Slashdot Mirror
Greenwald Advises Market-Based Solution To Mass Surveillance
Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.
Just asking this question (in a serious context) is foolish and ruining America:
The enemies of freedom want us to be asking fsking moronic questions like this!
**of course 'representative government' isn't a lost cause**
The fact that we are even putting this on /. is the thing that is actually "very telling"...it shows people have forgotten the basics of being a free individual
Thank you Dave Raggett
Case in point: Google.
lawmakers would never knowingly yield authority
I can see how Greenwald would think that. He isn't in the business of buying and selling their authority.
Greenwald is either a deluded Randroid (but honestly, is there any other kind?) or a front for those pushing corporatism for the sake of those who run large corporations.
"I don't know, therefore Aliens" Wafflebox1
Representatives in the House are elected every two years, and their districts are small enough that the number of politically active people is limited, especially in midterms. By politically active I mean people who directly affect the local. vote, not those of us who only post on Slashdot.
With a few hundred people who attend town hall meetings and debates, post on that rep's Facebook wall, call into the local radio station when the rep is on etc, a dozen or so active citizens might well swing a representative's vote, especially if their arguments are thoughtful and well-reasoned. (Just saying "abolish the NSA" leaves one wide open to the rebuttal "who then will keep on eye on China, Russia, and actual terrorists like ISIS? ")
So the House is completely doable. It just requires a few people _in_each_district_ who care enough to study and understand beyond the headlines, then put in a few hours of time.
A president would have to think twice about vetoing a reasonable bill that protects our privacy. Obama put pressure on congresscritters in his party to neuter the bill, but if we get a _good_ one through Congress I think any president is likely to sign it.
That just leaves the Senate. The Senate is slower to act and harder to change their course. They run statewide, so a dozen activists won't do. I don't know if we can get a good bill through the Senate. However, those dozen activists per district, if they each bring a friend, or they promote it via Facebook and such, can add up to quite a few people across the state. The problem with Facebook and similar PR directed toward less active and informed people is that congressional representatives can vote for a crappy, neutered version of the bill and the masses will never know thw difference. That makes it tough - not many people know what the current draft of a bill actually says, they just know the headline they read 8 weeks ago about a completely different version.
Government malfunction can only be blamed on the people who vote for crooks. What could be simpler? What is this? Does Greenwald think privacy is going to trickle down? Where have we heard that before? If people cared about their privacy they would vote for politicians that would respect privacy. But they don't. So forget about it. We just have to make the authorities more transparent.
“He’s not deformed, he’s just drunk!”
Coincidentally, I have stopped using a mobile phone. This is much to the disgust of people around me, apparently it is their right to be able to contact me at any time these days. Failure to give a near instantaneous response causes anger! I have now realised that I was a slave to technology. I'm not willingly going to give any company my money any more. Consumerist propaganda can fuck itself. I am down to spending less than 20% of my income on core expenses (rent/food). Now the power of compounding interest is on my side.
Fight neo-feudalism. The corporation and government are not my lords. I am free, not a slave. I owe them NOTHING.
Just saying "abolish the NSA" leaves one wide open to the rebuttal "who then will keep on eye on China, Russia, and actual terrorists like ISIS? "
When ex-NSA employees are suggesting that the NSA is too entrenched to be reformed and has to be rebuilt from the ground up (sorry, I can't find a reference at the moment), maybe it's not such a bad idea.
But if we don't go that far, an NSA watchdog group might be the next best thing. It could be comprised of EFF, the ACLU, and oh I don't know, Slashdot, Reddit, and 4chan. Sadly, that's probably not the stupidest suggestion so far. But seriously, how were foreign threats monitored prior to the NSA's existence?
No, I do not agree that representative government is a lost cause. But I absolutely do believe that American representative government is clearly a lost cause.
Americans have no real choice when it comes to change. Obama has proven that change does not happen, no matter that a would-be president says.
Americans have only two choices. And those two choices have proven time and time and time and time and time again that those two choices are bad choices. The influence of money and corruption permeates all levels of government. The People are utterly powerless to effect any real lasting change. The choices are bad and bad. Whats the point of voting in a two party system?
Wake up America.
Seriously. Wake the fuck up.
Even if you do, I think it may be too late.
