Don Marti

Tue 07 Jan 2014 06:16:18 AM PST

We're All Gun Nuts Now, So We Had Better Get Good At It

Why are the people of Silicon Valley, including a venture capitalist slash Stanford professor, seemingly ignorant about questions that any gun show shopper would get right the first time? Michael Dearing, in The NSA and the Corrosion of Silicon Valley, writes,

Inside our companies and research centers, talented minds are being conscripted into surveillance. Think about the software developers who wrote the code behind your email service. Or the team who built the guts of a blogging service’s geolocation features. Not one of them chose to work for the NSA. But their work has been co-opted, effectively turned into surveillance tools.

Turned into surveillance tools.

Turned into.

Maybe the gun nuts have just been thinking about this stuff longer than the Valley crowd has. When the question of gun registration comes up, nobody beard-strokingly says, well, we need to reform the government so that the data collected will never be used for a confiscation program. Any Second Amendment fan will jump straight to assuming that the government, or someone inside the government, will go Pol Pot on them and do the worst possible thing with the data.

A good computer programmer doesn't trust the user's input, or servers out on the network. Why trust the government?

Maybe there's a simple answer. First, wishful thinking, and second, ambitious marketing. People normally interact with companies in a guard-up shopping mode. Users know that a company is trying to sell them something, and protect their internal decision-making process. But using what Rebecca J. Rosen calls the Grossest Advertising Strategy of All Time, a company can try to get inside the user's decision-making process.

In most cases, behavioral marketing goals are nowhere near achieved. The basic data that goes into user profiling is often wrong, and even hot "social" data Isn’t Actually A Good Way To Judge Potential Employees.

But what if there's a deeper problem. What if the Valley crowd really does know that whining about NSA reform is useless? Even if the marketing is weak, the surveillance is Good Enough For Government Work. What if, as Christopher Caldwell suggests, the surveillance-marketing complex is going through a public-private bonding period?

Big Data algorithms often escape common sense and easy regulability. Those who create them have a powerful incentive—as the designers of financial derivatives did a decade ago—to render them opaque. Yet the privacy problem that most agitates the authors is the prospect that companies might have to reveal "confidential business strategies to outsiders." The authors' suggestion of a "privacy framework...focused less on individual consent at the time of collection and more on holding data users [corporations] accountable for what they do" sounds awfully convenient for the data users. In fact, it sounds a great deal like the voluntary compliance that was expected of banks in the Alan Greenspan era.

That's going to be a problem when the inevitable "let's disrupt the incumbent" startups come along. The users and makers of privacy tools could already go to jail under the Computer Fraud and Abuse Act. And clearly, regulation will be more of an aid to the marketing-surveillance complex than a hindrance. In the system that passed CAN-SPAM, the most that Congress will come up with is a a complex set of regulations to protect incumbents (who have the budget to hire people to figure out the regulations) from startups (who don't).

So if adtech is so firmly joined to the NSA (and, of course, to other countries' intelligence agencies) to the point where disrupting it is, well, they don't call it "disrupting" when it's the government, do they? If the surveillance-marketing complex is really a thing, and not just a bunch of naive IT vendors being taken advantage of by the big bad NSA, what can we possibly do?

Users won't learn new stuff. They're content to calmly chew their malware. Germans are switching away from NSA-connected companies, but they have experience that most of the rest of us don't.

Are we supposed to become Cypherpunks 2.0? Bruce Schneier says The US government has betrayed the internet. We need to take it back. and Make Wide-Scale Surveillance Too Expensive. But who can do that? That's a lot of coding.

patent drawing for a Eugene Stoner invention

If you're a citizen looking to keep your Fourth Amendment rights, well, look at the people who have kept their Second Amendment rights. Read pieces like Thoughts on militia kit from Bob Owens. And if you're an IT vendor, then think like a firearms manufacturer.

What's the equivalent of "militia kit" for information freedom? Has to include something like Disconnect (interview). Second Amendment defenders don't have to adopt a Merry Men lifestyle to be effective, and many Fourth Amendment fans can get by with basic privacy tools instead of becoming slow-Internet-using PGP/Tor nerds.

Can we strangle surveillance marketing with easy-to-use off the shelf privacy tools such as Disconnect? Maybe. The big problem for surveillance marketing these days is that they can't have adtech, privacy, and fraud control—they have to pick two. If the user base picks privacy for them, then the presence of fraud rings is a big problem for surveillance marketing. It's easier for a bot to hide if it can pretend to be a privacy-sensitive user.

But can users and developers, without advertisers, squeeze out adtech? Probably not. When I mock Fourth Amendment fans for failing to protect their rights as well as the Second Amendment fans do, I'm leaving out an important fact. The Second Amendment doesn't have a whole industry devoted to wiping it out, while the Fourth is under attack from every "online advertising" line item in every Marketing budget in the world. And as long as that's true, you're risking prosecution under the CFAA every time you block or scramble an ad cookie.


The last piece that needs to come together for this privacy thing to work at all is for advertisers to realize that targeted advertising loses the valuable signal that they're buying ads for in the first place. The Fourth becomes as easy to defend as the Second when violating the Fourth loses its economic constituency, not before.

Adtech is just cold calling with too much math, and it's time for the bubble to pop. More on that in Targeted Advertising Considered Harmful.