Part 4 (1/2)
PRIVACY.
Other companies are routinely collecting information about their own customers and users-often without permission. Social media sites like Facebook and search engines like Google are among the many companies whose business models are based on advertising revenue and who maximize the effectiveness of advertising by constantly collecting information on each user in order to personalize and tailor advertising to match each person's individual collection of interests.
Many Internet sites, in effect, treat their customers as their products. That is, the revenue they receive from voluminous files of information about each user is simply too valuable for them to give up. The use of Facebook's ”like” b.u.t.ton automatically ”allows” the site to track users' online interests without offering them an opportunity to give their consent. In a sense, this is yet another manifestation of the underlying cyber-Faustian bargain. The revenue that is earned from the targeted advertising made possible by all of those ”cookies” (small software programs placed-often surrept.i.tiously-on a user's computer during its interaction with a website) supports the ”free” distribution of voluminous amounts of valuable content on the Internet. Most Internet users seem to feel that the tradeoff is an acceptable one. After all, the advertis.e.m.e.nts they are exposed to are ones they are more likely to be interested in. The tracking technologies are, in the words of one a.n.a.lyst, ”simply tools to improve the grip strength of the Invisible Hand.”
There are generational differences in the acceptance of this tradeoff where social media sites like Facebook and Twitter are concerned. Many in my generation, for example, are often surprised at the amount of personal information shared on Facebook by those who are younger. Already, some social media users who have left school to enter the workforce have been surprised when potential employers routinely access all of their posts and sometimes discover information that one would not necessarily want a potential employer to see. More recently, some employers have demanded that job applicants provide the pa.s.sword to their Facebook accounts so that private sites can also be accessed. (Facebook, to its credit, has reiterated that its policy is to never give out such pa.s.swords, and they urge their users not to do so. However, in a tough job market, the pressure to expand potential employers' visibility into their online lives is obviously more acceptable to some than others.) It is also noteworthy that, after being hired, many employees have been subjected to cybersurveillance by their employers.
The extreme convenience offered by Internet websites leads many users to feel that incremental losses of privacy are a small price to pay. The very fact that I can find virtually every business in Nashville, Tennessee, where I live, and virtually every business anywhere in the United States (and in almost any other country) is almost, well, magical. This is a tangible ill.u.s.tration of what economists call the network effect-by which they mean that the value of any network, especially the Internet, increases exponentially as more people connect to it. Indeed, according to Metcalfe's Law, an equation proposed by one of the early pioneers of the network, Robert Metcalfe, the inherent value of any network actually increases as the square of the number of people who connect to it.
Similarly, the convenience provided by online navigational software-like Google's Street View-makes it easy to ignore the misgivings some have about having the picture and location of their homes displayed on the Internet. (Google's apparent collection of large amounts of information from unencrypted WiFi networks in the homes and businesses it photographed-which it says was inadvertent-is a continuing source of controversy in several countries.) Many take comfort in the fact that hundreds of millions of others are facing the same risks. So how bad could it be? Most people are simply unaware of the nature and extent of the files being compiled on them. And for those who do become aware-and concerned-they quickly find out that there is no way that they can choose not to have their every move on the Internet tracked. The written privacy policies on websites are typically far too long, vague, and complicated to understand, and the options for changing settings that some sites offer are too complex and difficult.
There is abundant evidence that the general expectations of privacy are at wide variance with the new reality of online tracking of people connected to the Internet, and adequate legal protections have not caught up with Internet usage. In some countries, including the United States, Internet users can choose to no longer have advertising based on the tracking delivered to them. But users who try to opt out of the tracking itself are presently unable to do so. The protections that supposedly provide a ”do not track” option are essentially useless, due to persistent lobbying pressure from the advertising industry. Even when people try to opt out, the tracking continues for a simple reason: there is an enormous amount of money to be made from collecting all of the information about what everyone does on the Internet. Every click is worth a minuscule fraction of a penny, but there are so many clicks that billions of dollars are at stake each year.
