DEF CON 29 - Cory Doctorow - Privacy Without Monopoly

Aug 5, 2021 17:39 · 5586 words · 27 minute read

- Hey, I’m Cory Doctorow and I work with the Electronic Frontier Foundation.

00:07 - I’m a special advisor there. And this talk it’s based on a paper that I co-wrote with my colleague at EFF, Bennett Cyphers, that is his real name.

00:17 - And that paper is also called “Privacy Without Monopoly” same title as this talk, you can download it at eff. org/dc29, that’s down there in the URL, DEFCON29.

00:28 - Now look, anytime someone talks about big tech and the Internet’s monopolization, someone will bring up the term, network effects.

00:36 - Now, network effects are what economists call product or service that gets better, the more people there who are using it and tech companies do in fact, enjoy network effects.

00:46 - The fact that the people you wanna talk to are on Facebook is a reason for you to join Facebook.

00:50 - And once you join Facebook, that’s reason for people who wanna talk to you to join Facebook or every time so it makes an iPhone app.

00:57 - That makes the iPhone itself a more valuable thing to have ‘cause there’s more apps for it.

01:02 - And every time someone goes out and buys an iPhone, ‘cause there’s more apps for it, that’s a reason to make more apps because there’s more customers for those apps.

01:09 - But network effects, they’re only half of the story.

01:12 - Network effects are why companies get big, but they’re not why companies stay big.

01:18 - Network effects give critical mass to big companies, right? So once they get to a certain size, they just keep growing because they have so many users that people keep joining them because they want the benefits of those network effects and they keep adding users.

01:31 - But if you wanna understand why these companies stay big, why users don’t leave, you have to look at switching costs.

01:38 - That’s another term from economics jargon, switching costs or whatever you have to give up to leave a product or a service.

01:44 - Like if you quit Facebook, you leave behind the friends and family members and the communities and the customers that you found there, right? Or that you joined there to be with.

01:54 - If you leave behind Google, you’ll lose search.

01:57 - Sure, but you lose your apps and maybe you lose your mobile platform.

02:00 - And if you wanna quit iOS, you have to say goodbye to the apps and the proprietary files that those apps created that you bought for iOS.

02:09 - Now, these switching costs, aren’t an accident, they don’t come naturally, they’re actually engineered into the system.

02:16 - After all, you can switch mobile carriers without losing contact with your friends.

02:20 - You don’t even have to change your phone number.

02:22 - You don’t have to tell them you’ve changed from like Verizon to Sprint.

02:25 - There’s no technical reason. Facebook couldn’t be designed to let you keep talking to your Facebook friends even after you leave Facebook.

02:33 - After all Facebook has spent millions of dollars and they’ve conducted endless research to figure out how to let you stay with your friends when you join Facebook, think of all that technical expertise in UX that goes into conning you into uploading your address book to Facebook so that once you get there, they can automatically hook you up with all the friends who are already there.

02:53 - And when new friends joined, they can figure out that they know you.

02:56 - But not only has Facebook failed to produce tools to help you stay in touch with your Facebook friends when you leave Facebook, they’ve actually devoted substantial engineering to make it harder for you to maintain your relationships if you have the temerity to stop using their service.

03:12 - In other words, Facebook, just like every tech monopolist does everything it can to raise the switching costs for users who leave for a rival service.

03:23 - Now, why did tech companies want high switching costs? Companies need to balance their interests and your interests as their customer or user.

03:33 - Now, sometimes customers and companies, they have the same interest, like if you make an app and I buy that app from you, neither of us wants that app to crash, we want it to be good, but sometimes those interests diverge and when they diverge, when what’s best for the customers and what’s best for the company, the company wants to resolve those issues in their favor.

03:52 - But when a company doesn’t that were downs to their benefit and your cost say like, “Gouging you on the price or sucking up “a bunch of your personal identifying information,” they run the risk that you’ll be so upset that you will quit the service.

04:06 - And so that’s where switching costs come in.

04:10 - The higher a switching cost is the more company gets to abuse you before they lose you as a customer.

04:16 - That is, if the cost of preserving your privacy is less than the cost of losing touch with your Facebook friends, the communities and the customers that you have there, then Facebook gets to abuse your privacy and they don’t have to worry about losing you as a customer.

