Tagsurveillance

Living in the New New Normal

L

Image: Unsplash (derveit)

Please note: This post veers a bit outside my usual topics for this blog, so you can read the post in full on Medium.

It’s the year 2019. What’s it like to live in the New New Normal, in a world where the once-disruptive Silicon Valley tech companies (GAFAM) have become the richest, most powerful companies in the world?

In a world in which Chinese tech giants (BAT), too, have reached a level of maturity, and scale, to equal those Silicon Valley companies and are starting to push outside of China and onto the world stage? In which these companies represent not change, innovation and improvement (of the world, or at least the online experience) but the status quo; where they are the entrenched powers defending their positions? In a world that has left the utopian ideas of the early open web (especially openness and decentralization) in the dust, and instead we see an internet that has been consolidated and centralized more than ever?

In other words, what’s it like to live between increasingly restrictive “ecosystems” of vendor lock-in, and the main choice is between the Silicon Valley model and the Chinese model?

Read the full post on Medium.

On Business Models & Incentives

O

We’ve been discussing ethics & responsibility in IoT specifically, and business more generally, a lot lately. This seems more relevant than ever today, simply because we see so much damage done because wrong business models—and hence, wrong incentives—drive and promote horrible decision making.

One blatantly obvious example is Facebook and its focus on user engagement. I’d like to make clear I pick Facebook because it is simply the best known example of an industry-wide trend.

Advertisers are sold on “engagement” as a metric since the web allowed to measure user behavior (ie. what used to be called “Web 2.0”, now “social media”). Before that (early Web), it was various flavors of page impressions as a proxy for reach. Before that (print, TV) it was calculated/assumed reach based on sampling and the size of print runs.

It’s important to keep in mind that these metrics have changed over time, and can change and be changed any time. They aren’t a divine hand-down, nor a constant in the world. They are what we, as an industry and society, make them.

Now, for a few years advertisers have been sold on, and have been overall quite happy with, having their ad efficiency and effectiveness on engagement. This term means how many people didn’t just see their ads, but interacted (“engaged”) with them in one way or another. Typically, this means clicking on them, sharing them on social media or via email, and the like. It’s a strong proxy for attention, which is what advertisers are really after: They want potential customers to notice their messages. It’s hard to argue with that; it’s their job to make sure people notice their ads.

That said, the focus on engagement was driven forcefully by the platforms that profit from selling online ads as a means to differentiate themselves from print and TV media, as well as the online offerings of traditionally print/TV based media. “Look here, we can give you much more concrete numbers to measure how well your ads work”, they said. And they were, by and large, not wrong.

But.

The business model based on engagement turned out to be horrible. Damaging. Destructive.

This focus on engagement means that all incentives of the business are to get people to pay more attention to advertisements, at the expense of everything else. Incentivizing engagement means that the more you can learn about a user, by any means, puts you in a better position to get them to pay attention to your ads.

This is how we ended up with a Web that spies on us, no matter where we go. How we ended up with websites that read us more than we read them. With clickbait, “super cookies”, and fake news. Every one of these techniques are means to drive up engagement. But at what cost?

I truly believe you can’t discuss fake news, the erosion of democracy, online harassment, and populism without discussion online surveillance (aka “ad-tech”, or “surveillance capitalism”) first.

Business models, and the behaviors they incentivize, matter. Facebook and many other online advertisement platforms picked horrible incentives, and we all have been paying the price for it. It’s killing the Web. It’s eroding our privacy, the exchange of ideas, and democracy. Because where our communications channels spy on us, and the worst and most troll-ish (“most engaging”) content floats to the top because of ill-advised and badly checked algorithmic decision-making, we can’t have discussions anymore in public, or even in the spaces and channels that appear to be private.

It doesn’t have to be that way. We can choose our own business models, and hence incentives.