You have gone far beyond the pathetic joke of the Western world, and are deep into farce territory. So deep that I truly cannot see any way out for you all.
I dont know if you can climb out of the midden that you have let yourselves slide into. It may be a lost cause.
There is nothing else to say. America as a Leader of the Free World is a long lost naive ideal. But you all have yourselves to blame.
I truly pity you.
Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.
Maybe working through both venues would improve the chances of effecting change?
We're consumers enough already. We should maybe show people who to become citizens, aware of their duties and rights and able and willing to heed and exercise them, instead of just being mindless consumer drones.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The success of Google and Facebook, as well as the enthusiasm of some for surveillance ("hey, I've got nothing to hide") show us that people don't give a toss about privacy. We care a little bit for security where our credit cards and naked selfies are concerned, and there may be a smallish market for secure, encrypted products and services, but that's doesn't mean corporate interests are aligned with our own when it comes to security. Quite the contrary, in a market where the prevailing business model is to hook as many eyeballs as possible with free stuff, and make money by selling their data.
Telling us to rely on corporations to shield us from an invasive government is like the fox convincing the chicken that it can rely on the wolf for protection. One way or another, you're going to get eaten.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
A market-based approach cannot work for cyber-security any more than a Government-led approach can, when the Government feels it has a vested interest in being able to monitor its own or other countries' citizens.
The market-based approach fails because the market-based philosophy is to maximize profit while minimizing cost, so the end result is a risk analysis of:
1. The odds of being hacked.
2. The odds of that hack being detected by someone outside the company, and that being published.
3. The odds of that hack being detected by someone inside the company who cannot be kept from releasing that information to the press.
4. The financial damage associated with the occurrence of 1 and either 2 or 3.
5. The potential damage to the company's reputation from being hacked and found out - this is the most valuable resource most companies have, but in the modern world the average person in the street has the attention span of a lobotomized goldfish, and Marketing/PR firms have had a LOT of practice at managing scandals in the political and corporate world, so while the damage to a company's reputation should be massive, in reality it will be relatively minor and very short-lived.
If the odds of being hacked and found out are 10%, and the financial damage is rated at $100 million, then the typical baseline risk analysis suggests that spending on cybersecurity should be around $10 million. Bean-counters and professional buyers will then swoop in and hire a consulting company to implement something that costs $1 million with $9 million in consulting fees, which then balloons to $29 million in fees due to project over-runs... but fundamentally you still end up with a $1 million solution to a $100 million problem, and the computer users will spend a lot of effort getting around that solution so that they can see their Facebook and lolcat websites.
NoScript for the win! And Ghostery as a safety net when desperate.
Actually, now you've mentioned it, I don't think I was hassled about the lack of a cellphone by the inlaws last Christmas, nor since. It had been a bit of ritual for the last decade or so. Maybe it's starting to sink in for them.
Representatives in the House are elected every two years, and their districts are small enough that the number of politically active people is limited, especially in midterms. By politically active I mean people who directly affect the local. vote, not those of us who only post on Slashdot.
So the House is completely doable. It just requires a few people _in_each_district_ who care enough to study and understand beyond the headlines, then put in a few hours of time.
Political effectiveness demands a serious investment in time, money and manpower.
It can't be done on the cheap.
There are 435 congressional districts in the United States House of Representatives, with each one representing approximately 700,000 people. These are not small numbers. Congressional district
There are people who think that advising citizens to devolve into consumers is a dubious proposition.
Devolve? I'm still waiting for them to evolve into citizens.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
A maket-based solution is already underway. It consists of IT giants making minor, ineffectual changes to its software and services and then claiming that it's sufficient to stop warrantless spying on its consumers. Why provide real privacy, that would affect your profit margins and competitive edge, when you can provide the illusion of privacy and sell it with glossy PR and not have to do battle with the private security industry. What's more, about 80% of the NSA consists of private subcontractors so it's already a market-based solution. Unfortunately, whenever politicians talk about reducing the size of big gubbermint, they usually mean the bits that people like and need, like the social safety-net and education.
Just because the US political system is so corrupt does not mean it's like that everywhere.
In most countries governments work pretty well.
Thank you, Bradley Manning, Edward Snowden and so many others, for courageously defending humanity, my freedom and more!
