4 Comments

Summary:

Vint Cerf, one of the “fathers” of the internet and a current Googler, reckons it is impossible to ensure people’s online privacy through technological means. But is it really?

Jeff Jarvis interviews Vint Cerf at Guardian Activate 2013

Is there technological solution for protecting people from online surveillance? Not according to Vint Cerf, co-inventor of the internet and current Google “evangelist.”

Cerf’s dual identity made for an interesting performance at the Guardian’s Activate 2013 conference in London on Tuesday, where he faced many questions around privacy and surveillance. He initially appeared to dodge these questions — understandably, given Google’s sensitive position in the middle of the current fuss — but they kept on coming and he eventually gave a clear opinion.

The questioner wanted to know whether Cerf and his DARPA colleagues had considered the surveillance potential of stored information when they adopted the concept of state, and whether the protection of privacy required a technological or institutional solution.

Here’s what Cerf said. It is, I think, worth quoting at length:

“It has to be institutional; it also has to do with social conventions that we adopt. The reason there isn’t a technological solution is that the ability to infer information from partial information is extremely powerful — you can take information which appears to be anonymous and (extrapolate identity). It has to be a set of conventions that we adopt, either a legal framework or social conventions.

“Technology is racing ahead so quickly and we are so eager to embrace it with our mobiles and everything else that we don’t fully appreciate the side effects. When we put photos on the web and other people tag them, we create (problems) for people who just happen to be in the image. They get caught… we learned this with Street View.

“There are a lot of things that we do everyday that we think are innocent… but there are cascades of things that happen. I don’t think we’ve figured out what the right intuitive set of social conventions should be in order to protect privacy. We’re going to have to learn by making mistakes.

“This can’t be just a national issue because the internet is everywhere. The consequence of that is it causes us to confront head-on this problem of global issues, of frameworks, legal frameworks, social conventions and the like.”

Wise words, even if they don’t point to any easy solutions.

I was particularly struck by Cerf’s point about invading the privacy of others. With facial recognition technology speeding ahead, it’s very easy to override someone else’s desire for privacy or anonymity without even realizing it. It’s one thing for a person to agree to the privacy trade-off of Facebook or Google+ for themselves, and quite another to drag nearby people into that decision.

That said, I’m not entirely sure that technological measures can’t play a part. Cerf’s chief inquisitor at Tuesday’s event was media guru Jeff Jarvis, who asked (prior to the state question) whether snooping by the NSA and other intelligence agencies might put people off the cloud, and whether users might demand more encryption to protect their online activities.

Cerf noted that Google encrypts data as it travels into and out of its systems, but argued against the use of encryption within. “I’m not sure that encrypting everything inside the system would be a smart move, if it prevents us from offering the services that enable all the things you get for free,” he said, adding that it “would not be a good thing from a business point of view” or for the user either.

If someone can figure out new business models that deliver services while at least partially protecting users from prying eyes — probably business models that aren’t built around targeted advertising, as Google’s is — then technological solutions to the privacy problem may indeed play a significant role.

It is certainly the case that fragments of data can be more easily glued together than ever before, but perhaps that doesn’t preclude a new breed of service providers from doing more in mitigation. Motivation may be the key.

  1. Hi David, I was sitting next to you in the audience at Activate today. You say “That said, I’m not entirely sure that technological measures can’t play a part.” which isn’t what Vint said – he said technology absolutely is part of the solution, it just can’t be the whole solution. I think that’s right. He also didn’t “argue against the use of encryption within” just that it wouldn’t make sense for all data within cloud systems to be encrypted. He said that users should be aware when their data was within a strongly encrypted part of the system and when it wasn’t. That sounds like a good position too.

