by Jared Cohen
In the long run, the presence of communication technologies will chip away at most autocratic governments, since, as we have seen, the odds against a restrictive, information-shy regime dealing with an empowered citizenry armed with personal fact-checking devices get progressively worse with each embarrassing incident. In other words, it’s no coincidence that today’s autocracies are for the most part among the least connected societies in the world. In the near term, however, such regimes will be able to exploit the growth of connectivity to their advantage, as they already exploit the law and the media. There is a trend in authoritarian governance to harness the power of connectivity and data, rather than ban information technology out of fear, a shift from totalitarian obviousness to more subtle forms of control that the journalist William J. Dobson captured in his excellent book The Dictator’s Learning Curve. As Dobson describes it, “Today’s dictators and authoritarians are far more sophisticated, savvy, and nimble than they once were. Faced with growing pressures, the smartest among them neither hardened their regimes into police states nor closed themselves off from the world; instead, they learned and adapted. For dozens of authoritarian regimes, the challenge posed by democracy’s advance led to experimentation, creativity and cunning.” Dobson identifies numerous avenues through which modern dictators consolidate power while feigning legitimacy: a quasi-independent judicial system, the semblance of a popularly elected parliament, broadly written laws that are applied selectively and a media landscape that allows for an opposition press as long as regime opponents understand where the unspoken limits are. Unlike the strongman regimes and pariah states of old, Dobson writes, modern authoritarian states are “conscious, man-made projects that must be carefully built, polished, and reinforced.”
But Dobson covers only a small number of case studies in his work and we are less certain that the new digital age will yield such advantages to all autocratic regimes. How dictators handle connectivity will greatly determine their future in the new digital age, particularly if their states want to compete for status and business on the global stage. The centralization of power, the delicate balancing of patronage and repression, the outward projection of the state itself—every element of autocratic governance will depend on the control that regimes have over the virtual world their population inhabits.
In the span of a decade, the world’s autocracies will go from having a minority to a majority of their citizens online, and for dictators looking to stay in power, this will be a turbulent transition. Yet building the kind of system that can monitor and contain all types of dissident energy is thankfully not easy and will require very specialized solutions, expensive consultants, technologies not widely available and a great deal of money. Cell towers, servers and microphones will be needed, as well as large data centers to store information; specialized software will be necessary to process the data gathered; trained people will have to operate all of this, and basic resources like electricity and connectivity will need to be constantly and abundantly available. If autocrats want to build a surveillance state, it’s going to cost them—we hope more than they can afford.
There are some autocracies with poor populations but vast amounts of oil, minerals or other resources that they can trade. As in the arms-for-minerals trade, we can imagine the growth of a technology-for-minerals exchange between technology-poor but resource-rich countries (Equatorial Guinea is one example) and technology-rich but resource-hungry countries (China is an obvious one). Not many states will be able to pull off this kind of trade, and hopefully those that do will not be able to sustain or effectively operate what they have.
Once the infrastructure is in place, repressive regimes will need to manage the glut of information they acquire with the help of supercomputers. In countries where connectivity was established early, governments have had time to acclimate to the types of data their citizens produce; the pace of technological adoption and progress has been somewhat gradual. But these newly wired regimes will not have that luxury; they’ll need to move quickly to make use of their data if they want to be effective in its management. To address this, they’ll build powerful computer banks with much faster processing power than the average laptop, and they’ll buy or build software that facilitates the data-mining and real-time monitoring they desire. Everything a regime would need to build an incredibly intimidating digital police state is commercially available now, and export restrictions are currently insufficiently monitored and enforced.
Once one regime builds its surveillance state, it will share what it learned with others. We know that autocratic governments share information, governance strategies and military hardware, and it’s only logical that the configuration that one state designs will (if it works) proliferate among its allies and assorted others. Companies that sell data-mining software, surveillance cameras and other products will flaunt their work with governments to attract new business.
The most important form of data to collect for an autocrat isn’t Facebook posts or Twitter comments—it’s biometric information. “Biometric” refers to information that can be used to uniquely identify individuals through their physical and biological attributes. Fingerprinting, photographs and DNA testing are all familiar biometric data types today. Indeed, the next time you visit Singapore, you might be surprised to find that airport security requires both a filled-out customs form and a scan of your voice. In the future, voice-recognition and facial-recognition software will largely surpass all of these earlier forms in accuracy and use.
