Wednesday, December 22, 2010

The battle for our data: a holiday allegory

The following is a repost of Brian Proffitt's December 20th blog entry on ITWorld. He has kindly granted me permission to repost it. In it he looks at free speech, privacy, and Personally Identifyiable Information in ways that few people have - or if they have, they've shied away from the implications. His original post is here. I encourage you to check out his blog and let him know what you think.

The battle for our data: a holiday allegory

Did the cloud just head-fake all of our data away?

While many software developers and enthusiasts have been focusing on the push for open source software, did we miss the fact that somewhere along the line companies got a hold of something even more important: our personal data?

I am not someone that's typically the tin-foil-hat type. But I am seeing a marked increase in the tension between the public users who claim inheritance to the Internet and the private entities that may actually control it.

Every time there's a site blocked on the Internet, supporters usually first go to the "free speech" defense. First off, that's a lovely sentiment--if users and site operators all uniformly lived in nations where free speech was actually the letter of the law. Freedom of expression is something that's denied to billions of people on a daily basis--so any whining about loss of freedom is coming from citizens or subjects of countries that have the luxury of freedom of expression to begin with.

So, after eliminating a big chunk of the world's population, what about the notion of freedom of expression in countries that do have it? There again, we are beginning to see a problem between the theory of freedom and the actual implementation. The problem is this: while citizens have the right to say what they want to say in these countries, they are using a medium that is owned and operated by corporate interests. Phone, cable, satellite, and hosting providers are all beholden to their owners or stockholders, and are all uniformly out to do one thing: make money.

That, coupled with political systems that are closely tied to corporate interests thanks to the practice of political contributions and lobbying, makes for a dangerous recipe for freedom of information.

Right now, I could, if I were so inclined, get on the Web and build a web site that declared that all of Santa's elves were really part of a secret cabal who's real mission was to promote the corporate agenda of the world's major toy manufacturers. I could present leaked documents of secret meetings between Hasbro, Mattel, and the North Pole on exclusive elf-labor practices, and attempts to marginalize misfit in-house elf resistance organizations led by Herbie the Elf with marketing campaigns.

Scandal would ensue, to be sure. My web site would gain in popularity, as more evidence would mount highlighting multiple ties between global toy interests and elf factions. The big bombshell: Purina fingered in an exclusive marketing deal with the North Pole Transportation System. "ReindeerGate" would rock the holiday season.

But resistance would grow. Detractors would mock my efforts, citing a bias against short people with pointy ears... perhaps making up stories of how I was bullied by elves as a child. Or because of my Linux ties, my South Pole, pro-penguin bias was causing me to make up facts in my quest to tear down the efforts of the North Pole. Eventually Fox News would decry my site as one more offensive in the War on Christmas, and the real nastiness would begin. Whispers of being moved to the naughty list after a 44-0 nice list record would come out of the headquarters of the Big Guy himself.

The real coup would come when a US Senator would decry my site as "anti-Christmas." Faced with such public pressure, and without a hint of legal evidence, my hosting provider would drop my site like a hot potato. DNS services would unregister my site, forcing me to change my site address repeatedly, even as hosting providers around the world would refuse to give my site a home--or drop me after learning I'd set my site up on their servers.

And the final insult? Under the tree on Christmas morning, in a gift-wrapped box addressed with me, I discover not a lump of coal, but the latest Barbie fashion accessories... with a note signed "Love, the Elves."

Whimsical and far-fetched? The former, certainly. But recent events in the real world have given us all a peek behind the curtain: when push comes to shove, Internet companies will default to what they perceive as a safe mode when confronted with any real controversy. You can argue, thankfully, whether this is an appropriate response, but the problem is, we're all arguing the point after the fact. The damage has already been done: speech has been blocked, without one bit of legal action.

Faced with that kind of activity, how safe is our information on the Internet? We worry a lot about data thieves stealing our data, but what about our data just up and disappearing one day?

On the Internet there is still an element of rebellion. You can still find places to get content and data hosted. The distributed nature of the Internet makes it difficult to block everything. Which is perhaps why private and public organizations are getting more enthused about the walled gardens of the Internet. Get everyone on Facebook, corporations will reason, and they will be on a single platform on which to market. The message can be controlled, and more importantly the users and their friends can be tracked far more easily than ever. That Facebook makes it more than a little difficult to extract all of a user's data should a user drop Facebook is no accident.

Nor, I suspect, was the recent naming of Mark Zuckerberg as Time's Person of the Year. Traditional media outlets are finding it more and more difficult to generate revenue in the face of the wild and open Internet, where advertising is sporadic at best and subscription paywalls fail almost universally.

I would imagine that governments would be a bit interested in Facebook and its brethren. Warrants become a lot easier to serve when it's only one or two mega-social sites involved rather than a multitude of host providers and network companies. (Conspiracy theorists are already taking note of that same Person of the Year article's mention of FBI Director Robert Mueller just dropping by to say hello to Zuckerberg in the midst of a company meeting.)

This isn't just Facebook. Apple's App Store approach to its iPhone and iPad users reflects the same kind of centralization of user activity and data and to some extent so does Google's Android and ChromeOS though to its credit, Google has been a lot less restrictive about what gets on its platform than Apple. That may be a key difference down the road.

Free software advocate Richard Stallman sees much of the cloud as a problem, regardless of how you get to it. Despite its Linux--excuse me, GNU/Linux--origins, Stallman criticized Google's ChromeOS as promoting what he calls "careless computing" by users who blindly stick their data on the cloud without regard to who else might be able to get to it.

Stallman and I have our differences, but in this regard, I find myself in agreement with him. And we are not alone: a far-less-whimsical article I wrote on recently highlights what others think about the situation, and some of the tools being created to deal with the issues.

Am I advocating a complete withdraw from the networks upon which we do business? That is a very hard question to answer: it would certainly be safer to remove data from the Internet, but it would be harder to conduct business. Consider credit report ratings: for those lucky folks who are entirely debt-free and deal only on a cash-only basis for their purchases, they have a credit score of 0. This would make getting reasonable loans for things like a mortgage or a college education exceedingly difficult--even though they had managed their finances so well and paid off every creditor. Similar difficulties would arise for anyone who could get off the grid (if this is even possible anymore), I am sure.

Instead, as in all things, I suggest not an extreme solution, but a carefully managed compromise. By stingy with your data. Don't reveal too much about yourself online, whether on a social network or the Internet. Pay attention to what web sites and networks can do with your data now, and what they are doing. Visiting a commerce site often might make it tempting to store your credit card data there for return visits, but don't succumb. (One thing I do: keep a low-limit card just for online purchases. If something goes wrong, thieves aren't getting much from you.)

If you have kids online: don't be the cool parent that lets them run willy-nilly out on the Internet talking to whomever they please. Be the parent, and keep track of where they go and who they talk to. Don't assume every online network they visit will want or be able to protect them. That's your job.

I have painted the cloud as a dark and scary place, and perhaps that's unfair: there are positives about being in the cloud. But any new frontier may look pleasant and inviting but can also contain hidden dangers.

It's time we all pay attention.