The Intersection of Privacy and Government Surveillance

Delve into the complex interplay between privacy concerns and government surveillance, exploring the impact of network effects on public choices. Analyze differing perspectives on money and power in different regions, and consider the changing landscape of international intelligence sharing. Gain insights into information economics, including network effects, market dominance, cost structures, and barriers to switching in IT markets.

• Privacy
• Government Surveillance
• Network Effects
• Information Economics
• International Intelligence

roseann Follow

Uploaded on Mar 12, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Privacy versus government surveillance where network effects meet public choice Ross Anderson Cambridge Berkeley Law School Oct 6 2014

2. Two views of money and power The Bay Area view: money and power are all about network effects, which help you create a platform to which everyone else then adds value The Washington DC view: power is about having more tanks and aircraft carriers, which is founded on taxation capacity Almost no-one talks of network effects there, or among scholars of government! Berkeley Law School Oct 6 2014

3. Is this changing? 1980s: a non-aligned country like India is a democracy, but buys its jet fighters from Russia because they re cheaper 2000s: Snowden tells us that India shares intelligence with the NSA rather than the FSB, as the NSA s network is bigger The five eyes is maybe 15 eyes, or 35 eyes, or 65 eyes Berkeley Law School Oct 6 2014

4. Information economics (1) The first characteristic of many IT product and service markets is network effects Metcalfe s law the value of a network is the square of the number of users Real networks phones, fax, email, Facebook, Visa/Mastercard Virtual networks PC versus Mac, Visa/MC Network effects tend to lead to dominant-firm markets where the winner takes all Berkeley Law School Oct 6 2014

5. Information economics (2) Second common feature of IT product and service markets is high fixed costs and low marginal costs Competition can drive down prices to marginal cost of production This can make it hard to recover capital investment, unless stopped by patent, brand, network effects These effects can also lead to market power Berkeley Law School Oct 6 2014

6. Information economics (3) Third common feature of IT markets is that switching is expensive E.g. switching from Windows to Linux means retraining staff, rewriting apps And once you have $3000 worth of songs on a $300 iPod, you re locked into iPods etc Shapiro-Varian observation: the net present value of a software company is the total switching costs Berkeley Law School Oct 6 2014

7. Economics of (information) security Each of network effects, low marginal costs and technical lock-in makes dominant-firm market structures more likely Together, they make them much more likely They also explain many security and privacy failures First, market races lead to Ship it Tuesday and get it right by version 3 Berkeley Law School Oct 6 2014

8. Security economics (2) In a market race, you open your system to appeal to complementers such as app writers Once you ve won, you lock it down to extract rents In one market after another mainframes, PCs, routers, phones, social network systems security is added later Its design ends up aligned with the platform s interests at least as much as the users Berkeley Law School Oct 6 2014

9. Economics of privacy Also a Berkeley thing (Alessandro Acquisti, Jens Grossklags, Hal Varian ) Privacy suffers from the same problems as security, and more Asymmetric information: users don t know much about what gets done with their data Hyperbolic discounting: many users don t care about long-term effects of disclosure People say they want privacy but act otherwise (privacy startups tend to go bust) Berkeley Law School Oct 6 2014

10. Information security economics Since the first workshop on the economics of information security, here at Berkeley in 2002, it s grown to over 100 active researchers Models of what s likely to go wrong perverse incentives, asymmetric information Measurements of what is going wrong patching cycle, malware, fraud Recommendations what actors can likely do what Policy recommendations now being adopted in both the USA and Europe (but often twisted by lobbyists) Extending into behavioral economics, psychology Berkeley Law School Oct 6 2014

11. Next economics of surveillance? Network effects brought us mass surveiilance! The concentration of the industry into a few large service firms (MS, G, Y, FB ) made the PRISM program foreseeable (except in its details) The concentration of the telecomms industry into a handful of large operators similarly made TEMPORA foreseeable (it was described by several journalists in its earlier form of Echelon ) But that s not all! Berkeley Law School Oct 6 2014