With a few hundred people who attend town hall meetings and debates, post on that rep's Facebook wall, call into the local radio station when the rep is on etc, a dozen or so active citizens might well swing a representative's vote,
That's so cute that you believe that! The average congressional campaign cost USD$1.2 million this year. Money talks and it's corporations and other monied interests that are doing the talking, not "concerned citizens." Sure your congressperson will pat you on the head and say "I work hard to make sure our district gets what it needs! I work for you." But the truth is they work for those who pay their way.
You must think things work as they did back in 1946 when this was written. Sorry champ. Those days are long gone.
No, no, you're not thinking; you're just being logical. --Niels Bohr
Take a lesson from politics. Dictators have discovered in the 50s that it is cheaper and more reliable to put money into propaganda and oppression than into actually improving their peoples lives. The purpose of both approaches - at least from a dictators perspective - is to prevent uprisings and revolutions, i.e. to stay in power. Sadly, the same economically driven view that's being advocated here also makes the least desireable outcome be the most rational choice.
For computers, the equivalent solution is that putting money into advertisement and suppressing damaging information is probably preferably to actually improving security. The spin campaign wins over the better product.
Assorted stuff I do sometimes: Lemuria.org
"Oh, your product is so secure that our services can't crack it? Well, then you can't sell it here, and possession will be made illegal."
People *do* care about privacy. 86% have taken some steps to clean up digital footprints. There's other stats that show the interest, but there's some serious overtones of impotence -- that there's just not that much anyone can do about it -- we all need all these super valuable cloud services so we must lock ourselves in to big vendors, who then might abuse our trust (or get hacked themselves, being a rich target).
But Greenwald is absolutely right, we must provide for our own safety, we cannot ever delegate the ultimate responsibility for that, and yet, does this mean that we must throw in with mega-corps, to trust with our freedom?
I think there is another way.
http://cloudstead.io/ is something I've been working on for the better part of 2014. Cloudstead is a free & open (AGPL'd) cloud operating system, designed to free you and me and everyone from dependence on the mega-cloud services. And more generally, to start owning more your cloud apps instead of renting everything and paying the landlord with your privacy, your cash or both.
A lot of common apps have been commoditized; excellent open source versions are available. Cloudstead's default setup includes email, calendar, and file sharing but it can run any app -- php, rails, java, python, you name it. Lots of integrated features -- single sign on, app-wide search, address book, automated backup/restore, this is a cohesive cloud OS, not a hodgepodge of apps. And it's totally portable: it can move itself from one place to another, from a public cloud (ec2) to private hardware (your datacenter or office), or if you're getting really paranoid, onto a USB stick (bring it live later, somewhere else, when you feel safe). A cloudstead really is your cloud and will do only your bidding.
Cloudstead is currently in beta testing. If you would like a cloudstead to take for a spin and see how easy it is to own your cloud, please send me an email: jonathan (shift two sym) cloudstead.io
recent demo: http://www.cloudstead.io/2014/...
Any/all feedback is appreciated.
thanks.
There are other measures; detailed privacy policy is found at https://www.apple.com/privacy/ and its subpages. For a while, a link to this page was prominently featured on Apple's front page. They're serious about it.
So yeah, if there's a significant market value in providing privacy-conscious products (that is, consumers recognize its value), then companies will react accordingly. Clearly, it ain't a full solution, but it'll be a significant force in tilting back the playing field somewhat.
Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc.
Posting this article on slashdot is trolling, whoring for clicks, etc, because no technical solution can ever solve our political problems. As long as the USA is willing to use the rubber hose, presaged by a national security letter, nothing corporations can do can fix this problem.
Markets are defined by governments. Wank wank, stroke stroke, flonk flonk.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
There's a religious refrain, "Pray to God but row toward shore." It means you should ask for God's help, but that doesn't mean you should just sit there in the boat and wait to be saved.
From the Cryptome PDF:
Yesterday the USA Freedom Act was blocked in the Senate as it failed to garner the 60 votes required to move forward. Presumably the bill would have imposed limits on NSA surveillance. Careful scrutiny of the billâ(TM)s text however reveals yet another mere gesture of reform, one that would codify and entrench existing surveillance capabilities rather than eliminate them.