04:29 - The more you stand to lose by quitting our product or a service, the more value the company behind that product or service can shift from your side of the balance sheet to their side of the balance sheet without losing your business.

04:42 - Now, fortunately for our Internet Connected World, general purpose computers connected to general purpose networks, they eat switching costs for breakfast.

04:51 - All the stuff that we talk about at this con, reverse engineering, scraping and capsulation, compatibility layers, quirks modes, virtualization, they all boil down to the same thing.

05:01 - There are ways to connect something new to something that already exists.

05:05 - In other words, they’re tools for interoperability.

05:09 - interop is a profound and crucial part of the design of a network to technological society.

05:16 - All other things being equal interop puts a limit on how badly a company gets to abuse its customers.

05:21 - So think for a minute about how Apple managed to kick Microsoft’s at the start of this millennium.

05:27 - The office programs that Microsoft made for the Mac were really terrible, so much so that workplaces transitioned everyone, even their graphic designers to windows, because that was the only way they could share documents with the rest of the team.

05:41 - Every Microsoft office document that anyone created using windows made windows more valuable.

05:47 - That’s what we call the network effect, but not using windows meant that you were cut off from every Microsoft office user and that is the switching cost.

05:56 - Apple undid the network effect by annihilating the switching cost.

06:02 - The way they did that was by making a program called the iWork suite, which decomposed into three smaller programs called pages, numbers, and keynote that they made by reverse engineering, the Microsoft file formats and making interoperable products.

06:16 - After that, the switching costs fell to basically zero.

06:20 - Network effects are how companies get big, but high switching costs are why they stay big.

06:25 - And that’s why companies do everything they can to raise switching costs.

06:30 - They use a lot of technological countermeasures, that kind of stuff we talk about here, DRM, obfuscation, tamper resistance, boot lockers, all kinds of stuff, but they also use legal countermeasures.

06:40 - And those are a little more insidious, it’s the kind of thing EFF spends a lot of time on, laws like section 1201 of the digital millennium copyright act that bands bypassing DRM even if you’re not doing anything nefarious or the computer fraud and abuse act, this Ronald Reagan era cybersecurity law that has been stretched to cover all kinds of legitimate activity, especially the kind of thing that security researchers do as well as things like software patents and weird and obscure legal theories like tortious interference with contract and more.

07:09 - All of those countermeasures, the technological ones and the legal ones, that’s how big tech stays big.

07:15 - And the higher the switching costs, the more big tech gets to abuse us because the higher the switching costs the worst that abuse has to be before, it makes sense to switch.

07:26 - And that brings me to privacy. Remember the talk is called “Privacy Without Monopoly. ” Companies don’t invade your privacy because they’re nosy, they spying you because spying on you makes them more profitable.

07:39 - Google and Facebook, they invade your privacy because it makes their ad targeting service more valuable.

07:44 - It’s not why Apple does it, Apple invades Chinese user’s privacy like by backdooring its cloud service and blocking working VPNs from the iOS app store in China.

07:53 - They do that to preserve its access to Chinese customers and far more importantly, Chinese manufacturing.

07:59 - Interoperability lowers switching costs, and that makes it easier to switch away from a company whose products invade your privacy.

08:06 - And that means that companies are less likely to wanna invade your privacy in the first place, because they understand that if they do, they might lose you, you might lose your business.

08:15 - But if they go ahead and do it anyway, you get to switch.

08:18 - And that is something that lawmakers have figured out.

08:21 - We have seen legal interoperability mandates, these are laws or regulations that require companies to inter-operate with smaller new market entrance proposed in the United Kingdom, the U. S, the European union, and elsewhere all over the world.

08:35 - And these bills and regulations, they propose one or more of three kinds of interoperability.

08:42 - The first kind is one that you’re really familiar with, I’m sure, data portability.

08:46 - That’s when a company has to produce a standards defined blob of your data, a snapshot that you can either use for your own, or maybe upload to arrivals so that you can start there with everything configured the way you like it and your social graph intact.

09:02 - The second kind is a little more exotic, it’s called back-end interoperability, that’s when a company is required by law to expose an API so that third parties can use it to exchange platforms with data with dominant platforms.

09:16 - And the third kind is called delegate ability, that’s interoperability for the front end.

