Learning to Live with Perpetual Information Warfare
Since the Snowden revelations started to inform the public about the ways in which western governments have been spying on everybody, a number of international diplomatic relations have soured, and many relationships between governments and their electorates have soured.
The actions of the governments of these countries have rendered them entirely untrustworthy. Their only avenue to regaining trust is to dismantle military-surveillance artefacts that are not physical, cannot be visually accounted for, that exist in a post-scarcity economy, with no meaningful limit to how many surveillance systems can be in place and no way of counting them. It is impossible to prove that this has been done. We must therefore hereafter assume that it is going to continue forever.
I publish this now in the context of a mass murder perpetrated against a group of journalists, in the name of religion. This is a terrible deed, but it is no more terrible than some of the reactions: it is almost as if certain fascist political actors are rubbing their hands together in glee over the atrocities, for events like these can be used to lend credence to downright disgusting political agendas. Marine Le Pen of course is overjoyed by the inevitable spike the Charlie Hebdo shooting will cause to her party’s following – as Bob Altemeyer pointed out in his book The Authoritarians, people seem spring-loaded to become more authoritarian in times of crisis. But when a French political party leader, even a fascist one, calls for the reuptake of the death penalty, then it is high time for everybody to become very very afraid.
This is a transcript of a talk I gave in Warsaw in September 2014, where I discussed some of the problems that make blanket surveillance easy, some of the possible approaches to eliminating broad state surveillance capacity, and put that into the larger geopolitical context of ongoing international information warfare. This was a continuation on a series of previous lectures, consisting of “Where States Go To Die” (SHARE 2013), “Engineering Our Way Out of Fascism” (FSCONS 2013), “Humanity Scale Information Security” (NullCon 2014) and “The Political Implications of Technology” (Digital Activism Now, 2014)
6. Surveillance is Easy
When the cold war ended, suddenly a generation of people, whose primary role had been to defend against an indeterminate adversary in a war that never happened, were put into the worst possible situation for them. Peace. Relative peace, interspersed with small conflicts, but the entire logic of the nuclear bureaucracy was upended, and all the skill and talent that had been built up since the end of the second world war was suddenly rendered unnecessary.
All those idle hands. And yet, like any other artefact of military superiority from a bygone age, it was repurposed. Unlike, say, the fort at Komárom or the military base at Christiania, or the Roman roads, these people were not repurposed for the public’s benefit. They were put into various roles including policy advisory and research and development.
It is in those roles that hundreds or thousands of smart people with a Cold War mindset got into the peacetime business of preparing for the next big problem. Papers were written, drafts circulated, plans shaped. But people who are in the business of preparing for the worst aren’t very good at assuming good faith. So they came up with bad law proposals, and kept them in their rainy day boxes, just in case.
Meanwhile, a culture of fear was being cultivated. Cities were turned into panopticons. Buildings were fitted with cameras, and the cameras were fitted with face recognition software, and the face recognition software was fitted with databases containing everybody.
The overarching argument was at one point crime. Then it was drugs. Then it became terrorism. Terrorism.
When we call somebody a terrorist, we are pretending that their actions have no motives. That their only aim is terror. That there is no chance of any legitimate political argument or concern behind the atrocities. Ignoring the politics of the terrorist, and instead lumping them into vague demographics based on nationality or religion, serves two goals: First, to eliminate any chance of non-violent solutions to their political demands, and secondly, to expand the group of potential terrorists beyond a negligible group of extremists with a particular set of political demands to a large amorphous group of indeterminate membership, thereby justifying the encroachment of the civil liberties of everybody.
Then, of course, it isn’t just cameras. The state security services are staffed with smart, dilligent people, who have been working hard on protecting their nation state from all of the indeterminate enemies. Because they’re smart, they know that you cannot fight your enemy without knowing your enemy. Unfortunately, they’re not smart enough to recognize that an enemy whose membership is intentionally, through willful ignorance, made to be indeterminate, cannot ever be known.
