" /> net.wars: September 2019 Archives

« August 2019 | Main

September 13, 2019

Purposeful dystopianism

Truman-Show-exist.pngA university comparative literature class on utopian fiction taught me this: all utopias are dystopias underneath. I was reminded of this at this week's Gikii, when someone noted the converse, that all dystopias contain within themselves the flaw that leads to their destruction. Of course, I also immediately thought of the bare patch on Smaug's chest in The Hobbit because at Gikii your law and technology come entangled with pop culture. (Write-ups of past years: 2018; 2016; 2014; 2013; 2008.)

Granted, as was pointed out to me, fictional utopias would have no dramatic conflict without dystopian underpinnings, just as dystopias would have none without their misfits plotting to overcome. But the context for this subdiscussion was the talk by Andres Guadamuz, which he began by locating "peak Cyber-utopianism" at 2006 to 2010, when Time magazine celebrated the power the Internet had brought each of us, Wikileaks was doing journalism, bitcoin was new, and social media appeared to have created the Arab Spring. "It looked like we could do anything." (Ah, youth.)

Since then, serially, every item on his list has disappointed. One startling statistic Guadamuz cited: streaming now creates more carbon emissions than airplanes. Streaming online video generates as much carbon dioxide per year as Belgium; bitcoin uses as much energy as Austria. By 2030, the Internet is projected to account for 20% of all energy consumption. Cue another memory, from 1995, when MIT Media Lab founder Nicholas Negroponte was feted for predicting in Being Digital that wired and wireless would switch places: broadcasting would move to the Internet's series of tubes, and historically wired connections such as the telephone network would become mobile and wireless. Meanwhile, all physical forms of information would become bits. No one then queried the sense of doing this. This week, the lab Negroponte was running then is in trouble, too. This has deep repercussions beyond any one institution.

Twenty-five years ago, in Tainted Truth, journalist Cynthia Crossen documented the extent to which funders get the research results they want. Successive generations of research have backed this up. What the Media Lab story tells us is that they also get the research they want - not just, as in the cases of Big Oil and Big Tobacco, the *specific* conclusions they want promoted but the research ecosystem. We have often told the story of how the Internet's origins as a cooperative have been coopted into a highly centralized system with central points of failure, a process Guadamuz this week called "cybercolonialism". Yet in focusing on the drivers of the commercial world we have paid insufficient attention to those driving the academic underpinnings that have defined today's technological world.

To be fair, fretting over centralization was the most mundane topic this week: presentations skittered through cultural appropriation via intellectual property law (Michael Dunford, on Disney's use of Māui, a case study of moderation in a Facebook group that crosses RuPaul and Twin Peaks fandom (Carolina Are), and a taxonomy of lying and deception intended to help decode deepfakes of all types (Andrea Matwyshyn and Miranda Mowbray).

Especially, it is hard for a non-lawyer to do justice to the discussions of how and whether data protection rights persist after death, led by Edina Harbinja, Lilian Edwards, Michael Veale, and Jef Ausloos. You can't libel the dead, they explained, because under common law, personal actions die with the person: your obligation not to lie about someone dies when they do. This conflicts with information rights that persist as your digital ghost: privacy versus property, a reinvention of "body" and "soul". The Internet is *so many* dystopias.

Centralization captured so much of my attention because it is ongoing and threatening. One example is the impending rollout of DNS-over-HTTPS. We need better security for the Internet's infrastructure, but DoH further concentrates centralized control. In his presentation Derek MacAuley noted that individuals who need the kind of protection DoH is claimed to provide would do better to just use Tor. It, too, is not perfect, but it's here and it works. This adds one more to so many historical examples where improving the technology we had that worked would have spared us the level of control now exercised by the largest technology companies.

Centralization completely undermines the Internet's original purpose: to withstand a bomb outage. Mozilla and Google surely know this. The third DoH partner, Cloudflare, the content delivery network in the middle, certainly does: when it goes down, as it did for 15 minutes in July, millions of websites become unreachable. The only sensible response is to increase resilience with multiple pathways. Instead, we have Facebook proposing to further entrench its central role in many people's lives with its nascent Libra cryptocurrency. "Well, *I*'m not going to use it" isn't an adequate response when in some countries Facebook effectively *is* the Internet.

