If you set out to design the perfect surveillance architecture, what would you come up with? Assume there are no “legacy” issues, and you get to design the entire system for the benefit of the entity that gets to do the surveillance (government, or private sector, doesn’t really matter which).
It’s an interesting thought experiment, and I thought I write down what I came up with.
I think it boils down to doing three things:
- Getting access to information that people already have.
- Monitoring and recording people’s activities as they occur.
- Inducing people to create and share with others as much information about their lives as possible.
(There is some overlap between those points.)
The “solution” I would come up with to address these “requirements” would look like this:
- Make it somehow preferable for people to take the information that they have already, and put it in a place where you can easily get at it. Bad: PC hard drives. Memory cards. Boxes under mattresses. Good: the cloud; the fewer cloud providers, the better.
- You need to make sure that you have a listening post “everywhere” something interesting might be happening. That includes all the “wires” over which information is exchanged, and of course putting as many cloud-connected sensors as possible into “everything”, from traffic intersections to home thermostats. That’s easiest if much information that is already being collected has to pass through a small set of bottlenecks, because you can simply watch those. Bad: people talking to each other at back tables in restaurants or walking through a park. People using cash. People going off-line more often. Good: a very few cell phone providers, broadband providers and social media sites. A tracking beacon on every website masquerading as a Like button or free analytics software. Connected cars. Connected sensors everywhere where you see the data first.
- Establish a social norm in which you are only cool if you record, or share, everything you do and think in a way that it can be collected. Bad: people minding their own business. Photographs stored at home. Good: sharing what you ate for lunch, on-line “check-in’s” etc.
Now tell me: why does this list look just like the list of currently “in” technologies, “cool” on-line behaviors, supported by just the right (i.e. small) number of centralized communications bottlenecks, connected devices and cloud providers?
If you instead had set out to do the opposite, which is to design an architecture that is as anti-surveillance as possible, just like above ignoring the “installed base”, what would you do? I think it would boil down to:
- Make it preferable for people to take the information that they already have and put it in places where few others can easily get at. Bad: somebody else’s hard drive. The cloud. Centralized providers of any kind. Good: decentralized storage among friends. Disconnected storage. Encrypted storage.
- Keep collected information local instead of shipping to some cloud. Have as many options for information exchange as possible. Let users hack their devices. Bad: a few central bottlenecks. Social media sites. A non-competitive broadband or mobile market. Cloud-connected devices. Hierarchical certificate authorities. Good: mesh networking. Peer-to-peer exchange. Email with encryption. Open-source products with no terms of service or lock-in.
- A social norm where the public/promiscous sharing of “OMG three pictures of my dinner plate with timestamp and GPS coordinates” is considered “out” and socially unacceptable. Instead, where sharing is an act of intimacy with close friends.
I can only think of one reason the non-surveillance architecture isn’t prevalent instead of the surveillance architecture: lots of powerful actors really want to surveil, because they get some benefit out of it.
But why should we care what they want to do? Let’s build the technology that works for us: decentralized, open-source, hackable, user-owned and user-controlled.