胡泳 | Net advocates crusading for privacy and security

http://www.guardian.co.uk/commentisfree/2013/jul/16/internet-advocates-crusading-privacy-security

The internet advocates crusading for our privacy and
security

Given recent revelations about how states and
corporations are mining our data, let's raise a cheer for the open net
activists

Thanks to the NSA leaks and resulting
media interest in surveillance,
the public is awakening to the threats posed by ubiquitous information
dragnets. But our awareness is grossly incomplete – and that applies not just
to direct surveillance by governments that do their best to keep it secret. Our
knowledge and understanding of how tech and communications companies behave is
also shallow, at best.

Several valuable
projects already seek to measure government censorship of the internet.
In particular, the OpenNet
Initiative has been
doing deep research into exposing state-mandated filtering and censorship
around the world. (Note: OpenNet is operated primarily by university research
centers, including the Harvard Berkman Center for Internet and Society, with
which I've been affiliated for many years.)

The corporate actors
in the burgeoning surveillance states have not gone unnoticed. But we know far
too little about their practices, and even worthy efforts like the Global Network
Initiative – aimed at
“advancing freedom of expression and privacy”
in the tech sphere by creating operating principles for those companies – have
proceeded at a snail's pace. That's not surprising, given the organization's
varied participants and their goals.

Others have been
working to help people learn to what extent they can trust at least a few of
these companies to protect their data when government snoops come calling. The
Electronic Frontier Foundation's “Who Has Your Back” project has surveyed a number of US companies
in the internet ecosystem to create star ratings across six categories,
including whether the company requires a warrant before giving up information
to law enforcement. The least protective were Verizon, which got zero stars in
this year's survey; one star each for Apple and AT&T; the best were
Sonic.net, an internet service provider, and Twitter, with six stars each. (The EFF gave Yahoo a special star for its recently revealed – but
ultimately unsuccessful attempt – to protect users' privacy from what it
believed to be overbearing government surveillance; however,Yahoo ranks low overall in the survey.)

Meanwhile, the Measurement Lab project has created a platform for researchers
to deploy tools that help them measure how the internet is working, including
such things as bandwidth. The Neubot, for example, is an Italian project
designed to measure ISPs'
performance on “network neutrality”.

Another promising new
project, “Ranking
Digital Rights”, wants to go deeper and more broadly into
measuring and publicizing corporate data and communications responsibility. Its
founder, Rebecca MacKinnon (who is a friend), is a senior research fellow at
the New America Foundation, former CNN Beijing and Tokyo bureau chief,
co-founder of Global Voices Online, and
author of last year's influential Consent of the Networked: The Worldwide
Struggle for Internet Freedom.

Where the EFF focuses on American companies, MacKinnon is
looking globally. She and her collaborators will be asking companies around the
world to answer detailed questions about how they operate, with special
attention to human rights issues. By publicizing the ones that have the best
practices, she hopes, more will have an incentive to move in that direction.

She sees this work as “part of an emerging ecosystem of
projects whose goal is to help the public to obtain measurable information what
companies and governments are doing with and to the internet. The
better-informed we are, the more we can do to make sure what's happening is in
our interests and is accountable to us.”

All of these initiatives are useful, even essential. Yet, to
operate in our modern world, we make a series of “agreements” with
companies selling us services: they will collect and use data about us in
return for providing the services. This is true for financial institutions,
internet companies, hardware vendors and all the others. The agreements are
one-sided: we say yes, and send our money or use the services in return for
vast privacy invasions, or else we are excluded.

But can we, using data from the EFF et al, genuinely challenge
the increasingly tight controls companies and governments are exerting? How can
we shame an ISP into doing the right thing when the ISP is either effectively a
monopoly or part of a cozy duopoly, as is the case in much of the US? Can we
depend on Google to protect our data – assuming, as the company swears, that
it's doing the best it can today – when management of the company moves into
new hands someday? And can we ever trust the tech industry in the context of
regimes that create secret laws and regulations that make a mockery of what few
privacy rights we have?

As noted previously in this space, I'm absolutely convinced that
there's an opportunity for big companies and entrepreneurs alike to create
products and services that are designed from the ground up with privacy and
security in mind. But measurements and data of the sort these organizations are
providing is going to be essential along the way. They deserve our support.