Blame Silicon Valley for the NSA's data slurp... and what to do about it

Optional

"The ridicule is thoroughly justified, for trusting giant corporations - whose business models rely on selling your identity to advertisers - to safeguard your privacy is like hiring a kleptomaniac with a sweet tooth to guard the sweet shop."

FIFY!

A good piece, though.

Lobbying is what they mean. They're spend a fortune funding the right senators.

The law is not the answer

> Then we can begin to assert that we own everything we produce, extending copyright rights and practice to our own data.

Having "rights" is fine and dandy ... if you are a law student making an argument in some ivory tower. However when an average guy on (maybe) $50,000 a year tries to assert those rights, up against the corporate might of a $100Bn corporation, there isn't even a smear left on the tracks of the juggernaut that rolls over him.

Recourse to the law is only practical when it is affordable (without ruining either side: win or lose) and there is some degree of symmetry between the means of the parties involved.

So how would an average guy "defend" his rights to his data? The answer is that he can't. Nobody can. As software companies learned with software piracy: once it's out there, you can't stop it. The only way to restrict the proliferation of personal data is to stop it getting "free". One model would be for all personal data to only be available through some sort of personal server (real or virtual) that required specific, tailored access to be granted on a case-by-case basis, by the individual in question.

The problem is that few would wish to take the time to police their data. We already know that personal privacy comes a long way down the list of most people's priorities - as most (rightly or wrongly) don't consider it to have any value and so far they haven't been proved wrong.

Maybe a better solution would be a way of allowing people to declare tabula rasa every few years. Change their online identity, walk away from all the crap that's been written about, or by, them and stop all those dam' cookies from following them around.

The idea was popular in early Jewish/Christian tradition as Jubilee where slaves were freed, debts wiped clean and sins absolved. Maybe the internet needs the same? Though 50 years could be too long an interval - 6 months might be better.

Paul Crawford sez "As for the spooks, well they get laws made up to suit what they want to do, so none of this would make any difference."

And when they don't, they just change their 'percepted meaning' ie surveillance is not surveillance unless an analyst sits down and actually looks at a persons data and then checks off that it has been looked at.

My concern is not with Silicon Valley, I have the option to not use their shit.

Avoiding the NSA / GCHQ or w/e is far more difficult.

"...at least the NSA is subject to democratic scrutiny..."

Really?!? Are you joking or is this just deliberate misinformation?

http://news.cnet.com/8301-13578_3-57603402-38/secret-court-reveals-justification-for-nsas-mass-data-collection/

Secret courts: Maybe you could explain how exactly they're subject to "democratic scrutiny".

Here's some examples of how secret courts stop the sky falling in:

http://www.opendemocracy.net/ourkingdom/jo-shaw/secret-courts-8-nightmare-scenarios-now-possible-in-britain-0

PS When is theregister forum going to be fixed to allow hyperlinks for anonymous contributors. And the details on how to do it, clearly published.

Democratic scrutiny?

`Yet at least the NSA is subject to democratic scrutiny.'

To paraphrase Arthur Ford: `This is obviously some strange usage of the word "democratic" that I hadn't previously been aware of.'

Almost nothing of significance about the NSA is known. Not even how many people work there or not what the budget is. How can I, as a citizen, scrutinize something I know almost nothing about?

Secret government, such as the NSA, is by it's very nature anti-democratic, It's a few chosen ones deciding what's good for the people at large, it's the exact opposite!

If I take a photo of you, then, in the UK, as I understand it, you have no property rights. I can do with that photo what I will; in particular, I can sell it and make money. (Even in jurisdictions where a model release is necessary, it doesn't affect the properties rights.) If I was an expensive lawyer, I would make a similar argument about much of this data: a server log is a facsimile of your actions made by me; it is my property to dispose of as I will, subject to privacy legislation.

Corporatism enabled by legal fictions, deception, lies, and fraud.

It would appear that we currently live in a world plagued with institutional fraud, and much confusion abounds about what is real, and what is fiction.

It was fraud to ever state that a legal fiction, like a corporation, could ever be a person (with bogus Common Law and Legal rights), and that a living human being could ever be treated as a legal fiction corporation (with bogus Legal Commercial liabilities), especially for irrelevant contracts; this is the fault of the corrupt(ed) legal profession, and 'authority' corporations like governments etc.

