It may seem that all digital problems have a technological solution, often in the shape of cybersecurity. Worried your private images could spread across social media? Adjust access settings on Facebook (or Google Play, but who uses that?). Phishing attempts keep you awake at night? Upgrade your anti-virus software for only $7.99 per year. Annoyed that cookies on your browser send personal data to advertisers? Just clear the cache and cookies after every website you visit (or use the private surf mode). The pattern is familiar. Speaking at Austin’s SXSW digital conference, NSA whistleblower Edward Snowden added to this techno-centric solutionism, suggesting that encryption is the answer to global surveillance: “End-to-end encryption makes bulk surveillance impossible. There is more oversight, and they won’t be able to pitch exploits at every computer in the world without getting caught.”.
Netopia has the greatest respect for Mr. Snowden, but there are many objections to this view: encryption may well prove a false comfort as there are many ways around even the best protection, and while it may slow the NSA down, they just as well might have an answer that we will never know (at least not until the next whistleblower), just as a majority of us were surprised to learn about the extent of surveillance that was revealed by Snowden himself only last year. But the main problem with encryption as default is that it reinforces the view that it is the individual user that must protect herself against outsiders and society.
Cybersecurity, as described in the examples above, puts the onus of protection on the user. We would never accept that view in any other part of society. Quite the opposite, in fact: we have rights and institutions that protect the individual; the idea that each person should protect themselves is anathema in any civilised society. Sure, you can have an alarm, a central lock, and a wheelbar for your car. You can take the front off your car stereo and engrave the windows with your plate number (at least if you’re still living in the Eighties). Lots of security companies sell services like those. But that is not to say we also should not have laws against stealing or breaking into cars, that we should not have insurance companies compensating those whose cars are stolen, and police, prosecutors, courts, and prisons to deal with the thieves (plus defence attorneys to help the thief’s case!). And help programs for ex-convicts to stay out of trouble once the sentence is over. And social services welfare to try to keep troubled kids off the streets and help challenged communities. And norms that say it is wrong to break into cars, and those who do will make their friends and families upset. The car alarm and wheelbar exist in a context. Except if your car was online, it would be your own stupid fault if it was stolen or broken into. If you click on a bad link and reveal your bank log-in, sure, you could get the money back from the bank, but no one would really think of you as a victim. And for sure, no one would expect the criminals to be brought to justice.
Cybersecurity rests on the assumption that everyone is an expert on cybersecurity. Or at least interested in the issue. That is not the case in real life. Lots of people use digital services with only a basic understanding of how the technology works. That must be so; otherwise, many groups would be excluded from the digital revolution. We must be able to rely on the system and, if need be, put new government functions in place to protect the users. What then about NSA surveillance? It needs to be kept on a shorter leash, which POTUS also agrees to.
More democracy—not more technology—is the answer.
