they always were. Don’t forget that while the Internet is a powerful tool, it’s also a new one, and while we should value its contributions and the people whom it enabled, it is by no means an essential tool for confidential communication, or, for that matter, revolution.

But we may also have to face the idea that the savior Perfect Security may never appear to rapture us into a world of true anonymity, fountains of bitcoins, and desiccated surveillance apparati, lovingly tended by weeping spooks. I was told yesterday (by Bruce Schneier, so I trust it) that the noise pattern from a device’s antenna can be used to fingerprint it, a side effect of high-precision wireless transceivers. Metadata is leaking at the seams because our communications must be quick and precise. Our faces are registered on cameras dozens of times a day because the demand for imaging devices has made the cost of capturing and recording less than the cost of not doing so. Every defense we raise is a Maginot Line, and every sword we forge cuts both ways.

We’ve opened box after box from Pandora’s collection, and generally speaking the shrieking demons which emerged have quickly sunk their unholy teeth into industries and institutions whose devourment was long overdue. But sometimes we look down and notice bite marks on ourselves, as when we found that the Internet enables a culture of inhumanity, universal surveillance, or anarchic proliferation.

Clearly, this is one of those times. It does no good for us to pretend that the way we have crafted our world is without consequences unfavorable to ourselves, perhaps permanent ones. The rule of history is two steps forward and one step back. We have just taken a step back. Hubris, meet Nemesis.