For example, over at ThingsCon we were always wary of relying too much on sponsorship, because it adds another stakeholder (or client) you need to accommodate beyond participants and speakers. We mostly finance all ThingsCon events through ticket sales (even if “financing” is a big word; everything is mostly done by our own volunteer work). Our research is either done entirely in-house out of interest or occasionally as a kind of “researcher-for-hire” commission. We subsidize ThingsCon a lot through our other work. Does that mean we lose some quick cash? Absolutely. Do we regret it? Not in the very least. It allows a certain clarity of mission that wouldn’t otherwise be possible. But I admit it’s a trade-off.

(A note for the event organizers out there: Most of the sponsors we ended up taking on were more than happy to go with food sponsoring, a ticket package, or subsidizing tickets for underrepresented groups—all entirely compatible with participants’ needs.)

If we want to build sustainable businesses—businesses that will sustain themselves and not poison their ecosystem—we need to pick our business models and incentives wisely.

We’re all under surveillance – where to go from here?

W

UNDER SURVEI LLANCE

 

Since the seemingly never-ending series of revelations about mass surveillance of citizens in the Western democracies by their governments (or indirectly by their partners through data exchange) has begun I’ve been trying to wrap my head around the implications – what it means for us as citizens.

One thing I can say for certain is an emotional one: It feels like our own democratically elected governments have — each in their own countries — kicked a leg out from under the table of democracy.

Wobbly metaphors aside, what we see is democratic governments installing the means of totalitarianism. Not with the same intention, I guess and hope, but maybe oblivious to the dangers inherent in their course of actions. Once the tools for mass surveillance are in place, there’s nothing structurally protecting us from a totalitarian state in the affected countries. It was one of the ground rules I learned in my political science studies: Never build tools that are only good in the hands of a “good” government. Build in strong safeguards against abuse by “bad” governments. And even without any abuse of power, we already know about the negative effects of mass surveillance.

I’m not one to say intelligence services should be abolished, I think they serve some important functions. But they must be under incredibly strict, tough supervision, and very limited in scope, with bullet-proof safeguards in place against abuse of power. This system of oversight seems to have failed at scale.

One of the little thought games I like to play when evaluation a seemingly complex issue is to change some of the variables involved to get other perspectives: invert the scenario or players; exaggerate/extrapolate; diminish it/dial it down; a system breakdown; shift motivations of the players and/or the players; etc. Often times, mentally going through these scenarios and comparing them with the as-is situation can help understand better what’s going on and what’s desirable.

So let’s go through some of these mutations, and see what comes up.

Inversion

Instead of intelligence services spying on citizens without warrants or real oversight and reporting to the government, the same services spy on politicians — around the clock, in their offices and at home — and report to the public. Why not start with five percent of communications initially, ramping up to 20 percent over time.

Dialing it up / extrapolation

Increase the amount of surveillance, and increased ability to read encrypted communications. Oh wait: That’s already a reality.

Dialing it down

Decrease the amount of surveillance. Maybe restrict it to cases of actual suspicion, based on police work. (I find it hard to find anything bad about this scenario. In fact, until recently that was how the system supposedly worked, and is meant to work.)

System breakdown

At the peak of performance of the surveillance machinery, something goes horribly wrong. Data is exposed, stolen, the system breached or undermined, that kind of thing. All the data and analysis is openly available, including the tools to collect it: The backdoors built into our software, the keys to the available encryption, the passwords and saved communications and the network analysis that shows social networks of people. Leaving more or less every person with access to digital communications (all the two billion or so, and counting) immensely vulnerable to abuse of the worst kinds. Dissidents tracked down by abusive governments, journalists silenced, individuals blackmailed or robbed. You get the drift.

But hey, when has a massive central system ever failed? After all, it’s not like someone could just burn a DVD of data or a take a memory stick full of stuff and walk out of a secure facility and expose top secret data.

Oh wait – how did we learn about all of this again?

