[liberationtech] a privacy preserving and resilient social network

Eleanor Saitta ella at dymaxion.org
Sat Jun 29 10:24:29 PDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

tl;dr-summary:
Surveillance is not a scale-free property, and the notion of
privacy is a notion that refers primarily to surveillance at scale.
Targeted exploitation attempts are expensive and that expense
represents the existing social contract (flawed as though it may be)
between populations and intelligence agencies.  Until we can by
technical means return to that contract, we are not in a position to
otherwise change it by legal or social means.



On 2013.06.29 12.28, David Golumbia wrote:
> Further, the snoops use HUMINT to get technical access. it only
> takes one compromised friend on Facebook to allow downloading a
> huge amount of data, for example.

Because this is not a privacy-preserving system; it is designed to
encourage people to spread information by any means necessary.  Privacy
preservation is not purely a matter of comms protocols, but also user
behaviour shaping and the tools you give users to control where their
data is sent by default.

 I don't even think it's clear that HUMINT is more
> expensive than technical intelligence, and the budgets of snoop 
> agencies are not so constrained that cost is something we can take
>  comfort in.

HUMINT is more expensive than SIGINT if you want to target an entire
population.  If you want to target a specific individual, then yes,
that's an open question.  If we can make spying on people as expensive
as doing it via SIGINT, we have won the largest victory probable over
intelligence forces within the current scope of their operations, and
now the questions become centered around oversight and budget reduction.

>> Privacy-preserving, as a property, doesn't mean "if you don't
>> think about what you're doing in the world you can run black ops
>> on this platform".  It means "you can keep what you're doing here
>> private against mass observation by the motivated and targeted
>> observation by the non-resourced".  Or, at least, I think that's
>> a bar that's actually meaningful and can be achieved; what you're
>> talking about can't.
> 
> I'm having trouble parsing the two properties you lay out here;
> they are both much more complicated than I'd want to make them. I
> find privacy to be a simple property: "I'm not going to be snooped
> on by the govt without a warrant; companies are not going to
> collect my data and do inappropriate things with it." These are
> matters of law and governance.

It is not possible given what we have available to us as general purpose
capabilities in this moment to technically guarantee that "you won't get
snooped on without a warrant" at the fullest level of that statement,
which you seem to be insisting on taking.

> I believe that the world in which law and governance ensure these 
> principles is not only achievable, but the only meaningful kind of
>  privacy we can hope for. Our political sphere is governed by laws,
>  not human beings.

The notion that rule of law can effectively constrain US intelligence
forces is not borne out by 20th or 21st century history.

> Back to the original proposition, which did not appear to be yours:
>  building a social network and proclaiming it to be 
> "privacy-preserving" suggests to users that they will not be spied
>  on. While there may be some truth to the difficulty such networks
>  would pose for commercial data collection, any sense of security 
> from government spying such a network creates will be false.

Incorrect.  No, we cannot and should not suggest to users that "by using
such and such network they will not be spied on"; what we can do is
provide them with a deeper understanding of how such a network can and
cannot protect their privacy and against which kinds of actions from
which kinds of adversaries.

However, we can in fact build technical systems that make mass
surveillance infeasible expensive.  Until such point as we do so, we
have little or no functional ability to bargain with the black state
that is completely out of control.

> That will be true until and unless we have a legal structure built 
> to prevent that spying, in which case the technical methods aren't
>  necessary to begin with.

Technical capabilities for surveillance will always be abused if they
exist.  The law does not have a track record to claim otherwise.  Unless
we have a technical structure to prevent mass spying, it will happen, in
which case the legal methods are of secondary import.

E.

- -- 
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iF4EAREIAAYFAlHPGE0ACgkQQwkE2RkM0wqb3gD+LdWHETIs1CFI5XOfFwfi9ZBg
47GMjznHnf0ZjsKfbJ0A/jkAFaoB+TEfuGUvlG43hoFdOfngszjV6+DAlNGcALct
=zob2
-----END PGP SIGNATURE-----

More information about the liberationtech mailing list