The American surveillance state is a public-private partnership.
October 16, 2023
Source: The Intercept
The techlash has finally reached the courts. Amazon’s in court. Google’s in court. Apple’s under EU investigation. The French authorities just kicked down Nvidia’s doors and went through their files looking for evidence of crimes against competition. People are pissed at tech: about moderation, about monopolization, about price gouging, about labor abuses, and — everywhere and always — about privacy.
From experience, I can tell you that Silicon Valley techies are pretty sanguine about commercial surveillance: “Why should I care if Google wants to show me better ads?” But they are much less cool about government spying: “The NSA? Those are the losers who weren’t smart enough to get an interview at Google.”
And likewise from experience, I can tell you that government employees and contractors are pretty cool with state surveillance: “Why would I worry about the NSA spying on me? I already gave the Office of Personnel Management a comprehensive dossier of all possible kompromat in my past when I got my security clearance.” But they are far less cool with commercial surveillance: “Google? Those creeps would sell their mothers for a nickel. To the Chinese.”
What are they both missing? That American surveillance is a public-private partnership: a symbiosis between a concentrated tech sector that has the means, motive, and opportunity to spy on every person in the world and a state that loves surveillance as much as it hates checks and balances.
Big Tech, cops, and surveillance agencies were made for one another.
The Privacy Deficit
America has a privacy law deficit. While U.S. trading rivals like the EU and even China have enacted muscular privacy laws in response to digital commercial surveillance, the U.S. has slept through a quarter-century of increasing corporate spying without any federal legislative action.
It’s really something. America has stronger laws protecting you from video store clerks who gossip about your porn rentals than we do protecting you from digital spies who nonconsensually follow you into an abortion clinic and then sell the data.
In place of democratically accountable privacy laws, we have the imperial fiat of giant tech companies. Apple unilaterally decided that in-app surveillance should be limited to instances in which users explicitly opted in. Unsurprisingly, more than 96 percent of iOS users did not opt into surveillance (presumably the remaining 4 percent were either confused, or Facebook employees, or both).
When Apple finally allowed its users to block Facebook surveillance, they cut off a torrent of valuable data that Facebook had nonconsensually acquired from Apple device owners, without those owners’ permission. But — crucially — it was Apple that decided when consent was and wasn’t needed to spy on it customers. After 96 percent of iOS device owners opted out of Facebook spying, Apple continued to spy on those users, in precisely the same way that Facebook had, without telling them, and when they were caught doing it, they lied about it.
Which raises a question: Why don’t Apple customers simply block Apple’s surveillance? Why don’t they install software that prevents their devices from ratting them out to Apple? Because that would be illegal. Very, very illegal.
One in four web users has installed an ad blocker (which also blocks commercial surveillance). It’s the “biggest boycott in world history.” The reason you can modify your browser to ignore demands from servers to fetch ads — and reveal facts about you in the process — is that the web is an “open platform.” All the major browsers have robust interfaces for aftermarket blockers to plug into, and they’re also all open source, meaning that if a browser vendor restricts those interfaces to make it harder to block ads, other companies can “fork the code” to bypass those restrictions.
By contrast, apps are encrypted, which triggers a quarter-century-old law: the Digital Millennium Copyright Act of 1998, whose Section 1201 makes it a felony to provide someone with a tool to bypass an “access control” for a copyrighted work. By encrypting apps and locking the keys away from the device owner, Apple can make it a crime for you to reconfigure your own phone to protect your privacy, with penalties of a five-year prison sentence and a $500,000 fine — for a first offense.
The Rise of Big Tech
An app is best understood as “a webpage wrapped in just enough IP to make it a crime to install an ad blocker” (or anything else the app’s shareholders disapprove of).
DMCA 1201 is only one of a slew of laws that restrict the ability of technology users to modify the tools they own and use to favor their interests over manufacturers’: laws governing cybersecurity, trademarks, patents, contracts, and other legal constructs can be woven together to block the normal activities that the tech giants themselves once pursued.
Yes, there was a time when tech companies waged guerrilla warfare upon one another: reverse-engineering, scraping, and hacking each others’ products so that disgruntled users could switch from one service to another without incurring steep switching costs. For example, Facebook offered departing MySpace users a “bot” that would impersonate them to MySpace, scrape their inboxes, and import the messages to Facebook so users could maintain contact with friends they’d left behind on the older platform.
That all changed as tech consolidated, shrinking the internet to what software developer Tom Eastman calls “five giant websites, filled with screenshots of text from the other four.” This consolidation was not unique to tech. The 40-year drawdown of antitrust has led to mass consolidation across nearly every sector of the global economy, from bottle caps to banking. Tech companies merged, gobbled up hundreds of small startups, and burned billions of investor dollars offering products and services below cost, making it impossible for anyone else to get a foothold.
