Privacy and the Pendulum

According to Wikipedia, a pendulum “is a weight suspended from a pivot so that it can swing freely. When a pendulum is displaced sideways from its resting equilibrium position, it is subject to a restoring force due to gravity that will accelerate it back toward the equilibrium position.” Remember that from physics class, along with Newton’s laws of motion?

We’re accustomed to thinking of pendulums swinging from side to side, but if you watch the Foucault Pendulum knock over pylons, you see it rotates with the Earth. Since we also rotate with the Earth, we can’t tell unless we stop to look at the pylons.

Technology and privacy work in a similar fashion. The changes taking place aren’t clear until we look at the pylons instead of the swinging pendulum. Case in point: an article in Ars Technica on Internet surveillance by Sean Gallagher. In collaboration with National Public Radio, Ars Technica passively monitored the Internet habits of NPR technology correspondent Steve Henn, mimicking the passive surveillance of the National Security Agency. They sought to

answer the question: could a passive observer of Internet traffic still learn much about a target in this post-Snowden world?

Given reports of breaches, security warnings and Heartbleed, it is easy to jump to the conclusion. If the article discussed another breach, we might have paused. Instead, we come to a full stop at the description of passive surveillance:

As I snapped in an Ethernet cable, Henn turned on his iPhone and connected to the PwnPlug’s Wi-Fi network. Porcello watched remotely as data from Henn’s network suddenly poured into a specially configured Pwnie Express server.

“Whoa,” Porcello said. “Yep, there’s Yahoo, NPR… there’s an HTTP request to Google… the phone is checking for an update. Wow, there’s a lot of stuff going on here. It’s just thousands and thousands of pages of stuff… Are you sure you’re not opening any apps?”

“I didn’t do anything!” Henn replied. “My phone is just sitting here on my desk.”

He checked his phone and found that Mail, Notes, Safari, Maps, Calendar, Messages, Twitter, and Facebook were running in the background—and making connections to the Internet. The Safari Web browser proved the most revealing. Like most people who use the iPhone, Henn had left open dozens of websites; when his phone had connected to the PwnPlug’s network, the browser had refreshed them, revealing movies he was checking out for his kids, a weather report, and research he was doing for work.

In the first two minutes of our test, we had already captured a snapshot of Henn’s recent online life—and the real surveillance hadn’t even begun.

The real surveillance hadn’t even  begun. This was passive. Idle. Yet the iPhone was anything but, just like the pendulum. Movement continues, whether we notice it or not. Even doing typical things, like optimizing website content for search engines, now has a different meaning:

the search engine optimization efforts of the websites he visited, I was able to capture URL keywords that provided strong hints—keywords that Henn would later tell me matched almost exactly with his searches:

  • who-coined-cloud-computing
  • data-centers-waste-vast-amounts-of-energy-belying-industry-image
  • global-warming-and-energy
  • searching-the-planet-to-find-power-for-the-cloud
  • recent-updates-to-the-oed
  • clickclean-interactive-us
  • ca-vantage-data-centers-id
  • new-iowa-wind-farm-will-feed-facebook-data-center
  • global-warming-and-energy
  • the-facebook-data-center-faq

We’ve seen a pylon fall: privacy. That is equally alarming, obvious and useful. It is alarming because it is easier to compile profiles of us from our search history, preferences, opinions and locations tagged and shared online. Google’s Transparency Report gives us a glimpse into the kinds of data requests it receives, but then there are the jealous boyfriends, girlfriends, significant others, exes, etc. that can also collect and use this information in court. It’s obvious because it has been well established search histories are collected and stored unless you purposely clear your cache on a regular basis. And it is useful because the collection of histories makes it easier to purchase gifts for birthday’s, weddings, house warming parties and baby showers. We can simply browse and click, freeing up our mental capacity for other endeavors.

For some, those other endeavors are figuring out how to move the pylons. Apps like Secret, SnapChat and Whisper, designed for sharing, like social media, but with “self destruct” mechanisms that make one think of Mission:Impossible. The goal is the same: move the pylons. It can’t hit what is not in its way.

Will Bourne, in his Inc piece “The Revolution Will Not Be Monetized,” profiles “an idealistic but ambitious movement in Silicon Valley looking to flip the switch on how we live and share business online.” They’ve stopped to watch the pendulum knock over pylons, and do not like what they see. Nico Sell, founder of Wickr, compares Google and Facebook to robber barons. He looks at companies like Wickr and Omlet. Wickr is similar to Secret and SnapChat, but as Bourne explains:

Wickr’s “perfect forward secrecy” software is as solid as anything out there, according to specialists who have studied it. Each identity you create in the app is password protected; each message has a timer feature that allows the sender to set an expiration date, from a few seconds to six days in the future, at which point the text self-destructs on the recipient’s and sender’s phones. All destroyed messages are then “digitally shredded” on the device, rendering them irretrievable.

For lawyers, this poses a challenge. After spending time educating courts and juries on cloud computing, social media and the various pylons being hit, applications like Wickr and Omlet remove the pylon. The pendulum hits nothing. We are close to this, as the recent kerfluffle of the Internal Revenue Service “losing” emails of its former head of tax-exempt status department, Lois Lerner, demonstrates. The description from The Washington Post suggests more of a policy problem than a technical problem, but when everyone is accustomed to knowing the pendulum is going to hit the pylon, it is difficult to comprehend that it can be “lost,” or removed.

Now imagine going to court to argue that messages weren’t “lost,” or that policy needs to be revised, but rather that the messages purposely vanish after a set period of time. There is no pylon from the start, so it is irretrievable.

Irretrievable. From phone-to-phone, that may not be a big issue. Wickr, however, plans to incorporate its tech into servers and routers, according to Bourne, and “wherever it can add value.” Given the buzz around encryption after Snowden, this is understandable, and will challenge lawyers to think creatively on how to educate judges and juries, as well as the public, on how this kind of technology functions, within the confines, or perhaps without violating, the law.

Featured image: “Closeup of human eye with digital binary code” from Shutterstock.

About Gwynne Monahan

Gwynne Monahan
Best known by her Twitter handle, @econwriter5. Generally speaking, she is a writer posting random, perhaps interesting, things.

Check Also

eDiscovery

eDiscovery and the Inevitable Growth of Secure Remote Review

The evolutionary forces underway within eDiscovery are occurring at a faster pace more than ever before.