by Jared Cohen
As discussed above, the trail of information that will shape our online identities in the future begins well before any citizen has the judgment to understand it. The scrutiny that young people will face in the next decade will be unlike anything we’ve seen. If you think it is hard to get past a co-op board today, just imagine when it has the equivalent of your life story at hand. Because this development will affect a large portion of the population, there will be sufficient public pressure and political will to generate a range of new laws for the digital age.
As this next generation comes fully into adulthood, with digital documentation of every irresponsible thing they did during adolescence, it’s hard to believe that some politicians won’t champion the cause of sealing virtual juvenile records. Everything an individual shares before the age of eighteen might then become unusable, sealed and not for public disclosure on pain of fines or even prison. Laws would make it illegal for any employer, court, housing authority or university to take that content into account. Of course, these laws would be difficult to enforce, but their very presence would lend a hand in changing norms, so that most adolescent mishaps caught online may ultimately be viewed by society with the same lens as experimental drug and alcohol use.
Other laws may emerge as attempts to safeguard privacy and increase the liability for those releasing confidential information. Stealing someone’s cell phone could be considered on a par with identity theft, and online intrusions (stolen passwords, hijacking accounts) could well carry the same charge as breaking and entering.7 Each country will determine its own cultural threshold for what type of information is permissible to be shared, and what type is inappropriate or just too personal. What the Indian government considers obscene or perhaps pornographic, the French might let pass without a second thought. Consider the case of a society that is deeply concerned about privacy but is also saturated with camera-equipped smart phones and inexpensive camera drones that can be purchased at any toy store. The categories that exist for paparazzi photographers (“public” versus “private” space) could be extended and applied to everyone, with certain designated “safe zones” where photography requires a subject’s consent (or, in the case of Saudi Arabia, consent from a female subject’s male guardian). People would use specific apps on their phones to get permission, and because digital photos generate a time stamp and digital watermark, determining if someone took an illegal picture would be simple work. Digital watermarking refers to the insertion of bits into a digital image, audio or video file that contains copyright information about the file’s owner—name, date, rights and so on. Watermarks act as protection against manipulation because, while they are invisible, they can be extracted and read with special software, so when tampering is suspected, technical experts can determine whether a file is indeed an unadulterated copy or not.
For the third type of coping strategy, at the societal level, we need to ask how non-state actors (such as communities and nonprofit organizations) will respond to the consequences of the data revolution. We think a wave of civil-society organizations will emerge in the next decade designed to shield connected citizens from their governments and from themselves. Powerful lobbying groups will advocate content and privacy laws. Rights organizations that document repressive surveillance tactics will call for better citizen protection. There will be support groups to help different demographics deal with the consequences of undeletable data. Educational organizations will try to reach school-age children to avoid over-sharing. (“Never give your data to a stranger.”) The recent campaign in the United States against cyber-bullying is truly a harbinger of what is to come: broad public acknowledgment, grassroots social campaigns to promote awareness, and tepid political attempts to contain it. Within schools, we expect that teachers and administrators will treat cyber-bullying with the same weight and penalties as physical altercations, only instead of a child’s being sent to the principal’s office after recess, he will be sent there when he arrives in the morning for something he wrote online the previous night at home.
In addition to mitigating the negative consequences of a more connected world, non-state actors will be responsible for generating many of the most promising new ideas that harness these technological changes for the better. In developing countries, aid organizations are already leading the way with innovative pilot projects that capitalize on the growing global connectivity. During the 2011 famine in East Africa, the United States Agency for International Development (USAID) administrator Rajiv Shah reported that his organization was using a mix of mobile money platforms and the traditional “hawala” money-transfer system in Somalia to get past the violent Islamist group al-Shabaab’s ban on aid for affected populations. (The hawala system is an Islamic-world network of trust-based money-transfer agents who operate outside of formal financial institutions.) The high rate of growth of mobile adoption and basic connectivity in the country has forged new opportunities for both the population and those seeking to help. Nonprofit and philanthropic organizations in particular will continue to push the boundaries of technology-driven solutions in the new digital age, well suited as they are to the task, being more flexible than government agencies and more able to absorb risk than businesses.
The fourth category of coping strategy is the personal. Citizens will demonstrate an increased reliance on anonymous peer-to-peer communication methods. In a world with no delete button, peer-to-peer (P2P) networking will become the default mode of operation for anyone looking to operate under or off the radar. Contemporary mobile P2P technologies like Bluetooth allow two physical devices to speak directly to each other rather than having to communicate over the Internet. This is in contrast to P2P file-sharing networks such as BitTorrent, which operate over the Internet. Common to both forms of peer-to-peer technologies is that users connect to each other (acting as both suppliers and receivers) without using a fixed third-party service. For citizens in the future, P2P networking will offer an enticing combination of instant communication and independence from third-party controls or monitoring.
