A blog covering security and security technology.
? Narratives of Secrecy | Main | NSA Crossword Puzzles ?
IT for Oppression
Whether it's Syria using Facebook to help identify and arrest dissidents or China using its "Great Firewall" to limit access to international news throughout the country, repressive regimes all over the world are using the Internet to more efficiently implement surveillance, censorship, propaganda, and control. They're getting really good at it, and the IT industry is helping. We're helping by creating business applications -- categories of applications, really -- that are being repurposed by oppressive governments for their own use:
- What is called censorship when practiced by a government is content filtering when practiced by an organization. Many companies want to keep their employees from viewing porn or updating their Facebook pages while at work. In the other direction, data loss prevention software keeps employees from sending proprietary corporate information outside the network and also serves as a censorship tool. Governments can use these products for their own ends.
- Propaganda is really just another name for marketing. All sorts of companies offer social media-based marketing services designed to fool consumers into believing there is "buzz" around a product or brand. The only thing different in a government propaganda campaign is the content of the messages.
- Surveillance is necessary for personalized marketing, the primary profit stream of the Internet. Companies have built massive Internet surveillance systems designed to track users' behavior all over the Internet and closely monitor their habits. These systems track not only individuals but also relationships between individuals, to deduce their interests so as to advertise to them more effectively. It's a totalitarian's dream.
- Control is how companies protect their business models by limiting what people can do with their computers. These same technologies can easily be co-opted by governments that want to ensure that only certain computer programs are run inside their countries or that their citizens never see particular news programs.
Technology magnifies power, and there's no technical difference between a government and a corporation wielding it. This is how commercial security equipment from companies like BlueCoat and Sophos end up being used by the Syrian and other oppressive governments to surveil -- in order to arrest -- and censor their citizens. This is how the same face-recognition technology that Disney uses in its theme parks ends up identifying protesters in China and Occupy Wall Street protesters in New York.
There are no easy technical solutions, especially because these four applications -- censorship, propaganda, surveillance, and control -- are intertwined; it can be hard to affect one without also affecting the others. Anonymity helps prevent surveillance, but it also makes propaganda easier. Systems that block propaganda can facilitate censorship. And giving users the ability to run untrusted software on their computers makes it easier for governments -- and criminals -- to install spyware.
We need more research into how to circumvent these technologies, but it's a hard sell to both the corporations and governments that rely on them. For example, law enforcement in the US wants drones that can identify and track people, even as we decry China's use of the same technology. Indeed, the battleground is often economic and political rather than technical; sometimes circumvention research is itself illegal.
The social issues are large. Power is using the Internet to increase its power, and we haven't yet figured out how to correct the imbalances among government, corporate, and individual interests in our digital world. Cyberspace is still waiting for its Gandhi, its Martin Luther King, and a convincing path from the present to a better future.
This essay previously appeared in IEEE Computers & Society.
Posted on April 3, 2013 at 7:29 AM ? 19 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"We need more research into how to circumvent these technologies, but it's a hard sell to both the corporations and governments that rely on them. For example, law enforcement in the US wants drones that can identify and track people, even as we decry China's use of the same technology."
as many of us have noticed, expecting the law to catch up with the technology is extremely naive. the best course of action is to stay educated and protect yourself with the proper tech.
- run an open source OS
- use full disk encryption
- use client-side encryption when storing data in the "cloud"
being careful with your data storage helps moderate censorship, surveillance and control. note that this does not protect you from your way-too-open facebook profile or your fly-off-the-handle twitter account.
Reading "The Net Delusion" by Morozov and he has some interesting thoughts on the truthiness of the belief that increased technology, such as twitter, breeds democracy.
Basically he says it's bollocks.
"and we haven't yet figured out how to correct the imbalances among government, corporate, and individual interests in our digital world".
My view how to balance interests: Government can do what is exactly autorized by Law only. What is not allowed for Government by Law and affected Corporation or individual is prohibited.
Individual can do anything that is not directly banned by Law, i.e.
what is not prohibited is allowed. Period.
Corporation can do whatever is not directly banned by Law taking civil resposibility for consequences. Corpoartion when dealing with individual should clear disclose upfront in plain English what is Corporation intended to do within scope not banned by Law towards individual, property, privacy, data, etc.
Those are general principles regardless of technology under consideration for law-guided State claimed to be democratic.