All acts, bills, statutes, and regulations are legal commercial instruments, /not/ laws, even if they use the word law; they are either redundant to Common Law, or at least partially unlawful, and many are completely unlawful; worse, the legal profession routinely uses deception, or outright lies, to confuse the two, to trick living human beings into (often assumed implicitly) consenting to harmful legal contracts and legal arbitration e.g. for bogus rights, bogus crimes, and bogus judgements. Some legal events are not even courts, let alone courts of Common Law; you will often not know the difference, unless you learn some legalese and how to challenge them; on my to-do list :)

If a living human being breaks Common Law at any time, in any role, they should always face a proper Common Law Court, then maybe a Legal Commercial Court, and not be allowed to hide behind fictional legal entities like Corporations, or bogus legal rights; government agents included!

I don't see how trees and rivers can have legal rights because that would be further unlawful legal overreach, and I doubt they can have Common Law rights, so they are probably property of a person, or persons under Common Law.

So what's to be done?

Er.... two things.

1 - Actually start to gather a language and a set of rules so that we can talk about the balance between freedom and state power. Political philosophers and Constitutional theorists will help us here, but I see no sign that anyone wants to start up this technical debate. Nonetheless, it's essential to have proper foundations before you start to set up rules.

2 - Close down the First World's intelligence infrastructure. There is NO NEED for it. There WAS a need, back in 1943, when all the major countries were fighting a no-holds-barred world war. It may be reasonable to have extra-legal and dictatorial rules in such a situation. But we are NOT in such a situation now - no matter how hard NSA/GCHQ tries to pretend otherwise. People may certainly try to let off bombs or shoot people - this should be dealt with using normal police procedures, and the police should be given what support they need in doing this. But the critical difference is that the police have to build a legal case and have it examined in open court. And so long as the intelligence community do not do this, they will remain a danger to social liberty...

> Yet at least the NSA is subject to democratic scrutiny.

Don't think so. The bits of NSA that Snowden has outed are subject to an insincere apology and a beeline for the nearest loophole; but I don't think that counts as either scrutiny or democratic. And I'm sure that there is a large unseen part covered under 'operational' and 'top secret' etc. that isn't subject to any scrutiny at all.

Sorry

However dishonest Google and Facebook might be, the claim that making it easier for record companies and movie studios to protect their cash flows and business models will help protect our privacy also at least appears to me to be on the disingenuous side.

Theoretically, copyright law could be used as a basis for some protections of privacy, but the odds of that happening in practice do not look good.

"Optional" sounds just right.

Wonderful article, Andrew.

In a much better world than we have, Silicon Valley would not be run by self-absorbed control freak sociopaths. In a perfect world Economists would be capable of machine assisted long division too. Statistics has gone dreadfully wrong on us.

First, a quick look at a Population Clock will tell you that every fifth "birth" is no birth at all ...

http://www.census.gov/popclock/

rather, every fifth (or so) addition to the (US) population was a faceless unknown before and now has full rights. It all takes a minute and a half. Bigotry is being done in by alacrity.

Second, "The News" increases the frequency with which random horror is brought to our attention, which renders non-random horror less vainglorious with diminished pride in ownership.

Peace on Earth, Goodwill Toward Men, etc. may be our (Baby Boomers) last best bet for making an impression on the History Books.

Chaff is the solution

The Silicon Valley privacy monetization industry and the NSA/FBI surveillance-industrial complex may be equally dangerous to privacy, but conflating them is simplistic. They are culturally, generationally and geographically thousands of miles apart. If you look at who has been eagerly cooperating with the NSA (as opposed to complying under duress with National Security Letters), it is Telcos, who are centered primarily on the East Coast and Texas.

Curbing the NSA's unconstitutional abuses is going to be difficult, will take years and will require working through the political process - there is no other way, technological countermeasures alone can't make a difference against an opponent whose R&D budget probably eclipses the entire tech industry's.

The way to fight against the privacy-infringement industry is technological: better cookie-filtering software like disconnect.me, along with as-yet-to-be-written big data sabotage tools that poison the well for data brokers by pumping fake data into their user profiles, thus rendering them worthless. I can easily imagine browser plugins that click on random links in the background to obscure what you are really interested in. People tend to overestimate the power and robustness of statistical techniques, they are actually very vulnerable to noise and deliberate info-chaff. Legislative and administrative approaches like Do Not Track won't work because there is no practical way for the government to monitor compliance, just see how Do Not Call failed to curb the most egregious telemarketers.

