joshhansen.net

Category: surveillance state

  • Age verification: a moral panic

    Age verification: a moral panic

    Senator Frame, Representatives Berry and Reed,

    I’m writing to oppose the imposition of age verification requirements for online services in the State of Washington.

    The laws before the legislature on this topic and similar laws in other states are not privacy-preserving, but enable surveillance, risk identity theft, and suppress free expression on the internet, which has been the single greatest force for providing support to oppressed groups around the world.

    The present approach of services estimating a user’s age, and requiring them to upload extremely private documents such as driver licenses if they are suspected of being a minor, is a privacy nightmare. Already, the popular Discord chat service has seen driver licenses stolen in an inevitable data breach, putting users at risk of identity theft and other fraud.

    Data breaches are not a question of ‘if’, but rather of ‘when’. It is imperative to reduce the amount of private information required to participate online, because it will eventually be stolen by malicious actors.

    Technologies exist to minimize information exposure while proving facts such as being born after a certain date or being of a minimum age. Known as zero-knowledge proofs, these would use a cryptographic ID issued by the state (a form of driver’s license perhaps) to mathematically prove that the user is 18 or older (for example) without disclosing any additional information.

    This technology exists now and could minimize the information revealed in an age verification procedure. I would much prefer such a privacy-maximizing strategy over what is being proposed currently.

    However, even such a system which discloses only a single bit of information (whether the user is of age or not) imposes serious burdens on the free speech and free association rights guaranteed in both the federal and state constitutions. These essential rights properly apply to all “persons”, not only to adults. Not all residents of the state have identity documents, or likely ever will, shutting them out of essential components of 21st century life. Free expression and assembly rights are too important to be burdened by an ID requirement.

    The place to address the harms of social media and pornography use is in the home; culture, rather than law, is the correct paradigm. Savvy parents are already limiting their kids’ social media use, for example.

    But the state imposing a single approach for all Washingtonians guarantees harm. What’s right for one family will be wrong for another. For example, age verification could limit a gay kid learning about his sexuality.

    We are in a time of moral panic about children’s welfare. Conspiracy theories abound. Age verification laws are part and parcel of this broader freakout. Instead of adding to the madness, let’s sit this one out.

    I’d appreciate hearing about your approach to this important issue.

    Thank you,

    Josh Hansen

    See also:

    Credit: cover image by Basile Morin, titled “Relief of a devil’s head with a large open mouth, golden horns and sharp teeth, at the bottom of a facade of a building facing the sidewalk in Rue du Grand Hospice, Brussels center, Belgium.”

  • A Fig Leaf

    There is a major separation of powers issue with the current surveillance arrangement:

    The standard for permitting a query of the database of internal US phone calls is a “reasonable, articulable suspicion” of terrorist activity, Inglis says.

    Only 20 analysts within the NSA are empowered to approve targeting US-based phone conversations, he says. One of those 20 analysts, or their two supervisors – 22 people total – must sign off on any domestic targeting, he says. [link]

    The intelligence and law enforcement officials as subject to “checks and balances“. But they clarified, in the most detail provided publicly thus far, that most of those checks are internal.

    James Cole, the deputy attorney general, said that the NSA needs “reasonable, articulable suspicion” of involvement in terrorism before searching the millions of Americans’ phone records that it collects. But, Cole said: “We do not have to get separate court approval for each query.”

    Instead, the NSA sends an “aggregate number” of times it has searched the database every 30 days to the secret Fisa court that oversees surveillance, while also sending a separate report each time NSA analysts inappropriately search the database. Alexander’s deputy, Chris Ingliss, said NSA analysts searched the database 300 times in 2012 in total.

    Representative Adam Schiff, Democrat of California, said that “it may be valuable to have court review prospectively”. [link]

    So 22 people in an executive branch agency decide for themselves whether a search of millions of records of communications involving American citizens should go forward, and then tell a judge once a month how many times they searched the database. Fourth Amendment refresher:

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    Key phraseology: “particularly describing“, “to be searched”, “to be seized”

    The warrant is to issue before the search takes place, and there must be a specific description to the issuing authority of the search to be performed. From all appearances, neither of these conditions are satisfied by the NSA’s internal controls on its surveillance tools.

    NSA employees are acting as their own judges, issuing their own warrants, and then asking for the FISA court’s rubber-stamp approval after the fact. NSA’s arrangement seeks judicial oversight for searches up to one month after they’re already carried out. All evidence gathered through these methods would be inadmissable before any normal, non-secret court. There’s zero value in getting a warrant after the search or seizure has been executed: by then, it’s too late, liberties have already been violated, and any objection by a judge after the fact would be a dead letter.