Tech was the first industry born in the post-antitrust age. The Apple ][+ hit shelves the same year Ronald Reagan hit the campaign trail. When tech hit its first inter-industry squabble, jousting with the much more mature and concentrated entertainment industry during the Napster wars of the early 2000s, it was trounced, losing every court, regulatory, and legislative fight.
By all rights, tech should have won those fights. After all, the tech sector in the go-go early internet years was massive, an order of magnitude larger than the entertainment companies challenging them in the halls of power. But Big Content was well-established, having boiled itself down to seven or so companies (depending on how you count), while tech was still a rabble of hundreds of small and medium-sized companies that couldn’t agree on its legislative priorities. Tech couldn’t even agree on the catering for a meeting where these priorities might be debated. Concentrated sectors find it comparatively easy to come to agreements, including agreements about what to tell Congress and federal judges. And since those concentrated sectors also find it easy to agree on whose turf belongs to whom, they are able to avoid the “wasteful competition” that erodes their profit margins, leaving them with vast war chests with which to pursue their legislative agenda.
As tech consolidated, it began to feel its oats. Narrow interpretations of existing laws were broadened. New, absurd gambits were invented and then accepted by authorities with straight faces.
Just as important as the new laws that tech got for itself were the laws they kept at bay. Labor laws were treated as nonexistent, provided that your boss was an app. Consumer protection laws were likewise jettisoned.
And, of course, the U.S. never passed a federal privacy law, and the EU struggled to enforce its privacy law
The techlash has finally reached the courts. Amazon’s in court. Google’s in court. Apple’s under EU investigation. The French authorities just kicked down Nvidia’s doors and went through their files looking for evidence of crimes against competition. People are pissed at tech: about moderation, about monopolization, about price gouging, about labor abuses, and — everywhere and always — about privacy.
From experience, I can tell you that Silicon Valley techies are pretty sanguine about commercial surveillance: “Why should I care if Google wants to show me better ads?” But they are much less cool about government spying: “The NSA? Those are the losers who weren’t smart enough to get an interview at Google.”
And likewise from experience, I can tell you that government employees and contractors are pretty cool with state surveillance: “Why would I worry about the NSA spying on me? I already gave the Office of Personnel Management a comprehensive dossier of all possible kompromat in my past when I got my security clearance.” But they are far less cool with commercial surveillance: “Google? Those creeps would sell their mothers for a nickel. To the Chinese.”
What are they both missing? That American surveillance is a public-private partnership: a symbiosis between a concentrated tech sector that has the means, motive, and opportunity to spy on every person in the world and a state that loves surveillance as much as it hates checks and balances.
Big Tech, cops, and surveillance agencies were made for one another.
The Privacy Deficit
America has a privacy law deficit. While U.S. trading rivals like the EU and even China have enacted muscular privacy laws in response to digital commercial surveillance, the U.S. has slept through a quarter-century of increasing corporate spying without any federal legislative action.
It’s really something. America has stronger laws protecting you from video store clerks who gossip about your porn rentals than we do protecting you from digital spies who nonconsensually follow you into an abortion clinic and then sell the data.
In place of democratically accountable privacy laws, we have the imperial fiat of giant tech companies. Apple unilaterally decided that in-app surveillance should be limited to instances in which users explicitly opted in. Unsurprisingly, more than 96 percent of iOS users did not opt into surveillance (presumably the remaining 4 percent were either confused, or Facebook employees, or both).
When Apple finally allowed its users to block Facebook surveillance, they cut off a torrent of valuable data that Facebook had nonconsensually acquired from Apple device owners, without those owners’ permission. But — crucially — it was Apple that decided when consent was and wasn’t needed to spy on it customers. After 96 percent of iOS device owners opted out of Facebook spying, Apple continued to spy on those users, in precisely the same way that Facebook had, without telling them, and when they were caught doing it, they lied about it.
Which raises a question: Why don’t Apple customers simply block Apple’s surveillance? Why don’t they install software that prevents their devices from ratting them out to Apple? Because that would be illegal. Very, very illegal.
One in four web users has installed an ad blocker (which also blocks commercial surveillance). It’s the “biggest boycott in world history.” The reason you can modify your browser to ignore demands from servers to fetch ads — and reveal facts about you in the process — is that the web is an “open platform.” All the major browsers have robust interfaces for aftermarket blockers to plug into, and they’re also all open source, meaning that if a browser vendor restricts those interfaces to make it harder to block ads, other companies can “fork the code” to bypass those restrictions.
By contrast, apps are encrypted, which triggers a quarter-century-old law: the Digital Millennium Copyright Act of 1998, whose Section 1201 makes it a felony to provide someone with a tool to bypass an “access control” for a copyrighted work. By encrypting apps and locking the keys away from the device owner, Apple can make it a crime for you to reconfigure your own phone to protect your privacy, with penalties of a five-year prison sentence and a $500,000 fine — for a first offense.
