Quote of the Day: America has no functioning democracy

He’s obviously violated the laws of America, for which he’s responsible, but I think the invasion of human rights and American privacy has gone too far. I think that the secrecy that has been surrounding this invasion of privacy has been excessive, so I think that the bringing of it to the public notice has probably been, in the long term, beneficial.

– Former US President, Jimmy Carter talking about Edward Snowden. As quoted by The Register.

Geek Fatalism and Nerd Exceptionalism

In the wake of the various claims and counterclaims surrounding PRISM, I have seen a number of responses – both online and off – which strike me as being both disturbing and self-defeating. Broadly speaking, these responses fall into two categories: the fatalist and the exceptionalist.

The fatalist is the person who starts by saying: “Of course I knew the government was spying on me…” and then goes on to make some claim along the lines that there’s nothing you can do and/or you can’t remain outraged about these sorts of intrusions indefinitely.

The exceptionalist points to the fact that he properly encrypts his emails, federates his social networking and manages his entire online presence from his own server. This person then goes on to either say: “So I’m okay” or “… and everyone else should do the same.”

None of this is new so, before I continue, let me pause and refer you to an article Cory Doctorow wrote, slightly over a year ago, on The problem with nerd politics:

In “nerd determinism,” technologists dismiss dangerous and stupid political, legal and regulatory proposals on the grounds that they are technologically infeasible. Geeks who care about privacy dismiss broad wiretapping laws, easy lawful interception standards, and other networked surveillance on the grounds that they themselves can evade this surveillance. For example, US and EU police agencies demand that network carriers include backdoors for criminal investigations, and geeks snort derisively and say that none of that will work on smart people who use good cryptography in their email and web sessions.

But, while it’s true that geeks can get around this sort of thing – and other bad network policies, such as network-level censorship, or vendor locks on our tablets, phones, consoles, and computers – this isn’t enough to protect us, let alone the world. It doesn’t matter how good your email provider is, or how secure your messages are, if 95% of the people you correspond with use a free webmail service with a lawful interception backdoor, and if none of those people can figure out how to use crypto, then nearly all your email will be within reach of spooks and control-freaks and cops on fishing expeditions.

“Nerd fatalism” is the cynical counterpart of “nerd determinism.” Nerd fatalists hold that the geeky way of doing things – the famed “rough consensus and running code” – and have an ideological purity that can’t be matched by the old-time notions of deliberation, constitutionalism, and politics. These things are inherently corrupt and corrupting. If you move to Whitehall to defend technology, in a few years, you will be indistinguishable from any other Whitehall wonk, just another corrupted suit who sells out his ideals for realpolitik.

It’s true that politics has internal logic, and that habitual participants in politics are apt to adopt the view that politics is “the art of the possible” and no fit place for ideals. But there’s an important truth about politics and law: even if you don’t take an interest in them, it doesn’t follow that they won’t take an interest in you.

So we can design clever, decentralised systems such as BitTorrent all day long, systems that appear to have no convenient entity to sue or arrest or legislate against. But if our inventions rattle enough cages and threaten enough bottom lines, the law will come hunting for them.

To the fatalist, I would say that you should stay outraged about these intrusions. As Bruce Schneier points out:

Democracy requires an informed citizenry in order to function properly, and transparency and accountability are essential parts of that. That means knowing what our government is doing to us, in our name. That means knowing that the government is operating within the constraints of the law. Otherwise, we’re living in a police state.

It’s not enough to roll over and accept whatever our governments decide to do. Governments exist to serve the will of people – not the other way around – and if they fail in this then we can, and should, eject them from office.

I realise that there are people who will read the above line and immediately go into the usual whine about how democracy is broken and all politicians are in the pocket of corporate lobbyists and blah, blah, blah. So let me take a moment to address this point: It is your cynical disengagement that leaves the vacuum which wealthy special interests are so keen to fill.

Politicians will always pay most attention to those that keep them in power. In a democracy, that is the electorate. But if your vote, or your non-opposition, can be taken for granted then you cannot claim to be surprised that the politicians will then start to pay more attention to the people who fund their campaigns, and those people’s interests.

