Bruce Schneier's Data and Goliath – solution or part of the problem?

Page File Special Think of some of the ways the Enlightenment helped advance the human individual. The ability to shape your identity. The ability to own and control your stuff. Economic autonomy. All three help to define the modern world, they’re ways we know that ‘now’ is not like ‘before’. All three are founded on the sanctity of the individual. And all three are interlinked.

For example, our identity means little if you can’t express it creatively, by protecting your inventions and creations, and having some say over their use. You don’t have economic autonomy if an individual cannot negotiate what spoils come from exploiting the value of their work. Privacy is built on the same respect, and it’s a more modern and much more culturally specific – laws and norms come from what societies think and feel about the individual. Japanese and Chinese views on privacy are as different as German and American ideas are different.

Today’s tech oligarchs like Google and Facebook – the winners of the first era of the internet – are busy setting fire to many of these ideas. To Larry Page or Mark Zuckerberg, the human individual doesn’t really exist, it’s a legacy idea that’s a nuisance to them. The tech oligarchs engage in (often permissionless) data collection, often for the sake of it, it might be useful some day – and lobby politically for the destruction of individual rights over property and privacy. You can’t take their assault on privacy in isolation from their assault on identity and their assault on property. Google lashed out so viciously at the Gonzalez vs Google Spain ruling, people began to notice what an adolescent and inadequate corporate citizen it is. We’ve been been pointing it out for years. It took the tantrum for this to be more widely noticed.

Cryptographer Bruce Schneier has written a hefty book focussing on privacy and data hoarding. It’s in two parts. Half of it is a good overview of the extent of corporate and state collection. But the problems start with the second half – Schneier’s recommendations to fix the problems.

Schneier approaches this as an American cryptographer would. He doesn’t build his argument on the history of the individual, or of ideas about how the individual was considered in political and legal thought.

“Our rights are all over the place ... Standardising this is important,” he asserts. But why? We benefit when things like voltages and character sets are standardised, but when laws are standardised there are winners and losers. To a visiting Martian anthropologist, Germany and the USA probably look identical: they’re Protestant Western countries. But you couldn’t find two more passionate or different approaches to the way the privacy of the individual should be treated today – and we're about to be treated to a spectacular demonstration of this in Europe. Here in the United Kingdom we didn’t even call our privacy law a privacy law – here the right to privacy was established by common law in 1849.

Schneier dispenses with solutions often without much or any justification. Some of these are advanced by technical people as sophisticated and knowledgeable as Schneier but who have the advantage of being able to build on human history and philosophy.

“Privacy needs to be a fundamental right, not a property right”, he asserts as he dismisses Jaron Lanier’s Swiftian idea that data grabbers like Facebook and Google should bill us for our data. This is in a passage headed “Give People Rights To Our Data”. Schneier dismisses Lanier so:

“Making this work would be extraordinarily complex, and in the end would require constant surveillance.”

It isn’t clear why it would require “constant surveillance”, but he’s committing the Original Nerd’s Sin of taking it literally. Lanier is making a ha ha, only serious point about ownership and value. He reminds us that we’re getting the raw end of a deal. Tim Worstall argued here recently that because only data processing gives the data any value at all, we should all shut up and be grateful for the free stuff, for Gmail. Readers aren't buying it. If we withheld that data, or traded it, there would be no data processing business at all. The great privacy-busting empires of Google and Facebook are built on sand.

Meanwhile we're not also compromising our privacy, we’re surrendering our moral authority when we comply with these asymmetrical terms of trade. How can we express righteous outrage with Facebook or Google's relentless privacy assault, when we continue to hand valuable stuff over?

Although Schneier says we should have "Rights to our Data" without the concept of the individual asserting ownership – without a "property-ish" right, it ends up very wishy-washy. There is a movement that articulates this, called Habeus Data – I wrote about it here. Schneier doesn't mention it. A utopian aversion to the ownership of digital things is why people who care about privacy are so ineffective. I've no doubt the Martha Lane Foxes and Cory Doctorows deeply, deeply care – but every waking hour is spent fighting ownership rights. When the knife fight starts, they charge in waving a carrot.

But wait, we haven't finished with Schneier's philosophical problems just yet.