The Rise of Big Tech
An app is best understood as “a webpage wrapped in just enough IP to make it a crime to install an ad blocker” (or anything else the app’s shareholders disapprove of).
DMCA 1201 is only one of a slew of laws that restrict the ability of technology users to modify the tools they own and use to favor their interests over manufacturers’: laws governing cybersecurity, trademarks, patents, contracts, and other legal constructs can be woven together to block the normal activities that the tech giants themselves once pursued.
Yes, there was a time when tech companies waged guerrilla warfare upon one another: reverse-engineering, scraping, and hacking each others’ products so that disgruntled users could switch from one service to another without incurring steep switching costs. For example, Facebook offered departing MySpace users a “bot” that would impersonate them to MySpace, scrape their inboxes, and import the messages to Facebook so users could maintain contact with friends they’d left behind on the older platform.
That all changed as tech consolidated, shrinking the internet to what software developer Tom Eastman calls “five giant websites, filled with screenshots of text from the other four.” This consolidation was not unique to tech. The 40-year drawdown of antitrust has led to mass consolidation across nearly every sector of the global economy, from bottle caps to banking. Tech companies merged, gobbled up hundreds of small startups, and burned billions of investor dollars offering products and services below cost, making it impossible for anyone else to get a foothold.
Tech was the first industry born in the post-antitrust age. The Apple ][+ hit shelves the same year Ronald Reagan hit the campaign trail. When tech hit its first inter-industry squabble, jousting with the much more mature and concentrated entertainment industry during the Napster wars of the early 2000s, it was trounced, losing every court, regulatory, and legislative fight.
By all rights, tech should have won those fights. After all, the tech sector in the go-go early internet years was massive, an order of magnitude larger than the entertainment companies challenging them in the halls of power. But Big Content was well-established, having boiled itself down to seven or so companies (depending on how you count), while tech was still a rabble of hundreds of small and medium-sized companies that couldn’t agree on its legislative priorities. Tech couldn’t even agree on the catering for a meeting where these priorities might be debated. Concentrated sectors find it comparatively easy to come to agreements, including agreements about what to tell Congress and federal judges. And since those concentrated sectors also find it easy to agree on whose turf belongs to whom, they are able to avoid the “wasteful competition” that erodes their profit margins, leaving them with vast war chests with which to pursue their legislative agenda.
As tech consolidated, it began to feel its oats. Narrow interpretations of existing laws were broadened. New, absurd gambits were invented and then accepted by authorities with straight faces.
Just as important as the new laws that tech got for itself were the laws they kept at bay. Labor laws were treated as nonexistent, provided that your boss was an app. Consumer protection laws were likewise jettisoned.
And, of course, the U.S. never passed a federal privacy law, and the EU struggled to enforce its privacy law
.
Slide showing companies participating in the Prism program and the types of data they provide.National Security Agency, public domain, via Wikimedia Commons
Cops and Spies
Concentrated sectors of large, highly profitable firms inevitably seek to fuse their power with that of the state, securing from government forbearance for their own actions and prohibitions on the activities they disfavor. When it comes to surveillance, the tech sector has powerful allies in government: cops and spies.
It goes without saying that cops and spies love commercial surveillance. The very first Snowden revelation concerned a public-private surveillance partnership called Prism, in which the NSA plundered large internet companies’ data with their knowledge and cooperation. The subsequent revelation about the “Upstream” program revealed that the NSA was also plundering tech giants’ data without their knowledge, and using Prism as a “plausible deniability” fig leaf so that the tech firms didn’t get suspicious when the NSA acted on its stolen intelligence.
No government agency could ever hope to match the efficiency and scale of commercial surveillance. The NSA couldn’t order us to carry pocket location beacons at all times — hell, the Centers for Disease Control and Prevention couldn’t even get us to run an exposure notification app in the early days of the Covid pandemic. No government agency could order us to put all our conversations in writing to be captured, stored, and mined. And not even the U.S. government could afford to run the data centers and software development to store and make sense of it all.
Meanwhile, the private sector relies on cops and spies to go to bat for them, lobbying against new privacy laws and for lax enforcement of existing ones. Think of Amazon’s Ring cameras, which have blanketed entire neighborhoods in CCTV surveillance, which Ring shares with law enforcement agencies, sometimes without the consent or knowledge of the cameras’ owners. Ring marketing recruits cops as street teams, showering them with freebies to distribute to local homeowners.
And when local activists and town councils ponder limitations on this kind of commercial surveillance, the cops go to bat for Ring, insisting that every citizen should have the inalienable right to contribute to an off-the-books video surveillance grid that the cops can access at will.
Google, for its part, has managed to play both sides of the culture war with its location surveillance, thanks to the “reverse warrants” that cops have used to identify all the participants at both Black Lives Matter protests and the January 6 coup.