All smart phones today are equipped with some form of peer-to-peer capability, and as the wave of cheap smart phones saturates the emerging markets in the next decade, even more people will be able to take advantage of these increasingly sophisticated tools. Bluetooth is already massively popular in many parts of the developing world because even very basic phones can often use it. In much of West Africa, where mobile adoption has vastly outpaced computer use and Internet growth, many people treat their phones like stereo systems because easy peer-to-peer sharing allows them to store, swap and listen to music entirely through their phones.
Mobile jukeboxes in Mali may be a response to specific infrastructure challenges, but people everywhere will begin to favor P2P networking, some for personal reasons (discomfort with undeletable records) and others for pragmatic ones (secure communications). Citizens in repressive societies already use common P2P communication platforms and encrypted messaging systems like Research in Motion (RIM)’s BlackBerry Messenger (BBM) to interact with less fear of government intrusion, and in the future, new forms of technologies that utilize P2P models will also become available to them.
Today, the discussions around wearable technologies are focused on a luxury market: wristwatches we’ll wear that vibrate or apply a pulse when our alarm clock goes off (of which some versions already exist), earrings that monitor our blood pressure and so on.8 New applications of augmented reality (AR) technology (the superimposing of touch, sound or images from the virtual world over a physical, real-world environment) promise even richer wearable experiences. In April 2012 Google unveiled its own AR prototype called Project Glass—eyeglasses with a built-in display over one eye that can convey information, handle messages through voice command and shoot and record video through its camera—and similar devices from other companies are on the way. In the future, the intersection of wearable technology, AR and peer-to-peer communications will combine sensory data, rich information ch
annels and secure communications to generate exceptionally interesting and useful devices. In a country where religious police or undercover agents roam public areas, for example, good spatial awareness is critical, so a wearable-technology inventor will design a discreet wristwatch that its wearer can use to send a warning pulse to others around him when he spots a regime agent in his vicinity. An entirely new nonverbal language will emerge around sensory data—perhaps two pulses tell you a government agent is nearby, and three will mean “Run.” Using GPS data, the watch would also share the location of its wearer with others, who might be wearing AR glasses that could identify which direction the agent is coming from. All these communications will be peer-to-peer. This makes them more secure and reliable than technologies that depend on being connected to the Internet.
Your device will know things about your surroundings that you have no way of knowing on your own: where people are, who they are and what their virtual profiles contain. Today, users already share their iTunes libraries with strangers over Wi-Fi networks, and in the future, they’ll be able to share much more. In places like Yemen, where socially conservative norms limit many teenagers’ ability to socialize with the opposite sex, young people may elect to hide their personal information on peer-to-peer networks when at home or at the mosque—who knows who could be looking?—but reveal it when in public parks and cafés, and at parties.
Yet P2P technology is a limited replacement for the richness and convenience of the Internet, despite its myriad advantages. We often need stored and searchable records of our activities and communications, particularly if we want to share something or refer to it later. And, unfortunately, not even P2P communications are a perfect shield against infiltration and monitoring. If authorities (or criminal organizations) can identify one side of a conversation they can usually find the other party as well. This is true for messaging, voice-over-Internet-protocol (VoIP) calls—meaning phone calls over the Internet (e.g., Google Voice and Skype) and video chats. Users assume they are safe, but unless the exchange is encrypted, anyone with access to intermediate parts of the network can listen in. For instance, the owner of a Wi-Fi hot spot can listen to any unencrypted conversations of users connected to the hot spot. One of the most insidious forms of cyber attack that P2P users can encounter is known as a “man-in-the-middle” attack, a form of active eavesdropping. In this situation a third-party attacker inserts himself between two participants in a conversation and automatically relays messages between them, without either participant realizing it. This third party acts like an invisible intermediary, having tricked each participant into believing that the attacker is actually the other party of the conversation. So as the conversation occurs (whether through text, voice or video), that third-party attacker can sit back and watch, occasionally siphoning off information and storing it elsewhere. (Or, more maliciously, the attacker could insert false information into the conversation.) Man-in-the-middle attacks occur in all protocols, not just peer-to-peer, yet they seem all the more malicious in P2P communications simply because people using those platforms believe they are secure.
And even the protection that encryption offers isn’t a sure bet, especially given some of the checks that will still exist in the physical realm. In the United States, the FBI and some lawmakers have already hinted at introducing bills that would force communications services like BlackBerry and Skype to comply with wiretap orders from law-enforcement officials, introducing message-interception capabilities or providing keys that enable authorities to unscramble encrypted messages.