The facial-recognition systems of today use a camera to zoom in on an individual’s eyes, mouth and nose, and extract a “feature vector,” which is a set of numbers that describes key aspects of the image, such as the precise distance between the eyes. (Remember, in the end, digital images are just numbers.) Those numbers can be fed back into a large database of faces in search of a match. To many this sounds like science fiction, and it’s true that the accuracy of this software is limited today (by, among other things, pictures shot in profile), but the progress in this field in just the past few years is remarkable. A team at Carnegie Mellon demonstrated in a 2011 study that the combination of “off-the-shelf” facial-recognition software and publicly available online data can match a large number of faces very quickly, thanks to technical advancements like cloud computing. In one experiment, unidentified pictures from dating sites (where people often use pseudonyms) were compared with profile shots from social-networking sites, which can be publicly accessed on search engines (i.e., no log-in required), yielding a statistically significant result. It was noted in the study that it would be unfeasible for a human to do this search manually, but with cloud computing, it takes just seconds to compare millions of faces. The accuracy improves regarding people with many pictures of themselves available online—which, in the age of Facebook, is practically everyone.
Like so many technological advances, the promise of comprehensive biometric data offers innovative solutions to entrenched sociopolitical problems—and it makes dictators salivate. For each repressive regime that gathers biometric data to better oppress its population, however, a similar investment will be made by an open, stable and progressive country for very different reasons.
India’s unique identification (UID) program is the largest biometric identification undertaking in the world. Constituted in 2009, the campaign, collectively called Aadhaar (meaning “foundation” or “support”), aims to provide every Indian citizen—1.2 billion and counting—with a card that includes a unique twelve-digit identity and an embedded computer chip that contains a person’s biometric data, including fingerprints and iris scans. This vast program was conceived as a way to solve the problems of inefficiency, corruption and fraud endemic in the existing system, in which overlapping jurisdictions resulted in up to twenty different forms of identification issued by various local and national agencies.
Many in India believe that as the program progresses, Aadhaar will help citizens who have been excluded from governm
ent institutions and aid networks. For castes and tribes traditionally lowest on the socioeconomic scale, Aadhaar represents a chance to receive state aid like public housing and food rations—things that had been technically available but still out of reach, since many potential recipients lacked identification. Others who had trouble obtaining identification, like internal migrant workers, will be able to open a bank account, obtain a driver’s license, apply for government support, vote and pay taxes with Aadhaar. When enrolling in the scheme, an individual may open a bank account that is tied to his or her UID number. This enables the government to easily track subsidies and benefits.
In a political system racked by political corruption and crippled by its own sheer size—less than 3 percent of the Indian population is registered to pay income tax—this effort seems like a possible win-win for all honest parties. Poor and rural citizens gain an identity, government systems become more efficient and all aspects of civic life (including voting and paying taxes) become more transparent and inclusive. But Aadhaar has its detractors, people who consider the program Orwellian in scope and character and a ploy to enhance the surveillance capacities of the Indian state at the expense of individual freedoms and privacy. (Indeed, the government can use Aadhaar to track the movements, phones and monetary transactions of suspected terrorists.) These detractors also point out that Indians do not have to have an Aadhaar card, since public agencies aren’t allowed to require one before providing services. Concerns over whether the Indian government is intruding on civil liberties echo those of opponents of a similar project in the United Kingdom, the Identity Cards Act of 2006. (After a several-year struggle to implement the program, Britain’s newly elected coalition government scrapped the plan in 2010.)
In India, these concerns seem to be outweighed by the promise of the plan’s benefits, but their presence in the debate proves that even in a democracy, public apprehension over the impact of large biometric databases, and whether they’ll ultimately serve the citizens or the state, exists. So what happens when less democratic governments begin collecting biometric data in earnest? Many already have, beginning with passports.
States won’t be the only ones trying to acquire biometric data. Warlords, drug cartels and terrorist groups will seek to build or access biometric databases in order to track recruits, monitor potential victims and keep an eye on their own organizations. The same logic applies here as to dictators: If they have something to trade, they can get the technology.
Given the strategic value of these databases, states will need to prioritize protection of their citizens’ information just as they would safeguard weapons of mass destruction. Mexico is currently moving toward a biometric data system for its population in order to improve its law-enforcement functionality, better monitor its borders and identify criminals and drug-cartel leaders. But since the cartels have already infiltrated large swaths of the police and national institutions, there is a very real fear that somehow an unauthorized actor could gain access to the valuable biometric data of the Mexican population. Eventually, some illicit group will successfully steal or illegally acquire a biometric database from a government, and maybe only when that happens will states fully invest in high-level security measures to protect this data.
All societies will reach agreement on the need to keep biometric data out of the hands of certain groups, and most will try hard to keep individual citizens from gaining access as well. Regulation will, like regulation of other types of user data, vary by country. In the European Union, which already boasts a series of robust biometric databases, member states are required by law to ensure that no individual’s right to privacy is violated. States must get the full and informed consent of citizens before they can enter biometric information into the system, leaving citizens the option to revoke consent in the future without penalty. Member states are further required to hear complaints and see that victims are compensated. The United States will probably adopt similar laws due to shared privacy concerns, but in repressive countries, it’s likely that such databases will be controlled by the ministry of the interior, ensuring that they are primarily used as a tool for the police and security forces. Government officials in those regimes will also have access to facial-recognition software, databanks of citizens’ personal information and real-time surveillance methods through people’s technological devices. Secret police will often find a handset more valuable than a gun.
