Recently, I put a question to the CIO of a large financial services firm at an Internet privacy group event: Given the emotional and financial toll identity theft takes on a consumer—and the frequency of high-visibility data breaches—is our tolerance for online commerce exhaustible? My point was that while the industry can theoretically indulge a spy-vs.-spy ‘attack-counterattack’ dynamic forever (all the while perfecting its defenses against each successive data breach and passing the cost onto us) the battle is asymptotic. Final victory is unattainable.
We consumers, on the other hand, have but one social security number to give our economy. Life is short. Particulars are few. How do you cry ‘Uncle’ to a spambot or a sociopathic teenager in St. Petersburg?
Confirming Upton Sinclair’s claim (well sort of) that it’s difficult to get a man to understand something when his IT budget depends upon his not understanding it, this CIO smirked then shifted into techno-acronymic mode, rattling off a series of eerily dystopic countermeasures looming on the horizon: biometrics, fingerprint recognition, retinal scans, contextual IDs and identity wallets. In a pinch and for the right product features, there’s always a consumer’s first-born child as genetic proof-positive. Prepare for identity daycare centers.
Okay, clearly my question was more rhetorical than reality-based. How do I know this? Well, 2014’s Cyber Black Monday posted record sales, undaunted it would seem by last year’s Target and Neiman Marcus data breaches which potentially compromised tens of millions of identities. In a global economy parched for growth and stretched for boots-on-the-ground mall time, progressively invasive protocols will brook fewer and fewer complaints. We will be asked to throw our cellular particulars into the fray, and you know what? We will agree.
Eddie Bernays’ century-old project of body-snatching citizens and leaving consumers in their wake has yielded the desired civic apathy. Who camps out days before at the polling booth? Tragically, a retinal scan has become a small price to pay for that new iPhone 6 Plus. Why? Because we have depreciated ourselves. However, that’s another soapbox altogether.
Completing our Panopticon encirclement, the private sector has been joined mightily against this cyber-crime wave by law enforcement agencies. In his recent book The Internet Police: How Crime Went Online and the Cops Followed, Nate Anderson offers a fascinating primer on how the policing effort has evolved after a rather slow start. Anderson, Deputy Editor at on-line IT journal Ars Technica, offers a series of case studies where the implicit dilemma tends to circle around the old Dionysian-Apollonian vexation: how to balance the anarchic spirit of creative advance against the stodgy old control-paradigm of put your hands up and don’t move! Somehow, evil must be kept at bay without smothering innovation beneath a blanket of thin blue lines.
Another crucial point Anderson makes is the blurring of the lines between spy-craft and policing, a marriage as troubling as it appears inevitable. Police surveillance smacks of something between pre-crime monitoring and voyeurism. My goodness, isn’t there enough post-crime to fight?
Throughout the book, Anderson’s examples range from the utopian to the creepy to the prurient to the jaw-droppingly accessible. Apparently, Needle Park has gone on hiatus. Mail-order heroin is just a click away.
The Sealand/HavenCo story reads like an Internet version of ‘The Mouse That Roared’. Sealand was a circa 2000 attempt at creating a principality in North Sea waters in the cement leg (yes!) of an abandoned WWII naval fort. HavenCo was the data hosting services company that operated in Sealand with the purpose of hosting companies with controversial material via a satellite Internet link. Both were established with the highest libertarian principles in mind.
However, in short order the principality and the business clashed as the former aspired to act more like a sovereign nation (it even had a prince); HavenCo accused Sealand of nationalizing it while discouraging some of its more off-color customers. One of the last straws for HavenCo was when Sealand embraced international copyright law. Sell-outs!
Of course as Anderson points out, the larger world was closing in anyway, all across the globe. HavenCo had overestimated the impregnability of its chilly North Sea platform. Since connectivity implicates at least two loci, in-border crime—even that originated from a distant place—becomes no less prosecutable where the dodgy content terminates. It had just taken the authorities a little time to figure their latitudes and crack down. That’s a large theme in the book, by the way: Keystone cops playing eternal catch-up on a learning curve all parties are ascending, with the bad guys always mere inches ahead.
Other essays range from spam king Oleg Nikolaenko who provided much of the impetus for the CAN-SPAM Act to the music industry’s full-on assault on single mom Jammie Thomas for illegal music downloads. As Anderson points out rather sardonically, the “optics weren’t great—faceless coastal corporations against small-town Midwestern mom.” Nonetheless much was riding on the case for the industry. The ensuing trials proved a nightmare for all parties, though it ultimately prevailed against Thomas to the tune of $222k, an amount as yet unpaid.
On the creepier side, there’s the tale of the overly curious webcams controlled by remote access tool (RAT) software, often a malware download which allows unknown voyeurs to control webcams on stranger’s computers, take photos of the victims and send them detailed instructions that clearly indicate the users are being watched. The psychological trauma resulting from this activity can be understandably quite acute; nor is the sense of personal invasion mitigated when it turns out law enforcement is the perpetrator as in the case of one substitute teacher who was arrested after a period of on-line surveillance for receiving stolen property (her PC).
There are also warrant issues as Anderson points out with the FBI’s attempt to judiciously use Computer & Internet Protocol Address Verifier (CIPAV) to monitor the email activity of a suspicious machine. Often these warrants are set for extremely finite periods of time. In fact the FBI’s formidable suite of in-house cyber-surveillance tools are closely vetted with bureau attorneys for legal compliance. The point Anderson makes is that even legally-sanctioned surveillance is, well, surveillance.
Meanwhile the judiciary is on the look-out for government fishing expeditions. As one Texas judge opined of the FBI’s surveillance software, “what if the target computer is located in a public library, Internet café… what if the computer is used by family or friends uninvolved in the illegal scheme?” Good questions indeed, Your Honor.
Another essay deals with early FBI packet sniffer Carnivore where the same argument is made: “It might be looking for Joe X. Terrorist’s e-mails in transit, or it might try to monitor his instant messages, but yours and mine might also pass through the same router.” Somehow discriminating searches have to be kept to their narrow charters. The recent news of NSA employees going through the personal information of acquaintances is hardly encouraging.
Anderson is a great writer with a lucid style. The stories are at times humorous yet consistently informative, and his grasp of recent jurisprudence is formidable. Even more important, he writes without obvious ideological bias. This agnostic approach gives reasonable voice to all sides.
Sealand/HavenCo’s John Barlow makes a final, surreal appearance in the book speaking at a 2011 e-G8 meeting in counterpoint to French President Nicolas Sarkozy who, one suspects, is oblivious to the subtly patronizing premise of his views when he intones: “Don’t forget that behind the anonymous Internet user there is a real citizen living in a real society and a real culture and a nation to which he or she belongs, with its laws and its rules.” And the Internet is what, Mr. President? A La-La Land for time-wasters lacking all cultural and societal contribution? Sacré bleu! We are a nation, too!
Much to his surprise, Barlow is met with applause when he responds that the meeting’s focus is an antiquated attempt to impose, “the standards of some business practices and institutional power centers that come from another era on the future, whether they are actually productive of new ideas or not.” In the end, there is no end, or as Anderson says “We’re never going to engineer the mess out of it.” The best protection against creativity and innovation is public vigilance, pragmatism, tolerance and informed policing.
In the Afterword, the book very briefly delves the myriad issues brought to light by the Edward Snowden affair, which really broke after publication. It remains to be seen whether this ‘messy business’ of perpetual, virtuous conflict called the Internet can be fostered and preserved for the long-term.