Shift motivations and/or players

A new party emerges and gets the popular vote running on a populist, anti-democratic agenda. Think Tea Party to the power of 10, or neo nazis, or fascists of any sort, whatever. Only, this time they have the most powerful mass surveillance apparatus of all times at their disposal. History tells us that this kind of stuff happens. I think we can all agree that’s not desirable?

So what now?

So where does that leave us? Frankly, I don’t know. There have been calls for engineers to take responsibility and for more political oversight, among many others. Maybe there’s a constitutional course of action, kind of a political equivalent of negligence or abuse of power to hold the government or individual politicians responsible? Maybe introducing term limits like in the US in Germany, too, and maybe in leading positions inside the intelligence community as well?

I have no idea. But I’m pretty sure that just leaning back, shaking heads and becoming cynical won’t cut it. Not if our democracy and freedom is at stake. (End of melodrama.)

On this note, if you would excuse me. I have a demo to go to.

The frustrating state of affairs: Merkel’s government & blanket surveillance

T

Every day we learn more about the role the German government and intelligence services play in surveillance of very dubious legality in Germany. We’ve been learning that the German government has been either unknowing to some degree (meaning incompetence), willingly oblivious (meaning incompetently and maliciously avoiding responsibility) or flat out lying. Just a few of the recent revelations and analyses, picked more or less at random:

German’s intelligence services using NSA software, Augstein’s essay on Spiegel, Prantl’s essay on Sueddeutsche. There are dozens more, but if you read this, you’ve probably read those articles too.

While surveillance by another country is bad, it’s also something that can easily end up being a distraction from a more pressing point – how does our own government spy on us? And how does it actively help other governments in spying on us?

I believe that security services need to work together, and I believe even more firmly that security services need to be under extremely strict supervision. Furthermore, I believe that more-or-less blanket surveillance creates much more damage to a democratic society than it can prevent.

And, sadly, with what we’ve been learning about the German government it seems to transpire that this government is willing to put up with these “collateral damages” in ways that seem to me to inflict lasting damage to our political system and process.

Sounds dramatic? Maybe. But I think it’s not far off. A citizen who has to suspect there’s a chance to be surveilled for using a keyword or knowing someone who knows someone who knows someone who knows someone (!) who’s suspicious can’t be an engaged citizen. Yet, that’s how we just learned these network analysis tools work.

This isn’t one of your usual summer season mini scandals, it’s at the core of how a resilient democracy works. Or doesn’t.

Merkel and her team have been trying to “sit out the problem”, as the figure of speech goes. Luckily, it seems like this isn’t working. Both the German public and the media seem to be doing their job of keeping a close eye on their government.

But what’s next?

It seems to me there are two things that need to happen now:

1) Minister of the Interior Friedrich needs to step down, or be relieved of his duties, immediately, and be replaced by someone who has a proven track record on civil rights, no matter what partya affiliation. Leutheusser-Schnarrenberger, maybe?

2) Chancellor Merkel needs not only to take a stand (read: a clear position followed by clear action) on protection of German citizens from international surveillance, but also and primarily on surveillance of German (and international) citizens by the German government and intelligence services.

Failing that, I dearly hope that we can elect another government in the fall, even if — yes, yes, I know — most other parties don’t have a particularly good track record in these issues either.

(I have personal political positions, but I’m not going to recommend anything here: Not re-electing a government is the most powerful and most established deterrence we have for unwanted politics. It’s not nuanced and not elegant, but it’s what we got within the system, so that’s what I’m going for. And then we’ll need to hold the next government to equally high standards.)

ATT & Cargo Cults

A

Ulaanbaatar, Mongolia Image by One Laptop Per Child (CC by)

 

As BoingBoing reports, a leaked memo indicates that AT&T will introduce a creepy and stupid policy: If a user is suspected of copyright infringement (by which means is unclear – Hadopi style maybe?) repeatedly, AT&T will block access to Youtube and other sites and instead re-direct that user to an “on-line education tutorial”, and only after completing said tutorial will allow their users again to access the web as they please.

