Surveillance & Privacy

Q: What’s your business model? A: Predict and modify human behavior.

 

We now live in the “information civilization”. The amount of data we each generate is ever increasing: at work, when we browse the internet, when we post on social media, go out with our smartphones, drive or with our wearable technologies. And the amount of data produced about us without our explicit consent is also exploding (think of public surveillance cameras, Google Street cars taking picture of your home or collecting data about your private wifi, Facebook auto-tagging picture feature etc.).

What can be done with this data is increasingly becoming either amazing or terrifying, depending on how you look at it. The number one risk with surveillance is not only the lack of liberty and the fact that you cannot have secrets anymore, but it is the risk of companies and States gaming your data and trick you to act differently. Think of a Uber driver seeing a new customer not far when he is about to stop is shift, think of facebook showing you news A more than news B to keep you using the app longer…

Here are three trends that are already shaping our “data powered” society and that we’ll cover in more depth in the next months:

  • Surveillance Capitalism.

  • State Surveillance.

  • “Anti-surveillance” & “privacy first” technologies.

 

1. Surveillance capitalism

According to Zuboff the information civilization, that we now live in, has given birth to a new form of capitalism: surveillance capitalism. The two dominant forms of capitalism in the 20th century were built on the accumulation of production power (to mass produce goods) and the accumulation of financial assets. The newest form of capitalism is based on the accumulation of data.

To do what?

Quoting Zuboff: “This new form of information capitalism aims to predict and modify human behavior as a means to produce revenue and market control.

Thinks of Google ads or Facebook feed.

Google is the first “surveillance capitalist” firm to have reached hyperscale. But more have since emerged (Facebook) or are going toward that direction (Amazon, Uber) and this business model is becoming the norm for startups in an “AI powered” world (predict behaviors and influence users).

 

2. State surveillance

But private firms are not the only entities which find interest in extracting and accumulating as much data about us as possible. Many States are going the same direction and what was once depicted as a dystopian future is almost reality in certain parts of the world (see this article about the experiments conducted in China).

What’s interesting is that this appetite for “data domination” creates huge tensions between the States and the Google or Facebook. They are clashing at many levels like Google facing several lawsuits because of the data they collect without any consent for Google Street. And some countries start to put obstacles in front of these firms, such as GDPR in Europe, that aim at giving more power back to the users (whether or not it will work is another debate).

Which direction States are going to follow in this “information age” and how their relationships with the surveillance capitalist firms will develop are two topics that will impact deeply our society in the years / decades to come.

 

3. “Anti-surveillance” & “privacy first” technologies

And what about us? The people caught in the middle? If some don’t care and are perfectly fine with abandoning privacy to benefit from highly personalized services, others would like to have more control. In that perspective an increasing number of tools are tackling these issues, and they are used by more and more people:

  • Web browsing: Tor network (which usage has doubled the past 2 years), web browsers such as Brave, search engines such as DuckDuckGo (which usage has doubled the past 2 years) etc.

  • Messaging: Signal, Telegram (which has over 100M active users) etc.

  • Anti-surveillance tech: clothes to trick surveillance cameras, invisibility glasses to trick face recognition software, umbrellas to hide from drones, anti-data sniffing underwear (all of them exist and are listed in our mindmap below).

  • Closed internet: private peer-to-peer networks, mesh networks...
     

Our must-reads this month:


The future of the internet might be Alternative Internet Providers & Closed Networks

Before we dig into the rise of alternative Internet Service Providers and closed networks it’s maybe worth recapping how the internet works (we’ll keep it short, don’t worry). Basically internet is a network of networks. It’s a huge number of networks which are interconnected.

But all networks are not equal in importance, there’s actually a hierarchy.

Let’s illustrate it with a concrete example. Let’s say you setup a home network, connecting your computers together through a WIFI, a LAN or whatever you want. Your network is quite limited (it’s shared across a couple of computers only), but it’s a network. Now, if you want to have access to Facebook, Google or other websites, you need to connect your home network to another network which is connected to Facebook & Google servers. And this is your internet provider (ISP).