09:21 - So it would be a requirement that companies have some kind of standardized way to script their user interfaces so that you as a user might nominate someone else to autopilot parts of the service on your behalf, maybe to moderate content, or like, imagine if you wanted to finally turn on location privacy in Google, this is something that’s notoriously hard to do.

09:42 - Google engineers who work on location privacy, can’t figure out where all the check boxes are that you have to tick off in order to have good location privacy with Google and if you miss just one, you got no privacy.

09:55 - So maybe Privacy International would just throw some resources at that, figure out what the recipe was for getting you good privacy for your location on Google and then you could delegate the ability to navigate all of Google’s nefarious and Baroque settings pages on your behalf to PI and they’d go ahead and they would give you a location privacy.

10:14 - (clears throat) Now, not withstanding that last example, interop complicated relationship to privacy.

10:21 - On the one hand interop promises to allow users to reclaim their privacy, by switching from high surveillance services to privacy respecting rivals whether those are like co-ops or non-profits or public services or startups, and they’d get to do so without sacrificing their relationships and the benefits that they used to get from interacting with those big dominant services.

10:42 - And interoptherefore puts pressure on the dominant services to be better on privacy, because the low switching costs mean that the choices that put shareholders’ interests ahead of user’s interests will result in the immediate loss of users and revenue.

10:57 - But on the other hand, interoperability could be a privacy nightmare.

11:02 - And like, what if a privacy abusing company, a company that’s even worse on privacy than say, Google or Facebook wants to plug into one of those services, after all Google and Facebook, yeah, they invade the hell out of your privacy, but they’re playing an iterated game, they’re not gonna be so bad that you leave the service straight away, they’re trying to keep that in balance.

11:21 - But what if it’s a new company that doesn’t care about keeping your business, they just wanna steal your data? Earlier this summer at the House Judiciary Committee held markup hearings on six antitrust bills, including the access act, which is one of these interoperability mandates, it’s a law that would force big companies to expose their APIs to rivals.

11:39 - And some of the lawmakers there, they asked a good question.

11:41 - They said like, “What if I’m Chinese state-owned enterprise use one of these APIs and just sucked up a bunch of sensitive data? Or what if it was just a company, a company like Cambridge Analytica that could get an API key and use the API to just harvest all kinds of data under false pretenses? Now, those are really excellent questions.

12:00 - Unfortunately, the answers that tech companies give to them are really stupid.

12:05 - Companies like Facebook and Google and Apple, they say that they have already attained the optimum level of interoperability, just the right trade off between user privacy and user freedom.

12:16 - And they save that they know that they’ve done this because they have the same interests as their users and the best way to make sure that no one nefarious ever gets to plug into their system is to give them free reign to block interoperability whenever they think it makes sense to do so.

12:30 - Now, whenever the Fox starts telling us about how good it is at guarding our henhouse, we should be suspicious.

12:36 - So like when Facebook tells us that we can trust it, not to let Cambridge Analytica plug into its service and get all of our data, we should be pretty skeptical of that claim because Facebook already did let Cambridge Analytica plug into its service and get all of our data.

12:54 - Every platform, from Google to Apple, to LinkedIn, to Microsoft.

12:57 - And yeah, I know that’s the same company. One of the things that’s happened over the last 40 years as we’ve allowed companies to monopolize is that the web has turned into like five giant websites, so it was screenshots of text from the other four.

13:09 - And all of those big companies have either intentionally allowed someone to suck up all of our private data, because it redounded to their profit or they screwed up their security so badly that someone was able to do it without their permission.

13:22 - Monopolous can’t be trusted to decide who gets to compete with them and how, and when, obviously.

13:30 - But of course does come with serious privacy risks, and proposals to fix interop should address this risk.

13:38 - And they do, but in an ideal world, the way we fixed most of this risk is by America adopting a strong federal privacy law, a law that specified when consent needed to be obtained and in order to gain access to your information and to process it.

13:55 - And that would describe what consent was, right? Consent can’t just be, I’ve shown you a dialogue box with 30,000 words of like, garbage legalees that no one is ever gonna read and I agree button underneath it.

14:08 - A law like that would clarify some hard problems, like do you need your friend’s permission to export the private messages that they sent you when you quit one service and go to another one.

14:19 - Now, there is a version of this in the European union.

