In the wake of Prism Break Up, a weekend of privacy and cyber-security events that I co-organized with Heather Dewey Hagborg, Allison Burtch, and Ramsey Nasser almost a month ago, it seems appropriate to reflect on some of the weekend’s more salient takeways [read a summary here], and otherwise provide a general recap of the privacy and security thoughts. My subsequent experience attending privacy and security (as well as taxonomy) sessions at MozFest informs this discussion about the problems with privacy, and how we can hope to define and defend it in the future. Likewise I’ve sprinkled in some good quotes and epic links collected from my meanderings through the unexpected brilliance of the wwworld.
TL;DR, this is a blogpost about how no one knows what privacy is, and the ambiguities of internet ethics make the maintenance of any value system almost impossible. It’s also a hopeful post (don’t despair!) about what we can do to create a better cryptocabulary and more secu-fluent world.
Rare is the day that I don’t read an article of internet privacy, information security, intellectual property…all things that weren’t necessarily anomolous in my news feed previously, but for their adjectives. Privacy, Security, and Property have long been active concerns in most news, law, public policy and government information outlets, but our approach to defending and managing has complicated since the internet, since one (or two) laptops per [everybody], since we started as a domestic populace to live half our lives online. Clive Thompson’s recent Wired Article on “Using Darknets to Foil the NSA” contributes to a body of literature now discussing the “dark[net] side” as a viable meeting space for the quotidian networking of “average” internet users. And these days, most of the privacy press I read isn’t in Wired. Current media fixation outside the standard news outlets also support this swell in privacy/security concern. Two weeks ago, the Stop Watching Us Rally in DC, YACHT’s EFF support campaign, and umpteen blog posts on the topic have pushed metadata discussions and black hat hackery into the realms of common parlance.
Perhaps our existing vocabulary is ill-suited to accommodate the ethical implications of privacy in post-digital environments, as this Necessary and Proportionate article does well to assert in its preamble and subsequent breakdown of privacy “principles”:
“Traditionally, the invasiveness of communications surveillance has been evaluated on the basis of artificial and formalistic categories. Existing legal frameworks distinguish between “content” or “non-content,” “subscriber information” or “metadata,” stored data or in transit data, data held in the home or in the possession of a third party service provider. However, these distinctions are no longer appropriate for measuring the degree of the intrusion that communications surveillance makes into individuals’ private lives and associations.”
Perhaps all of our a schema for conceptualizing values and rights needs some re-tooling to suit the digital folksonomy of our contemporary computer world. Perhaps we should all start participating in the assembly of that dictionary of terms. The refrain being: we need a defined terminology to reference in our defence of privacy, and everyone should be an editor.
..::PROMOTING A PRIVACY VOCABULARY
As the catalogue of compromised security protocols grows and ignorance about security assurances with “safer” homespun systems persists, a more consistent program of secu education should develop, and a more consistent understanding of what we are seeking when we say “security” and “privacy” should preface that development. When we demand rights and respect for our ideas expressed publicly, we negotiate a spectrum of interests between two poles of extremity: censorship (restricting our rights to view and express publicly), and surveillance (restricting our rights to view and express content privately). Our understanding of the relative rights provisions and restrictions in other nations informs our interest in what we feel entitled to as citizens, and part of the opening Prism Break Up panel almost a month ago was meant to address the legal defence of loosely defined values like privacy in the United States. In other nations, privacy’s importance and value occupies a more codified realm of articulated and provisioned rights, but in the States its value and definition remains nebulous. Throughout the initiatives we support as citizens, we seem broadly confused about whether privacy and security enforcement should champion the right to keep secrets or the right to expose them.
In previous media generations, I believe this distinction was more clear, at least, in the States. As champions of free speech and minority representation, US citizens found it easy to defend the rights of individuals, and interrogate the motives of institutions. As individuals were were entitled to privacy and autonomy, while institutions (backed by the power of a crowd and the tendency toward crowd-control/monopoly) we were subject to scrutiny. On the internet however, the distinction between individual and institution blurs. We are indeed entitled to some degree of privacy, anonymity, and autonomy on the internet, but how that articulates vis-à-vis previous policy and legacy scenarios; post-PRISM practice remains fuzzy. Should we not advocate for an alternative internet? Should we not participate where possible in a decentral movement populated by subnodes and occupy.here projects and punctuated by the likes of redecentralization cypherpunks? Yes, certainly, but we should understand more about what values warrant re-definition in the new contexts they now occupy.