P2P networking has a history of challenging governments, especially around copyright issues for democracies (e.g., Napster, Pirate Bay) and political dissent for autocracies (e.g., Tor). In the United States, the pioneer of P2P file sharing, Napster, was shut down in 2001 by an injunction demanding that the company prevent all trading of copyrighted material on its network. (Napster told a district court that it was capable of blocking the transfer of 99.4 percent of copyrighted material, but the court said that wasn’t good enough.) In Saudi Arabia and Iran, religious police have found it extremely difficult to prevent young people from using Bluetooth-enabled phones to call and text complete strangers within range, oftentimes for the purpose of flirting, but also for close-proximity coordination between protesters. Unless all mobile devices in the country are confiscated (a task the secret police realize is impossible), the flirtatious Saudi and Iranian youth have at least one small edge on their state-sponsored babysitters.
BlackBerry mobile devices offer both encrypted communication and telephone services, and the unique encryption they offer users has led many governments to target them directly. In 2009, the United Arab Emirates’ partially state-owned telecom Etisalat sent nearly 150,000 of its BlackBerry users a prompt for a required update for “service enhancements.” These enhancements were actually spyware that allowed unauthorized access to private information stored on users’ phones. (When this became public knowledge, the maker of BlackBerry, RIM, distanced itself from Etisalat and told users how to remove the software.) Just a year later, the U.A.E. and its neighbor Saudi Arabia both called for bans on BlackBerry phones altogether, citing the country’s encryption protocol. India chimed in as well, giving RIM an ultimatum to provide access to encrypted communications or see its services suspended. (In all three countries, the ban was averted.)
Repressive states will display little hesitation in their attempts to ban or gain control of P2P communications. Democratic states will have to act more deliberately. We already have a prominent example of this in the August 2011 riots in the United Kingdom. British protesters rallied to demand justice for twenty-nine-year-old Mark Duggan, who had been shot and killed by British police in Tottenham. Several days later the crowds turned violent, setting fire to local shops, police cars and a bus. Violence and looting spread across the country over subsequent nights, eventually reaching Birmingham, Bristol and other cities. The riots resulted in five deaths, an estimated £300 million ($475 million) in property damage and a great deal of public confusion. The scale of the disorder across the country—as well as the speed with which it spread—caught the police and government wholly off guard, and communication tools like Twitter, Facebook and particularly BlackBerry were singled out as a major operational factor in the spread of the riots. While the riots were occurring, the MP for Tottenham called on BlackBerry to suspend its messaging service during night hours to stop the rioters from communicating. When the violence had subsided, the British prime minister, David Cameron, told Parliament he was considering blocking these services altogether in certain situations, particularly “when we know [people] are plotting violence, disorder and criminality.” His goal, he said, was to “give the police the technology to trace people on Twitter or BBM, or close it down.” (After meeting with industry representatives, Cameron said industry cooperation with law enforcement was sufficient.)
The examples of the U.A.E. and the U.K. illustrate real concern on the part of governments, but it is important to clarify that this concern has been about encryption and social networking. In the future, however, communication will also take place on mobile P2P networks, meaning that citizens will be able to network without having to rely on the Internet (this was not the case in the U.A.E. and the U.K.). It stands to reason that every state, from the least democratic to the most, may fight the growth of device-to-device communication. Governments will claim that without restrictions or loopholes for special circumstances, capturing criminals and terrorists (among other legitimate police activities) and prosecuting them will become more difficult, planning and executing crimes will be easier and a person’s ability to publish slanderous, false or other harmful information in the public sphere without accountability will improve. Democratic governments will fear uncontrollable libel and leaking, autocracies internal dissent. But if illegal activity is the primary concern for governments, the real challenge will be the combination of virtual currency with anonymous networks that hide the phy
sical location of services. For example, criminals are already selling illegal drugs on the Tor network in exchange for Bitcoins (a virtual currency), avoiding cash and banks altogether. Copyright infringers will use the same networks.
As we think about how to address these kinds of challenges, we cannot afford to take a black-and-white view; context matters. For example, in Mexico, drug cartels are among some of the most effective users of anonymous encryption, both P2P and through the Internet. In 2011, we met with Bruno Ferrari, then the country’s secretary of the economy, and he described to us how the Mexican government has struggled to engage the population in the fight against the cartels—fear of retribution is enough to prevent people from reporting crimes or tipping off law enforcement to cartel activity in their neighborhoods. Corruption and untrustworthiness in the police department further limit the options for citizens. “Without anonymity,” Ferrari told us, “there is no clear mechanism in which people can trust the police and report the crimes committed by the drug cartels. True anonymity is vital to getting the citizens to be part of the solution.” The drug cartels were already using anonymous communications, so anonymity levels the playing field. “The arguments behind restricting anonymous encryption make sense,” he added, “but just not in Mexico.”
Police State 2.0
All things considered, the balance of power between citizens and their governments will depend on how much surveillance equipment a government is able to buy, sustain and operate. Genuinely democratic states may struggle to deal with the loss of privacy and control that the data revolution enables, but as a result they will have more empowered citizens, better politicians and stronger social contracts. Unfortunately, the majority of states in the world are either not democratic or democratic in name only, and the relative impact of connectivity—both positive and negative—for citizens in those countries will be far greater than we’ll see elsewhere.