Blog Post

We are becoming police states. Everyone OK with that?

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

We are becoming technologically-enabled police states. That’s a reasonable analysis of a situation where the average citizen is investigated as a matter of course, their lives recorded on the basis that they, or someone they know, or someone that person knows, is a “person of interest.”

We are treating this as an unstoppable development, with a variety of justifications. The intelligence services are building this future because they can, technologically and politically speaking. Politicians mostly don’t understand the technology and above all fear being accused of being soft on terrorism, or pedophilia, or whatever the panic of the day may be. They also know that information is power.

Technologists recognize the power and pervasiveness of this constant surveillance better than most, but are mostly reluctant to countenance the idea of moderating or regulating progress. And the average citizen either doesn’t realize what western societies are becoming, or feels powerless to shape that trajectory.

Data collection can be surveillance

The one thing that politicians get right about technology is that it’s part of the real world: rules and norms are just as applicable online as off, even though enforcing them in each realm can require different tactics and sometimes create different results. So let’s look at what’s happening online today, and compare it with its closest offline analogy.

On Wednesday, The Guardian and the UK’s Channel 4 News revealed what most suspected by this point: the monitoring of vast swathes of the British populace. In 2007, then-prime minister Tony Blair allowed a change in the intelligence agreement between the U.K. and the U.S., permitting the Americans to record British citizens’ phone and fax numbers, emails and IP addresses, so as to map who communicates with whom. It is extremely unlikely that this data is not shared with the British authorities.

In pre-internet terms, this is the equivalent of a low-level cop following someone and compiling a report of where they went, who they spoke to and when. Only it’s on a much larger scale: as always, the idea is to scoop up information about not only “persons of interest” but people three hops away from them (“hops” being degrees of separation). That can quite plausibly mean the surveillance of hundreds of thousands or even millions of people, due to their indirect links with just one person of interest.

stalking dudeThose who try to defend mass surveillance say this is irrelevant. They argue that the important thing is not what data is collected, but what is done with that data. In effect, they are saying that surveillance only begins when more senior detectives look at those junior officers’ reports and spot something that prompts a closer look. That argument is absurd.

We already know that some NSA analysts have used their facilities to track crushes and former lovers — the NSA has only admitted to a handful of such incidents, but these are only the cases where the analysts turned themselves in. We don’t know the real scale of abuses of this and other kinds, just as we don’t know who other than Edward Snowden (who again reported his own action, only to the world rather than just his superiors) made off with classified NSA and GCHQ material. Hundreds of thousands of people, if not more, can use this data to monitor pretty much anyone. And that’s before the “actual surveillance” kicks in.

What’s more, because we seem to have no effective oversight of the intelligence community, we don’t know how often they are using this basic surveillance information as a trigger to dig deeper. We must take it on trust that they don’t regularly commit a digital equivalent of “search and seizure”, the kind of invasive prying that law enforcement should only ever do with a warrant specific to that case (a warrant is theoretically required to see the contents of an email, for example). And what’s being used today to fight terrorism will be used tomorrow for more mundane policing activities, as is being threatened in Sweden — when that happens, the numbers of “persons of interest” explode, and everyone becomes a target.

“Innocent until proven guilty” is a fundamental principle of our societies that we now risk losing. That, and the cherished idea that someone can live their life free from unwarranted interference.

Walking further into the trap

Whatever your opinion of Edward Snowden, there is no doubt that he has triggered a debate that we were not previously having in any meaningful way. Yes, there have been prophets howling into the wind, but a lack of wider technological understanding – coupled with a belief that democratically elected governments would only allow such changes after consultation with the public – meant they were not taken seriously by most people.

TonyBlairAs it turns out, there was no real consultation, and the changes were made anyway. The situation is particularly egregious in the U.K. — Blair’s government and its successors repeatedly tried to change the law to allow the retention of everyone’s digital communications records, and were rebuffed each time because the public (and human rights experts) recognized how wrong it would be to do so. They did it anyway, even as those debates were taking place.

We now have what is probably a once-in-a-generation chance to evaluate and reconsider the changes we are making to our societies. It gets much more complicated from here: we are entering a world of ubiquitous connectivity, where everything from our cars to our buildings and toothbrushes will be pumping out data.

Much of that data will relate to individuals. Already, our smartphones include more sensors each year, emanating information that identifies not only where we walk but how we walk and when we take a pause. With the rise of wearable health-tech devices, you can add vital signs to that list. Today, those conducting smart analysis of our digital footprints on services such as Facebook(s fb) can sometimes know more about us than we do. Imagine what’s down the line.

Fitbit ForceOn top of that, we are increasingly expected to live essential parts of our lives online, where it is easiest to monitor us. Interacting with the government or local authorities is already largely a matter of visiting a website. Online is our new town hall, our new public space, our new voting booth. There will likely be no other way to conduct basic civic functions. And every one of our actions and interactions can be tracked or hacked into.