For all of the discussions about privacy and security, we rarely look at the two together and ask the question What makes people nervous about the Internet? From the world’s most repressive societies to those that are the most democratic, citizens are nervous about the unknowns, the dangers and crises that come with entangling their lives in a web of connected strangers. For those who are already connected, living in both the physical and the virtual worlds has become part of who we are and what we do. As we grow accustomed to this change, we also learn that the two worlds are not mutually exclusive, and what happens in one has consequences in the other.
What seem like defined debates today over security and privacy will broaden to questions of who controls and influences virtual identities and thus citizens themselves. Democracies will become more influenced by the wisdom of crowds (for better or for worse), poor autocracies will struggle to acquire the necessary resources to effectively extend control into the virtual world, and wealthier dictatorships will build modern police states that tighten their grip on citizens’ lives. These changes will spur new behaviors and progressive laws, but given the sophistication of the technologies involved, in most cases citizens stand to lose many of the protections they feel and rely upon today. How populations, private industry and states handle the forthcoming changes will be highly determined by their social norms, legal frameworks and particular national characteristics.
We will now turn to a discussion of how global connectivity will affect the way states operate, negotiate and wrestle with each other. Diplomacy has never been as interesting as it will be in the new digital age. States, which are constantly playing power politics in the international system, will find themselves having to retool their domestic and foreign policies in a world where their physical and virtual tactics are not always aligned.
1 Most of these techniques fall under the umbrella of search-engine optimization (SEO) processes. To influence the ranking algorithm of search engines, the most common method is to seed positive content around the target (e.g., a person’s name), encourage links to it and frequently update it, so that the search-engine spiders are likely to identify the material as popular and new, which pushes down the older, less relevant content. Using prominent keywords and adding back-links (incoming links to a website) to popular sites can also influence the ranking. This is all legal and generally considered fair. There is an underside to SEO, however—“black-hat SEO”—where efforts to manipulate rankings include less legal or fair practices like sabotaging other content (by linking it to red-flag sites like child pornography), adding hidden text or cloaking (tricking the spiders so that they see one version of the site while the end user sees another).
2 This dictum is commonly attributed to Stewart Brand, the founder and editor of the Whole Earth Catalog, recorded at the first Hackers’ Conference, in 1984.
3 While in the technical community the term “hacker” means a person who develops something quickly and with an air of spontaneity, we use it here in its colloquial meaning to imply unauthorized entry into systems.
4 Among the tweets the Pakistani IT consultant Sohaib Athar sent the night of the bin Laden raid: “Helicopter hovering above Abbottabad at 1AM (is a rare event).”
5 “Predictive analytics” is a young field of study at the intersection of statistics, data-mining and computer modeling. At its core, it uses data to make useful predictions about the future. For one example, predictive analytics could use data on ridership fluctuations on the New York City subway to predict how many trains would be needed on a given day, accounting f
or seasonality, employment and the weather forecast.
6 Interestingly, the VPPA statute came into play in a Texas lawsuit in 2008, when a woman filed a class-action suit against Blockbuster for sharing her rental and sales record with Facebook without her permission. The parties settled.
7 In the United States, the “trespass to chattels” tort has in some cases already been applied to cyberspace.
8 Wearable technology overlaps with the similar emergent industry of haptic technology, but the two are not synonymous. Haptics refers to technology that interacts with a user’s sense of touch, usually though pulses or the application of pressure. Wearable technologies often include many haptic elements but are not limited to them (like a jacket for cyclists that lights up in the evening); nor are all haptic technologies wearable.
CHAPTER 3
The
Future of States
What do we talk about when we talk about the Internet? Most people have only a vague sense of how the Internet works, and in most cases that’s fine. The majority of users don’t need to understand its internal architecture or how a hash function works in order to interface fluidly with the online world. But as we turn to a discussion about how state power affects, and is affected by, the Internet, some basic knowledge will help make clear a few of the more conceptually difficult scenarios that come into play.
As it was initially conceived, the Internet is a network of networks, a huge and decentralized web of computer systems designed to transmit information using specific standard protocols. What the average user sees—websites and applications, for example—is really the flora and fauna of the Internet. Underneath, millions of machines are sending, processing and receiving data packets at incredible speed over fiber-optic and copper cables. Everything we encounter online and everything we produce is ultimately a series of numbers, packaged together, sent through a series of routers located around the world, then reassembled at the other end.