    Share
  2. I’ve thought about this. It would be technically feasible, even fairly straightforward, to build, say, a Facebook-like service using encryption so that unencrypted data is never sent from users’ devices or stored on the service’s servers. It could be done in such a way that even unrestricted access to the service’s servers and traffic wouldn’t do much for the NSA and its ilk. Of course, that would preclude a Facebook-like business model, which depends on, in effect, spying on users, but it isn’t hard to think of viable alternatives. The main problem would be that the service would be unable to police itself against various abuses by users. So what?, I imagine some people would ask. Well, for example, consider this scenario:

    Boy meets girl. They fall in lust. Boy takes photos of girl minus clothes. Boy and girl fall out of lust. Boy shares photos with pals via the service. Girl finds out, is not amused, demands the service take down the photos. But the service can’t even identify the photos, which are encrypted so that they can’t be viewed except by the boy and people he authorizes. All the service can do is either terminate the boy’s entire account – solely on the basis of the girl’s complaint – or see the girl in court.

    It isn’t hard to think up such scenarios. I wouldn’t care to be a founder dealing with them.

    Share
  3. Alas, folks keep missing the point. Privacy is not about secrecy and hiding from others or passing laws to punish looking. Privacy is getting smaller, yes, but we will have some, providing we do not panic and everyone shares the vast augmentation of vision. Then you and I will catch, spot, perceive the gaze that others cast our way!

    Already, there are devices that spot a lens almost a mile away. Soldiers can now tell if they are being looked-at. And if we all get this? Sure it’s an arms race. But fretting and moaning only disarms us.

    Think. You have privacy in a crowded restaurant because you have a good chance of CATCHING eavesdroppers and society disapproves of that behavior. Why is it so hard to envision us all, empowered with godlike vision, choosing to notice who stares a lot and – by consensus – persuading them to stop? How is that more naive than believing (as Vint shows to be foolish) that technology can assure us we’re hidden?

    With cordial regards,

    David Brin
    author of The Transparent Society: Will Technology Make Us Choose Between Privacy and Freedom?

    Share
    1. David, your points are in brackets. I reply to each point below the brackets.
      [Alas, folks keep missing the point.]
      I’m not sure the privacy advocates are missing the point, if they’re advocating that coercive networks (governments, government-connected medical institutions, insurance companies who have an interest in denying claims, etc.) not be allowed to legally exploit what they see.

      [Privacy is not about secrecy and hiding from others or passing laws to punish looking.]
      This sentence covers a ridiculous amount of territory. Privacy can be about all of the prior. What really matters is context: Who is doing the looking? Are sociopaths looking at you, without your being able to look at them? That’s usually the case with those who would enforce mala prohibita. So long as mala prohibita exist, I want zero ability of any of those goons to look at anyone. Moreover, I want robust legal defenses to throw out their snooping and declare that it doesn’t rise to the level of “probable cause” for any warrant. I want all the data they see in that capacity barred from court. So, does that “punish” the government for looking by not allowing them to arbitrarily punish innocent people for whatever “malum prohibitum” they find? You’re a libertarian. This should be obvious to you.

      [Privacy is getting smaller, yes, but we will have some, providing we do not panic and everyone shares the vast augmentation of vision.]
      My vision is quite unlike the vision of snooping sociopaths, and unlike the vision of Pollyanna types who naively underestimate the capacity of a degraded democracy to do evil. Government without limits trends to Winston Smith’s “1984.” You can claim that libertarians care about (“are incentivized to protect”) their freedom as much as Big Brother is incentivized to take it away, but the data don’t correspond to that claim. The career of every bureaucrat in the USA is dependent on the ability of the Federal Reserve to print money out of nothing, and direct it to the coercive collectivist causes they favor (the ones congress dreams up). When such government goons are “legally” (via unconstitutional statute, enforced by unconstitutional prosecutors and judges who “allow” the unlawful destruction of innocents in their courts, and ban “constitutional” defenses in “their” courts) allowed to gather our data it’s for the purpose of violating individual rights, (in a myriad of unconstitutional ways, with a myriad of unconstitutional government programs).

      [Then you and I will catch, spot, perceive the gaze that others cast our way!]
      Great. Let’s hope we can do this from inside a prison cell. The entire point is that the law hasn’t caught up with the one-way ability to snoop. Additionally, the average technology user is not a technology expert: And tech experts are typically bought for chump change, just like Snowden’s less moral counterparts, who have chosen to keep their $100K salaries.

      [Already, there are devices that spot a lens almost a mile away. Soldiers can now tell if they are being looked-at. And if we all get this? Sure it’s an arms race. But fretting and moaning only disarms us.]
      Well, no. Fretting and moaning also serves the government and our elected parasites with notice that we don’t appreciate being set up to take the fall for their sociopathic tendencies, and their lack of regard for our privacy. Additionally, some of “us” who fret and moan are lawyers, and political leaders, and LIBERTARIAN MALCONTENTS, who refuse to be tagged, numbered, monitored, harangued, harassed, licensed, tracked, followed, badgered, inspected, spied on, etc. To the best of our ability to “fret and moan” we will alert our fellow sheep to the danger of giving the government “easy arrests,” and we will attempt to have such data rendered inadmissable in court after we hear the voice say “Remain exactly where you are, make no move until you are ordered.”

      If we “fret and moan” enough, that day may never come. Also, our fretting and moaning might reach the ears of some people who are not passive computer nerds who can do more to restore liberty than lawyers and people who live their lives through the panopticon of facebook and google.

      [Think.]
      I’m doing my best, sir.

      [ You have privacy in a crowded restaurant because you have a good chance of CATCHING eavesdroppers and society disapproves of that behavior.]
      Not really. You lack privacy there, but you don’t mind, because you’re not doing anything that could really be held against you. If you wanted more data security or “privacy,” you’d rent the champagne room and sweep it for bugs. If you wanted still more privacy there are additional steps you could take, and so forth. That’s the escalation you spoke of earlier. However, getting the sociopaths to be afraid that their actions could get them fired is a great means of not having to escalate as much as you otherwise would have. Political technology is simply one more tool that we have at our disposal to prevent abusive sociopaths with the color of law on their side from destroying the quality of our lives. Using this technology is a great idea. Also, abandoning the technology, or fighting them tooth and nail every step of the way is also a great idea.

      It does zero good to allow universal tracking and surveillance in a state so immoral, unphilosophical, and thuggish that it assaults people and murders them for trading plant flower buds. In fact, the battle for privacy, and the disallowal of snooping information in court also serves another purpose: it’s the canary in the coalmine that serves as a loud and vociferous “vote of no confidence” in our grotesque and power-grabbing elected sociopathic parasites.

      [Why is it so hard to envision us all, empowered with godlike vision, choosing to notice who stares a lot and – by consensus – persuading them to stop?]
      Maybe because most people don’t even use PGP, and very few people have a realistic comprehension of how bad it can be when the government uses data they thought was private, against them. Also: the “godlike vision” you’re suggesting currently requires computer software security skills that most people severely lack.

      [ How is that more naive than believing (as Vint shows to be foolish) that technology can assure us we’re hidden?]
      I don’t think that any privacy advocates currently hold that naive and foolish belief. Rather, I think virtually all privacy advocates want to limit the power of the government and corporations to harvest data that we don’t consent to release to them, with the default being “do not release.” I think virtually all privacy advocates understand that there is a limited amount of success they can have, on a long continuum, from zero privacy (highly undesirable) to total privacy (impossible, and undesirable for the limits it would place on the flow of communication). We will all always reside somewhere in between those two poles. However, the government, having long ago overstepped its bounds and become a tyranny, should be severely restricted in what information it can access –especially as long as mala prohibita outnumber mala in se on our lawbooks.

      [With cordial regards,

      David Brin]
      Likewise, -Jake Witmer, Libertarian Pamphleteer

      Share

Comments have been disabled for this post