{"id":2400,"date":"2015-02-27T12:09:24","date_gmt":"2015-02-27T20:09:24","guid":{"rendered":"http:\/\/upon2020.com\/blog\/?p=2400"},"modified":"2015-02-27T12:09:24","modified_gmt":"2015-02-27T20:09:24","slug":"the-perfect-surveillance-architecture","status":"publish","type":"post","link":"https:\/\/upon2020.com\/blog\/2015\/02\/the-perfect-surveillance-architecture\/","title":{"rendered":"The Perfect Surveillance Architecture"},"content":{"rendered":"<figure style=\"width: 320px\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.flickr.com\/photos\/9106303@N05\/8566082872\"><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/c1.staticflickr.com\/9\/8522\/8566082872_1b3b11dc9d_n.jpg\" width=\"320\" height=\"211\" \/><\/a><figcaption class=\"wp-caption-text\">Credit: Mike Licht on Flickr<\/figcaption><\/figure>\n<p>If you set out to design the perfect surveillance architecture, what would you come up with? Assume there are no &#8220;legacy&#8221; issues, and you get to design the entire system for the benefit of the entity that gets to do the surveillance (government, or private sector, doesn&#8217;t really matter which).<\/p>\n<p>It&#8217;s an interesting thought experiment, and I thought I write down what I came up with.<\/p>\n<p>I think it boils down to doing three things:<\/p>\n<ol>\n<li>Getting access to information that people already have.<\/li>\n<li>Monitoring and recording people&#8217;s activities as they occur.<\/li>\n<li>Inducing people to create and share with others as much information about their lives as possible.<\/li>\n<\/ol>\n<p>(There is some overlap between those points.)<\/p>\n<p>The &#8220;solution&#8221; I would come up with to address these &#8220;requirements&#8221; would look like this:<\/p>\n<ol>\n<li>Make it somehow preferable for people to take the information that they have already, and put it in a place where you can easily get at it. <strong>Bad:<\/strong> PC hard drives. Memory cards. Boxes under mattresses. <strong>Good:<\/strong> the cloud; the fewer cloud providers, the better.<\/li>\n<li>You need to make sure that you have a listening post &#8220;everywhere&#8221; something interesting might be happening. That includes all the &#8220;wires&#8221; over which information is exchanged, and of course putting as many cloud-connected sensors as possible into &#8220;everything&#8221;, from traffic intersections to home thermostats. That&#8217;s easiest if much information that is already being collected has to pass through a small set of bottlenecks, because you can simply watch those. <strong>Bad<\/strong>: people talking to each other at back tables in restaurants or walking through a park. People using cash. People going off-line more often. <strong>Good<\/strong>: a very few cell phone providers, broadband providers and social media sites. A tracking beacon on every website masquerading as a Like button or free analytics software. Connected cars. Connected sensors everywhere where you see the data first.<\/li>\n<li>Establish a social norm in which you are only cool if you record, or share, everything you do and think in a way that it can be collected. <strong>Bad<\/strong>: people minding their own business. Photographs stored at home. <strong>Good<\/strong>: sharing what you ate for lunch, on-line &#8220;check-in&#8217;s&#8221; etc.<\/li>\n<\/ol>\n<p>Now tell me: why does this list look just like the list of currently &#8220;in&#8221; technologies, &#8220;cool&#8221; on-line behaviors, supported by just the right (i.e. small) number of centralized communications bottlenecks, connected devices and cloud providers?<\/p>\n<p>If you instead had set out to do the opposite, which is to design an architecture that is as anti-surveillance as possible, just like above ignoring the &#8220;installed base&#8221;, what would you do? I think it would boil down to:<\/p>\n<ol>\n<li>Make it preferable for people to take the information that they already have and put it in places where few others can easily get at. <strong>Bad<\/strong>: somebody else&#8217;s hard drive. The cloud. Centralized providers of any kind. <strong>Good<\/strong>: decentralized storage among friends. Disconnected storage. Encrypted storage.<\/li>\n<li>Keep collected information local instead of shipping to some cloud. Have as many options for information exchange as possible. Let users hack their devices. <strong>Bad<\/strong>: a few central bottlenecks. Social media sites. A non-competitive broadband or mobile market. Cloud-connected devices. Hierarchical certificate authorities. <strong>Good<\/strong>: mesh networking. Peer-to-peer exchange. Email with encryption. Open-source products with no terms of service or lock-in.<\/li>\n<li>A social norm where the public\/promiscous sharing of &#8220;OMG three pictures of my dinner plate with timestamp and GPS coordinates&#8221; is considered &#8220;out&#8221; and socially unacceptable. Instead, where sharing is an act of intimacy with close friends.<\/li>\n<\/ol>\n<p>I can only think of one reason the non-surveillance architecture isn&#8217;t prevalent instead of the surveillance architecture: lots of powerful actors really want to surveil, because they get some benefit out of it.<\/p>\n<p>But why should we care what they want to do? Let&#8217;s build the technology that works for us: decentralized, open-source, hackable, user-owned and user-controlled.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[caption id=\"\" align=\"alignright\" width=\"320\"] Credit: Mike Licht on Flickr[\/caption] If you set out to design the perfect surveillance architecture, what would you come up with? Assume there are no &#8220;legacy&#8221; issues, and you get to design the entire system for the benefit of the entity that gets to do the surveillance (government, or private sector,&hellip;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled":false,"footnotes":""},"categories":[58,23,347,25,301,332,66,352],"tags":[],"class_list":["post-2400","post","type-post","status-publish","format-standard","hentry","category-big_picture","category-cloud","category-decentralize","category-devices","category-indie-web","category-iot","category-technical","category-values","kind-"],"kind":false,"_links":{"self":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/2400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/comments?post=2400"}],"version-history":[{"count":11,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/2400\/revisions"}],"predecessor-version":[{"id":2412,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/2400\/revisions\/2412"}],"wp:attachment":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/media?parent=2400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/categories?post=2400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/tags?post=2400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}