The Wall Street Journal has published a lengthy series of investigative articles on the way cookies report information about a user's online activities. Everyone who clicks on Dictionary.com automatically has 234 cookies installed on his or her computer or smartphone, 223 of which collect and report information about the user's online activity to advertisers and others who purchase the data.
The c.u.mulative impact of pervasive data tracking may yet produce a backlash. The word most frequently used by users of the Internet to describe the pervasiveness of online tracking is ”creepy.” Although the companies that track people's use of the Internet often say that the user's name is not attached to the file that is a.s.sembled and constantly updated, experts say there is little difficulty in matching individual computer numbers with the name, address, and telephone numbers of each person.
As computer processing has grown steadily faster, cheaper, and more powerful, some companies and governments have begun using an even more invasive technology known as Deep Packet Inspection (DPI), which collects ”packets” of data sent to separate routers and rea.s.sembles them to reconst.i.tute the original messages sent, and to pick out particular words and phrases in packets in order to flag them for closer examination and reconst.i.tution. Tim Berners-Lee, the inventor of the World Wide Web, has spoken out against the use of DPI and has described it as a grave threat to the privacy of Internet users.
In one of the most publicized examples of the exposure of private data via computer, the roommate of a gay student at Rutgers was found guilty of using a webcam to share views of his roommate engaging in intimate acts (tragically, the gay student committed suicide soon after).
Some sites, including Facebook, use facial recognition software to automatically tag people when they appear in photos on the site. Voice recognition software is also now used by many sites to identify people when they speak. These audio files are often used to enhance the ability of the software to learn the accent and diction of each user in order to improve the accuracy with which the machine interprets successive verbal communications. In order to protect the user's privacy, some companies erase the audio files after a few weeks. Others, however, keep every utterance on file forever. Similarly, many software programs and apps use location-tracking programs in order to enhance the convenience with which information can be delivered with relevance to the user's location. An estimated 25,000 U.S. citizens are also victims of ”GPS stalking” each year.
But all such information-websites visited, items within each website perused, geographic location day by day and minute by minute, recordings of questions users ask, pictures of the individuals wherever and whenever they may appear on websites, purchases and credit card activity, social media posts, and voluminous archival data in accessible government databases-when combined, can const.i.tute an encyclopedic narrative of a person's life, including details and patterns that most would not want to be compiled. Max Schrems, a twenty-five-year-old Austrian law student, used the European Union's data protection law to request all the data collected about him on Facebook, and received a CD with more than 1,200 pages of information, most of which he thought he had deleted. The case is still pending.
Even when Internet users are not connected to a social media site and have not accepted cookies from commercial websites, they sometimes suffer invasions of privacy from private hackers and cybercriminals who use techniques such as phis.h.i.+ng-which employs enticing email messages (sometimes mimicking the names and addresses chosen from a user's contact list) in order to trick people into clicking on an attachment that contains surrept.i.tious programs designed to steal information from the user's computer or mobile device. The new crime known as ident.i.ty theft is, in part, a consequence of all the private information about individuals now accessible on the Internet.
Through the use of these and other techniques, cyberthieves have launched attacks against Sony, Citigroup, American Express, Discover Financial, Global Payments, Stratfor, AT&T, and Fidelity Investments, all of which have reported large losses as a result of cybercrime. (Sony lost $171 million.) The Ponemon Inst.i.tute estimated in 2011 that the average digital data breach costs organizations more than $7.2 million, with the cost increasing each year. Yet another computer security company, Norton, calculated that the annual cost of cybercrime on a global basis is $388 billion-”more than the annual global market for marijuana, cocaine, and heroin combined.” Numerous other online businesses have also been penetrated, including LinkedIn, eHarmony, and Google's Gmail. In the fall of 2012, a simultaneous cyberattack on Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo, and PNC prevented customers from gaining access to their accounts or using them to make payments.
