Rounding errors

Wendy M Grossman comments on the US's use of surveillance drones over US soil

Image: Red tail hawk looking from lunch by TheJavierNavarro CC BY-NC 2.0

The key purpose of the long-running Computers, Freedom, and Privacy is to look ahead at developing technology and identify future conflicts. This year made earlier years seem startlingly prescient; the angry distrust of government breaking out all over the US since the PRISM revelations mirrors CFP in the mid-1990s, when it was home to the battles for the right to use strong cryptography to protect communications.  

Crypto is, of course, also digital cash, which failed then but is now finding some traction in the form of Bitcoin. Last month, the state of California issued a cease-and-desist order against the Bitcoin Foundation, doubtless the first of many new rounds of disputes. In discussion, J. Bradley Jansen asked the Bitcoin panel, Is it a currency, a security, or a value transfer mechanism? Patrick Murck, general counsel for the Bitcoin Foundation, had the obviously right answer: "It's an experiment."

You could also call it a "rounding error" in the global economy. Bitcoin: $1.5 billion. Global economy: $50 to $60 trillion. But this term didn't pop up until later, when the topic was drones. This panel showed clearly that drones are at approximately the 1980s stage of personal computers: the ethos of the hobbyist Homebrew Computer Club is clearly echoed by the DC Area Drone User Group.

In the panel I moderated on PRISM, the security consultant Ashkan Soltani pointed out we have in fact four programs to worry about.

But let's go back to Bitcoin: it's it is not an answer. Under the current design of centralized exchanges and wallets, transactions are traceable. No matter how you parse the authorities' recent actions, even an experiment is going to attract the regulator's eye when it reaches the size and visibility where ordinary consumers might start dropping money into it expecting it to be safe. And most consumers will want it to.

But, as Murck said, regulators are struggling to understand Bitcoin, which doesn't operate like existing financial services: there's no controller and no one to hold responsible for transactions; it's not anonymous though it is private; and transactions are irreversible.

"Regulators think that's unfriendly to consumers," Murck said on Wednesday. "But it has a growing place in ecommerce." Wryly, he described lobbying as the big Bitcoin investment opportunity. "We need a sane regulatory environment for financial technology in general, not just Bitcoin," he said.

Personally, I suspect that regulators' are also confused by Bitcoin's arcane nature. A frequent flyer mile is equally abstract but maps mentally to something familiar. Perhaps Bob Newhart, a former accountant, could take on explaining Bitcoin the way he did Sir Walter Raleigh's discovery of tobacco.

Surprisingly, the situation with respect to drones is little different. Matthew Lippincott commented that in the public imagination a drone carries a camera and a gun. In fact, this isn't my image at all. On the sinister side, I immediately see the crop-dusting planes chasing Cary Grant in Alfred Hitchcock's North by Northwest. More benignly, my mental image is more like the small, light, radio-controlled helicopters that Think Geek sells. (You can tell I've led a sheltered life.) The reality, said Timothy Reuter is a "loud, flying lawnmower" that has to have its battery swapped out after 20 minutes.

So there was the question: do we look ahead to when drones are tiny bee-like things or even smaller molecular devices that may surveille us from within after we inhale them, or do we regulate for the clumsy, limited devices we have now?

Benjamin Wittes argued that the two topics - regulating drones and privacy - should be separated for regulatory purposes, arguing that Congress would be a better choice of regulator than the Federal Aviation Authority. "There's a pretty big societal change that is the ability of individuals to spy on other individuals in a way that we're really used to associating with governmental power," he said. "I think drones are a rounding error on that problem." A few minutes later, Lippincott agreed: "Surveillance is a rounding error in the problem of universal cameras and camera access that we're facing."

A regulator's lot is not an easy one. If you regulate a rounding error-sized problem people think you've lost all sense of proportion and are trying to impede innovation and experimentation. If you wait until the problem is a significant size, you're so far behind the technology that either people mock you or they have deliberately pre-empted any actions you might take. The point is not who was right when - although the ACLU gets points for its 2006 map of the NSA's spying capabilities. The point is which are the right fights to pick. The crypto wars of the mid-1990s. which Matt Blaze reviewed in his keynote, were a necessary but not sufficient battle to win. We - all of us - lost most of the war to preserve the confidentiality of communications. Partly, the issue is usability: people only use crypto when it's invisibly embedded in the infrastructure; if it's visible to consumers its use is too painful - and it's no defense against traffic analysis. The battle we won was a rounding error on the ones we lost. We need to be smarter.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.