14:22 - There’s the GDPR, the General Data Protection Regulation, GDPR, it’s a mixed bag, it sometimes gets a bad rap, but even with all of its flaws, it is still a democratically arrived upon set of rules for data processing.

14:35 - And if those rules have flaws, there’s a democratic process for amending them.

14:41 - And that’s a lot better than how no privacy laws at all the way America does, and it’s also a lot better than having whatever privacy rules we have, unilaterally set behind closed in corporate monopolous boardrooms with no recourse.

14:55 - Now, a good federal privacy law shouldn’t just spell out the rules for obtaining consent.

15:00 - It should also have a private right of action.

15:03 - That’s a lawyer’s term for when you get to sue to defend your rights, instead of having to get the federal trade commission or your local district attorney, or the attorney general, or some other authority to take up your cause and spend their blood and treasure to make sure you get justice.

15:19 - With a federal privacy law that had a private right of action, a lot of the thorniest problems with interop, they just go away, like whether you get to take your friend’s annotations on your photos with you when you export those photos and go to a new service.

15:31 - Does your address belong to you because you uploaded it to Facebook or does it belong to Facebook because they added new information to it as you used it? As well as some really, really hard questions, like, even if we agree that you should have to get your friends consent to export the messages they send you to another service, does that still apply if the person whose private messages you are trying to export or the messages that your stalker or your harasser sent to you, that you wanna hang onto in case you need to get a restraining order, do they get to tell you that you’re not allowed to take those messages with you when you quit a service that wasn’t willing to use moderation policies to defend you from that harasser and go somewhere else? Now, when governments order companies to interoperate, they don’t just need to rely on a Federal Privacy Law, they can go beyond what the law says, and if there is no law, they can create some protections in interoperability mandates.

16:24 - So for example, the first version of the access act, which was introduced last year in the Senate, it said that the FTC should create a new kind of company, kind of arms length, special referee, that would be in charge of protecting the users of big platforms.

16:39 - And when someone started a new service that wanted to plug into, one of the big platforms, APIs, they would evaluate that service and decide whether or not that service was on the up and up, they wouldn’t be allowed to compete with that service or with the big dominant platforms, they would have to have no conflicts of interest, and they would decide whether or not your new service would be able to plug into the API.

17:01 - And if so, like what a fair rate for using the API would be to recover the cost of operating the servers that provide you with a data conduit.

17:10 - Now, the access act got reintroduced this year in the house, not the Senate, and it did away with these third parties, what you might call a fiduciary and it replaced them with something else that’s also pretty good, a set of rules for what kind of company is allowed to connect to the API, rules like those companies are not allowed to collect or monetize or share user data ever.

17:33 - Now, interoperability mandates have their place.

17:36 - Interoperability mandates are kinda how we got here.

17:39 - Like if you’re my age, you’ll remember that the golden age of long distance bulletin board systems came about as a result of an interoperability mandate that forced the phone to allow third party long distance carriers to connect to them, and that’s when suddenly you could connect to BBSs far from your home without having to be a phone freak and risk doing federal time.

18:00 - But there is another kind of interop beyond these interop mandates.

18:05 - And that’s the kind of interop that Apple used when it reversed engineered Microsoft offices file formats and made pages and numbers and keynotes.

18:13 - It’s the kind of interop that people at this kinda con should be pretty familiar with, after all, no one ordered Microsoft to give Apple the spec for its file formats and Apple didn’t ask Microsoft for permission to do so.

18:25 - Microsoft actually did everything it could to obfuscate those file formats.

18:29 - They didn’t just not cooperate with Apple, they actively opposed anyone reverse engineering their file formats.

18:36 - And Apple did it anyway. That interop is called adversarial interoperability.

18:41 - Or we at EFF, we call it competitive compatibility or calm, calm.

18:45 - This is really hard to say adversarial interoperability.

18:48 - So when I say ComCom, then competitive compatibility, which is also adversary interoperability.

18:53 - See, you learn something new every day. So ComCom is in the story of every tech monopoly that was knocked over, and every new tech company that rose to greatness.