The biggest internet service providers belong to “Tier 1 networks” (many are big Telco companies) and are on top of the food chain. They can access every public network available directly or indirectly (this is why you pay for them), and they own a big chunk of the internet infrastructure: from the cables and optic fibers installed in our cities to the huge undersea cables which connect the different continents. We won’t go into too much details, but other lower ranked Internet providers also exist (Tier 2, Tier 3). They own less infrastructure (sometimes even none) and need to “pay” their access to the internet from the bigger players. Your home network is, sorry for you, really low ranked in this hierarchy and doesn’t have much power.

This hierarchy explains why:

  • Many Tier 1 networks are against Net Neutrality. Since they have a dominant position and own a big chunk of the pipes, they want to be able to charge differently depending on the source of the traffic they route.
  • Many Tier 1 ISPs are not interested in serving smaller markets like rural areas.
  • Companies like Google and Facebook want to own more infrastructure (E.g: Google optic fiber).

The rise of “alternative Internet Providers”

In this environment we’re seeing an increasing number of alternative, and very often local, Internet Providers being created. These smaller internet providers can be private companies, associations or even local administrations (community broadbands) which provide internet access to their communities with various aims in mind: granting access for underserved populations, for cost reasons, to guarantee Net Neutrality, to push for local economic or social development, to guarantee privacy and more.

For instance the number of community broadbands (internet provided by municipalities) in the US has almost doubled the last three years from 450 listed in 2015 to 750 in 2018.

Even in France, where current regulation ensures Net Neutrality, forces the major ISPs to cover rural regions and forbid them to monitor and resell their users’ consumption habits, several alternative ISPs exist (for example Illico an internet provider which is run by a local association preaching for Net Neutrality). Another great example of such providers is Gufi in Spain which has over 33,000 active nodes and about 46,000 km of wireless links.

But how can they provide internet independently? As I explained above “anyone” can start its own Internet Service Provider by renting/buying access from the bigger players. Some of these alternative providers are “purely virtual” (they own no infrastructure and only rent their access) while others build the local infrastructure (local governments installing fiber optic or associations mounting antennas on buildings for wireless internet) and they connect their local infra to the main networks directly at Internet Exchange Points (which are building where ISPs exchange Internet traffic between their networks).

We definitely think that we’ll see more and more of these alternative ISPs emerge and that an increasing number of users will choose them over traditional Telco Companies. See also initiatives such as SpaceX Starlink recently.

The rise of “closed networks”

Another very interesting trend to follow are “closed networks”. By closed networks we mean networks which are not connected to the internet. If like us you’re in your thirties / forties (;-) Nico), you’ve probably experienced closed networks when you were younger through “LAN parties”.

But you can do much more than playing games. This article on Wired describes the closed network that Cubans built because they were frustrated with the connexion provided by the government. The “real internet” is barely usable on the Caribbean Island so people have built a local wireless network accessible to anyone, not connected to the internet, where they can use messaging apps or download content from the local servers (people who are flying back to Cuba are bringing with them hard drives full of content that they upload on the local physical servers so that everyone can benefit from it).

What makes closed networks more and more interesting is that the technology to run them is becoming mature and the applications that can run on them more sophisticated.

For instance in terms of infrastructure mesh networks are getting increasingly popular and easier to use. If the dominant model on the internet is the server/client one (when you send a Whatsapp message to your neighbour, the message will first be sent to Facebook’s servers thousands of miles away and then it will be routed back to your neighbor), Mesh Networks have a more “peer-to-peer” approach. In such networks each person is a node that can transmit data. So when you send your message to your neighbour it’ll travel directly through the fastest “local” path. And there’s no central entity that can take the network down.

GoTenna is a good example. The startup sells a piece of hardware that you pair with your phone and once it’s done you are part of their Mesh Network. You can send and receive messages from other members without having an internet connexion (if you have other members close enough to you, otherwise there’s no magic you cannot reach anyone).

