Web 2.0 has had a massive impact for good on the lives of modern humans. Web 2.0 has also been complicit in ushering in the most advanced, pervasive and Orwellian surveillance state ever witnessed by humanity. You could say that Web 2.0 has morphed into Web 1.984.
How might we retain the benefits of a hyper-connected and computer-augmented society without being constantly watched by people whose interests may not always directly align with ours? How can we use technology to fashion a future that we actually want to inhabit?
Image credit: @nolifebeforecoffee, Flickr.com
The full details of the monitoring apparatus that the NSA, CIA and other “security” agencies have constructed are still trickling out from the cache of documents released into the wild by Edward Snowden. What has become clear is that every action performed in the digital arena, whether it be sending an email, making a phone call, browsing a website, tweeting an opinion, buying an item, taking a photo or just moving around with a phone in your pocket, can, and usually is, being intercepted, stored and mined for information. The technologies and services that allow us to be constantly connected to information, colleagues, friends and loved ones at the same time allow the government to snoop on private citizens in an unprecedented, unrequested and effectively unregulated manner.
How did we get into this mess?
The collection of technologies and business models loosely known as Web 2.0, such as GMail, Facebook, Twitter, Dropbox, Salesforce and many others, have revolutionized how we communicate, work and play. Web 2.0 is the result of the convergence of new technologies and a new business model. The key technological changes were firstly the massive increase in compute power and storage capacity, particularly when centralized into “the cloud”, and secondly the growing ubiquity of connectivity - billions of people now have a slice of the internet in their pocket. This technological capability enabled a new business model whereby services are exchanged not for money, but for data. The underlying rationale of all the ostensibly free services now offered, is that the data generated by people using them has enormous value, particularly to advertisers. The Web 2.0 start-ups correctly reasoned that they could make large profits by offering free services, capturing the usage data and selling the information they mine from it to allow advertisers to target consumers more accurately. As the famous aphorism says: “If you’re not paying for it; you’re the product”.
Most consumers have, consciously or otherwise, acquiesced to this trade-off, happily using some excellent services and tolerating the calls to continuous consumption from pervasive advertising. The calculus used to be that the benefit received outweighed the accompanying annoyance. However it turns out, as many had long suspected, that this personal data wasn’t just being shoveled to advertisers, but was also being vacuumed up by government organizations and sometimes passed along to their corporate backers. This turn of events means the calculus has shifted and many people are left scratching their heads trying to work out how to unravel the Faustian pact we’ve made with the intelligence-dotcom complex.
Clearly the intelligence services’ surveillance capabilities massively pre-date Web 2.0 - we can trace similar collaboration between corporations and governments at least as far back as the telegraph companies of the 1920s. Recently however we have witnessed an explosion in the amount of data being handed to proprietary centralized services and an increase in the incentives to do so. This means that the snooping of the intelligence services is much easier and broader than before, and it also means that some of these capabilities have been passed to private companies to do with as they will.
I’m not interested in pointing the finger at individuals right now. I get paid to be a systems thinker, so I naturally look at the systemic causes of change rather than the actions of individuals. If we want to retain the benefits networked technology brings, without being constantly monitored, we will have to invent a new model; both a new business model to fund the services we want, and a new technology model for how we structure our systems and communications that inhibits the mass harvesting of what should be private data. A better future will only emerge if we manage to put these two components in place.
Is it really a problem?
Eric Schmidt has been famously dismissive of the privacy individuals should expect online, and there’s also a prevailing view that “if you’re doing nothing wrong, you’ve got nothing to worry about”. I want to challenge both of these views.
We are all online all the time
The view that we shouldn’t expect privacy online, is trivial to rebut. More and more of our lives and communications are moving online, and the boundary of what counts as online is becoming blurry -when a retail store uses facial recognition (which we are training every time we “tag” photos of ourselves or friends), or your cellphone, to identify you as you walk through the door does that now count as you being online? When you wear a wristband to monitor your levels of exercise and heart-rate, does that also mean that you are now online where you should expect no privacy? The world that we are hurtling towards, and the world that Google, Apple and others are actively promoting, is one where we are always online, which means that, if we follow Eric Schmidt’s logic, we shouldn’t expect any privacy anywhere, ever. Even the new generation of “Digital Natives” may find that more than they are ready to stomach.