19:04 - ComCom is that impolite zero given form of interop that doesn’t care if the way that I plugged my thing into your thing, major shareholder said, “ComCom is in this story of everything from IBM PC clones “to Hayes modem command sets, to SMB and Samba networking, “to the Browser wars and the rise of the web, “and of course, online music,” but there is a new and impenetrable thicket of laws and legal interpretations, cybersecurity laws like the computer fraud and abuse act, anti circumvention laws like section 1201 of the GMCA software patents and more that have made this once routine practice of ComCom into a legal minefield that today is almost entirely practiced in the shadows.

19:48 - We need lawmakers and regulators to restore ComCom.

19:52 - And one way they can do that is by reforming existing laws so that they’re no longer so broad that can be used to block interop, or you could pass a new law, a kind of inter operators defense that said, “Not withstanding all the other laws, “it’s not an offense to add features “or modify a product or service for a legitimate purpose. ” It would shield you from liability, if you were making replacement parts or fixing something or improving its security or adding lawful features or making it accessible to people with disabilities.

20:24 - And there’s another way we could do it, as the FTC pursues Gianopoulos and enters into settlements with them, ‘cause they don’t wanna spend 10 or 15 years in court.

20:32 - One of the conditions of those settlements could be that the companies agreed not to use these laws to shut down into our operators.

20:39 - They could still use copyright law to stop people who were violating their copyright, but not just people who’ve bypass to TPM.

20:47 - Now, mandatory interoperability and adversarial interoperability, they’re not exclusive, they’re not contradictory, they are extremely complimentary.

20:58 - We want mandatory interop because it’s orderly.

21:01 - If there’s a mandated API for one of the big services, then the way that you make something new that plugs into it is by reading the docs, looking at the reference code and building your app.

21:12 - Now, compare that with the messy guerrilla warfare of ComCom, in order to plug into a service, you might have to fuzz its inputs or find a flaw in its IDS or bypass it’s bootloader, and then every time they patch, you have to do it all over again.

21:26 - But ComCom is useful here because mandatory interop is so brittle.

21:31 - Companies have a lot of ways to break their mandatory interop without violating the letter of the law, they could pre-touch really shut down their API over and over again because of suspicious activity or they could just restructure the internal data model so that the fields that the API can access are no longer useful to a competitor.

21:51 - When a company nerfs it’s mandatory API, getting that fixed, involves a full-blown regulators investigation.

21:57 - It involves appeals, it involves a judgment, it involves an order and enforcement, and it could take years during which time those little services that have popped up to give users more freedom might just collapse.

22:09 - But if ComCom is legally safe, if you’re allowed to do ComCom then the day that accompany breaks its API, all those little companies that rely on it can switch to scraping or reverse engineering or other adversarial tactics.

22:21 - In fact, companies are so frightened of the unquantifiable risk that’s posed by free for all bot wars, that in many cases, they’re just gonna resist the temptation to wreck their APIs because the alternative is worse, but if they go for it anyway, if they’re reckless enough to shut down the API and brave the wrath of the regulator, well, then ComCom fills in the gaps while we wait for the FTC to wake up and smack them around a little.

22:47 - Let me give you a concrete example of how that works and how it fails.

22:51 - Back in 2012, Massachusetts passed a ballot initiative with an overwhelming majority that forced the big three automakers to supply independent mechanics with the data they needed to read diagnostic information off the wired network and cars, what’s called the can bus.

23:08 - Car-makers had spent years systematically monopolizing independent car service, and they had been doing so by obfuscating those diagnostic and repair messages and people in Massachusetts had enough of it.

23:20 - But even before that law came into effect, car-makers started redesigning their cars so that all that useful diagnostic information, no longer float over the canvas, it flowed over new wireless meshes.

23:32 - Those weren’t covered by the law. Now eventually Massachusetts passed a law that overrode those loopholes, that forced automakers to expose the data that was going over those wireless networks, but it took eight years.

23:45 - And during those eight years, independent mechanics had a choice.

23:49 - They could either just have cars that they couldn’t fix, or they could close their shops and go to work for one of the big automakers.

23:55 - The mismatch between the time it takes to subvert a mandate and the time it takes to fix it again is why mandates alone are not enough.

24:03 - For mandates to work they need counterweights, a consequence that befalls companies that subvert them that hurts worse than obeying the mandate in the first place.

24:13 - And that counterweight that’s ComCom. Imagine, for example, if car-makers who are breaking their diagnostic mandate had to worry about ComCom when they were doing that.

