...it's time we step in in our role as governments (both national and international) to create the regulatory environments that protect us...
Or putting on other imaginary hats:
...it's time we step in in our role as technology corporations to circumvent and mitigate broken government regulations which harm our customers...
...it's time we step in in our role as malevolent crackers to cease-and-desist thieving things which do not belong to us...
...it's time we as terrorists, child pornographers, and film pirates stop doing naughty things, so that people stop asking for digital surveillance...
How is the counterfactual, "we the governments", any more sensible than the "we the corporations", or the sillier ones? Schneier isn't a government. Inference along the aligns of "If I were the government I would...", in a democracy where you and everyone who kind-of agrees with you are an insignificant fringe, is barely more rational than pretending to be any other third party.
The main effect of this reasoning flaw is to accede more powers to the biggest digital-rights threat of all, national governments, out of the fatal illusion that they will be used to protect you, as imagined in your "If I were government" fantasy. The evidence strongly suggests that the government--which you are not--would much rather use new powers against you, to the benefit of established, paying clients (MPAA).
...we, as private citizens, should oppose regulation of our networks, because governments have been very bad at it, and we do not control them well enough to expect better.
I, for one, would be much happier with government brokering than corporate. At least with the (democratic) government, I will have some control. There are parliamentary processes, voting, constitutional rules, albeit often slow, that give me a say.
With the corporation, I only have illusion of control, zero transparency, and often contractual binding to an entity that only has incentive to take advantage of me.
Now, as far as government working properly: surely, it often doesn't work well. For one, governments are often too large (in citizen count) for individuals to participate effectively. This often leads to powerful interests taking over. But, perhaps this is because our governmental structures were invented way too long ago to be current.
The 'private citizen' part is interesting. I would prefer to have peer-to-peer relationships that are effective and strong enough. But, that's a ways off, isn't it?
> At least with the (democratic) government, I will have some control
Citizen votes are non-binding. Politicians can do whatever they want once elected.
The vast majority of people don't even pay attention to what they do once in office, unless it's particularly bad.
Then once in office they don't have to face the consequences of reelection for 4-6 years.
Government transparency is getting better thanks to technology. But at the same time there are more and more 500-page bills that even the politicians don't read. And more agencies with ever growing power who operate in secrecy.
Transparency exists in corporations because they must operate in a market of both investors and customers. Both of those require visible results. In both the short and long term.
Governments are not result-driven. The negative effects of most policies often take effect long after the politican is gone.
In addition, the opportunity cost of Government backed economic and social policies are notoriously difficult to track. But arguably even if they were, based on recent political debates where things like the Fiscal cliff were not even mentioned, I doubt it would matter.
When dealing with a corporation, I can dump their services and go with a competitor. When dealing with a government, there are no competitors. You are automatically in their jurisdiction.
I can dump their services and go with a competitor
Says who? Or, more to the point, whose army? When the corporations that hold your email and bank statements refuse to be dumped, you'll need someone to break into their server rooms, wipe their hard drives, and arrest or shoot anyone who resists. I want those people to obey the law, and be under democratic control.
Some people frame the gov't-vs-corp question as one of trust, which it certainly is. If we really thought about it, however, we might find that we're more motivated by the feeling (not the fact!) of agency. If you write lots of letters to your reps and attend lots of city council meetings, you probably feel more agency in dealing with the government. If you spend lots of money and change vendors often, you probably feel more agency in dealing with "private" corporations. Some of us might not experience much agency in our day-to-day lives, but still be tempted to choose one or both scenarios as a pleasant imaginative exercise.
I suspect that much of the agency we feel in our dealings with both of these groups is illusory, perhaps inspired by a conditioning to approve of the broad basket of behaviors they were going to exhibit anyway. Even more imaginary, however, may be the thought that a strong embedding in a peer-regulating group will give us more agency. Humans had that arrangement for thousands of years, but most recent (last few centuries anyway) changes in society have undermined it. Society is the sum of choices we all make, and we don't seem to be returning to the village green.
How is the counterfactual, "we the governments", any more sensible than the "we the corporations", or the sillier ones?
For the obvious reason that governments, at least in democratic countries, are supposed to be about the people governing themselves. Governments are a means to solve cooperation problems.
Sure, this theory does not perfectly translate into practice. But it is the normative ideal of democracy. Hence your comment just comes off as snarky without really adding much to the discussion other than the point that yes, government power also must be restricted when it comes to information, just like it must be restricted in other areas of life. This is a useful point, but one that you might have made using much fewer words.
You need to understand the mindset of people like him. Basically the idea is that government is a single, monolithic entity that behaves stricly as an incompetent buffoon in all circumstances. Any good that comes from any subset of it is strictly accidental and must have been because others shepherded them to OKness, while any subset that does bad is proof the the whole is corrupt and incompetent. Further, any attempts at fixing it are obviously flawed because the government monolith is by definition unfixable.