Thus the assumption that we must all be terrorists, and we must all, therefore, be known. Everything we do must be catalogued and understood. So our phones get tapped, and our Internet monitored. Our e-mails get read by machines and filtered through stupid, inaccurate computational linguistics models, slapshod statistical methods. Our passenger name records get analyzed for patterns. All of the data produced through the course of our increasingly interconnected lives are shoved through a pipeline of quantifications.
The state wants to find the outliers, and line them up against the wall. Fear isn’t cultivated because it’s fun. It’s cultivated as a means of manufacturing compliance, regardless of how insane the rules are.
In case you missed it, we live in a world of ubiquitous surveillance now. Information warfare is being perpetrated against us.
Surveillance is easy because ignoring the politics of minorities is easy. Surveillance is easy because accepting the bent logic of the state is easy. Surveillance is easy because the post cold-war nuclear bureaucracy got bored.
5. You are making Surveillance Easy
So one might say “down with the state,” with no plan for replacement, as if nihilism had any chance of improving our situation. It does not. Not only because there are an unknown number of devices spying on our activities, and not only because there is no way to find out where they are, and guarantee that we’ve turned them all off, but also because we willingly and actively submit ourselves to the surveillance.
You are carrying a device in your pocket that constantly keeps track of where you are, and reports it back to its overlords – the phone company. The phone company also keeps track of who you call and when, and for how long, and who you message, and which websites you visit, and in which order. The phone company dilligently complies with the demands of the state. If you are in Poland, they reported you to the authorities over a million times last year. The Stasi were never that efficient.
But it gets worse. You may use Facebook, or Twitter. You might use GMail or Yahoo for your e-mail. You might use Dropbox for your files, or iCloud maybe. These systems not only spy on you, but they aggregate your information and sell it to the highest bidder. And the second-highest. And the third. Actually, one of the most common business models of the cloud is to sell your data to everybody who wants to buy it. How do you think Facebook makes money? Do you think they’re allowing you to post pictures of your lunch or observations about the weather out of the goodness of their hearts? There is, to date, little evidence that the people running Social Surveillance Networks have hearts.
Cloud providers, as they are called, do of course have privacy policies, where they make vague promises not to harm you. But the definition of harm is narrow, and the scope of potential harm is broad. When you choose to put your data in the cloud, you are choosing to risk that it might rain. They can promise it’ll never rain, but the rain still comes, as many celebrities became profoundly aware of last week.
But it gets worse: even if you don’t use GMail or Yahoo for your e-mail, there’s a high probability that your friends do. When your friend uses a centralized e-mail service, they are exposing your activities to these companies, who may then report it to the state. When your friend uses GMail, your friend is reporting you to the authorities. Automatically. The Stasi were never that efficient.
When we choose to use Social Surveillance Networks, we are choosing to allow people of dubous moral fibre, with awkward relationships with governments, to keep track of us. And yet we can’t stop using Social Surveillance Networks any more than we can stop breathing: it is how we communicate now.
The only thing we can do is to be very clear about what is permissible, and what not.
You are making surveillance easy by not being clear about what is permissible. You are making surveillance easy by accepting the bent logic of the Social Surveillance Networks. You are making surveillance easy by using the cloud. It will rain.
4. We made Surveillance Easy
So one might say “technology should protect us,” ignoring entirely the political implications of technology. Technology is neither good nor bad, nor is it neutral, as Melvin Kranzberg has pointed out.
There are two ways to enforce any rule: enforcement by policy, and enforcement by design.
When you enforce a rule through policy, then the rule is kept as long as the policy is not changed, and nobody violates the policy, and nobody forgets to enforce it. It works well while everybody is playing nice.
Getting everybody to play nice is a bit like getting everybody to eat their vegetables. Most people will do it, because they know it’s good for them, but some people will refuse, because you know, they just don’t like the taste of broccoli.
Enforcement by design is a different type of thing entirely. It is where the rule is built into the system, in such a way that the universe prevents the rule from being violated. Gravity is a rule that is enforced by design. Imagine what would happen if there were a gravity committee that met every Tuesday. There would be chaos. Thankfully, the universe is not governed by committees, and it is very good at making sure certain rules never get violated.