24:26 - Imagine if when they switch the service messages from the wired network to that exempted wireless network, a couple of smart MIT kids could have just entered the market with a raspberry PI based interpreter that costs them a dollar to make, that they could sell to every mechanic in the state for $20 and that would continue to read those wireless messages as they flew around in the car.

24:45 - Anything the car manufacturers did to freeze out those gadgets would mean retooling every authorized service center and dealing with the inevitable upgrade problems.

24:54 - Meanwhile, independent mechanics would have a new business to supply them with diagnostic tools that MIT kids startup and that business could offer other services to them, services that made the manufacturers even less important to independent repair services.

25:09 - ComCom therefore is the stiffener that turns these otherwise structurally unsound mandates and to sturdy and pro competitive solutions.

25:19 - Now, ComCom just like every other kind of interop has plenty of ways that it can be abused for privacy.

25:25 - Today, companies say that they stopped ComCom from abusing our privacy by using anti circumvention enforceable terms of service and other anti-competitive laws to safeguard their users’ privacy.

25:36 - But if we really wanna defend user privacy, we need a privacy law.

25:41 - We shouldn’t be letting companies improvise this highly selective privacy defense regime from random cybersecurity and copyright laws had been lying around since the Reagan era.

25:51 - With an actual privacy law, we wouldn’t have to rely on companies to tell us what the good ComCom and the bad ComCom was.

25:57 - We could tell what was good and what was bad, good ComCom didn’t violate privacy law and bad ComCom did.

26:03 - Now, we’ve just underwent a half century of official tolerance for monopoly, but we are at a turning point.

26:10 - The president’s latest executive order says that America’s new policy is officially anti-monopoly and sets out 72 directives to the various administrative agencies to make that a reality.

26:22 - There are six antitrust bills going through Congress.

26:24 - There is also state level antitrust action.

26:27 - There’s antitrust action in Canada, the UK, and the European union with laws like the digital markets act and the digital services act.

26:34 - This is quite a moment that we’re having, but the point of this fight, isn’t just about competition for its own sake.

26:41 - I mean, every time a company Apple does something good, like introducing anti-fracking technology, the ad-tech industry starts whining that this is anti-competitive, and they’re not wrong.

26:52 - Apple does make it harder to compete in the race to see who is best at violating our human rights most cheaply and prolifically, but that’s not a race we want.

27:02 - We don’t want competition to find the best human rights violator.

27:06 - We wanna ban human rights violations, interoperability, and privacy rules together, do more than just enhancing competition or choice.

27:14 - They do something more nobler indeed, they give us technological self-determination.

27:21 - The right to decide how our technology works either by changing it ourselves or by finding someone we trust to change it for us.

27:28 - So you can stick with a big company if it’s got your back, but you can switch away if it doesn’t have your back, because companies do sometimes have their user’s backs.

27:37 - If a platform knows that the users aren’t cowed by switching costs, they’re incentivized to treat those users well.

27:45 - I’m not here to say that companies will always screw their users.

27:48 - I mean, I know a lot of you people watching this, do good hard work on behalf of those companies to defend dumdums like me.

27:56 - I’m not a hacker, but no one is ever going to pay you to defend me from your boss, especially not your boss.

28:06 - Interoperability and privacy law. They’re how we make it so that you don’t have to.

28:11 - Now, that’s the end of the talk. And if you want more detail, I urge you to read the paper once again, it’s called “Privacy Without Monopoly” and you can read it, you can see the URL down there, eff. org/dc29.

28:24 - I’d like to thank again, my colleague Bennett Cyphers, who did all the heavy lifting on this paper, I hope you will give the paper a read.

28:31 - And I’m really looking forward to seeing you next year for DEFCON30 in person.

28:36 - Assuming we haven’t all been killed by the Zeta variant by then.

28:39 - Please get vaccinated, wear your mask. We will get through this fellows and folks, and gosh, fellows, that was a terrible way to end a talk that I managed to pull off without any gaps all the way through.

28:52 - We will get through this folks. Please do what you can to keep us all healthy and thank you for the hard work you’re doing and for your attention.

29:01 - I really hope you enjoy the rest of DEFCON.

29:03 - Thank you very much. .