Bruce Schneier – American cryptographer
So we are in the middle of an epic battle for power in cyberspace. On the one side, it’s traditional power, think of organized institutional powers like governments and large multi-international corporations. On the other side, think of distributed power, both the good part and the bad part: grassroots movements, dissidents’ groups, hackers, criminals…
Initially, the Internet gave power to the distributed. It gave them coordination and efficiency and made them seem unbeatable. Today, traditional powers are back and they’re winning big. What I want to do here is tell the story of those two powers fighting. Who wins and how our society survives their battle.
So back in the early days of the Internet, there was a lot of talk about its natural laws. Censorship was impossible, anonymity was easy, police were clueless about cybercrime. The Internet was fundamentally international and it would be a new world order. Traditional power blocks are bended, masses empowered, freedom spread throughout the world, and this will all be inevitable. It was a utopian vision, but some of it did actually come to pass: in marketing, entertainment, mass-media, political organizing, crowd funding and crowd sourcing. The changes were dramatic.
eBay really did normalize the world’s attics. And Facebook and Twitter really did help topple governments. But that was just one side of the Internet’s disruptive character. It’s also made traditional power more powerful.
On the corporate world, there are two trends that are currently feeling this: First, the rise of cloud computing means we no longer have control of our data: our email, photos, calendar, address book, messages, documents, they’re now on servers belonging to Google, Apple, Microsoft, Facebook and others. And second, we are increasingly accessing our data using devices that are tightly controlled by vendors.
Think of your iPhone, your iPad, your Android phone, your Kindle, your Chromebook. And even the new computer OSs, Microsoft and Apple, are heading in this direction, with less user control. And both of these trends increase corporate power by giving them more control of our data and therefore of us.
Government power is also increasing on the Internet. There’s more government surveillance than ever before. We know now the NSA is eavesdropping on the entire planet. There’s more censorship than ever before. There’s more propaganda. More governments are controlling what the users can and cannot do on the Internet. Totalitarian governments are embracing the Internet as a means for control. And many countries are pushing cyberwar as a reason of a control.
On both the corporate and the government side, traditional power on the Internet is huge. And in many cases, the interests are aligning. Surveillance is the business model of the Internet, and business surveillance gives governments access to data it couldn’t get otherwise. But you could think of it as a public-private surveillance partnership.
So what happened? How in those early Internet years did we get the future so wrong? The truth is that technology magnifies power in general, but the rates of adoption are different. The distributed can make use of new technologies faster. They’re small but nimble, they’re not hindered by bureaucracy, and some of these are not by laws or ethics, and they can adapt faster. And when those groups discovered the Internet, suddenly they had power. It was a change in kind. We saw that in e-commerce.
Can you remember, as soon as the Internet started being used for commerce, a new bread of cyber criminal emerged, like out of the ground, immediately able to take advantage. And the police who are like trained on Agatha Christie novels took about a decade to catch up. We also saw it on social media: right marginalized groups started to immediately use the Internet’s organizing power. It took corporations, what, a decade to figure out how to co-opt it.
But when big institutions finally figured it out, they had more raw power to magnify and they got even more powerful. So that’s the difference. The distributed are more nimble and quicker to make use their new power. The institutional are slower but able to use power more effectively. So all the Syrian dissidents used Facebook to organize. The Syrian government used Facebook to identify and arrest dissidents. So who wins? Is the quick or the strong? Which type of power dominates in the coming decades?
Right now, it looks like traditional power. It’s much easier for the NSA to spy on everyone than it is for anyone to maintain privacy. China has an easier time blocking content than its citizen have getting around those blocks. And even though it’s still easy to circumvent digital copy protection, most users can’t do it. And this is because leveraging Internet power requires technical expertise. Those with sufficient ability can always stay ahead of institutional power. Whether it’s setting up your own email server or using encryption or breaking copy protection, the technologies are there. This is why cyber crime is still pervasive even as police power gets better, this is why whistle-blowers can still do so much damage, this is why organizations like Anonymous are still viable forces, and this is why social movements still thrive on the Internet.