So where are the flaws in our present Internet dystopias? We've suggested before that advertising saturation may be one; the fakery that runs all the way through the advertising stack is probably another. Government takeovers and pervasive surveillance provide motivation to rebuild alternative pathways. The built-in lack of security is, as ever, a growing threat. But the biggest flaw built into the centralized Internet may be this: boredom.


Illustrations: The Truman Show.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

September 6, 2019

Traffic stop

rotated-dead-end.jpgIn a week when Brexit has been at peak chaos generation, it's astonishing how little attention has been paid to what would happen to data flows if the UK exits the EU on October 31 with no agreement in place. At a stroke, the UK would become a "third country" in data protection parlance. Granted, at the instant of withdrawal, under the Withdrawal Act (2018), all EU law is immediately incorporated into UK law - which in turn means that the General Data Protection Regulation, which came into force in 2018, is recreated as a UK law. But as far as I can tell, there still has to be a decision that the UK's data protection regime qualifies under EU law as adequate for data flows to continue unimpeded from the EU27 into the UK.

Which means that at the very least a no-deal Brexit will deliver a lengthy delay while the European Commission makes that decision. Most of the other things people are worrying about since the leaked "Yellowhammer" documents outlining the government's expectations in case of a no-deal exit alerted the country to the likely disruption - food, medicines, Customs and immigration clearance - have widespread impact but are comparatively confined to one or a few sectors. Data is *everything*. Food and medicine supply chains, agriculture, national security, immigration, airline systems...there is hardly an aspect of this country's life that won't be disrupted if data flows can't continue. As DP Network explains it, the process of assessing the adequacy of the UK's data protection regime can't even start until the UK has left - and can take months or even years. During that time, the UK can send data to the EU perfectly well - but transfers the other way will require a different legal framework. The most likely is Standard Contractual Clauses - model clauses that are already approved that can be embedded in contracts with suppliers and partners. I haven't seen any assessment of what kind of progress companies have made in putting these in place.

But this, too, is not assured. These clauses form part of the second case brought to the Court of Justice of the European Union by Max Schrems, the Austrian lawyer whose court action brought down Safe Harbor in 2015. Schrems 2.0, calls into question the legal validity of those SCCs as part of his challenge to Privacy Shield, the EU/US agreement that replaced Safe Harbor in 2016. Schrems himself believes that SCCs can meet the adequacy standard if they are properly enforced, and that they can be used to stop specific illegal transfers. For larger companies with lawyers on call, SCCs may be a reasonable option. It's harder to see how smaller companies will cope. The Information Commissioner's Office has advice. Its guidance on international transfers refers businesses to the European Data Protection Bureau's note on the subject (PDF), which outlines the options.

That's if there's a no-deal crash-out. The Withdrawal Agreement, which Theresa May tried three times to get through Parliament and saw voted down three times, has provisions preserving the status quo - unimpeded data flows - until at least 2020 as part of the transition period. This is the agreement that Boris Johnson is grandstanding about, insisting that the EU must and will make changes and that negotiations are ongoing - which the EU denies. I believe the EU, if only because for the last three years it has consistently done what it said it would do, whereas Boris Johnson...

While the UK of course participated in the massive legislative exercise that led to GDPR, it's worth remembering that a number of the business-oriented ministers of the day were not fans of some of its provisions and wanted it watered down. No matter how Brexit comes out, however, the UK will not get to do this: GDPR, like Richard Stallman's GNU license carries with it like a stowaway the pay-it-forward requirement that future use of the same material must be subject to its rules. The UK can choose: it can be a "vassal state" and "surrender" to ongoing EU enhancements to data protection - OR it can cut itself off entirely from the modern international business world.

It's not clear if any of the data issues have filtered through into the public consciousness, perhaps because stopped data flows, as SA Mathieson writes at The Register, don't sound like much compared to the specter of bare supermarket shelves. Mathieson goes into some detail about the fun businesses are going to have: EU-based travel agencies that can't transfer tourists' data to the hotels they've booked, internal transfers within companies with offices spread across several countries, financial services... If "data is the new oil", then we're talking banning all the tankers. No wonder the EU is reportedly regarding no-deal Brexit as the equivalent of a natural disaster, and accordingly setting aside funds to mitigate the damage.


Illustrations: Dead-end sign.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.