'Don't Let the Internet of Things Become a Tool of Mass Surveillance'

May 8, 2015 | 11:03
'Don't Let the Internet of Things Become a Tool of Mass Surveillance'
'Don't Let the Internet of Things Become a Tool of Mass Surveillance'
During World War II the Dutch resistance set fire to the Amsterdam municipal register to destroy the personal records of the city's inhabitants in an attempt to prevent Nazi occupiers from using that information to identify Jews. In commemoration, sci-fi writer Cory Doctorow examined the parallels between WWII and the dark side of information technology during the Godwin lecture held each year on Liberation Day.

The lecture was held on the premises of Natura Artis Magistra where once the municipal register stood. Representing Artis, most famous for its city center zoo and co-organizer of the lecture, Artis-professor Erik de Jong opened the evening.

'I have brought with me a paper produced in the municipal register: an identity card of a woman. It is stamped with a J for Jew. This card identified this woman as Jewish. She was therefore forced to wear this', De Jong said as he held up a yellow Star of David, 'her identity for everybody to see, to recognize,perhaps to admire or to despise or to destroy.

'Not far from here is the Dutch Theater where Jews were assembled and taken away to Westerborg.

'This is as tangible as I can make the question of identity as it became so forcefully prominent during the second world war, the liberation of which we celebrate today.'

Destroying the data

The attack on the municipal register took place on March 27, 1943. Armed with explosives a group of resistance members set fire to the building. Several trusted fire fighters had been informed beforehand and when they reached the scene they stalled to let the flames do their work. When they finally turned on their hoses they flooded the place to let water damage take care of the remaining papers.

Unfortunately, the attack was only partially successful and many of the files on the citizens of Amsterdam survived. The attempt to destroy the data came at a high price, 12 freedom fighters were executed after being convicted of taking part in burning down the register on July 1, 1943.

Doing a Godwin

The data, collected in less sinister times for completely different purposes, had become life threatening records for Roma, Sinti, Jews and people in age groups targeted for forced labor. And yet, when analogies like these are brought up in debates about data protection, it is waved off as overly dramatic and bad form. There's even a phrase for it: doing a Godwin.

'Mike Godwin named a law after himself that states: 'As an online discussion continues, the probability of a reference or comparison to Hitler or to Nazis approaches 1'', explained the second speaker Hans de Zwart, Director of the digital civil rights non-profit Bits of Freedom.

Godwin was appalled by the casual ease with which Nazi comparisons were thrown around in online newsgroups because it diminishes the gravitas of the memory of the holocaust. So he deliberately created the Godwin Law meme as a counter measure.

'But now Godwin's Law has become a stick to hit anyone who makes a historical comparison with WWII', said De Zwart. 'But there are so many lessons we can learn from history.

'So when the idea arose to use the former building of the municipal register as a setting to talk about the current issues with privacy and data retention, I said: 'but than we'd be doing a Godwin.'' And so the lecture was named.

A dark and winding road

Then it was time for keynote speaker Cory Doctorow. The sci-fi writer and internet activist took the audience on a winding journey through past and present to warn against a future in which the Internet of Things becomes a tool for unprecedented mass surveillance.

When CDs first came out you could do all kinds of things with it. Vendors supplied software that enabled the user to rip, mix and burn that CD, said Doctorow. But when DVDs first arrived in 1996 these features were lacking. 'DVDs are almost the same technology but it has a digital lock on it, so no legal products have emerged that allow you to do more with your DVD than watch it'.

The method vendors use to lock users out of the cultural products they buy, is digital rights management (DRM): software preventing users from doing something as straight forward as backing up their paid-for data.

This lock-out is a gold mine for companies because it enables them to continue to extract money from their customers. Should you want to watch that movie you bought 20 years ago on your phone today, you'll have to buy a new copy, said Doctorow.

The natural thing for any user who is locked out of stuff she feels she owns, is to break the lock to get access. And, since digital locks are nothing but software, this can be easily accomplished. But businesses have convinced governments that it is legitimate to use the law to enforce user lock-out, said Doctorow. There are a host of global treaties that, in the name of preventing privacy, make it a jailable offense to break the digital lock.

Internet of Things

As the world is increasingly made out of computers, the copyright-based lock-out increasingly encroaches on everyday life. John Deere, the manufacturer of agricultural machinery, recently claimed farmers are no longer entitled to do what they want with the tractors they buy. Because the company owns the copyright to the software running the machine, it claims farmers can't modify or fix the tractor without prior consent. Effectively locking farmers out of the machines they rely on.

The rise of the Internet of Things will most likely be spearheaded by the smart home. We'll bring more and more connected devices into the most intimate of spaces. But if vendors continue to rely on user lock-out as a business model, these devices will be designed to mistrust us. Another disconcerting aspect of device lock-out, warned Doctorow, is neither users nor independent researchers can legally vet the software for bugs, making devices reservoirs of long-life vulnerabilities.

Meanwhile governments can't be relied on to keep our devices safe either, according to Doctorow. He referenced the NSA's Bullrun and GCHQ's Edgehill programs which actively sabotage security of devices to exploit these flaws to attack bad guys. He also mentioned the ongoing debate about mandatory backdoors in consumer devices, politicians and law enforcement officials claim are necessary 'to keep the people safe'.

When combining all these elements, the Internet of Things could become the perfect tool for a global surveillance system, concluded Doctorow.

But this need not be. By using cryptography, creating business models based on privacy and knocking down copyright laws, we can create a different internet. And with it, the sci-fi author urged, a different future.

The Godwin lecture was organized by online journalism platform De Correspondent, Artis Natura Magistra and Bits of Freedom.

You can watch the entire Godwin lecture here. (The sounds gets better when Doctorow takes the stage).
Loading comments...
related items