If the main use cases of Mesh Networks are messaging and location sharing, which are especially useful in the context of natural disasters and political upheavals, you can actually do much more than that. 

Scuttlebutt is for example a social network that can run completely on “closed networks”. Services such as Pirate Bay showed that it was possible to share big files in a P2P way, so it’s possible to have the same model running on closed networks (and watch videos). We’ve also seen some B2B startups offering “closed network” products to businesses: the applications running on these closed networks have less chanced to be breached from the outside and can run faster.

We also believe this trend will spark a new wave of personal servers that people will keep at home (or in their pocket). It started a long time ago with people storing media files (music, photos and movies) on their home “NAS”, but what if people started to store apps or their personal data? It would be first stored locally, and then sent to external services (think of a segment.com but for your personal data).

It’s also worth noting that many of these closed networks, and the applications which run on them, can also work while connected to the internet. Think of your Google Docs that you can edit on your browser while offline and that will be updated online once you are connected, this model make sense for plenty of apps. Scuttlebut, the social network I spoke about above, can work 100% in “local mode”, but you can also setup a web server so that people on the other end of the world can read your posts. This “hybrid” mode has a huge potential.

Conclusion

Why are we speaking about these two trends in our “Surveillance & Privacy” section?

Because these models are a great counter-balance to a “centralized” internet where the power might be too concentrated in the hands of a few big internet companies and ISPs. What is currently happening in the US (Net Neutrality is threatened and ISPs can already sell their customers’ surfing data) can also happen in other parts or the world (several big telco companies are pushing for the same rules in Europe). People are increasingly aware of these problems and embrace these alternative models, whether as a complement or as standalone solutions.

What is also exciting is that the infrastructure needed and the software that run on these closed networks are only getting better. We’re still very early but there’s a lot of interesting stuff happening in crypto & blockchain tech that could be applied here. We expect a lot of interesting startups to emerge.
 

Our must-reads this month:


States and Surveillance capitalism firms: a love & hate relationship

What?

In our data-powered society two trends are deeply linked: on one side the major surveillance capitalist firms (Google, Facebook etc.) keep getting more powerful and keep building strategic assets that States covet. On the other side, States are increasingly hungry for data (State Surveillance) and need the same state-of-the-art technology that these firms are building. Which results in a love & hate relationships.

How?

Love. Google sharing its AI technologies with the US military or mobile data with the Police, Alibaba providing the technology used by the Chinese State to build its citizen surveillance program, there are many reasons why States and SCF can find interest in collaborating. From access to unique data sets to political interest or just plain pressure.

Hate. But at the same time they are also clashing at many levels, like Apple refusing to unlock iPhones for the FBI, Europe creating GDPR to strengthen data protection and privacy for its citizen (as well as to control the transfer of data to the US), Google facing several lawsuits and investigations over their various “data collection” programs (Google Street View), the State of Washington which “has become the first state to enact its own net neutrality requirements” or more recently the US congress summoning Zuckerberg over Facebook data use.

Why it’s important?

The interplay between States and Surveillance Capitalist firms will be interesting to observe in the years to come:

  • This symbiosis between SCF and States will increasingly be important. The US and China have their own (Google, FB, Tencent, Baidu, Alibaba…) and many European States are pushing hard to have their national champions / Sovereign Cloud (with poor results so far, which is why they are setting up a pan European fund of $1.2B).
  • A consequence is that we should expect more frictions between States and foreign SCF. See how Europe starts to put various obstacles in front of the GAFA (GDPR), how China blocks them, how India rejected FB effort to bring “free” internet, more recently how Australia banned Wechat for their Defense Ministry employees or how the UK parliament summoned Zuckerberg to answer their questions.
  • Some even people even think that we should treat data as oil: “The solution is to take up the template of resource nationalism, and nationalize our data reserves. This isn’t as abstract as it sounds. It would begin with the recognition that all of the data extracted within a country is the common property of everyone who lives in that country.”
  • This symbiosis will grow much deeper in States like China at the expense of citizen privacy and freedom (and to the benefit of the SCF), while in regions like EU where there’s more regulation around citizen data protection, their relationship will be more a love & hate relationship.