12. Information economics and defence (1) Network effects do matter in the defence / intelligence nexus! Neutrals like India prefer to join the biggest network Subnetworks feed things in too OTOH, network effects entangle us with bad states which use the same surveillance platforms (see rows over exports to Syria) Berkeley Law School Oct 6 2014

13. Information economics and defence (2) Medieval warfare was all run on marginal costs (40-60 days service for every peasant) WW1: sent millions of men to Germany WW2: fewer front-line troops, but lots of planes, tanks and other capital equipment Now: to kill a foreign dictator you can use a single missile shot from a drone because it s backed by trillions of capital investment Berkeley Law School Oct 6 2014

14. Information economics and defence (3) Complex technical lock-in games 1980s: it was basically about ammunition and spares Now: are you using Cisco or Huawei? Very expensive try to build independent infrastructure for government networks Even so, shared code can lead to shared attacks Berkeley Law School Oct 6 2014

15. Intelligence network governance Core is 5 eyes; expanding circles of others Governance: each agency could decide whether to minimise its citizens personal data Only Canada did so! So GCHQ is happy for the NSA to read my medical records, and the NSA is happy for GCHQ to read yours! The NSA was also quite happy for Aussies to read US attorney-client communications Berkeley Law School Oct 6 2014

16. Law enforcement network governance Various models from Interpol through mutual legal assistance treaties Very slow and cautious: requests vetted by both governments, often several agencies Much effort on accelerating the process, e.g. via personal links created from NCFTA training and exchange programs In theory, everything is filtered by lawyers Berkeley Law School Oct 6 2014

17. One network or many? Networks tend to merge: the Internet absorbs everything else Will the intelligence network and the law- enforcement network become one? Already intelligence resources are used for rapid solution of exceptional crimes UK: NTAC and the Communications Data Bill USA: PRISM Berkeley Law School Oct 6 2014

18. Governance and networks PCAST report conceptualised Big data as collectors v aggregators v users It argued that only the users the firms who buy ads should be regulated Within a week, the European Court of Justice disagreed in the Gonzales case The aggregator can republish obscure facts, and also combine non-sensitive facts to make a sensitive one Berkeley Law School Oct 6 2014

19. Governance and networks (2) With a converged intelligence network, user controls might mean NSA can use it all FBI can use X State police can use Z What price separation of powers? What controls legal or technical are feasible for collection, and for aggregation? If code is law, then architecture is policy Berkeley Law School Oct 6 2014

20. The IR Community Realists (Thucydides, Machiavelli, Hobbes, Kissinger ) vs idealists / liberals (Kant, Wilson, Keohane, Clinton ) Not even the latter seem to have considered network effects (rare passing references only) Yet network effects surely add weight to the liberal side of the argument A realist interpretation of the surveillance world would have depressing implications Berkeley Law School Oct 6 2014

21. The long term Britain s value to the USA: we provide access to 30% of the Internet Thank you, Queen Victoria! If code is law, architecture is policy What are we embedding in the infrastructure, and how will it affect our descendants? Another reason to favour the liberal view of IR We need to solve the governance problem Berkeley Law School Oct 6 2014

22. More network effects in government Example 1: the EU itself as a customs union, which imposes its laws de facto on neighbouring states (Norway, Iceland, Switzerland ) Example 2: financial regulation disproportionate leverage of US, UK Example 3: the EU smart meter programme, which aimed at energy efficiency, but was fragmented by national energy markets Berkeley Law School Oct 6 2014

23. Conclusions The SF-DC gap is not just whether Snowden s a whistleblower or a traitor! The economic models are almost totally different Yet models of the economics of security and privacy that were pioneered at Berkeley a dozen years ago can apply here too The implications range from international relations to the separation of powers and the rule of law Berkeley Law School Oct 6 2014