The view that only the villains should be worried takes a little more unpacking. A simple answer is that it is not for us to justify why we need privacy, it is for those who wish to breach our privacy to justify why they should be given that right. While I like this response there’s a more interesting and revealing answer available.
Self-suppression of dissent
The key insight that unlocked much of my thinking is that ubiquitous government or corporate surveillance serves to stifle variation. Let me explain why this is the case and why it is a Bad Thing. The quantities of data that are being collected are vast: so vast that there is no way they can be sifted by hand; instead the NSA analysts have to create algorithms that look for data that stands out and fits certain abnormal patterns. This means that if you want to avoid deeper inspection you have to avoid standing out and must follow the herd.
The danger of this became clear to me just after my colleague, Aaron Schwartz’ tragic death. He took his own life after being hounded by the DOJ for years after attempting to put back in the public domain academic research that had often been funded by public money. I was about to sign a petition calling for redress when I stopped and thought for a moment. If I sign this petition will I be sticking my neck out and potentially also become a target for surveillance and harassment. The fear of a powerful and far-reaching security state almost made me suppress my own freedom of political expression and action. The effect was in a way reminiscent, though thankfully still smaller in degree, of how citizens of the former East Germany used to curtail their own political activities out of fear of the ever-present risk of being observed by a Stasi informer. While I have little to hide as far as the constitution and laws of the United States go, I do hold opinions that run counter to those of the corporate and political interests that currently hold the strings of power in this country and who thus also hold the keys to the PRISM databases where all our online activities are sifted and stored. I nearly suppressed my constitutionally enshrined rights out of fear of standing out from the crowd. This was the impact on me, a private individual - just think of the impact on those whose job it is to shine a light on the overreach of those in power.
Not only is this constitutionally and ethically troubling, it is also troubling when thought of in terms of systems and ecosystems. The model that we are heading towards, in many arenas, involves massive centralization and massive reduction in variation. Both of these tend to be very bad things to happen to thriving ecosystems. They say that variety is the spice of life. It is also the core to resilient ecosystems and it is key to innovation (genetic variation, combined with natural-selection, is the engine of evolution after all). Yet in many vital areas of the modern world we are systematically stamping out variety, centralizing assets and control, and suppressing non-conformity. We see this in the industrialized mono-crops of modern agriculture; we see it in the massive consolidation of media-ownership and the resulting drop in diversity of opinions and paucity of facts; and we see it in the rapidly growing monopoly of access to communication being created by the growth of the FATMAGS - Facebook, Apple, Twitter, Microsoft, Amazon, Google, SalesForce (a term coined by Silvio Meira). These giants, while filled with well-meaning people and offering wonderful services and products, are radically centralizing and mediating access to the digital arena in which more and more of our lives are being played out. This monopoly of access to information and communication creates both the very real risk of manipulation of the information to which we have access, and also a few very simple, and mainly submissive, openings into which the NSA can insert the nozzles of their data-vacuums.
Reconfiguring the models
So we have a problem on our hands. It’s real and it’s bad. It also appears to be inextricably tied into the business models and underlying technologies on which our modern, digitally-connected, life is premised. We’re not going to get out of this situation just by removing a few aberrant operatives or misguided CEOs. So how do we design a new environment conducive to growing an ecosystem of communication tools and information providers that are not so susceptible to monopolistic coercion or mass surveillance? Key factors we need to address are the centralization of infrastructure in the hands of a few and the commercial and political models that drive against baking security and privacy into the fundamentals of the system.
An ideal world, in my opinion, would involve high levels of transparency imposed on governments and corporations and high levels of privacy afforded to individual citizens. Unfortunately we currently have the exact opposite of that situation. We need the transparency required to hold powerful corporations and governments to account and we need the privacy to go about our own business in peace.
The central planks of a solution seem to require:
- Widespread use of encryption for standard communications.
- Decentralization of the ownership, location and funding of computing infrastructure;
This will put the financial incentives back where they belong and it will bring privacy back in line with what most people expect and desire.
Invoking the laws of physics
What would it take to make our communications more secure and private?
There is a real tension here that the security agencies and the people who oversee them are dealing with: what is the appropriate trade-off between the nation’s security and the privacy and freedom of individuals? What Snowden confirmed for us is that the actual trade-off being made is very different than both what had been communicated and what most of us deem appropriate.
