[bestbits] Reform surveillance

[Mike Godwin (mgodwin@INTERNEWS.ORG)]

Mishi quotes the Times:


>"While the Internet companies fight to maintain authority over their
>customers¹ data, their business models depend on collecting the same
>information that the spy agencies want, and they have long cooperated
>with the government to some extent by handing over data in response to
>legal requests.

This statement strikes me as disingenuously oversimplistic on the Times¹s
part ‹ specifically, in saying that the Internet companies are collecting
³the same information that the spy agencies want.²  Yes, the agencies want
the data the companies have, but the companies are gathering data about
consumption and viewing patterns, primarily. What the agencies want is
traffic and association analysis, and they know they can draw inferences
if they have large datasets.

This may seem like a subtle distinction, but really it¹s not. It¹s like
saying ³I listen to changes in the tone of your voice when you speak to
me, and so does the snooping spy who wiretaps your phone, and therefore,
implicitly, the spy and I are both culpable somehow.²

What I perceive in all this is an attempt to muddy the issue and
delegitimize the internet companies¹ sincere efforts to build and/or
restore consumer trust. I¹m critical of the companies from time to time
(and there are times when I¹m mostly critical of what all the companies
are doing), but to me the real analysis here is that governments have
opportunistically taken advantage of what the companies have been
gathering, most of the time in good faith, from users.

>The new principles outlined by the companies contain little information
>and few promises about their own practices, which privacy advocates say
>contribute to the government¹s desire to tap into the companies¹ data
>systems.
>
>³The companies are placing their users at risk by collecting and
>retaining so much information,² said Marc Rotenberg, president and
>executive director of the Electronic Privacy Information Center, a
>nonprofit research and advocacy organization. ³As long as this much
>personal data is collected and kept by these companies, they are always
>going to be the target of government collection efforts.²

I take Marc at his word, as always, but the fact is that if the companies
cut their data gathering in half ‹ or even by a factor of 10 or 100 ‹
governments will want to engage in bulk collection and interception. The
key approach, in my view, is to try to reduce the demand-side (by
regulating what governments can do) rather conflate it with the supply
side (the fact that commercial enterprises gather data from actual and
potential customers (or for them).


‹Mike, speaking only for myself