Law in the Internet Society

Is Encouraging Competition The Answer To Spying?

-- By ShimengCheng - 15 Oct 2012

No doubt that behavior monitoring through activities on the net can generate enormous profits for email service providers, search engines and social network operators. Yet for individual user, there is virtually no way to prevent this from happening. Unless yourself become an email service provider, how can you ensure that your next email service provider will not secretly spy on you?

So we need to make that trivially easy. With the plug servers and the Rasberry Pi beginning to bring the cost of a microserver the size of a cellphone charger down to $30, as I said two years ago they would, and with FreedomBox software, we can give people something as reliable as and more simple to use than a telephone answering machine which is their personal email server, their secure chat, voice and video communications software, their protection against local snooping, and many other good things, all at once, in a device you plug into the wall and forget.

How do you obtain the evidence that your information on social networks is being used in behavioral studies? Even if we outlaw behavioral studies through collection of private information, how can the governing administrative agency ensure the compliance with the ban when such studies are done by computer programs running behind the scene? My assumption in this essay is that it is technically impossible to achieve zero spying.

Why do you make that assumption? "Zero spying" may not be a practicable goal (as it isn't in the "real" world). But that's not a very interesting or important result. We want to know whether we can provide people with at least the level of network services they presently enjoy, minus as much as possible of the snooping and tracking by private and public parties, in ways that non-specialist network users, including children, can readily install, use and maintain. If possible we want that software to run not only in small low-cost server computers, but also in the "smart" applicances (refrigerators, dishwashers, microwave ovens, rice cookers and coffee-pots) with which the manufacturers of such devices will soon be flooding the whole human world. Our work at FreedomBox Foundation is hardly done after two years; we will just be getting to the public beginning of real software for real, but specialist, users at that point (including however many many children). You are essentially assuming that the people around the world who think they know how to do this are wrong. There is no evidence yet for the accuracy of the assumption, so far as I know. We are of course only sort of smart, and we are no doubt optimistic about our ability to educate ourselves, but how do you know we're wrong?

The question then turns into whether we can minimize the amount of behavioral information produced through spying, and therefore curb the unjust enrichment of big service providers on the net.

One solution is to turn email service providers, search engines and social networks into public carriers and to impose certain public carrier duties on them. However, this requires huge government interference with the IT market and we do not trust the government to operate important functions in the net.

How would this help? The problem with the architectures isn't that particular intermediaries are untrustworthy. The problem is that any intermediaries, including governments, empowered unnecessarily by exploitable technology of this kind will be gaining power no one ought to have, and no one need be given.

Ideally, we need a decentralized system to solve this problem – an invention like BitTorrent? that does not rely on one single entity in the net to complete certain functions. However, what email service and social network are different from file transmission is that the former two demand large storage place in order to complete their functions.

This is wrong. All the data you have stored on all the social networks, photosharers, YouTubes and every other form of cloud storage you are using—unless you are an IT professional or a passionate collector of pornographic video—could be bought for less than $50 in one-time cost. You need backup, too, which—properly implemented through secure sharing networks of actual friends, provided e.g. by FreedomBox—costs a few dollars more, also once.

Can we each contribute a little storage space in our computer to form a decentralized email system? Theoretically it is possible for everyone to set up his or her own email server so that we do not need email service providers.

Indeed, this is precisely how the email protocols in the net are set up to work most simply. I've had an email server of my own longer that you've had a computer of any kind, probably by more than a decade. We don't need to invent anything. It all works automatically and correctly already.

But that requires we each to have a computer that is connected to the internet 24/7, so that the data sent to us via the email protocol can be stored in our own computer while we are away.

No. That's completely false. That's not how the Standard Mail Transmission Protocol (SMTP) works. Every email sender and relay is configured to allow for the fact that other intermediate or endpoint servers might not be available. The tools for handling intermittently-connected mail servers have been technically advanced for two decades now. You need to be sure that technical details on which you rely for your conclusions are correct. Speculation on these points can't work for you.

