Liars and Outliers

#ethics

Class: PHIL-282
Author: Bruce Schneier
Source: Talks at Google
YouTube Link: https://www.youtube.com/watch?v=m3NJ-Ow2Lvg1

1. Technology as a Disruptive Force and the Security Gap

Schneier uses historical examples—such as the plow, the printing press, and gunpowder—to illustrate that technologies disrupt society by shifting power balances. The internet is described as incredibly disruptive, changing governments, industries, media, and even criminal power (e.g., identity theft at scale).

A central concept introduced (and previously mentioned in our conversation history) is the security gap, defined as the arms race between attackers and defenders. Key points about this gap include:

Disruption and Rebalancing: Technological advances disrupt the balance between attackers and defenders, necessitating a subsequent rebalancing.
Attacker Advantage: Unorganized attackers possess a natural advantage because they are more "nimble" and adopt innovations faster than large, powerful, and "ponderous" institutions.
Examples of the Gap: Historically, a burglar quickly adopted the motor car for escape before the police acquired them. Similarly, cybercriminals rapidly mastered internet fraud before law enforcement could fully understand cybercrime.
Current State: Because the current era is one of rapid technological and social change, the security gap is constantly increasing, giving the attackers a greater advantage.

2. The Shift to "Feudal Security"

The traditional model of computer security—where the user is responsible for securing the product (e.g., buying aftermarket brakes for a car without them)—is breaking down. This is due to two major trends:

Cloud Computing: The cost of computation and data transport is dropping toward free, making it economically sensible to centralize computers in locations where they can be run most cheaply. This shifts the burden of security away from the individual.
Locked Down Endpoints: Computing platforms (like phones, tablets, or even newer OSs like Windows 8 and Mountain Lion) offer users less control over functions such as clearing cookies or running programs. Companies prefer this model to control the supply chain for economic advantage.

This leads to a new model called feudal security. In this model:

Reliance on Power: Users (the hapless peasants) must pledge allegiance to powerful companies (feudal lords) that promise protection.
Advantages: For many users, cloud providers offer better security than they could achieve themselves (e.g., automated cloud backup and updates).
Risks: Vendors act in their own self-interest, which does not always align with user interests, especially when users are not customers (i.e., not paying for the service). Vendors can act arbitrarily, make mistakes, and have an incentive to tie users to them (lock-in).
Betrayal of Trust: This model is based on users trusting vendors with their data, but the business model of many companies relies on betraying that trust for profit, often by secretly collaborating with governments.

3. The Internet and the Magnification of Power

Early utopian expectations that the internet would inherently empower the masses and weaken governments turned out to be false. Schneier argues that the internet, like other technologies, actually magnifies power in general.

Nimble vs. Ponderous: When the internet first emerged, previously powerless groups (hackers, criminals, dissidents) gained power quickly because they were nimble. However, powerful institutions (governments, large corporations) were slower but commanded more power to magnify.
Tools of Power: Four classes of internet tools of power are emerging, all of which have viable market reasons for existence but can be used by totalitarian regimes:
- Censorship: Also content filtering/data loss prevention.
- Propaganda: Also viral marketing.
- Surveillance: Also personal data collecting (the business model of the internet).
- Use Control: Programs must be certified (similar to the Apple store).
The Power Alignment: There is a concerning trend toward the commingling and alignment of corporate and government power, where personal data equates to power. The two spheres use each other's laws to get around their own constitutional or regulatory restrictions (e.g., government using private companies for tracking devices, corporations lobbying to enforce business models).

4. Open Questions and Future Actions

The ultimate question is who wins the struggle for control: big, slow power or small, nimble power? Currently, the powerful seem to be winning, often leaving the majority—the "hapless peasants"—out of the negotiations and subject to arbitrary terms of service and rules.

Schneier outlines suggestions for researchers, vendors, and policymakers to address these complex power issues:

Researchers: Focus research on technologies of social control (surveillance, censorship, propaganda, use control) and how to circumvent them. Develop safe places for anonymous publishing (like Strongbox).
Vendors: Acknowledge the dual use of technologies (business and military/surveillance uses are often the same).
Policy/Societal: In the near term, keep circumvention legal and maintain net neutrality to serve as a check on the powerful. Long term, power must be leveled. This requires recognizing that rights and privacy must be universal. He suggests society will eventually need a new "Magna Carta" for the internet that defines the rights and responsibilities of both government and corporate powers.
The Final Goal: The ultimate battle is for liberty in the digital world, and it will be a long and difficult one.