Small addition: Laws should clear as well, not accordeon laws which are worse than clear but iron laws. Latter provides more predictability of application at least.
Ted Kaczynski had it right.
"95: The degree of personal freedom that exists in a society is determined more by the economic and technological structure of the society than by its laws or its form of government. Most of the Indian nations of New England were monarchies, and many of the cities of the Italian Renaissance were controlled by dictators. But in reading about these societies one gets the impression that they allowed far more personal freedom than our society does. In part this was because they lacked efficient mechanisms for enforcing the ruler?s will: There were no modern, well-organized police forces, no rapid long-distance communications, no surveillance cameras, no dossiers of information about the lives of average citizens. Hence it was relatively easy to evade control."
"#130: Technology advances with great rapidity and threatens freedom at many different points at the same time...To hold back any ONE of the threats to freedom would require a long and difficult social struggle. Those who want to protect freedom are overwhelmed by the sheer number of new attacks and the rapidity with which they develop, hence they become apathetic and no longer resist. To fight each of the threats separately would be futile. Success can be hoped for only by fighting the technological system as a whole; but that is revolution, not reform."
From:
http://archive.org/details/...
Also interesting: paragraphs 163-166.
Use the master's tools to destroy the master's house. That's the only thing technology is good for now.
>> Companies have built massive Internet surveillance systems designed to track users' behavior all over the Internet and closely monitor their habits.
Indeed. But strange and disturbing that most continue to focus only on government abuse of power and information control.
But if governments were doing the things that private corporations do now, we'd have a revolution and people would crying communism, totalitarianism, going crazy with revolt, etc. Yet, somehow it's considered legit because it's not being done to us "by the government."
Private, unaccountable corporate power needs to be given the same critical eye that we direct towards government power, perhaps even more so imho.
In addition, we're seeing private competitive companies moving to being oligopolies / monopolies in RECORD time, largely as a result of how technology is being used can be used to cement power in the marketplace.
I disagree with the point of untrusted software.
We currently observer that doing the opposite is just the best way to enforce all kinds of controls.
pi
Thank you for keeping up on this theme (the same one, I've mentioned, that my book is about: that you can't on the one hand say technology empowers, and then on the other say that those with power are somehow dis-empowered by technology--a thesis which the facts clearly disprove, unless one thinks Schumpeterian creative destruction is actually disempowering to corporate capital, which it is not.) As you say, but it is so hard for people to hear: the solutions to these problems are not technical. They are political. More disturbingly, belief that there are technical solutions to the problem makes finding political solutions more difficult, not less.
And the reason it is hard for people to hear is because of a deep faith in the general beneficence of digital technology (and the massive corporate interests that promote it) that is actually a huge part of the problem. Open source, HTTPS, etc., will not solve this. Getting technology into some more democratic control (which it is ironically about as far away today as it's ever been, if not farther, despite all the talk of "transparency" and "open government," because of that unexamined faith in technological benevolence) is the imperative on which we should all be focused at this point. It's not even clear what that would mean or what form it could take, but the current regime of absolute power going to corporations and unelected takers of power (aka "hackers") is among the most dangerous political formations we have seen in history.
If Tocqueville had written this 170 years later, he would only have to add the effects of technology to the mix.
From:
WHAT SORT OF DESPOTISM DEMOCRATIC NATIONS HAVE TO FEAR
"I seek to trace the novel features under which despotism may appear in the world. The first thing that strikes the observation is an innumerable multitude of men, all equal and alike, incessantly endeavoring to procure the petty and paltry pleasures with which they glut their lives. Each of them, living apart, is as a stranger to the fate of all the rest; his children and his private friends constitute to him the whole of mankind. As for the rest of his fellow citizens, he is close to them, but he does not see them; he touches them, but he does not feel them; he exists only in himself and for himself alone; and if his kindred still remain to him, he may be said at any rate to have lost his country.
Above this race of men stands an immense and tutelary power, which takes upon itself alone to secure their gratifications and to watch over their fate. That power is absolute, minute, regular, provident, and mild. It would be like the authority of a parent if, like that authority, its object was to prepare men for manhood; but it seeks, on the contrary, to keep them in perpetual childhood: it is well content that the people should rejoice, provided they think of nothing but rejoicing. For their happiness such a government willingly labors, but it chooses to be the sole agent and the only arbiter of that happiness; it provides for their security, foresees and supplies their necessities, facilitates their pleasures, manages their principal concerns, directs their industry, regulates the descent of property, and subdivides their inheritances: what remains, but to spare them all the care of thinking and all the trouble of living?
