Google shows the NSA how to make surveillance socially acceptable - with a £30 TV Dongle

Do read the press cover on the launch of the new Google Chromecast TV dongle . In my blog entry on the breaking of the “Social Contract” that underpins public acceptance of the way the Internet works, I mentioned the reaction at a CTF meeting when we learned that smart TV licenses require you to give permission to transmit data on your viewing habits to anywhere in the world. The gathering pace of the convergence of the worlds of the TV, mobile phone, personal computer and Internet, often with no off-switch to protect against 24 by 7 surveillance, is now truly transformative.

The volumes of data which threaten to seriously overload our current telecommunications infrastructure and clog wifi capacity put debates over broadband policy, net neutrality, privacy and surveillance, into a different context. I have not had time to blog over the past week because I have been trying to draft possible terms of reference for studies to look at the political consequences. The hardest has been that for the study on how to balance privacy, security, consumer choice and a seamless Internet with the aspirations of suppliers to have contractual control over data on their customers’ usage (for commercial purposes) without making that data available to law enforcement to take action when they fail to protect their their customers from criminal abuse.

The members of the “Reform Government Surveillance Group” have taken the collection of data on our on-line behaviour to extremes beyond the wildest dreams of state surveillance operations – and most consumers appear happy to agree, in return for cheap access to on-line content. That has many consequences and their public statements need to be cmpared with their contractual practices.

To illustrate the direction in which they are leading debate, I would like to juxtapose the Microsoft claim that it is entitled to examine hotmail traffic to find a leak with what happened when a former  Deutsche Telekom security manager undertook similar activities over their networks to also identify a leak. He went to jail[see footnote]

If the “difference” is “merely” that between US law and German law (including the EU Data Protection and Telecoms Regulations) then the Balkanisation of the Internet is only a matter of time – unless and until the members of the Reform Government Surveillance Group help lead the way towards a new global Internet social contract. The current “contract” was reflects the hopes and fears of a generation of software engineers whose political views (we good, them bad) were formed during the Vietnam war and the side they took during the protests against that war. But Google and its peers have since taken the technologies of big data and surveillance (pioneered by Bletchley and Fort Meade) to a nature and scale that dwarves the operations of GCHQ and the NSA. 

I happen to be content to use Google and Microsoft products and services, despite their monitoring operations. But I would have far more trust in those services if they provided better and faster access to law enforcement to help protect myself and my family from those who have gained access to their data, whether legally or not, in order to impersonate, defraud or otherwise abuse us. My (qualified) trust in the political and commercial impartiality (more or less) of UK law enforcement working in partnership with industry to protect me does not, however, extend to that of the United States (more “democratically accountable” and therefore more leak-prone and policitised) or other (Roman Law) members of the European Union, let alone other parts of the world.

I would like to think that, provided others share that view, there is an opportunity for the UK to take a lead in rebuilding trust in the on-line world. But, if so, the reconciliation of that approach with a globally seamless Internet, not just technology assisted arbitrage across egualtory boundaries, will depend on the stance taken by the members of the Reform Surveillance Group. I would particularly like to see them collectively fund and publish serious research into the attitudes of consumers towards security, privacy and choice and how their business models reflect the priorities of their customers, not jsut their employees and shareholders.

Why should they do this?

If they do not their current share prices have reached their zenith and will more than halve over the next five years, whether or not the UK is capable of taking the necessary lead because:
 “Times they are a changing“.    

FOOTNOTE 29th March – Microsoft has changed policy in the wake of the reaction to publicity for this case