Report On Brooklyn College Teach-In On ‘Web Surveillance And Security’

Yesterday, as part of ‘The Brooklyn College Teach-In & Workshop Series on Resistance to the Trump Agenda,’ I facilitated a teach-in on the topic of ‘web surveillance and security.’ During my session I made note of some of the technical and legal issues that are play in these domains, and how technology and law have conspired to ensure that: a) we live in a regime of constant, pervasive surveillance; b) current legal protections–including the disastrous ‘third-party doctrine‘ and the rubber-stamping of governmental surveillance ‘requests’ by FISA courts–are simply inadequate to safeguard our informational and decisional privacy; c) there is no daylight between the government and large corporations in their use and abuse of our personal information. (I also pointed my audience to James Grimmelmann‘s excellent series of posts on protecting digital privacy, which began the day after Donald Trump was elected and continued right up to inauguration. In that post, Grimmelmann links to ‘self-defense’ resources provided by the Electronic Frontier Foundation and Ars Technica.)

I began my talk by describing how the level of surveillance desired by secret police organizations of the past–like the East German Stasi, for instance–was now available to the NSA, CIA, and FBI, because of social networking systems; our voluntary provision of every detail of our lives to these systems is a spook’s delight. For instance, the photographs we upload to Facebook will, eventually, make their way into the gigantic corpus of learning data used by law enforcement agencies’ facial recognition software.

During the ensuing discussion I remarked that traditional activism directed at increasing privacy protections–or the enacting of ‘self-defense’ measures–should be part of a broader strategy aimed at reversing the so-called ‘asymmetric panopticon‘: citizens need to demand ‘surveillance’ in the other direction, back at government and corporations. For the former, this would mean pushing back against the current classification craze, which sees an increasing number of documents marked ‘Secret’ ‘Top Secret’ or some other risible security level–and which results in absurd sentences being levied on those who, like Chelsea Manning, violate such constraints; for the latter, this entails demanding that corporations offer greater transparency about their data collection, usage, and analysis–and are not able to easily rely on the protection of trade secret law in claiming that these techniques are ‘proprietary.’ This ‘push back,’ of course, relies on changing the nature of the discourse surrounding governmental and corporate secrecy, which is all too often able to offer facile arguments that link secrecy and security or secrecy and business strategy. In many ways, this might be the  most onerous challenge of all; all too many citizens are still persuaded by the ludicrous ‘if you’ve done nothing illegal you’ve got nothing to hide’ and ‘knowing everything about you is essential for us to keep you safe (or sell you goods’ arguments.

Note: After I finished my talk and returned to my office, I received an email from one of the attendees who wrote:

 

Facebook and Writers’ Status Messages

My last post on Facebook led me to think a bit more its–current and possible–integration into our lives, especially those conducted online.

As ‘net users are by now aware, almost any site you visit on the ‘net features a Facebook button so that you can indicate whether you ‘Like’ the page and thus, share it with your ‘Friends.’ Of course, in so doing, you also leave a digital trail of sorts, indicating what you have read, what music you have listened to, which videos you have viewed, which jokes you found funny, and so on. As Eben Moglen put it rather memorably at a talk at NYU a few years ago, (and I quote from memory):

In the old days, the East German Stasi used to have to follow people, bug them, intimidate their friends to find out what they read, what they got up to in their spare time. Now. we have ‘Like’ buttons that do the same for us.

The surveillance, the generation of data detailing our habits, our inclinations, our predilections, is indeed quite efficient; it is made all the more so by having outsourced it to those being surveilled, by dint of the provision of simple tools for doing so.

I personally do not get very creeped out by the notion of hitting ‘Like’ on a article that I enjoyed reading–though, struck by Moglen’s remark, I have not done so even once since returning to Facebook in 2010. I do however find it very creepy that Netflix asks me if I would like to share my movie viewing preferences with my friends on Facebook; that seems excessively invasive. 

In any case, I do not think the limits of this kind of ‘integration’ of Facebook with the information we consume and the software we use have yet been reached.

Here is at least one more possible avenue for Facebook’s designers to consider. Many ‘net users access it via an ‘always-on’ connection. Thus, even when they are not actively using an Internet application–like say, a word processor, or a spreadsheet–they are still connected to the ‘net. In the not so distant future, these programs could be designed–by close cooperation between Facebook and the software vendor in question–to supply information about our usage of these applications to our ‘Friends.’ On a real-time basis.

Thus, for instance, when I would open a file on my word processor, my ‘Friends’ would be so informed; they would then learn how long I had continued editing, how many breaks I took, (and of course, if those breaks were online, they would be told which pages I had opened, and how long I had spent there), and so on. Our software would come with this feature turned on; you would have to opt-out or customize your sharing.

This way, all those status messages we are often treated to on Facebook: ‘Hooray, first draft complete!’ or ‘Finally got five hundred words written today’ or ‘I just can’t seem to get anything written today’ could be automated. Extremely convenient, don’t you think? Examples like this–for other kinds of applications–can be readily supplied, I’m sure.