Avoiding the Digital Panopticon

Image for post
Image for post
The Panopticon, artist rendering.

The Digital Panopticon

Fast forward 200+ years to the dawn of the Digital Age. It doesn’t take much imagination to see how the Panopticon concept translates to prisons today. In fact, modern-day prisoners are monitored constantly through audio, video, heat and motion sensors to make the job of a prison guard easier and safer. Great!

But what if we take the concept one step further? What does an online adaptation of the Panopticon look like? A single person (or computer) could easily monitor the daily activity of thousands — millions of ‘inmates’. In place of lights and mirrors, insert financial records, mobile phone location history, all written communications, TV and internet browsing preferences… the amount of digital data the average person creates in a single day would have been unfathomable just 25 years ago. So what if the few in the observation tower started to point their tools at the many law-abiding citizens? Forget the notion of ‘if’, this is already the case, as famously documented in the Snowden Leaks. Are we collectively asking for a world of mass surveillance and do we even get a choice? Some authoritarian regimes have in place today systems of mass surveillance and social credit scoring - the stuff of late 20th century Sci-Fi.

“We have two paths we can take; we get the [Chinese Communist Party] surveillance state exported to the rest of the world and get herded into our digital panopticon, or we do the hard work and build out open and distributed systems and stand up for liberty in the digital age.”

— Marty Bent, writer and privacy advocate

Lets dig deeper.

Image for post
Image for post

Encryption is an Asymmetric Technology

Many such technologies have already changed the course of history. Politics aside, we can all agree the following examples have shaped our world in a meaningful way: the printing press, radio communication, the combustion engine, the AR-15 rifle, the personal computer, the internet. All are tools which empower individuals, for good or evil. And while it is trivial for a government, cartel, or otherwise powerful organization to stop any one person from using them, it is near impossible to stop a large group of individuals all at once. This brings us to encryption… almost.

A long time ago, in a world before the internet, people acted and communicated freely with minimal risk of being spied on. Sure, if they wanted to know what you had for dinner last night they could find out, but in theory you, a good upstanding citizen, needn’t worry. If a letter arrived unopened you could be reasonably sure it wasn’t read by any spies along the way. On the other hand, an email or any other piece of digital data can be duplicated trivially and rerouted to tens of thousands of recipients in a matter of seconds without the original sender’s or intended recipient’s knowledge. Furthermore, powerful data collection tools combined with ever-refined machine learning software make the surveillant’s job easier and more effective by the day. Yikes!!

Luckily, encryption is the asymmetric-technology-last-line-of-defense against the Digital Panopticon. Put simply, encryption is the process of transforming data until it is unrecognizable through use of an algorithm. For this to be useful, the recipient of the encrypted data must then be able to decrypt it with a secret code or ‘key’. There are many forms of encryption, but what we are mainly interested in here is what is called Public Key Cryptography.

Image for post
Image for post
Diffie-Hellman Key Exchange, diagram.

Crypto Means Cryptography!

The implications go far beyond our little chat between Alice and Bob. If you didn’t know, nearly every interaction you have online utilizes some form of encryption. Every time you log into an account using a password. Every time you open your phone with your fingerprint. Every time you type something into DuckDuckGo — err..Google — you are harnessing the power of encryption. It is happening all the time in the background of applications, communication protocols and online services, all invisible to the end user. Without this critical tool the average user couldn’t hope to keep any digital data private. And yet, the war is far from over. The battle for privacy is fierce and ongoing as new clever deanonymization techniques are developed.

“[encryption] can help protect your personal data and privacy from any outside intrusion, whether that threat comes from a government, a major tech firm, or a rogue hacker.“

— Alex Gladstein, Chief Strategy Officer, Human Rights Foundation

But…

“The Overton Window on privacy is changing.”

— Alex Gladstein

Image for post
Image for post

EARN IT Act is a Red Herring

“Section 230 enforces the common-sense principle that if you say something illegal online, you should be the one held responsible, not the website or platform where you said it (with some important exceptions).” […] “It is the single most important law protecting internet speech.”

— Electronic Frontier Foundation

Now, in the midst of the global COVID-19 pandemic, there is a sly bill making the rounds in Congress which threatens to throw these guarantees out the window. The so-called EARN IT Act (Eliminating Abusive and Rampant Neglect of Interactive Technologies) put forth by Senators Lindsey Graham (R-SC) and Richard Blumenthal (D-CT) does not once mention the word encryption. Yet, it would require online service providers to grant “lawful access” to authorities whenever they demanded it. Most experts agree there is no way to comply with this proposed mandate other than to build secret access points commonly called ‘backdoors’ into their encryption techniques.

The problem with this logic is if the company or government agency can use a backdoor to intercept and decrypt data, so can anyone else who discovers it! Have we learned nothing from the Equifax breach and countless credit card and database leaks in recent years? These hacks will become simple tasks if we start forcing companies to purposely build flaws into their security model. There has been significant backlash to the bill among tech leaders and writers. Notably, messaging service Signal developer Joshua Lund published a blog stating they will have no choice but to cease operations in the US should the bill pass. Signal is arguably the only secure messaging application that has achieved mainstream adoption in the US.

“[EARN IT] uses the laudable aim of fighting child exploitation to cynically launder law enforcement’s unsuccessful, decades-long effort to undermine strong end-to-end encryption.

— Julian Sanchez, Senior Fellow, Cato Institute

Image for post
Image for post

Hope

I am hopeful that the EARN IT Act will not pass. But should it pass, I am hopeful yet. To date, strong encryption methods have not been broken and are relatively easy to deploy into software. Most importantly, the people building and employing them are not to be underestimated.

Finally, below is a short list of interesting projects working on robust, privacy-enhancing tools that you may find interesting. Let us not be the subject of a dystopian Sci-Fi novel. Let us keep our data ours.

  • GnuPG (GPG): free implementation of the OpenPGP standard for encrypting and signing data and digital communications. FOSS.
  • Tor Project: peer-to-peer communications network facilitating private internet access. FOSS.
  • Tails OS: security-focused Linux distribution which can be live-booted via USB stick or DVD. FOSS.
  • Graphene OS: security-focused mobile OS, easily installed on older Samsung Galaxy models. FOSS.
  • Bitcoin: pseudonymous, censorship-resistant peer-to-peer value exchange protocol. FOSS.
  • WireGuard: cutting edge VPN tunneling software. FOSS.
  • SecureDrop: anonymous whistleblower submission system managed by the Freedom of the Press Foundation. FOSS.
  • NYC Mesh: alternative peer-to-peer internet service mesh network, currently available in Brooklyn and Lower Manhattan.

Written by

Data Science | Data Engineering | Python Development

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store