Further, the cognitive dissonance in this viewpoint is strong, in that they can see how treating any other composite entity, e.g. corporations, or a single corporation, or whatever as a monolith will be ridiculed as "you can't judge this composite entity as a whole based on a subset of it's components". Similarly when the effects of the entities they like look like the results the fear from the government, it is all OK, because some magical thinking results in not understanding what a choice really is (namely that somehow being forced to do something because it is the only choice that minimizes harm when the mechanism is not government is freedom, but when it is government it is tyranny).
Then, of course, there's people like you, to whom profit is so suspect that you'll take your chances with the same government that brought you DCMA, PATRIOT, came within a hair-width of passing SOPA and PIPA, the war on drugs, warrantless wiretaps etc.
It's not that government can't do good things, it's that when they screw up, they do it real bad, and fixing it, if at all possible, takes decades.
If the government can pass a sensible internet privacy and security law, then I'm all for it. It's just that the potential of times probability of a screw up that makes everything worse for everyone is very high.
It's not profit itself that is suspect, it is the attitude that "Under no circumstances should considerations beyond profit exist". This attitude leads to beliefs that anything at all should be allowed, if there is profit in it. Literally anything. Government provides a way to say "perhaps there are other considerations beyond profit". Since you only have the hammer of economics in your acceptable tool list, everything looks like a business nail, and you twist implausible scenarios in which business solves the problem. The rest of us say, oh there is this government tool, and there look, it solves the problem without contortion.
Yes there are people to whom government becomes the hammer. But they are not the same set of people who say "lets not go overboard with the nails guys". (for all nails)
> it is the attitude that "Under no circumstances should considerations beyond profit exist".
But that's a strawman. Companies are ultimately guided by the concern for profit - but they can only make a profit (long term) by providing a value to all their stakeholders. Of course companies can some times profit in the short term by screwing over one group of stakeholders, but generally they only get to do that once per stakeholder group.
> The rest of us say, oh there is this government tool, and there look, it solves the problem without contortion.
Hardly. Yes, it can solve the problem (it's hardly a rule that government actually solves the problems it takes on). But even the problems that can reasonably be said to be solved, there are more often than not some unintended consequences.
>> it is the attitude that "Under no circumstances should considerations beyond profit exist".
>But that's a strawman. Companies are ultimately guided by the concern for profit - but they can only make a profit (long term) by providing a value to all their stakeholders. Of course companies can some times profit in the short term by screwing over one group of stakeholders, but generally they only get to do that once per stakeholder group.
This is semantic wrangling. It is generally pretty easy to create corporations. It would be even easier if the "regulation is strictly forbidden" crowd had their way. As it exists now, corporations are fairly anonymous, and as such, spinning out a corporation per "screwing" is not that hard. Sure long term value per corporation is non existant, but the long-term value of the strategy is pretty straight forward. It has already been shown that investment as it exists today favors short term profit over long term value anyway. Numbers this quarter are generally the main driver.
Further, without regulation preventing the screwing over of people, why wouldn't every company choose the guaranteed profit over other methods. They could just take the profit safe from the fact that anyone not generating gobs of cash right now could be simply "competed out of the market" via mechanisms that are currently illegal as monopolistic. It isn't conjecture either - those rules are a response to companies getting rid of the competition then as soon as the specter of "a good company" isn't looming over them, they returned to screwing people over.
Governments are a means to solve cooperation problems.
Yes, a very crude and usually ineffective one. So are corporations.
There is no good means to solve cooperation problems in the general case. The only way we know of that actually works is to have a group of people who are all committed to a specific goal and who all share the same factual beliefs as to how best to reach that goal. That is very rarely true, which is why cooperation problems rarely get solved very well.
But as I said, only a fringe minority care even slightly about the things Schneier wants regulated: e.g. data retention. To most people these are very low priorities. Should government actually being empowered here, it will push in the opposite direction he wants, because strong political interests are on the other side. He would probably happier with the outcome of deregulation. And that's politically achievable; what he wants to do with strong regulation, is not.
That's my point: Schneier is not dictator. Network regulation would be in his interest, if he could dictate what form it would take; as a minority in a democracy, he's on the wrong end of the regulatory pointy stick.
You're right, I'm treating a democracy as competing factions, not as a cooperating monolith ("people fighting themselves" ; "people governing themselves").
People tend to infer two-way bargains that have some degree of fairness; they are upset when those expectations are violated.
The general bargain is "You provide some services, I agree to let you see the data that I put in and either show me some advertising or charge me a small fee." This holds true for Facebook, Google, Apple... The problem is that many people assume that their data will be kept reasonably (not perfectly) private. Advertisers get to specify the attributes of people who will see their ads (age, large geographical area, expressed interests) and not, say, phone number, name, birthday and address.