Some of the challenges we must negotiate in defending privacy in newer contexts stems from the open culture of the internet, where individual privacy and innovation get muddled in a very public realm. In a recent panel discussion on Open Source Art at the LISA conference, the importance of developing open tools that embrace a collaborative ethos to iterative development echoes this idea, codifying how important such transparency and crowdsourcing efforts are to technology and software as we develop them today. Proprietary platforms and projects are still prevalent and productive, but few other industries outside of software have such a strong community founded on principles of openness and sharing. Concerns for privacy and security struggle with transparency for dominance in this domain; and the values that are appropriately and easily defended in traditional environments crumble a bit in the layered architecture of the internet. And it’s not just our personal privacy that often feels violated, but out public industry that is compromised by ambiguity. Confusion in patent law for software development and in privacy provisioning for information management engenders a host of anxieties unprecedented by previous eras of industry. The Wealth of Networks does well to treat this complicated context and the associated redefinition of values like “freedom” and “privacy“:
“An understanding of how we can think of this moment in terms of human freedom and development must transcend the particular traditions, both liberal and illiberal, of any single nation. The actual practice of freedom that we see emerging from the networked environment allows people to reach across national or social boundaries, across space and political division. It allows people to solve problems together in new associations that are outside the boundaries of formal, legal-political association. In this fluid social economic environment, the individual’s claims provide a moral anchor for considering the structures of power and opportunity, of freedom and well-being. Furthermore, while it is often convenient and widely accepted to treat organizations or communities as legal entities, as “persons,” they are not moral agents. Their role in an analysis of freedom and justice is derivative from their role—both enabling and constraining—as structuring context in which human beings, the actual moral agents of political economy, find themselves.”
..::A MODEST PROPOSAL
With the crowdsourced efforts of many contributing individuals, we can perhaps work to clarify these ambiguities, at least the lexical ones. I’ll return to my previous suggestion that we all participate in the collaborative dictionary of privacy if only to point out some holes in that request. Unfortunately, a lot of communities online are built like high school, there are cliques, the cool place to be is usually the most obscure, and while it might be the “nerds” ruling the roost, we still manage to built environments that aren’t so friendly for the average person. Transforming open environments into proprietary and restricted micro-communities is a pretty persistent part of the human experience; the internet, and privacy technologies are not exempt. And a lot of crypto and security falls in that abyss of ambiguity that remains obscure for most. This paradox infiltrates all networked environments, and we’re always struggling with a complicated set of values. Anyone who saw the Social Network can infer that one of the biggest and most pervasive social networking tools on the planet was built with a nugget of inspiration based on the exclusivity, and not the universality of access. People wanted to join Facebook because it was exclusive to their campus, a private club of awesome. So, despite the open and participatory platform we tout in our promotion of crowdsourced efforts, it’s the invite-only, dark net, closed, under-surveilled environments that we crave. People fed-up with the “everyman” environment of Craigslist might now turn to the invite-only security of
Quentin’s Friends, where only members can invite you to join, and everyone is approximately 6 degrees from Quentin. Likewise, encrypted browsing is embraced in the private darknets like Hyperboria, a peer-to-peer alternative internet that caps at a cool 500+ browser, all invited by a member. In both cases as in others, the values of “security” and “privacy” complicate because they now refute some of the open and transparent tenets of the environment they inhabit; now privacy is more exclusivity than obscurity, or at least, the means to both ends entwine.
When it comes to promoting privacy moving forward, we need to balance the attraction of exclusivity with the ethics of universality and transparency, and recognize that these are often at odds, or at the very least, swimming in the same ambiguous soup.
Still, and perhaps as a result of this value ambiguity, it has become more important than ever to involve larger populations in the conversation, if only to ensure that the privacy and security we defend is representative of the values of our populace and not just our buddylist. Some of the best crypto depends on the participation of more members to promote a healthy block chain spread across a network of contributors, some existing as exit nodes or guides, and all contributing to an increasingly cosmopolitan constituency. Even decentralized currencies like Bitcoin despite emphasis on (understandable) privacy and anonymity, support an equal measure of universality and depend on a network of participants rather than a central authority to control the economy.
I’ve opened a document on Editorially to version the current definition of privacy, please contribute, ping me if you’d like to be added as a collaborator or just add a comment to the page.
- CryptoHow-To: https://github.com/hackshackers/hhnyc-crypto
- Tor/HTTPS Overview: https://www.eff.org/pages/tor-and-https
- CryptoHippie: https://secure.cryptohippie.com/
- DuckDuckGo: https://duckduckgo.com/ for incognito browsing
- Anonymous Speech: https://www.anonymousspeech.com/ for anonEmail
- Transparency Reports (via Google): https://www.google.com/transparencyreport/
- Safeplug for all: https://pogoplug.com/safeplug (thanks DLublin for the tip)