All the enforcement issues and the details of this particular instance aside, the political implications of what’s been going on in the world of copyright enforcement over the last 10-15 years are so creepy and skewed that it’s hard to believe we’re still even talking about this. And that a company would still even consider the option to screw their customers without a legal warrant or equivalent, just like that. When did that become acceptable?

I’m guessing that in 10 years or so we’ll look back at this era and laugh about it like today we laugh about Cargo Cults.

Unless, that is, we won’t be laughing about it because this is still going on, but then it’d be a world I wouldn’t want to live in.

Catch up to the 21st century some time soon & find business models where you get paid voluntarily without suing or surveilling anyone?

More on Boingboing.

Breaking the Banksy: First interview?

B

A new Banksy mural ‘One Nation Under CCTV’ painted next to a CCTV camera at a Post Office yard in the West End. (Image: Dailymail.co.uk) A new Banksy mural ‘One Nation Under CCTV’ painted next to a CCTV camera at a Post Office yard in the West End. (Image: Dailymail.co.uk)

Half the world, it seems, has been chasing the British graffiti artist Banksy: Police for his vandalism, art collectors for his works, sprayers for his style, media for the scoop. So far, his cover hasn’t been blown. Now Daily Mail has a first interview, or rather: description of a meeting with the artist.

To post this here may seem slightly off-topic, and I guess it is. I posted it anyways for two reasons:

First, I think it is indeed quite remarkable that it’s even possible to keep your identity as secret as Banksy does, while still producing art in very public spaces, like the one seen above, and the one below. (One of his recurring topics is surveillance of the public space, after all, and what you could call sousveillance, i.e. inverse surveillance.) In our age of transparency and data sharing, of public surveillance and CCTV, this seems like quite an achievement.

Second, it’s a hell of a good graffiti. Not only does it look awesome, the way it plays with different levels of reality, surveillance and meaning is just mindblowing.

Banksy: What are you looking at? (Photo by Flickr user nolifebeforecoffee) Banksy: What are you looking at? (Photo by nolifebeforecoffee)

Some more Banksy art? Check out what Flickr has to offer, sorted by interestingness.

Did Deutsche Telekom Track Journalists’ Movements?

D

Over the last couple of weeks, a major privacy scandal has been unfolding in Germany: Deutsche Telekom – the company that also monopolized use of the a certain shade of magenta – spied on their management. Not only their on their management, though, Telekom also spied on journalists.

(Please note: Quite a few of the linked sources are in German only as most material on Deutsche Telekom is only available that way.)

Stasi 2.0 by flickr user skepWhile Germany’s Minister of the Interior & big-time surveillance fan Wolfgang Schäuble says he’s shocked and invites leading Telekom representatives for a nice cuppa coffee, the Telekom managements (both former end current) keep bouncing back and forth responsibility for ordering the super-illegal surveillance. Schäuble, sadly, doesn’t seem to be drawing the correct conclusions: That privacy is worth protecting, and not as he proposes in his interpretation of the war on terror a matter to be dismissed lightly. But back to Deutsche Telekom.

The Telekom had, or so it seems, suspected someone leaked confidential information. How to hunt a mole? Spy on our board of directors, our shareholders, and those pesky journalists. And how to do that best? First you hire a Berlin-based consultancy run by former Stasi spies. And since they’re the predominant German telco, they could just tap into journalists’ phone calls, trace their movements and map their social networks. This stinks.

Fun twist: As of Jan 1, 2008 all telcos (including Deutsche Telekom) are forced by law to save all connection data for six months as part of the war on terror. Well, after all we’ve learned about the Telekom’s data handling, we can surely agree on their trustworthiness, right? Oh boy. Just to be clear: This kind of spying is absolutely illegal in Germany.

I’m curious how this is going to play out. While I’m watching the drama unfold, I’m quite happy that I don’t use any Deutsche Telekom services anymore, and I’ll make sure to encrypt my surfing and my email more thoroughly to avoid being eavesdropped on by not-so-trustworthy organizations.