Onus of Defense

There seems to be a fundamental misunderstanding of how laws work going on here. It's the same flawed assumption politicians make all the time and it has disasterous consequences.

A law, any law, has the power to dictate or control the actions of anyone. A law defines what actions a society deems unacceptable as well as the punishments for those behaviors in one is found to be engaging in those actions. The key point there is 'found to be engaging in', law and the consequences it defines are backward facing by default. A law breaker, a criminal, is free to commit crimes if he chooses. The consequences of being caught are a risk the criminal must assess on their own, but again, there is no mechanism to prevent them from perpetrating a crime.

Assuming you find the above valid, who is responsible for the protection of your property? If you answered anything except you, the property owner are responsible for protecting your property you're obviously not paying attention to the myriad of defensive property protection actions you take everyday. The protection of property is a major focus of resources wherever property is recognized as a thing. If laws actually prevented crime you would have no keys (at all, zero keys) no PIN's, no photo ID, no State issued unique identifier. The world would be unrecognizable if property did not require your protection.

Before I take this to its conclusion, let me state that I abhor the scale and intrusiveness of government and commercial data collection and the incredibly unbalanced nature of IP. Here comes the crappy part and it must be addressed: Governments and corporations are defending their property with all the data privacy crap. Governments are protecting their power and corporations are protecting their existence through financial capital as a defense. They feel they have to do those things because they know law itself is not an active defensive measure. They know they've got to provide their own protections.

Now ask yourself what you're doing to protect yourself... If it's writing letters to Ministers and Congresspeople wanting more laws then you aren't doing much now are you? Are you utilizing all the free services available online in exchange for only your data? Are you getting discounts at the grocers as a member of a club or 'points' with airline, hotel and rental car companies? Using credit or debit cards? I doesn't sound to me like you're doing much of anything to protect your data/property.

Since the concept of convenience was developed it has always had an incredibly high price tag attached to it. It still does. All commerce thrives on that fact, make something easier and people will pay dearly for it. You're under no obligation to use those conveniences, if you feel the price is too high don't use them. That's your defense and ultimately your only offense. You have no right to a convenient existence, you must pay for it.

State collection of information is a thornier problem, but if you aren't providing data to the commercial entires you've effectively removed the biggest collection point for the State, they already know everything else about you.

There's a very flawed idea that one must choose sides in a battle. That's absolutely untrue, you can remove yourself from the conflict entirely. Sure, there's a price to pay, but there is always a price to pay for any action you take. Is the price too high? That's completely on you to decide.

Irony not lost

Interesting article - made all the more apposite by the Skyscanner advert (via Criteo) that appeared to the right of it which is offering me the same flights I searched for yesterday.

Do as I say?

The best way to make things as difficult as possible for NSA is to move to Linux and open source software. After all - Windows and Apple ecosystems are just Gulags. Don't play too close with Google too though Microsoft is the worste of all them.

Good try to promote copyrights law

...but it seems far fetched to me.

About privacy and data protection, you should study the french law "Informatique et Libertés" . This law should be extended as an EU regulation, to assure european citizen the privacy protection they deserve.

The premise of the argument is wrong

The author asserts that we are giving up something of value and that we should charge but micro-payments are not feasible. But are being paid. We use search engines for free.

Yes, it doesn't cost much for Google or Facebook or Bing or Yahoo! or... to serve up a page of result in response to a query or process an email. But it does cost something. That something is the micro-payment. It's the quid pro quo for the exchanging personal information for a search result.

An alternative is that individuals pay for searches so that they are not required to give up their data. However there seems to be no appetite among regular people for a subscription model. People like this author and many of the commentards here rail against intrusion but the average Joe and Joanna doesn't seem to mind so much. I'm sure the author will argue that's just ignorance. But really most people don't have much to hide.

In the UK you can watch advert subsidized TV or pay your TV license fee and watch the BBC advert free. There is no TV service which offers a free advert free service. And of course not, it costs to produce TV 24/7 and that money has to come from somewhere. It's the same with the internet.

It's too late already...

Isn't this whole argument moot? Every government or corporation that is interested in you already has reams of data about you. Locking everything down might help with the privacy of as yet unborn children, but for the rest of us, it's far too late.

Even if your elected, 'democratic' government was not deeply complicit in this situation, there's no way that all the money behind the lobbyists/bribers would let them pass meaningful legislation to protect you.

Best to accept the fact that you're screwed already, and move on.