The obvious and pressing need for more effective protections against cybercrime, and especially the need to protect U.S. companies against the grave cybersecurity threats they are facing from China, Russia, Iran, and elsewhere, have been married to the post-9/11 fears of another terrorist attack as a combined justification for new proposals that many fear could fundamentally alter the right of American citizens-and those in other nations that value freedom-to be protected against unreasonable searches, seizures, and surveillance by their own government.
There is reason for concern that the biggest long-term problem with cybersecurity is the use of voluminous data files and online surveillance technologies to alter the relations.h.i.+p between government and the governed along lines that too closely resemble the Big Brother dystopia conjured by George Orwell more than sixty years ago. The United Kingdom, where Orwell published his novel, has proposed a new law that would allow the government to store Internet and telephone communications by everyone in the country. It has already installed 60,000 security cameras throughout the nation.
Many blithely dismiss the fear that the U.S. government could ever evolve into a surveillance state with powers that threaten the freedom of its citizens. More than sixty years ago, Supreme Court Justice Felix Frankfurter wrote, ”The accretion of dangerous power does not come in a day. It does come, however slowly, from the generative force of unchecked disregard of the restrictions that fence in even the most disinterested a.s.sertion of authority.”
One of the founders of reason-based a.n.a.lysis of data to arrive at wise decisions, Francis Bacon, is credited with the succinct expression of a biblical teaching: ”Knowledge is power.” The prevention of too much concentrated power in the hands of too few-through the division of governmental powers into separate centers balanced against one another, including among them an independent judiciary-is one of the core principles on which all free self-governments are based. If knowledge is indeed a potent source of power, and if the executive and administrative centers of political power in governments have ma.s.sive troves of information about every citizen's thoughts, movements, and activities, then the survival of liberty may well be at risk.
As the first nation founded on principles that enshrined the dignity of individuals, the United States has in many ways been the most attentive to the protection of privacy and liberty against overbearing intrusions by the central government. And many in the United States have taken comfort in the knowledge that throughout its history, America has experienced a recurring cycle: periods of crisis when the government overreached its proper boundaries and violated the liberties of individuals-followed soon after by a period of regret and atonement, during which the excesses were remedied and the proper equilibrium between government and the individual was restored.
There are several reasons, however, to worry that the period of excess and intrusion that followed the understandable reaction to the terrorist attacks of September 11, 2001, may be a discontinuity in the historical pattern. First, after 9/11, according to another former National Security Agency employee, ”basically all rules were thrown out the window, and they would use any excuse to justify a waiver to spy on Americans”-including exercising their ability to eavesdrop on telephone calls as they were taking place. Former senior NSA official Thomas Drake said that the post-9/11 policy s.h.i.+ft ”began to rapidly turn the United States of America into the equivalent of a foreign nation for dragnet blanket electronic surveillance.”
One former agency official estimates that since 9/11, the NSA has intercepted ”between 15 and 20 trillion” communications. The ”war against terror” does not seem to have an end in sight. The spread of access by individuals and nonstate organizations to weapons of ma.s.s destruction has made the fear of deadly attack a fixture of American political life. The formal state of emergency first established after September 11, 2001, was routinely extended yet again in 2012. The American Civil Liberties Union reported that a 2012 Freedom of Information inquiry showed a sharp increase in the number of Americans subjected to warrantless electronic surveillance by the Justice Department over the previous two years (even as formal requests for warrants declined). Chris Soghoian, the princ.i.p.al technologist at the ACLU's Speech, Privacy and Technology Project, said, ”I think there's really something at a deep level creepy about the government looking through your communications records, and you never learn that they were doing it.”
Second, the aggregation of power in the executive branch-at the expense of the Congress-was accelerated by the emergence of the nuclear arms race following World War II. Now, the prevailing fear of another terrorist attack serves as a seemingly una.s.sailable justification for the creation of government surveillance capabilities that would have been shocking to most Americans even a few years ago.