But that bargain has not actually been struck.
And if you do read the pages and pages of legalese, and manage to comprehend it all, it can still all be changed out from under you.
People who realize this generally aren't happy about it.
My guess is we get far less cases of minor security breaches "my computer has a virus and I lost some files" but occasionally suffer massive scale data breaches. For example "somebody got into my facebook, bank and dropbox and has stolen my identity".
The amount of software that is being automatically downloaded , installed and executed every day on millions of devices from a handful of "trusted" servers is really quite frightening.
You just know that someone out there is busy trying to work out how to forge Apple certificates.
I'd rather have the freedom of choosing a feudal e-lord than trust governmental regulations. Maybe there's a reporting bias but the ones I hear about are always god-awful.
From seizing domains[1], blocking fairly random sites[2] to threatening ISPs over content[3], governments make Google, Canonical and the like look very attractive in comparison. Especially considering you can dump them with only moderate effort and cost.
Government regulations are MADE by the feudal e-lords.
It's just that some e-lords have more weight than others, and corruption advantages some more than others. And yes, companies funded before the Internet are also eligible to be named e-lords of their own.
If Google had more control over the government (and how know, they eventually might 10 years from now), we'd have similar problems with them.
Is the government offering to provide Internet services to you? You're comparing apples and oranges.
A government still can, and will, seize domains, block sites, and issue takedowns and warrants on content to Google. Suppose I own xyzzy.com, set up to use Google Apps to handle mail and serve some web pages. Just like if I was hosting at home or in a colo somewhere, the government can still come in and demand the data. In fact, the biggest difference is that companies like Google are more likely to just roll over--see the stories about cell carriers just handing over tons of information just because law enforcement said please.
If I self-host, for example, then I can hold on to my stuff until either I get a subpoena or the cops show up with a warrant. In the meantime, I can decide if I want to risk charges for destroying any evidence, I can call for lawyers, all these various actions I can take before my data gets handed over. Beats the hell out of getting an email to your backup account: "Your domain has been taken down at the request of law enforcement. Please have a nice day. Do not reply to this message."
How exactly does self-hosting protect you from the government taking down the domain? Unless you run your own domain registrar, the government can just change the DNS servers for your domain. That doesn't give them the data but it takes it off of the internet (as far as they're concerned; depending on how dynamic your IP is, it could be a nightmare for anyone to try to find via IP address or IP address range).
I use ownCloud for dropbox-like sync and sharing (it's better than dropbox!), postfix + dovecot + roundcube for email, a Jabber server for IM, and am moving to Kolab for other groupware - Calendar, Tasks, RSS, Contacts, etc - encrypted on my linode instance. All connections are encrypted.
And it's a VM image, so I can always take it out of their system and use it elsewhere.
I don't agree.
The cloud provider is a company only existing for the sake of generating revenue for the share-holders of this company.
The government is a (usually) democratically elected institution.
That is why I prefer to trust governments.
What I tried to say is: we need the government to regulate the internet in terms of providing the right laws so users actually can take action against providers misusing their data. Just turning away from the provider is not the solution (from my point of view).
You can? Migrate everything from Google to Apple. Then check back in 5 years and see if it's as painless.
That was one of the author's points. We're becoming a culture where you pretty much buy into one provider or another provider. One of his assumptions was that it's only going to get more locked in and more difficult to switch. His conclusions were thinking about the future based on those assumptions.
I agree completely! Though I'm not AT ALL trustful of companies, they simply don't have the power that governments do. It's a heck of a lot easier to switch the company that hosts your email than it is to switch governments.
Nothing is going to happen with digital security rights so long as the NSA wants to be able to store everything indefinitely and we have a Congress that can't even agree on more critical issues like the budget.
It wont be an issue unless people make it, and for most people security isn't even a consideration.
Or putting on other imaginary hats:
...it's time we step in in our role as technology corporations to circumvent and mitigate broken government regulations which harm our customers...
...it's time we step in in our role as malevolent crackers to cease-and-desist thieving things which do not belong to us...
...it's time we as terrorists, child pornographers, and film pirates stop doing naughty things, so that people stop asking for digital surveillance...
How is the counterfactual, "we the governments", any more sensible than the "we the corporations", or the sillier ones? Schneier isn't a government. Inference along the aligns of "If I were the government I would...", in a democracy where you and everyone who kind-of agrees with you are an insignificant fringe, is barely more rational than pretending to be any other third party.
The main effect of this reasoning flaw is to accede more powers to the biggest digital-rights threat of all, national governments, out of the fatal illusion that they will be used to protect you, as imagined in your "If I were government" fantasy. The evidence strongly suggests that the government--which you are not--would much rather use new powers against you, to the benefit of established, paying clients (MPAA).
...we, as private citizens, should oppose regulation of our networks, because governments have been very bad at it, and we do not control them well enough to expect better.