Can we save our online freedom?

August 30, 2013

Earlier this month I gave a presentation at OHM 2013 arguing that we can (still) save our online freedom. Many did not share my optimism. Today someone sent me the link to Eleanor Saitta's closing keynote at the Noisy2. And I instantly regretted not having been there on the last day of OHM 2013. Because she made my point much more convincingly.

Central to her argument is that return of investment is a decisive factor that determines the level, type and extent of surveillance. The central question is: "How much intelligence do I get for a dollar". (Or rather 52.6 billion US dollars; that's the 2013 year budget for all US intelligence agencies together.) The amount of intelligence per dollar gets lower if the intelligence is technically harder to get. The amount of intelligence per dollar also gets lower if surveillance is no longer unobservable. If surveillance is detected, targets will change their mode of operation. Moreover, the public opinion and political pressure needs to be worked on, lobbied, to maintain the status quo. And it will create global diplomatic friction, that needs to be ironed out (as the recent NSA/PRISM revelations have made quite clear).

In other words, this cost structure, this market, can be shaped to our advantage.

This can be achieved, still according to Eleanor, in the following ways (and I'm summarising here):

  • Distribute storage and processing. (This one is from the bottom of my heart.) "We need to stop using an internet that is build out of services [..] we need to stop relying on central services, we just can’t do it anymore, it’s impossible to build a free internet that is centralized."
  • Good enough security is good enough. Out in the field, the main concern is "Will I get caught". If a 5 minute delay gets you free, then a 5 minute delay is all you need (and keys that are secure for at least 10 years are overkill). Don't be stiffled by the "everything is broken" truism. Don't try to build the (near) perfect system.
  • Make it user friendly. Think about business models that sustain your development. "Adoption is much harder than development."
  • Use the user. The user is not entirely stupid. Design systems such that they give subtle feedback (e.g. a small LED that by physical necessity always shows when a device is communicating). The user knows the context and can use that to decide whether something phishy is going on.

All this is not rocket science, but requires us to work together and broaden our scope. This means stop letting our ego's getting in the way (she has a lot more to say about this, much which I recognise...), and stop being narrowly focused on just the technology. We need to develop systems that are useful and usable. We need to go out and understand the needs of the average user. We need to give them what they want, and make it secure and privacy friendly enough. And improve with every new release.

If we do, we can save our online freedom. Inch by inch. With every release.

(Updated 31–08-2013 to fix missing sentences at last bullet. Thanks @TomEtty!

In case you spot any errors on this page, please notify me!
Or, leave a comment.