We didn't really lose anything. The government chose not to pass a platitude. That's probably not going to change until we manage to fix the twin problem of fear and hatred, being stoked by those who gain from emotionalism.
In the meantime, we need to row toward shore. Keep working on all the cryptography solutions you have time to help with. If you have an interest in meme propagation on social media or propaganda, see if you can figure out some ways to weaken the grip of emotionalism. I am, and it's fun.
Sometimes your nation calls on you for service. Sometimes you have to know what it needs even if it doesn't know how to ask.
Stop-Prism.org: Opt Out of Surveillance
This is sort of confusing. Our government is doing what the highest paying corporations want currently, and Greenwald thinks us putting trust in them will save us?
They are part of the problem. Corporations & Governments, shitheads that walk hand in hand.
Be seeing you...
Greenwald has an excellent point here: if the current Democratic -majority Senate rejected NSA reform, what's going to happen next year when Republicans assume power? We will get improved privacy rights only when consumers care enough about the subject to choose more secure products.
Want contactless payments? Then consciously go for the most secure implementations. Tired of having your e-mail account hacked while on vacation? Take the trouble to use two-factor authentication. Concerned about the NSA's ability to tap phone calls? Choose and use encrypted VOIP.
With a few hundred people who attend town hall meetings and debates, post on that rep's Facebook wall, call into the local radio station when the rep is on etc, a dozen or so active citizens might well swing a representative's vote,
That's so cute that you believe that! The average congressional campaign cost USD$1.2 million this year. Money talks and it's corporations and other monied interests that are doing the talking, not "concerned citizens." Sure your congressperson will pat you on the head and say "I work hard to make sure our district gets what it needs! I work for you." But the truth is they work for those who pay their way.
You must think things work as they did back in 1946 when this was written. Sorry champ. Those days are long gone.
Money doesn't talk as much as people think, and the return rate on dollars to candidates elected for SuperPACs remains poor. It only works when the messaging goes unchallenged.
Just saying "abolish the NSA" leaves one wide open to the rebuttal "who then will keep on eye on China, Russia, and actual terrorists like ISIS? "
That's not a valid rebuttal in "the land of the free and the home of the brave," or for any free country really. Our fundamental liberties are simply more important than safety, and it's extremely unsettling that most people living in the land of the free don't seem to care at all about the constitution or even our most basic liberties. As far as I'm concerned, such people can move to North Korea, which already has everything they could possibly desire in a government.
There is a significant difference between "giving up privacy to a company that is legally constrained in what they can do with it" and "having privacy taken from you by a government that is already ignoring its self-imposed legal limitations".
The worst Google can do with my data is serve me bad ads or publicly release it. I'm not important enough for anyone to really care about my indiscretions, and I've not done anything that would make me infamous if it were announced. Unless Google were to try very hard to ruin me, I basically can't be significantly harmed. And why would Google do that? They gain nothing, and in fact hurt themselves by weakening their customers' trust.
The worst the government can do with my data is use it as a justification for throwing me in Gitmo. They even have a reason to do so - it makes them look better, gives them a PR victory of throwing another terrorist in the brig.
> each one representing approximately 700,000 people.
Of those 700,000, about 150 will show up to a town hall meeting to let the rep know what they think of some topic. Some are most interested in what's happening with the VA, whatever. Of those 150 who show up, maybe 30 will be there to talk about the NSA and such. When the rep thinks about what voters think about a particular issue, he's guided by a small sample - the 30 people who told him what they think.
Don't forget they spend that $1.2 million on something. They spend that money getting votes by first figuring out what message will work, then promoting that message. In 2008, 72% of candidates used some of their money on a Facebook page to get their message out ( Williams and Gulati 2012). So while the candidates are spending money building just the right Facebook presence to get votes, I suggested "post on that rep's Facebook wall". By doing so, when the candidate spends $1.2MM asking voters to "Like us on Facebook", he's driving potential voters to your message that you posted on his Facebook.
How does the candidate decide what to say in his ads and on his Facebook to persuade voters? Well, 150 people might have shown up at a town hall meeting and talk about six different topics. Maybe ten of the 150 voters who showed up mentioned the NSA. Nine of the ten of the people who mentioned the NSA were in support of a bill banning bulk collection of metadata. What do you think the candidates ads and Facebook page will say about bulk metadata collection, if 90% of voters who contacted him wanted it banned?