Given that these organizations have taken much greater liberties with our liberty than we had thought was legal, the best option for correcting this is not just relying on the laws of the land, but also invoking the laws of physics. In his book, Cypherpunks, Julian Assange talks about how using cryptography is really using the laws of physics to put control back in the hands of individual citizens. Though many modern cryptography techniques are ultimately crackable, it takes large amounts of time and computing resources to do so. The higher the levels of cryptography that you use the more these timescales and resource requirements become truly astronomical. This means that if the majority of people as a matter of course encrypted their emails it would no longer be feasible for the NSA or others to perform mass data vacuuming and analysis.
If a crime-fighting or counter-terrorism organization wants to target a specific individual and can get the relevant authorization, then it is still possible for them to deploy the compute power and budget required to do so, but it becomes economically and physically unviable to perform mass surveillance by default. By significantly raising the cost of snooping on individuals, but not making it completely impossible, we begin to rebalance how and when surveillance is used.
Distributed compute - centralized control
There are many technology challenges still standing in the way of getting the level of security we need around our communications, but good progress is being made via initiatives such as MailPile and Leap. However we won’t have a full solution until we create a viable alternative to the giant data-centers of the monopolistic FATMAGS.
These giant data-centers, known collectively as the cloud, harness the power of multitudes of computers working in concert to service our needs. The cloud is so successful because it distributes storage and compute across many machines. However while compute has been distributed, ownership and control has been centralized. Thousands of computers are put to work to service your needs, but they are owned and operated by a very small group of companies who are far from guaranteed to have your best interests at heart.
The challenge in front of us is how to replicate the power of the cloud as we currently know it, but reconfigure it to move ownership and control away from a small set of massive corporations and closer to the individuals who use and ultimately pay for it. The most viable model I can see for this looks very much like that used by existing peer-to-peer networks.
Imagine a new cloud model - let’s call it “the fog” - where everyone has a little server sitting in their homes (or in small locally run data centers), rather like your current set-top TV box or your cable modem, which collaborates with similar servers belonging to your friends and neighbors to provide secure and decentralized storage and compute-power. Data and computation could be distributed across these small informal networks, the fog, just as they are currently distributed across the rows of servers in the traditional cloud. The differences would be that there’s no single socket into which to insert the NSA’s data vacuum, and there are no commercial incentives to monetize that data, since the hardware and electricity is being paid for by the end-users. Sure this system isn’t free, but let’s face it, the current system isn’t either. At least this way the costs are directly incurred rather than indirectly offset, or “externalized”, in undesirable ways.
Again there are efforts underway to begin to create and support this distributed model, but we need much greater awareness of the urgency of the need for this type of solution and much broader involvement from technologists across the globe.
This type of approach seems like a beneficial way for society to configure its technology infrastructure for multiple reasons. Firstly decentralization of ownership and control doesn’t just make it harder to snoop on our conversations, it also makes it harder for corporate or political interests to control or filter the information that society has access to. This is a vital step in redressing the balance of power between individuals and corporations in today’s world.
It also resonates as a good candidate solution since it uses the same small-scale, distributed, peer-to-peer organizational models that are proving effective in solving problems across fields as varied as agriculture, energy, education, transportation and urban regeneration. As a design it is particularly pleasing in that it mimics how some of the most effective and resilient natural systems work and it tends to create a more “generative” environment where innovation, experimentation, variation and the power of evolutionary processes are unleashed.
Free and open
The approaches outlined above clearly have much in common with the Free and Open Source Software movement. Open Source Software has a major part to play in the solution both by changing the economic models around the ownership of software services and also in providing better transparency and faster responses to potential security compromises. Similarly Open Hardware may in the future provide opportunities for organizations and nations to avoid network devices with built-in backdoors.
So our current configuration of internet services, infrastructure and business models is broken, or at least is leading to broken outcomes for society. Luckily we have line of sight to a different design that can create a future with much more desirable outcomes. This new future requires action across political, technological, social and economic fronts. Many of the building blocks required to shape this new, technology-mediated, world exist or are underway, but there is a long road ahead. Web 2.0 entrepreneurs pride themselves on using new technology to disrupt incumbent monopolies. It is time to turn that disruptive innovation on the latest breed of monopolies that they have brought into being. It is time to focus on how to architect our technology to enable a society where the individuality, security and freedom of all humanity is protected.
The opinions expressed here are those of the author and do not necessarily reflect the positions of Thoughtworks.
Disclaimer: The statements and opinions expressed in this article are those of the author(s) and do not necessarily reflect the positions of Thoughtworks.