History teaches, however, that unchecked powers-once granted-may well be used in abusive ways when placed in the hands of less scrupulous leaders. When Presidents Woodrow Wilson and Richard Nixon engaged in abuses of civil liberties that shocked the nation's conscience, new laws and protections were pa.s.sed to protect against a recurrence of the abuses. Now, apparently, the threshold for what is required to shock the nation's conscience has been raised because of fear. The U.S. Supreme Court ruled in 2012, for example, that police have the right to conduct strip searches, including the inspection of bodily orifices, for individuals who are suspected of offenses as trivial as an unpaid parking ticket or riding a bicycle with a defective ”audible bell” attached to the handlebars. George Orwell might have rejected such examples in his description of a police state's powers for fear that they would not have seemed credible to the reader. (It is important to note, however, that the same Supreme Court ruled that it was unconst.i.tutional for police departments to secretly attach electronic GPS tracking devices to the automobiles of citizens without a court-ordered warrant.) In another chilling example of a new common government practice that would have sparked outrage in past years, customs agents are now allowed to extract and copy all digital information contained on an American citizen's computer or other digital device when he or she reenters the country from an international trip. Private emails, search histories, personal photographs, business records, and everything else contained in the computer's files can be taken without any grounds for suspicion whatsoever. It is easy to understand how such searches are justified when the government has reason to believe that the traveler has been engaging in child p.o.r.nography, for example, or has been meeting with a terrorist group in a foreign country. However, such searches are now placed in the ”routine” category, and no reasonable cause for allowing the search is required. In one case, a doc.u.mentary filmmaker raising questions about U.S. government policies was among those whose digital information has been searched and seized without any showing of reasonable cause.
The surveillance technologies now available-including the monitoring of virtually all digital information-have advanced to the point where much of the essential apparatus of a police state is already in place. An investigation by the American Civil Liberties Union showed that police departments in many U.S. cities now routinely obtain location-tracking data on thousands of individuals without a warrant. According to The New York Times, ”The practice has become big business for cellphone companies, too, with a handful of carriers marketing a catalog of 'surveillance fees' to police departments.” The U.S. government has also provided grants to local police departments for the installation of tracking cameras mounted on patrol cars to routinely scan and photograph the license plates of every car they pa.s.s, tagging each photograph with a day-and-time stamp and a GPS location, and adding it to the database. A Wall Street Journal investigation found that 37 percent of big city departments are partic.i.p.ating in this data collection exercise, which compiles voluminous information on the whereabouts of everyone driving cars in their cities and keeps it on file. At least two private companies are also compiling similar databases by routinely photographing license plates and selling the information to repossession companies. One of them advertises it has 700 million scans thus far. The CEO of the other said he plans to sell the data to private investigators, insurers, and others interested in tracking people's locations and routines.
Especially since September 11, 2001, business has been booming for the manufacturers of surveillance hardware and software. The market for these technologies has grown over the last decade to an estimated $5 billion per year. Like the Internet itself, these technologies cross international borders with ease. U.S. companies are the princ.i.p.al manufacturers and suppliers of surveillance and censors.h.i.+p software and hardware used by authoritarian nations-including Iran, Syria, and China.
Surveillance technologies initially developed by U.S. companies for use in war zones also often make their way back into the United States. The drone technology used so widely in Iraq, Afghanistan, and Pakistan has now been adopted by some domestic police forces-with predictions that new generations of un.o.btrusive microdrones equipped with video cameras will become commonplace tools for law enforcement agencies. The Electronic Frontier Foundation found through a Freedom of Information Act lawsuit that as of 2012 there were already sixty-three active drone sites in the U.S. in twenty states.
Advances in microelectronics have also made hidden cameras and microphones far easier to use. Some sophisticated versions of spyware are now being used remotely to surrept.i.tiously turn on a user's smartphone or computer microphone and camera to record conversations and take photographs and videos without a user's permission or awareness-even if the device has been turned off. Similarly, the microphones contained in the OnStar systems installed in many automobiles have also been used to monitor the conversations of some suspects. Other software programs can be surrept.i.tiously installed to keep track of a user's keystrokes in order to reconstruct pa.s.swords and other confidential information as it is typed into a computer or device.