Our must reads this month:

  • [Article] Facebook Really Is Spying on You, Just Not Through Your Phone’s Mic.
  • [Data points]: “Alibaba is already China’s biggest R&D spender, forking out $2.6 billion in 2017. DAMO will effectively triple its research budget, to more than $7 billion. That most likely means Alibaba will overtake IBM, Facebook, and Ford and will narrow the gap with the world’s leaders, Amazon and Alphabet, which spent $16.1 billion and $13.9 billion respectively on R&D in 2017.source.
  • [Product] Have i been pwned? “Check if you have an account that has been compromised in a data breach” (I tried it and it’s scary…).

The Data as Labor vs Data as Capital or why we may soon receive a payslip with the machine teacher job title.

At the heart of the privacy/surveillance subject lies personal data. What is this data? Who owns this data? How much value does it have overall and marginally? An interesting debate is rising between two ways to look at it: is personal data a capital owned by the user who could then resell it, or is creating personal data a labor and users should be paid a salary for this job. 

What?

Personal data is not just the content you create directly. This is just the tip of the iceberg. Using any digital tool leaves a trail of data that we create actively (content, likes, share…) and passively (location, click/did not click, time spent, browser used...). Altogether this create our personal data stock, or trail would be a more accurate word. We all have one as soon as we use a digital tool whether we are logged in or not. Personal data is valuable individually to describe a user but also as an aggregate to detect patterns. A lot of online businesses are based on leveraging personal data to increase usage of a product and its monetisation. So should users be paid for the data they produce? If yes, how and how much?

How?

There are 2 different way to look at this.

Data as Labor

We can consider that all users are producing data and they should be paid a wage for this task. The idea is that we are all employees of machine learning algorithm. The defenders of this idea consider it fairer because everybody gets paid not just the people proactively looking to get paid. Some people like Jaron Lanier in this paper link this idea to the Universal Basic Income.

Data as capital

Because we are producer of the personal data we then can be the owner of this data and thus should be allowed to sell it. Advocate of this idea are more the free market people. They consider everybody is responsible and can decide what to sell.

Microsoft research published a great paper on that topic in decembre 2017 and recently a “free market” think tank released a good report defending the data as property model. (funny enough this sparked a classical left vs right intellectual debate:  marxist defending the labor angle and free marketer defending the capital :-) it seems that some controversies never get old.

source : https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3093683

How do you value and price personal data?

Whether you choose the data as labor or the data as capital argument you need to find a way to price personal data and this is getting tricky. Do you pay for the whole data set or just unique data point, for the dynamic evolution or for a large snapshot ... Researchers are finding way to point out the sub set of data that is meaningful to a learning algorithm ie reducing its error rate .That would allow a pure dynamic value based pricing but this may be difficult to apply. There are of course some blockchain / token based project around those ideas.

Why it’s important?

Personal data is already a business asset that can be traded and it will become more and more tradable. New business and organization will emerge from this trend. We could see union like organization where digital platform users will regroup to collectively bargain the value of their work. We may also see some tools acting as personal agents that will help users manage their data and sell them, brokers and marketplaces will emerge.

The taxation of digital economy is also a major topic that is still looking for better solutions. Considering data as labor or capital creates new ways for governments to collect taxes from digital platforms.

Our must reads this month:

  • [Data point] Brave recently hit the 2 million monthly average user mark, DuckDuckGo is seeing its highest traffic ever, with more than 24 million direct search queries per day (image below: average daily queries on DuckDuckGo). Source.

  • [Article] Good article in the Guardian on the personal data collected by telco operator. (The business model of Telco is changing to Surveillance Capitalism).

  • [Article] Data Poisoning attack on Deep Learning model. This may be the hacking of tomorrow.  insert fake data in a dataset to fool the algorithm.