Most of us though are stuck in the middle. We don’t have the technical ability to evade the large governments and corporations on one side, with the criminal hacker groups on the other. We can’t join any dissident movements. We have no choice but to accept the default configuration options, the arbitrator terms of service, the NSA installed back doors or the occasional complete loss of our data for some inexplicable reason. And we get isolated as government corporate powers align, and we get trampled when the powers fight. Where there’s Facebook, Google, Apple and Amazon fighting it out in the marketplace, or the US, EU, China and Russia fighting out in the world, or US vs. the terrorists or the media industry vs. the pirates, or China vs. its dissidents. And this will only get worse as technology improves.
In the battle between institutional and distributed power, more technology means more damage. And we’ve already seen it: cyber criminals can rob more people, more quickly than real world criminals; digital pirates can make more copies of more movies, more quickly than their analog ancestors. And we’ll see it in the future. 3D printers means control debates are soon going to involve guns and not movies. And Google glass means surveillance debates will soon involve everyone all the time. This is really the same thing as the weapons of mass destruction fear: terrorists with nuclear biological bombs can do a lot more damage than terrorists with conventional explosives. And like that fear, increasing technology brings it to a head.
Very broadly, there is a natural crime rate in society, based on who we are as a species and a culture. There’s also a crime rate that society is willing to tolerate. When criminals are inefficient, we’re willing to live with some percentage of them in our midst. As technology makes each individual criminal more effective, the percentage we can tolerate decreases. As a result, institutional power naturally gets stronger, to protect against the bad part of distributed power. This means even more oppressive security measures even if they’re ineffective, and even if they stifle the good part of distributed power.
OK, so what happens? What happens as technology increases? Is a police state the only way to control distributed power and keep our society safe? Or do fringe elements inevitably destroy society as technology increases their power? Is there actually no room for freedom, liberty and social change in the technological future? Empowering the distributed is one of the most important benefits of the Internet. It’s an amazing force for positive social change in the world. And we need to preserve it.
In this battle between the quick and the strong, what we need is a stalemate. And I have three recommendations on how to get there. In the short term, what we need is transparency and oversight. The more we know what institutional power is doing, the more we can trust it. Well we actually know this is true, we know it’s true about government. But we’ve kind of forgotten it in our fear of terrorism or other modern threats. It’s also true for corporate power. Unfortunately, market dynamics will not force corporations to be transparent. We actually need laws to do that. And transparency also helps us trust distributed power. Most of the time distributed power is good for the world. And transparency is how we differentiate positive social groups from criminal organizations.
Oversight is the second thing. It’s also critical. And again, it’s a long understood mechanism for checking power. And it’s a combination of things. It’s courts that act as third party advocates, it’s legislators that understand technologies, it’s a vibrant press, and it’s watchdog groups that analyze and report on what power is doing. Those two things, transparency and accountability, give us the confidence to trust institutional power and ensure they’ll act in our interest. And without it, I think democracy just fails.
In the longer term, we need to work to reduce power differences. The more we can balance power among various groups, the more stable society will be. And the key to all this is access to data. On the Internet, data is power. To the extent the powerless have access to it they gain in power, to extent the already power have access to it they further consolidate their power. As we look to reducing power imbalances, we have to look at data. This is data privacy for individuals, mandatory disclosure rules for corporations, and open government laws. This is how we survive the future.
Today’s Internet is really a fortuitous accident. It’s a combination of an initial lack of commercial interests, of government benign neglect, of some military requirements for survivability and resilience, and a bunch of computer engineers building open systems that work simply and easily. We’re at the beginning of some critical debate about the future of the Internet, Law enforcement, surveillance, corporate data collection, cyberwar, information consumerism and on and on and on. This is not going to be an easy period as we try to work this out.
Historically, no shift in power has ever been easy. Corporations are turning the Internet into enormous revenue generator and they’re not going to back down. Neither will governments who have harnessed the Internet for a good control. And these are all very complicated political and technological issues. But we all have a duty to tackle this problem. I don’t know what the result is going to be but I hope that when, generations from now, society looks back on us in these early decades of the Internet, they’re not going to be disappointed. And this is only going to happen if each one of us engages, makes this a priority and participates in the debate. We need to decide on the proper balance between institutional and distributed power, and how to build tools that will amplify what is good in each, or suppressing what is bad. Thank you.