It does not have to be like this

Perhaps the greatest danger today is that of fatalist apathy. People do not think there is a viable alternative. They are wrong.

On the technological side, techniques such as anonymization and pseudonymization allow the development of personalized services that don’t invade privacy on a mass scale – yes, targeted investigations can extricate identifying information out of such masked data, but we want targeted investigations to remain possible. Indiscriminate dragnet surveillance is the problem here.

Technologists and developers need to implement privacy by design. They need to minimize the data they collect, because their advances are the very tools that can be turned against people. They need to mask that data where they can, and make it 100 percent clear to their users what data is being collected, why it’s being collected, and what’s going to happen to it. Also, we need encryption everywhere.

Secret meetingOf course there is no point in us telling the intelligence community to minimize data collection and respect encryption; to do so would be antithetical to their nature. We need to tell politicians to order them to do it.

And that’s the big challenge: we need leaders who understand what is going on, and who will intelligently address those bland assurances that mass surveillance is the best, only and inevitable option. We desperately need politicians and regulators who recognize the need for urgency in protecting our way of life and helping it develop in a positive, rather than menacing, way. Change is happening now, and it’s happening extremely quickly.

Essentially, we need leaders who are brave enough to say they would rather accept a slightly higher risk of terrorist attack or criminal activity than take away people’s everyday freedom. That may sound like a radical notion now, but it’s only a restatement of that well-worn quote from the American “founding father” and scientist Benjamin Franklin. It may border on cliché by now, but it’s no less wise and crucial today than three centuries ago:

“They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”

This is a deciding moment for our western societies and, unusually for the politics of our times, it’s not a question of left versus right. It’s a matter of authoritarianism versus civil liberties. There is no middle ground, and no time nor justification for apathy.

Because if we don’t draw the line now, where and when are we going to draw it?

18 Responses to “We are becoming police states. Everyone OK with that?”

  1. if there are not ethical debates in every aspect of information management, even in the business realm, within the social / public realm it will be completely deviant by those with the absolute power that has been given to them to use this information however they see fit. The tech industry leaders would do well to introduce an ethical dialogue in every aspect of discussions relating to information, especially that comes from human sourcing. Better to start the dialogues now than to not start them at all. Our ethical structures is all that prevents this from becoming 1984 … to the extent it hasn’t already. Great thing about ethical decisions is that anyone can make the right one even if everyone else is making a questionable one.

  2. Seriously?

    Fact checking anyone?
    ” Hundreds of thousands of people, if not more, can use this data to monitor pretty much anyone.”
    The Federal Government has a total of 2.7 million civilian employees; 700,000 of those are postal workers. The NSA likely has at most 40,000 employees, which is a lot, but not ‘hundreds of thousands, if not more’. Unless you’re trying to tell me that all those postal employees are spies. Or the government is hiding even more employees under a rock somewhere.

    This isn’t a key point in your essay, but if you’re so loose with simple, easy facts, why should we as readers try to follow your logic, or support your position on more complicated or nuanced issues?

  3. Very well writting and thought out article, although I don’t totally agree with the article, it is still one of the better ones on the subject.

    There will always be abuse by those in power, always have been, always will be. That is part of human nature, and to stop or limit the advantages that could be gained by this data would be a mistake. The focus should be on better management of the data and control over the access to the data. There should also be better collaboration between intelligence agencies and law envorcement agencies on an International scale.

    With the data we have the potential of making our society a lot safer, and should rather focus on the correct use and access of the data than trying to stop the collection of the data altogether.

    A last thought, that goverments have got access to this data is not a worry to me. The worrying thing should be is that hackers and criminal organisations also have access to this type of data. The focus of goverment agencies with this data is to protect their citizens, the focus of the criminal organisations is to abuse this data to their advantage. Three times this year Internet traffic from about 160 cities has been routed through one ISP for a few days at a time, but that hasn’t got nearly the press coverage than this Edward Snowden leaks. The possibility that this data that has been rerouted were captured and is analysed is huge, but nobody knows who has done it. That is a much bigger concern than the privacy issues we have with government access to our data, because where it comes to the illigitimate use of data by criminal organisations, there is no privacy on our data.

  4. Once a local/state/federal government becomes “too” corrupt, that’s when I start to become very very concerned. When a cop can gain access to all sort of information, they can much easier set someone up to spend years in prison, help some money making criminal know where someone is located to kill them etc. When you get into some of these old nasty industries like oil, drugs, mining, shipping on docks, railroads, etc. it seems very possible that the big money lobbyists to the local corrupt cops could wreck someone’s life for bribes and blackmail real fast!!!