Thus it every day renders the exercise of the free agency of man less useful and less frequent; it circumscribes the will within a narrower range and gradually robs a man of all the uses of himself. The principle of equality has prepared men for these things;it has predisposed men to endure them and often to look on them as benefits.
After having thus successively taken each member of the community in its powerful grasp and fashioned him at will, the supreme power then extends its arm over the whole community. It covers the surface of society with a network of small complicated rules, minute and uniform, through which the most original minds and the most energetic characters cannot penetrate, to rise above the crowd. The will of man is not shattered, but softened, bent, and guided; men are seldom forced by it to act, but they are constantly restrained from acting. Such a power does not destroy, but it prevents existence; it does not tyrannize, but it compresses, enervates, extinguishes, and stupefies a people, till each nation is reduced to nothing better than a flock of timid and industrious animals, of which the government is the shepherd."
There is no technical solution because technology is the problem.
One reason that the Government earns the special ire of libertarians is that it, and it alone, wields the Hobbesian sword enforcing the Law.
A moment's thought would suggest that this mandates that the Government be separated quite forcibly from influence of the mighty, as they will ensure the sword does not touch their necks. But this thought has not been well-propagandaized, for reasons that are also obvious.
@Jake:
None of the cited methods by which governments use IT for oppression, involve hacking into brave civil libertarians' computers to get at their data. So it is unclear to me how your proposed open-source OS and secure encryption are supposed to help.
An oppressive government doesn't much care what's on your computer; mostly it just wants to know is going over your Wi-Fi or DSL feed. And all it really needs to know is what addresses your feed is pointing to; the actual data or content can be as securely encrypted as you like, and they'll still know whether you are one of the people who needs to be "disappeared" in the name of their security.
Censorship, propaganda, surveillance, and control were invented against consumers for companies, and lobbies adapted the law to allow them. Guess that when states uses them, they are still against the citizen.
Censorship, propaganda, and control should be forbidden even for companies. With transparency in companies so that individuals can scrutinize companies and enforce that.
"Surveillance is necessary for personalized marketing, the primary profit stream of the Internet"
Is there any evidence that personalized marketing is the primary profit stream of the Internet? Is there even evidence that personalized marketing is a majority of the profit stream of marketing on the Internet, or that marketing is the primary profit stream of the Internet?
The ad industry flacks (IAB, DAA, NAI) would tell you that the Internet was built on advertising, but their job is to protect the interest of their members, or at least to protect their own revenue streams.
Got to peel your eyes for the heat, my dear, you got to froth and foam.
Got to send away the mad puppeteer, who seems to think this is home.
~ from "B'wana - He No Home" by Michael Franks
for all the GB of data they have on me, they still haven't worked out how to advertise to me something that i'm interested in buying.
stuff that i'm totally uninterested in buying, otoh...
@ verstap,
... they still haven't worked out how to advertise to me something that i'm interested in buying. stuff that i'm totally uninterested in buying, otoh...
You mean that you are not a fish in need of a bicycle?
We certainly live in worrying times. I definitely agree with that.
The fact is that the same tools that are the weapons of freedom are also the weapons of totalitarian regimes.
You won't find companies researching "freedom tools". That is a job that will always be left to individuals and those with slightly anarchic tendencies.
The good news is that there are still plenty of those!
So while we will no doubt all end up being microchipped. I have no doubt that someone will come up with a with of removing it.
@verstapp: Same with me. Occasionally I get ads that fall in the general area of my interest, but I can count the number times I actually followed an ad on my fingers - and I don't remember a single case of buying something because I got an ad for it.
The problem is that you, me and other technically-savvy, logical, reasonable people are not the major target of marketing campaigns. They target gullible people, who would buy almost anything attractively presented and/or falsely described, or who will shift their brand preferences in response to dummy arguments, emotional statements or just sexy pictures.
The 'targeting' by exploiting surveillance data allows campaigners to better tune their messages so they trigger the response is such people more often. So it is like lowering a ballistic missile's CEP from 20 miles to 5 miles, not like using laser-guided munitions (yet?)
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
Source: http://www.schneier.com/blog/archives/2013/04/it_for_oppressi.html
louisville Kevin Ware Injury Video Richard Griffiths FGCU Reid Flair Trey Burke tony romo
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.