Distinguishing between state and private surveillance is a fool’s errand. Cops and spies need the surveillance industry, and the surveillance industry needs cops and spies. Since the days of the East India Company, monopolists have understood the importance of recruiting powerful state actors to go to bat for commercial interests.
AT&T — the central node in the Snowden revelations — has been playing this game for a century, foiling regulators attempts to break up its monopoly for 69 years before the Department of Justice finally eked out a win in 1982 (whereupon antitrust was promptly neutered, allowing the “Baby Bells” to merge into new monopolies like Verizon).
In the 1950s, AT&T came within a whisker of being broken up, but the Pentagon stepped up to defend Ma Bell, telling the Justice Department that America would lose the Korean War if they didn’t have an intact AT&T to supply and operate their high-tech backend. America lost the Korean War, but AT&T won: It got a 30-year reprieve.
Stumping for his eponymous antitrust law in 1890, Sen. John Sherman thundered, “If we will not endure a King as a political power we should not endure a King over the production, transportation, and sale of the necessaries of life. If we would not submit to an emperor we should not submit to an autocrat of trade.”
Today, as our snoopy tech firms hide in the skirts of our spies and law enforcement agencies, we have to get beyond the idea that this is surveillance capitalism. Truly, it’s more akin to surveillance mercantilism: a fusion of state and commercial power.
Slide showing companies participating in the Prism program and the types of data they provide.National Security Agency, public domain, via Wikimedia Commons
Cops and Spies
Concentrated sectors of large, highly profitable firms inevitably seek to fuse their power with that of the state, securing from government forbearance for their own actions and prohibitions on the activities they disfavor. When it comes to surveillance, the tech sector has powerful allies in government: cops and spies.
It goes without saying that cops and spies love commercial surveillance. The very first Snowden revelation concerned a public-private surveillance partnership called Prism, in which the NSA plundered large internet companies’ data with their knowledge and cooperation. The subsequent revelation about the “Upstream” program revealed that the NSA was also plundering tech giants’ data without their knowledge, and using Prism as a “plausible deniability” fig leaf so that the tech firms didn’t get suspicious when the NSA acted on its stolen intelligence.
No government agency could ever hope to match the efficiency and scale of commercial surveillance. The NSA couldn’t order us to carry pocket location beacons at all times — hell, the Centers for Disease Control and Prevention couldn’t even get us to run an exposure notification app in the early days of the Covid pandemic. No government agency could order us to put all our conversations in writing to be captured, stored, and mined. And not even the U.S. government could afford to run the data centers and software development to store and make sense of it all.
Meanwhile, the private sector relies on cops and spies to go to bat for them, lobbying against new privacy laws and for lax enforcement of existing ones. Think of Amazon’s Ring cameras, which have blanketed entire neighborhoods in CCTV surveillance, which Ring shares with law enforcement agencies, sometimes without the consent or knowledge of the cameras’ owners. Ring marketing recruits cops as street teams, showering them with freebies to distribute to local homeowners.
And when local activists and town councils ponder limitations on this kind of commercial surveillance, the cops go to bat for Ring, insisting that every citizen should have the inalienable right to contribute to an off-the-books video surveillance grid that the cops can access at will.
Google, for its part, has managed to play both sides of the culture war with its location surveillance, thanks to the “reverse warrants” that cops have used to identify all the participants at both Black Lives Matter protests and the January 6 coup.
Distinguishing between state and private surveillance is a fool’s errand. Cops and spies need the surveillance industry, and the surveillance industry needs cops and spies. Since the days of the East India Company, monopolists have understood the importance of recruiting powerful state actors to go to bat for commercial interests.
AT&T — the central node in the Snowden revelations — has been playing this game for a century, foiling regulators attempts to break up its monopoly for 69 years before the Department of Justice finally eked out a win in 1982 (whereupon antitrust was promptly neutered, allowing the “Baby Bells” to merge into new monopolies like Verizon).
In the 1950s, AT&T came within a whisker of being broken up, but the Pentagon stepped up to defend Ma Bell, telling the Justice Department that America would lose the Korean War if they didn’t have an intact AT&T to supply and operate their high-tech backend. America lost the Korean War, but AT&T won: It got a 30-year reprieve.
Stumping for his eponymous antitrust law in 1890, Sen. John Sherman thundered, “If we will not endure a King as a political power we should not endure a King over the production, transportation, and sale of the necessaries of life. If we would not submit to an emperor we should not submit to an autocrat of trade.”
Today, as our snoopy tech firms hide in the skirts of our spies and law enforcement agencies, we have to get beyond the idea that this is surveillance capitalism. Truly, it’s more akin to surveillance mercantilism: a fusion of state and commercial power.
Cory Doctorow’s latest book is “The Internet Con: How to Seize the Means of Computation.”
No comments:
Post a Comment