  5. David Meyer is my hero-of-the-moment. This is the most lucid, compelling assessment I’ve read of the dangers posed by unbridled intelligence-gathering, the lunacy of those who defend it, and the absurdity of thinking the government will handle it responsibly.

  6. Fourth paragraph of ‘Data Collection can be Surveillance:’

    “Those who try to defend mass surveillance say this is irrelevant. They argue that the important thing is not what data is collected, but what is done with that data. In effect, they are saying that surveillance only begins when more senior detectives look at those junior officers’ reports and spot something that prompts a closer look. That argument is absurd.”

    One does not equal the other as a law. Can a use for data be to show it to your superiors, yes. But to determine that is what they are saying ‘in effect’ without any citation that could prove the statement is incorrect. No, that is not where ‘what is done with that data’ comes in effect entirely.

    You cited the NSA analysts tracking personal Persons of Interest (PoI), unrelated and in no way shape or form a political/militaristic PoI. Yes, that is abuse. That is surveillance. Absolutely correct. That use is WRONG. And, in the intelligence world, we know it. People who do things like that beneath me are punished to the severest extent I have at my disposal: it degrades the American populaces’ trust our job is built upon, which is already at an all-time low. People laterally to myself and above have fallen from doing the same thing.

    However, the general collection from the internet that has the media is a frenzy- most of which private citizens can do legally and without special programming/equipment- is not surveillance. Much of that data is never seen by human eyes, and the bit that gets flagged by our filters is scoured heavily to ensure minimal wrongful surveillance. And that is before any actual surveillance; all of the data up to that point can be found by anyone who is bored enough, or has an adequate server farm.

    Sadly, the curtain we hold to protect ourselves and our techniques from becoming common knowledge and being ineffective also masks the struggle to ensure the innocent are recognized as such and few notice any bit of what we do. Food for thought: when was the last time you had issues with police/federal agencies over internet surveillance for no reason? Or at all? Very few could testify they have. Over course, they are the loudest group, since the ones who have not been wronged in no way usually do not proclaim such, as it is needless. But still, think about it.

    One last food for thought: If a police officer walked down the street, looked through your window that had the curtains open, saw something suspicious as hell, proceeded to watch- remaining of your property- in case it was bad, and then reports it to superiors, who order a search warrant, would you rave over that too? What did he do wrong?

    • If it were an accidental look while walking by, that might be OK. This data harvesting is equal to having cameras at alli times recording ALL of the windows and analyzing everything that is seen through them. Every window of every home. And if a curtain is closed, the camera would resort to thermal imaging of the entire house.

      That’s what this wholesale automatic surveillance is about.

  7. Interesting. I’m in the other camp. I could care less about google reading my emails. There’s nothing google can do to me. Embarrass me publicly? Maybe, but I’m not easily embarrassed.

    The feds on the other hand, can make wild assumptions about uncorrelated discrete data and build a narrative to hold me “indefinitely” or charge me with crimes that require selling my house and losing my job to defend. If I dare travel overseas, they can kill me outright without even going before a judge or asking me if any of what they have is true.

    The former is merely an annoyance that would quickly put any public company out of business. The latter is a real existential threat to my wellbeing and prosperity.

  8. Anonymous Bosch

    Personal privacy will mean nothing unless it extends to the private sector, as well.

    In the long run, I am far less concerned about abuses by the public sector (over which we have more potential for control) than by private interests whose business models rely on maximizing their ability to acquire and exploit our personal data.

    Focusing solely on the risk posed by government shows a failure of imagination.

    • David Meyer

      I did say technologists must play their part too. I agree with you that the private sector presents its own dangers, but ultimately it’s governments and their agencies that have the power to do something really unpleasant based on one’s data.

      • That depends. Say the people ask for “Small Government” finally get it and end up with a small weak corrupt government working with Big Bad Corporations that end up owning “everything”. Then you find all that nice stuff like “Freedom of Speech”, “Right to Bear Arms”, etc don’t apply in CorporateTown or CorporateLand. Corporations don’t have to respond to Freedom of Information Act requests, nor hold regular elections to even pretend to let the “riff raff” choose their leaders.

        And that might happen, since so many stupid people get fixated on quantity of Government instead of quality of Government. Blaming it all on “Big Government”. When people don’t know what the real problem is, how will things get fixed? Nothing wrong with Big Government as long as it is good. But Bad Government is bad for you no matter what size it is.

        • David Meyer

          I’m just saying governments pose a more direct threat when it comes to potential misuse of surveillance data (and that includes them co-opting data harvested by corporations). If it makes any difference, I’m a European-style civil-libertarian-socialist-who-can-live-with-well-regulated-capitalism, so I have no problem with big government as long as it’s efficient and doesn’t behave in an authoritarian fashion.

      • That is why we need 2 things:
        – easy ways to run our own servers
        – micropayments.

        If we have micropayments, we don’t need private companies collecting all the data because of advertising.