Significantly, the cybersecurity threats faced by U.S. corporations-alongside the threat of terrorism-are being used as a new justification for building the most intrusive and powerful data collection system that the world has ever known. In January of 2011, at the groundbreaking of this new giant, $2 billion facility in Utah, the senior official from the National Security Agency, Chris Inglis, announced the purpose of the ”state of the art facility” was to ”enable and protect the nation's cybersecurity.” The capabilities of the facility being built there (which will become operational at the end of 2013) include the ability to monitor every telephone call, email, text message, Google search, or other electronic communication (whether encrypted or not) sent to or from any American citizen. All of these communications will be stored in perpetuity for data mining.
This system is eerily similar to a proposal put forward by the George W. Bushd.i.c.k Cheney administration two years after the 9/11 attacks. It was called Total Information Awareness (TIA), and the suggestion caused public outrage and resulted in congressional action to cancel it. In the years since, politicians in both political parties have become fearful about challenging any intelligence-gathering proposal that is described as having a national security purpose.
In more recent years, the American people have successfully persuaded Congress to curb some government intrusions into their privacy. In 2011, the Stop Online Piracy Act and its companion Senate bill PROTECT IP Act-which were sought by entertainment and other information content companies as a means of safeguarding their intellectual property-were found to contain new government authorities to shut down websites popular with the public if they contained any copyrighted material. The resulting outrage, and the effective online campaign against these proposals, resulted in the withdrawal of both. However, the outrage generated by the prospect of losing access to online entertainment has not been matched by a similar outrage over the prospect of warrantless government surveillance of private communications among Americans.
The Cyber Intelligence Sharing and Protection Act (CISPA) is an example of a proposed U.S. law to empower the government to eavesdrop on any online communication if it has reason to suspect cybercrime. While it is easy to understand the motivation behind this proposal, the volume of Internet communication that could be deemed suspect under the broadly defined terms of the law poses a de facto exemption for government agencies from a wide variety of other laws intended to protect the privacy of Internet users.
It is yet another example of how the cyber-Faustian bargain we have made with the Internet is creating difficulty in reconciling the historic principles upon which the United States was founded with the new reality of the Global Mind. As a technology writer recently put it, ”If America's ongoing experiment in democracy and economic freedom is to endure, we will need to think again about cultivating the necessary habits of the heart and resisting the allure of the ideology of technology.” China and other nations dedicated to authoritarian governance are also facing a historic discontinuity because of the new reality of the Global Mind.
Every nation uses the Internet and every nation has its own ideas about the future of the Internet. The multiple overlapping conflicts accompanying the world's historic s.h.i.+ft onto the Internet are nowhere close to being resolved. As a result, there are calls for the imposition of some form of global governance over the Internet, which has, since its inception, been governed benignly by the U.S. government (and by a quasi-independent group established by the U.S. government) according to norms and values that reflect the American tradition of free speech and robust free markets.
The fact that nations such as China, Russia, and Iran, whose values and norms are often in direct conflict with those of the U.S., are among the chief protagonists pus.h.i.+ng to transfer authority over the global Internet to an international body is reason enough to fear the proposal and to follow the unfolding struggle with care. It is unfortunate that Brazil, India, and South Africa are following the lead of China and Russia.
Some corporations and governmental agencies are now developing ”dark nets”-that is, closed networks that are not connected to the Internet-as a last resort for protecting confidential, high-value information. Some Internet companies-most significantly Facebook, which now has one billion users and prohibits anonymity-have adopted a ”walled garden” approach that separates some of its information from the rest of the Internet.
In addition, some corporations that sell access to the Internet and simultaneously sell high-value content over the Internet have attempted to slow down or make more expensive similar content from compet.i.tors. Although they raise legitimate issues about allocating the cost of expanding their bandwidth, this potential conflict of interest is also an important issue for the future of the Internet. It is the reason so many have called for network neutrality laws that protect free speech and free compet.i.tion.