But the design still has to happen. To prevent surveillance, there are three methods:
Decentralization. It is harder to watch everybody when nobody is in the same place. When everybody goes to one place, we call it a single point of failure. If that point fails, everything fails. And if that point surveils, everything is surveilled. Facebook is a single point of failure for over a billion people now. Twitter is a single point of failure for about 600 million people. Skype is a single point of failure for another 600 million people. GMail is a single point of failure for at least half a billion people. Decentralized networks, by comparison, are pretty much impossible to surveil, and thankfully the Internet was designed from scratch to be decentralized. Unfortunately, a lot of the businesses on the Internet think that the only way they can make money is by building single points of failure. They made the technical decision to violate one of the most important design decisions of the Internet for their own gain, and we are all paying the price.
Encryption. Some mathematics are very easy to do but practically impossible to undo. This is important it allows us to send messages in secret. This is useful for banking, it is useful for commerce, but it’s also useful for political activism, or police activities, or keeping healthcare records safe. Encryption is, however, used very sparingly. Next time you visit a website, check if it says “https” at the top. If it only says “http”, without the “s”, then your communications are not encrypted. Unfortunately, HTTPS is hard to use, and it has many flaws, so most websites don’t use it. In fact, about 700 of the largest 1000 websites in the world don’t enforce HTTPS encryption. E-mail is even worse: in order to encrypt that, people are required to learn mystical magical incantations called PGP, and even those who have learned this horrible type of magic get it wrong every now and then. This is because PGP was never designed for normal people. It was designed by elitist technologists for use by elitist technologists, and for that we are all paying the price.
Hardening of computational endpoints. This is a bit more complicated, but generally what it means is that we need to write better software. Unfortunately, the common approach to software development is to make something that doesn’t work and then keep poking it until it does. If buildings were made the way software is, they would look ugly, stand at odd angles, and suddenly collapse. This isn’t just because software developers are bad at developing software, it’s also because software is hard. But long story short, most software is riddled with severe bugs that make surveillance easy.
The technical community created this mess, by making poor decisions and by valuing speed and profits more than stability or security. The greybeards who built the Internet created this situation because they had faith in the system, in the nuclear bureaucracy of the cold war era. When the guys with the shiny shoes came and told them not to build in encryption, they said okay, because they thought the government was their friend.
The technical community has a lot to answer for.
We made surveillance easy by pretending that a few big centralized services weren’t a problem. We made surveillance easy by making PHP and MySQL easier to use than HTTPS and PGP. We made surveillance easy by believing in the benevolence of the governments. We made surveillance easy by writing bad code. We made surveillance easy by not caring enough about people.
3. We cannot stop Surveillance
So one might ask, “how come the public has unintentionally conspired with governments and the technical community to eliminate privacy?” The answer is democracy.
I have so far not mentioned Edward Snowden, and have been working on the supposition that he needed no introduction. But let’s imagine a world where most countries operated on the principle that its laws were created by a group of people who were selected in a fair election by the adults in each country. These people also make executive decisions, such as managing roads and waging wars. They also decide who gets to be judge. Now imagine what would happen if these people decided to do something absolutely horrible, and never tell the public. How would we ever know? As long as the guise of democracy was maintained, we have no proof that they aren’t working for our benefit.
The only reason we know that the governments of this world have been waging war on us is because Edward Snowden told us. Oh, we had our suspicions, but we had no proof. And he gave us proof of activities being conducted against us that were way beyond anything we could have imagined. But, note, he only told us of the activities of the US and UK governments, and a bit about their Five Eyes partners. There still has been no Chinese Snowden, or Russian Snowden, or Indonesian, or Nigerian, or even Polish Snowden. There is an entire world of bad stuff being done behind our backs.
Stopping surveillance is impossible, because surveillance can happen without us knowing. Projects like PRISM and TEMPORA and Boundless Informant could, in theory, be defunded, but the technology already exists and can’t be un-invented. Even if the NSA were abolished, like the Black Chamber was in the 1920’s, the technological artefacts won’t be dismantled because there is no way to prove that they have been dismantled. You can’t dismantle a piece of software, you can just stop running it. But there’s no way to prove that other people aren’t still running it.