    This is a fig leaf, pure and simple, and while it may make the president and others in government feel good that they are going to great lengths to supposedly protect our civil liberties, it seems to me clearly unconstitutional. And we’re still left with the apparent fact that our government has massive troves of data on American citizens that can be mined in the first place. Again I assert that the value of such data is so great that it will inevitably be abused. Furthermore, knowledge that we are being watched constantly will have a chilling effect on free society and culture. And we depart further from the republican ideal the less public our republic becomes.

  • Decentralizing the Web… Again

    …cloud computing represents centralization of information and computing resources, which can be easily controlled by corporations and governments. [Jaeger, et al. Link]

    In the wake of Prismgate or the Snowden Affair or whatever we’re going to call this kerfuffle, I’ve been struck by how the current centralized nature of the World Wide Web has facilitated the surveillance. While the Web’s technical architecture is distributed—no single server is essential for the continued functioning of the overall system—in practice the economic realities of web-scale computing have encouraged a centralization of user data in a relatively small number of providers. These are the Googles and Facebooks of the world. These kingpins of the Internet also happen, by and large, to be American corporations. What a windfall this provided the NSA!

    This intense concentration of personal information is simply too valuable—for companies, governments, and individuals alike. It’s being abused, and will continue to be abused as long as it exists. But the Web and, more generally, the Internet are all about distributed systems. World Wide Web. Internetwork. It’s about lots of little nodes connected by the network. Would it be possible to reclaim the distributed heritage of the Web?

    Companies like Google actually use huge datacenters powered internally by distributed computation to power your web requests. What if that computation was moved from its central location out to the nodes of the wider network? There are at least two obstacles to this happening: the first is technical, the second is economic.

    Technical Requirements

    How can you run a world-class web application like those provided by Google, with no central servers? Many others have thought about this and worked toward a solution. Here’s the sort of system I would like to see:

    • Globally Distributed. That’s the point—no single node contains all or even a substantial minority of the data. Nor does any single nation.
    • Redundant. The loss of individual nodes is extremely unlikely to lead to data loss due to redundant backups.
    • General. It can run an email app, a social networking app, a web search app, a calendar app, and so on.
    • Private. Users decide what data to share with whom and under what circumstances.
    • Anonymous. Participation on an anonymous basis is possible.
    • Secure. Replicas of data are encrypted so the compromise of a distant node does not reveal personal information to those not authorized to view it.

    Many of these conditions are already met in cloud computing environments, but in controlled, centralized conditions. We should move distributed computing technologies out of the datacenter and onto the broader Internet.

    Economic Implications

    Now, the economics.

    The current centralized model is supported almost entirely through the advertising revenues of the central provider. You don’t pay for a Gmail account—at least, not with money. You pay by being subjected to advertising. And, if you respond to that advertising, you pay by buying things from advertisers. If you think about it, in this model, you aren’t even the customer—you are the product. Google sells access to you to advertisers. But all of this advertising revenue pays for the infrastructure so you don’t have to—the hardware, the manpower, the electricity, etc. This arrangement is easy for the average guy or gal, but has some definite downsides. The immortal words of Jeff Hammerbacher come to mind:

    “The best minds of my generation are thinking about how to make people click ads. That sucks.” [link]

    How could the average web user be induced to pay for their own server in a distributed web application? It should be noted that web users already pay for their web access—$50+ dollars per month to the ISP. What if that fee included a server that was their home base on the web? A cheap, fault-tolerant photo storage service? A highly secure social networking endpoint? A super-fast email app, without the creepy targeted ads? I admit it’s a tough sell. I don’t know the whole answer. If it requires more than minimal additional work by users, the prospect is doomed. But if it provides a better, easier, safer experience—the premium web experience—then perhaps people will pay a little more? Dalton Caldwell’s App.net experiment is very relevant here.

    But what if that’s the wrong question, and we should be asking, How could the average web user continue to receive free web applications without the support of advertising revenue? How could this possibly be done? By establishing a global-scale computation marketplace. So you buy a computer—tablet, phone, laptop, desktop, it doesn’t matter—and connect it to a distributed social network application. It contains your social network data and serves it to any requesting information about you (only giving out the information you want it to, of course.) You want your data to be available while you’re offline, though, so you offer payment (via Bitcoin or something similar) to any who will host your data, up to a limit of 5 copies, with payment depending on the historical uptime of each node. But others on the network also want backups, and you take payments in exchange for hosting their data. Want to search the social network? Provide micropayments to nodes to induce them to participate; receive micropayments for helping other nodes make their own searches.

    Those who require more resources will spend money to facilitate searches, backups, etc. Those who require less resources may earn money by renting out their mostly-idle server. Perhaps the average user, by renting their computer out to users of various distributed applications earns as much as they spend. Thus the application is free and is not funded by advertisers but by power-users, whose interests are more aligned with the interests of the general userbase.