The efforts by some corporations to control information on the Internet have led some to fear that the Internet could eventually be split apart into multiple, separate networks. However, that is unlikely to occur, because the full value generated by the Internet depends upon the fact that it is connected in one way or another to the vast majority of people, companies, and organizations in the world. For the same reason, the efforts by nations like China and Iran to isolate their citizens from disruptive forces coursing across the Internet globally are probably doomed to fail.
The world system as a whole is breaking out of an old enduring pattern that has been in place since the emergence of the system based on nation-states. No one doubts that nations will continue as the primary units of account where governance is concerned. But the dominant information system now being used by the world as a whole-the Global Mind-has an inherent unifying imperative, just as the printing press helped unify nations in the era in which they were born. And the decisions now confronting the world as a whole cannot be made by any single nation or small group of nations. For several decades, when the United States made up its mind, the world followed the U.S. lead. Now, however, along with digital information, the power to shape the world's future is being dispersed throughout the globe. As a result, the Global Mind is not so easy to make up.
* There is considerable debate and controversy over when-and even whether-artificial intelligence will reach a stage of development at which its ability to truly ”think” is comparable to that of the human brain. The a.n.a.lysis presented in this chapter is based on the a.s.sumption that such a development is still speculative and will probably not arrive for several decades at the earliest. The disagreement over whether it will arrive at all requires a level of understanding about the nature of consciousness that scientists have not yet reached. Supercomputers have already demonstrated some capabilities that are far superior to those of human beings and are effectively making some important decisions for us already-handling high-frequency algorithmic trading on financial exchanges, for example-and discerning previously hidden complex relations.h.i.+ps within very large amounts of data.
The memory bank of the Internet is deteriorating through a process that Vint Cerf, a close friend who is often described as a ”father of the Internet” (along with Robert Kahn, with whom he co-developed the TCP/IP protocol that allows computers and devices on the Internet to link with one another), calls ”bit rot”-information disappears either because newer software can't read older, complex file formats or because the URL that the information is linked to is not renewed. Cerf calls for a ”digital vellum”-a reliable and survivable medium to preserve the Internet's memory.
A predecessor of the Internet was demonstrated in 1969, when on October 29 the first long-distance communication between computers was sent from UCLA to SRI in Menlo Park. ARPANET was subsequently developed by the Department of Defense as a means of a.s.suring uninterrupted communication among far-flung military units, and communication with intercontinental ballistic missile silos in the aftermath of a potential nuclear strike by the Soviet Union. However, the first description of an ”Internet” based on TCP/IP appeared in a May 1974 paper by Vint Cerf and Bob Kahn, and the first three-network demonstration took place on November 22, 1977. The formal operational launch of the Internet took place on January 1, 1983. The public funding of a demonstration network linking supercomputers-the National Research and Education Network-repeated the pattern established in the 1840s, when a publicly funded demonstration of Samuel Morse's invention, the telegraph, produced the capacity to send a message from Was.h.i.+ngton to Baltimore: ”What hath G.o.d wrought?” (Morse had actually received the first message seven years earlier over a distance of three miles in New Jersey-the less inspiring and less memorable sentence ”A patient waiter is no loser.”) The age of electronic, ”instantaneous” communication was born. Five days later, the first public demonstration of the telegraph was conducted over the same two-mile line before a small a.s.sembled audience and featured a message that underscored the significance of the new invention for business: ”Railroad cars just arrived, 345 pa.s.sengers.” On May 24, 1876, less than thirty-two years after the public demonstration of the telegraph, Alexander Graham Bell first demonstrated the ability to send voice communication electrically over wires with his message ”Mr. Watson, come here; I want to see you.”
For a larger version of the following image, click here.
3.
POWER IN THE BALANCE.
WITH A TIGHTLY INTEGRATED GLOBAL ECONOMY AND A PLANET-WIDE digital network, we are witnessing the birth of the world's first truly global civilization. As knowledge and economic power are multiplied and dispersed far more widely and swiftly than by the Print and Industrial Revolutions, the political equilibrium of the world is undergoing a ma.s.sive change on a scale not seen since the decades following Europe's linkage by sea routes to the Americas and Asia 500 years ago.