You have a vote. You should use it. And you should make sure that your representatives know how you intend to use it, and why.

And then there is the exceptionalist, the person who thinks that they can apply technical solutions to the problems of overbearing or incompetent government. If you are one of these people then I’m sorry to disappoint you, but you’re fooling yourself.

It is in the nature of communications that, unless you talk to no-one but yourself, you will eventually lose control of every message that you send. It doesn’t matter how carefully you encrypt your emails or how secure you keep your server, sooner or later you will find yourself messaging someone who doesn’t share your security concerns and then all bets are off.

You may think that everyone should encrypt everything but the reality is that everyone won’t. There is a trade-off to be had between security and convenience and some people will always place a greater value on convenience and a lower value on security than you do. Not only is this perfectly reasonable but, by focussing on the technicalities of computer security, you are addressing the wrong issue.

The problem is not that the state, or it’s agencies, are able to pry into your online activities. The problem is that they want to.

The vast majority of any country’s citizens are ordinary, law-abiding individuals in whom the state should have no interest. Obviously, there are people in whom the state are reasonably interested but that interest should be specific, limited, transparent and subject to judicial oversight.

I’m on the verge of repeating myself here, so back to Cory Doctorow:

If people who understand technology don’t claim positions that defend the positive uses of technology, if we don’t operate within the realm of traditional power and politics, if we don’t speak out for the rights of our technically unsophisticated friends and neighbours, then we will also be lost. Technology lets us organise and work together in new ways, and to build new kinds of institutions and groups, but these will always be in the wider world, not above it.

Elections to the European Parliament are less than a year away. Maybe now would be a good time to start documenting the positions being taken by the various political groupings on the question of privacy – both on and offline – and ensuring that they understand that there are votes to be won in taking these questions seriously.

InterNations: Social Networking Privacy Fail

Back in November, I finally decided I’d had enough of all the marketing emails that were clogging up my inbox. These are not spam, as such, but sites I had bought something from in the past but which continued to send me mails trying to sell me more stuff. So rather than just deleting the mails as they arrived, I went back and unsubscribed from each and every one of them.

This has proved to be remarkably liberating and I found my attention turning to the various social network notifications that I was receiving. Each time a notification hit my inbox, I would either unsubscribe from the emails or delete the account.

Today, I received a notification from InterNations. It’s an expat network that I signed up to a few years ago and, for various reasons, have found to be a lot less useful than I thought it would be. So I signed on and started looking for the Delete Account button.

This is what I found (emphasis mine):

4.3 Changing or Removing Information

Access and control over most personal information on InterNations is readily available through the profile editing tools on the InterNationsWebsites. The User may modify or delete any of his/her profile information except the mandatory information required during the registration process at any time by logging into his/her account. Information will be updated immediately. Users who wish to deactivate their account with InterNations should send a fax or letter to InterNations. In this case InterNations will remove the User’s name and other personally identifiable information from publicly viewable data. InterNations may retain certain data contributed by the User if it may be necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained data will continue to be subject to the terms of the Privacy Policy that the User has previously agreed to.

Seriously. They expect me to send them a letter to tell them that I no longer want to use their online service.

Words fail me.

Dear Facebook

You Suck.

I am aware that switching back to my real email address is an easy thing to do, but why should I sign in to an account that I haven’t used in over a year just to fix yet another of your screw-ups?

Your once clean homepage has become more and more cluttered, and increasingly unusable. Both your security and privacy models are so broken that you managed to simultaneously lock my data away and then leak it. Your site is insecure, unreliable, not trustworthy and not useful.

You won’t be surprised, therefore, to learn that I have finally gotten arount to deleting my account.


LinkedIn pulls Facebook style privacy stunt

Steve Woodruff has noticed that LinkedIn has become the latest social networking site to decide that they can share your data without notification.

The all-new “Manage Social Advertising” option – which is switched on by default – allows LinkedIn to use profile information like names and photos in third-party advertising.

Finding the check-box to switch this off is not intuitive, but Woodruff has provided a handy guide to finding it.

Via The Register, which also notes that this new profile setting may breach Dutch privacy law.