Moreover: abolishing the NSA would do nothing to reduce the capacity of the FSB, or GCHQ, or the BND. The US may be attacking us more than everybody else, but that doesn’t mean the others aren’t attacking us.
Since we cannot stop surveillance, we must learn to live with it. We need to learn to live in a world of perpetual information warfare, where states attack each other and all of them attack us. But that does not mean that we need to accept surveillance, or make it easy, or even allow the surveillors to get away with it. Not at all.
We cannot stop surveillance, but the good news is we don’t have to.
2. We can make Surveillance Expensive
The best thing we can do in this situation is make surveillance prohibitively expensive to maintain. In order to do that, we need to be very serious about our demands. We must demand decentralization, strong encryption, and hardened endpoints. But we must also demand political accountability.
Making surveillance economically expensive will reduce the activities of the surveillance agencies. Making surveillance politically expensive will reduce the activities of the governments and the corporations.
My current estimation of how much it costs to monitor everybody is about 25 cents per person per day. It’s a rough estimate, gotten by taking a rough estimation of the budget of the largest surveillance alliance, the Five Eyes, and dividing that number by the number of people who use the Internet. It’s changed a bit over the last year: I estimated it as being around 13 cents per person per day back when Snowden first revealed this activity to us. Since then, more and more people have been adopting strong encryption, even though it’s hard, people have made greater demands of security, and things have gotten a little bit better overall.
1. Surveillance does not happen in a (Political) Vacuum
Surveillance serves political ends. The objective is control, and we are the controlled. The logic of government is the logic of normalization. Only that which can be seen can be normalized. We must always be watched. If we are not watched, government cannot work.
This has been true throughout history. Surnames were created to give authorities a better understanding of who was who, so that people could be catalogued and taxed. We have passports and ID cards, so our flow can be controlled. Biometrics are becoming more and more popular. As technology has developed, the capabilities of humans have expanded, but so have the needs of the state to have perfect visibility.
That visibility extends not only to citizens of the state in question, but to all citizens of all states. In particular, those citizens who wield political power. Historically, those people are the kings and the presidents, but also the parliamentarians, and the state officials, and so on down. But now, for all the faults of the Social Surveillance Networks, they are facilitating greater communication, which is lending more political power to the public.
Surveillance is a weapon. We are, as a species, engaged in information warfare. Bellum Omnium Contra Omnes, Hobbes said, the war of all against all, could only be avoided if there were strong centralized governments. Because, he said, humans are not angels, and we cannot be trusted. As it happens, governments are not angels either. And those with much power can be trusted even less than those with none.
0. This is a Cold War that can Never End
I’ve been calling this information warfare, but the question remains whether this can be called a war at all. I posit it can: the Internet Engineering Task Force has defined pervasive surveillance as an attack. When person attacks a person, we call it a crime. When a state attacks another state, we call it war. When a state attacks its own people, we call it a civil war – no matter how uncivil it is. Incidentally, when the people retaliate against states, it is called terrorism.
But when nobody dies from the war, and instead of broken houses and broken lives we simply live in constant fear, we call it a cold war. This is a cold war, but it’s not like the last one. In the past, the nuclear bureaucracies of the world were engaged in a standoff against each other. Now, the old nuclear burueaucracies are engaged in a standoff against us. And we’re unarmed.
One of the most interesting documents generated during the cold war era was a document generally referred to as the Long Telegram. Written by George Kennan, it is the first document to suggest the US strategy of containment, whereby the USSR would be prevented from spreading its political influence or ideology, and would be allowed to rot from the inside until the point of collapse. It is effectively the cold equivalent of a war of attrition.
This is my Long Telegram. I am calling for a war of information attrition against those in this world who would seek to wield their power against the general population, in whatever form. This needs to happen on all levels, but the opening step involves rendering ourselves illegible to the surveillance state. It’s really easy: just be as confusing to the state as possible. Break the logic of the state. If it can’t understand you, it cannot fight you.