The Internet is under threat, mostly from governments. We need companies to help people stand up to government threats, but companies cannot solve the problems for us. This is what I told the audience on Thursday, at an event co-hosted by CIS and the Program on Liberation Technology. At the event, Google General Counsel David Drummond gave a speech about how the good the Internet does is under threat, largely from governments. After David’s speech, I gave a five-minute reaction before he took questions from the audience. Here’s the text of what I said:
Thank you, David.
Computer security analyst Dan Geer has said, the Internet was built by academics, researchers, and hackers – meaning that it embodies a particular cultural interpretation of American values. It was designed to be open, non-hierarchical, self organizing, and essentially ungovernable, beyond the few protocols required enable multiple parties to communicate over distributed fiber optic cables.
Depending on who you are, this either warms your heart, or scares the bejeezus out of you. David and I are on the heartwarmed side. As David as argued tonight, the Internet has been an unimaginable public good as a result: prosperity, education, political activism, creativity—in short, freedom. Its no surprise that the Internet was born in a nation with the First and Fourth Amendments, nor that it flourished in a land with CDA 230, a law which protects intermediaries from liability for their users’ speech. I believe the Internet is perhaps the greatest liberation technology humankind has ever known.
On the other hand, governments are terrified by the Internet for the usual reasons. Governments believe the most salient characteristics of the network are that “critical infrastructure” is in danger of cyberattack, criminals and thieves run amok, state secrets will be revealed to the detriment of national security, and radicals are organizing below the radar to overthrow governments or conduct terrorist attacks. To be sure, there are real problems on the network, of varying degrees of seriousness and proliferation: censorship (both government and corporate), surveillance, insecurity, copyright infringement, hate speech, child pornography. Whether, how and who should address these problems is changing the public approach to the Internet.
We talk about three ways to address problems: technology, policy, norms and law. Of these, Governments like law, because when you have a hammer, everything is a nail. Any given government wants to change the law, to give itself more control over the Internet. To some governments, the inherently American nature of the Internet is particularly distasteful. Depending on the government, it wants a more civilized place, or a subservient one.
So, the nature of the Internet is changing. Governments come with their surveillance requests, asking for “good will” sharing of user information without following the law, asking for back doors in products to allow wiretapping, demanding encryption keys. Companies face a choice: comply or shut down. This is what secure email provider Lavabit did last year. But very few can make the same choice. Google will not shut down over a secret order to disclose encryption keys.
Nor will the company rebel over secret orders to warrantlessly disclose information about their non-American customers. Last June, documents from Edward Snowden revealed the PRISM program for collecting communications targeting foreigners, people finally understand the breadth of spying on regular people for any foreign intelligence reason, without any evidence of wrongdoing or of connection to a foreign power. Now that the public understands what’s happening, people are angry, and want the surveillance to stop. Will the big internet companies put their economic and political assets on the line to fight encryption key access, design mandates, or the human rights of their users—including those overseas?
Yes, Google has been a leader in transparency, and yes, Google and other large Internet companies have sued to be allowed additional levels of transparency. Real transparency is necessary, but it is not sufficient. Unfortunately, if commercial interests do not rise up against mass surveillance—sooner as opposed to later—Congress won’t do anything about it. But other national governments will. Brazil, Germany, Russia and others are demanding that American companies store user data in the user’s country of residence. That will not protect non-Americans from the NSA. The agency can still ask for information from providers under PRISM. The NSA can collect the information as it flows overseas with even fewer restrictions than it currently might have. And, local storage makes the data vulnerable to an additional spy: the country where it is stored. As bad as the NSA is, local storage is even more dangerous, and would be to the detriment of internet users as a whole.
Technology can help us—and has. Yet, strong commercial encryption has come about too slowly. We’ve learned that even with one-click encryption, one click is too many. Still, Google and Yahoo were able to unilaterally end GCHQ’s mass surveillance on the fiber optic cables that carry data center to data center transfers by encrypting those links with SSL. We will need Internet companies to protect our data.
But they will only do so if it affects the bottom line: profits. The Internet is a business now. Gmail resides unencrypted on Google servers, available to governments for the asking. And it always will, because that is what is required to make money from that ad-based service. When making lots of money clashes with company values, money will almost certainly win.
Sir Tim Berners-Lee, the founder of the World Wide Web has said we need to redecentralize the web, so that there are fewer choke points. He said its worrisome to be “reliant on big companies, and one big server”. I agree. We must be vigilant about the commercial pressures to undermine the liberating nature of the Internet. We have to worry about corporations. But not as much as we have to worry about the government.
Dan Geer said the pressures our network currently faces mean that the Internet will never again be as free as it is right now. I’m an optimistic person, so I do not believe that istrue. But we are going to have to strive--smartly and together--to reverse the trend David has identified this evening.