Jennifer Stisa Granick’s keynote address is a comprehensive and illuminating account of the past, present, and troubling future of “internet freedom.” It also raises uncomfortable questions for government officials, corporate leaders, and hackers. Let’s look at a few of them, in each category. The overarching concern may be: can we step back from our positions as advocates, and talk openly about what an ideal balance of power and freedom, surveillance and privacy, may look like?
JSG observes that security has to be a shared responsibility of government, private firms, and users. But she also notes that each is prone to some overreach. She frankly states, “The U.S. Government talks about security as “cyber”. When I hear “cyber” I hear shorthand for military domination of the Internet.” I agree that US “military domination” of a global network is problematic, as a normative matter. Perhaps thinking about what a sounder military role looked like in the past, largely in “real space,” may help guide us into the future of armed forces on the ‘net.
What does military non-domination look like? We see it in well-ordered states, where the military is always under civilian control. What does “civilian control” of a cybersecurity force look like? Do people outside it get to understand the technical details of its defensive and offensive activities? To what extent do the latter hinge on the former, or vice versa?
I think that independent, third party review of such issues is critical, because otherwise we’ll just end up with ever more intense surveillance of more aspects of our life. John Mueller exposes the grubby commercial spurs leading to overblown security threats. And the ramping up of security capabilities can be self-defeating, particularly if it just provokes military rivals to sink more funds into their own countermeasures. JSG is exactly right to say that the real goal for the US should be “building security for a global network,” not dominating it or monitoring/controlling all of it.
2) Private Firms
Some were shocked by the Snowden files’ revelations about cooperation between the U.S. government and U.S. tech firms. But there were already many examples of firms acting as “Big Brother’s Little Helpers,” in Chris Hoofnagle’s evocative phrase. And the kaleidoscopically shifting threat landscape renders even the biggest players dependent on some government aid. For example, few seemed troubled when Google sought help to secure its networks from shadowy Chinese hackers, who may have been governmentally sponsored.
JSG rightly asks here, though: to what extent are the big players online vulnerable to cooptation given such security threats? And she raises an even tougher question: what if the main people hurt by corporate/government surveillance are “edge cases,” unable to attract much support from oblivious majorities? Having co-authored a work on fusion center abuses in 2011, I was heartened to see Senate hearings on the topic the next year…only to realize by 2014 that these public/private partnerships were in some ways stronger than ever. Other parts of the surveillance apparatus are tracking Black Lives Matter protesters presently, in a sad echo of COINTELPRO’s misplaced priorities.
I believe this is an area where we have to start getting things right on a small scale, before there’s infrastructure or will to get them right on a larger scale. If we tolerate intermediaries basically ignoring consumer concerns about privacy, we can’t hope there will be much more accountability in the even higher stakes realm of surveillance. I do hope that the firms Bruce Schneier’s called the “feudal lords” of the internet eventually relent in the many consumer protection and privacy disputes they’re now embroiled in, leading eventually to a more relaxed attitude toward users’ own freedom to tinker with their newsfeed and search results. (And kudos to Twitter for resisting an algorithmic feed, for the time being.)
JSG mentions a Hacker Manifesto published in Phrack magazine by “The Mentor” — a sort of proto-Mr. Robot, who declares, “We make use of a service already existing without paying for what could be dirt-cheap if it wasn’t run by profiteering gluttons, and you call us criminals.” I was reminded of McKenzie Wark’s “Hacker Manifesto,” which describes a divide between a “hacker class” and a “vectoralist class”. Wark says that “Hackers must calculate their interests not as owners, but as producers, for this is what distinguishes them from the vectoralist class. Hackers do not merely own, and profit by owning information[, like the vectoralist class]. They produce new information, and as producers need access to it free from the absolute domination of the commodity form.”
JSG argues that many of the deepest threats to internet freedom come from that “absolute domination of the commodity form,” where some form of IP or trade secrecy is supposed to trump all other concerns. The slipperiness in Wark’s theory comes in the divide between actually producing new information, and profiting from what is presumably older information. There’s a lot to be said there, but let me just propose, for now, that any billionaires are probably more vectoralists, than hackers. I just doubt the ability of any one person to create new information that valuable, rather than profiting from others’ thought and work.
4) The Right to be Forgotten
And finally let me come to one point of disagreement with JSG. She characterizes the European Right to be Forgotten as a state interference with the right of vectoralists like the top Google managers to order internet results as they wish — or to delegate that to algorithmic processes. But why not think of it as a way of accommodating individuals’ “freedom to tinker” with a database that is incredibly important for their reputations? JSG says that “Without the Freedom to Tinker, the right to reverse engineer …we will be living in a world of opaque black boxes. We don’t know what they do, and you’ll be punished for peeking inside.” But isn’t the complete impermeability of search results returned on a person’s name, to that person’s challenge, an imposition of the same order?
Yes, the right could be abused. But given Julia Powles’ excellent research and reporting in the area, I believe we are seeing a positive effects that outweigh the negative ones — and, even more importantly, rapid development of standards for reputational justice. The RTBF also will be demanded in the US, I predict, if there is a data breach that results in the sequential posting and re-posting of files of thousands of medical records online. A government effort to obliterate public availability of such deeply private records should not be confused with “censorship” or undue control.
But I will admit my views are in the minority in the US regarding the RTBF, and may well remain so. And I don’t want to end on a negative note — I found myself very appreciative of the perspective offered in this keynote. So bravo for great work for civil liberties, and for offering such an insightful perspective on the state of internet freedom!