Right. If there are a half million Cynaogen mods out there, hell, let's make it a full million, they certainly don't represent "people getting their knickers in a twist". According to Wikipedia, there are something like 7E10 cell phones out there. 1E6 modded phones means absolutely jack.
'
Faster! Faster! Faster would be better!
Consider how many of those cell-phone users are technology savvy enough to understand the privacy concerns in the first place.
In contrast to sites such as this one, the majority of folks wielding a smart-phone, tablet or computer of some flavor aren't well versed in security, code vulnerabilities, and means and methods of keeping tabs on everything they do. It's why they're called " users " and not " engineers ".
Were the full breadth and scope of just how MUCH information big Corp has on everyone come to light, that may change.
Right now the majority of that information is kept in the dark from the consumer. Most don't realize just how much data can be acquired and what kind of profile can be built against anyone utilizing it. Even if the data is released for public scrutiny, the explanation and implications of it would have to be toned down a bit to fit the typical users understanding of it. ( No law or engineering speak )
It's interesting how far the corporations will go to keep their secrets from us, yet how tenacious they are in trying to learn all there is to know about everyone else.
Our outrage at Big Corp is pretty irrelevant. The minority who understands the problem can protest and complain all we like. Won't make any difference. Similar to the gaming industry. Those in the know don't buy games on launch day ( or pre-order ) because we know there is a good chance it will be completely borked for a while until the patches get issued and problems resolved. The companies don't care though, because they have armies of the gullible standing by that are more than willing to hand them their money on launch day.
The ONLY way this gets fixed is when it starts impacting Big Corps bottom line. Once they begin losing enough money due to eroding trust, only then will they bother to do anything about it. Don't expect to see any Earth Shattering changes until that day happens.
You really think Greenwald is saying "that society can rely on corporate interests for protection"? You need to read more Greenwald.
We've been referred to as "Consumers" in a political context on news programs (in the USA) since the early 90s.
That is not new and didn't start with Greenwald.
A two-party system in the USA is *never* going to be representative of the Will of the (300mil+) People here. It never really was, either.
And it won't be as long as anti-intellectualist, pro-emotionalist politics carry the day.
As it happens, I was just wondering to myself this morning how much of our present right-wing enthusiasm for our current economic system is rooted in capitalist democracy being far, far, far superior to pre-COBOL Stalinism. The true test arrives when some Asian economic model arises, one very different from our own historical model, and kicks us in the pants.
It's sad, really, that "market-based" turned into such a horrible cliche. Most of the damage was caused by so many people putting it in front of "solution" (market-based solution) when what they really meant was market-based approach.
Many don't even realize that these two phrases are different, because they've defined "market-based approach" as being the solution, as it was and ever shall be, dating all the way back to pre-COBOL Stalinism.
It is, in fact, possible to design markets—markets are a human construction—that create more problems than they solve.
Ideology is when you play epsilon-delta with an infinite sleeve of mulligans. If this market fails, that just means we need to change something and try again. Even market failures are characterized as stepping stones to progress.
Personally, I'm not willing to drink mulligan Kool-Aid. I love markets that work. I hate markets that don't. It sure would be nice at the outset if it was more obvious which was which, without greater society picking up the tab for all the hooks and shanks.
I don't see the difference. You say "legally constrained", but such constraints can only be enforced by government. If the government is pro-surveillance, they will co-opt the corporations that collect information and attack the *cough*Qwest*cough* ones that don't. If the government wants to throw you in Gitmo, they'll get all of Google's information on you. Corporation vs. government will not protect you.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
In American politics 'everyone' says voting for a third party is throwing your vote away. And just about everyone believes this lie. When you vote third party the democrats and republicans look for ways to take those 'lost' votes. And that means they borrow policies from the third parties. So even though the little guy will never form the government he's still influencing the nation. A vote for a third party is a vote for change.
Those days are long gone.
You really have to wonder whether "those days" were ever around in the first place.
Money always talks. The more money you have, the louder you can be. Even on the internet, which equalizes this a bit, money just goes into disinformation rather than information.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
The legal constraints are on Google, not on the government.