But in any event, why should that seem like an obstacle? Most people in most societies now carry devices that are pervasively connected to the network. Infrastructure for pervasive connection by servers is no more complicated than the existing infrastructure. Indeed, it is almost always much simpler.

In comparison, through the economy of scale, commercial email service providers provide better services at a lower cost, and saves us from the trouble of maintaining our own email server.

Depends how cost is measured. I attach a much higher value to the preservation of the integrity, secrecy and privacy of my email than I do to the cost of maintaining my own mail server, which is indistinguishable from zero. Your conclusion seems amazing and absurd to me, so I wonder whether we are disagreeing about technology or disagreeing about social value.

In the social network context, it is theoretically impossible to have a decentralized social network because it is the network effect and the collection of information that create value for every user. The reality is, if we want better, cheaper and advance services, we risk losing our privacies.

This is also wrong. The complexity of a "social networking" application is much lower than that of the Web itself: the Web can be used to make distributed database applications as easily as centralized ones. Many architectures and implementations, including Diaspora*, GNU Social, and BuddyCloud, are working on aspects of the technology. FreedomBox is built, among other reasons, to provide the infrastructure for federated social networking. You could join some 37,000 other people at my Freedom in the Cloud talk, or you could even just read some of the material posted on the wall outside my office on the 6th floor east corridor.

If it is technically and economically impossible for us to stop spying, can we make service providers compensate us for mining our private data? If Google offers us 10GB email accounts for free and in exchange doing behavioral studies through what we write in our emails, someone else may want to offer a better deal in order to get us to use their services. Microsoft started a loyalty program called Bing Rewards in 2010, giving Bing users credits that can be redeemed for products or gift cards. In order to receive credits, users not only have to conduct searches on Bing and to use other Bing features, they also must have installed the Bing toolbar, acquired a Windows Live ID and used Internet Explorer on a PC when conducting the search. No credit is given if Chrome, or Firefox, or Mac is used. Bing director Stefan Weitz explicitly stated in an interview that the program aimed to get Bing users to “have a conversation” with them about Bing features.

So Bing bribes users in order to compete with Google. If there is enough competition in the market of web searching, each search engine will presumably try to offer more to users in order to get more inputs in their search bars, which are the basis of their data mining. Moreover, each search engine in a competitive market will get less search requests comparing to that of Google gets today. Collectively, less behavioral information can be produced if the raw data pool is broken into multiple pieces belong to different service providers. Will service providers trade data among themselves in order to generate more behavioral information? Perhaps yes, but it is better than letting Google have almost the entire raw data pool. The same theory also applies to the email service market. In a more competitive market, not only users get better services, we also curb the total amount of behavioral information that service providers can produce.

What leads you to believe that aggregation of data is difficult? You should understand that it is not difficult at all, that the whole point of this process is the aggregation of data from thousands of sources, in which one more or one less, or even an order of magnitude more or less, is of no technical or substantive relevance.

The only question left is about social networks. Facebook differs from Gmail and Google Search in that Facebook's central function depends on each user's information input. It is the collection of billions of personal information that makes Facebook valuable. Whilst for Gmail and Google Search, their central functions – email and web searching, will not be affected if less people use these services. Thus, competition law seems not to be a good cure for our privacy issues in social networks, for the reason that if we break Facebook into several mini networks, we destroy the very value it creates.

This is simply another wrong inference from the previous proposition that federated social networking is for some reason theoretically impossible, despite the evident existence of the Web within which Facebook is cancerously situated.

I don't think it's necessary to discuss the "market will fix it" just-so story that is the current synthetic presentation in the essay. The logic depends upon so many technical propositions that are unestablished that it doesn't seem to me worthwhile to decide how the logic would run on this one point against a duly established accurate technical background. As a beginning point I would recommend the talk of mine already mentioned, which in addition to being aimed at establishing the technical matters on which you touch, has the advantage of also being itself an artifact of the process whereby what you claim can't happen is already occurring. It thus provides you with more than an architectural primer. Let's get the technology right first, settling whatever questions you may have about how things actually work, and what can be done with software before we go on to the more difficult task of drawing interim social conclusions.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r3 - 28 Oct 2012 - 14:09:54 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM