The Post-Snowden Surveillance World: Network Effects, Low Marginal Costs, And Technical Lock-in
from the only-connect dept
The concept of network effects, and the lock-in they produce, are both by now fairly well known. Most people understand why Microsoft retains its stranglehold on the desktop and word processing formats, despite the availability of equivalent free alternatives like GNU/Linux and LibreOffice, just as Facebook dominates the social networking sphere. A fascinating new paper by Ross Anderson, Professor of Security Engineering at Cambridge University, uses the idea of network effects and related areas to explore some of the deeper implications of Snowden's revelations about the modern world of surveillance (pdf).
Alongside network effects, Anderson notes two other factors, familiar from the world of technology, that are increasingly visible in the world of surveillance: low marginal costs and technical lock-in. First, the network effects:
The Snowden papers show that neutrals like Sweden and India are heavily involved in information sharing with the NSA, even though they have tried for years to pretend otherwise. A non-aligned country such as India used to be happy to buy warplanes from Russia; nowadays it still does, but it shares intelligence with the NSA rather then the FSB. If you have a choice of joining a big spy network like America's or a small one like Russia's then it's like choosing whether to write software for the PC or the Mac back in the 1990s. It may be partly an ideological choice, but the economics canoften be stronger than the ideology.
Here's how low marginal costs have revolutionized world politics:
Second, modern warfare, like the software industry, has seen the bulk of its costs turn from variable costs into fixed costs. In medieval times, warfare was almost entirely a matter of manpower, and society was organised appropriately; as well as rent or produce, tenants owed their feudal lord forty days' service in peacetime, and sixty days during a war. Barons held their land from the king in return for an oath of fealty, and a duty to provide a certain size of force on demand; priests and scholars paid a tax in lieu of service, so that a mercenary could be hired in their place. But advancing technology brought steady industrialisation. When the UK and the USA attacked Germany in 1944, we did not send millions of men to Europe, as in the first world war, but a combat force of
a couple of hundred thousand troops -- though with thousands of tanks and backed by larger numbers of men in support roles in tens of thousands of aircraft and ships. Nowadays the transition from labour to capital has gone still further: to kill a foreign leader, we could get a drone fire a missile that costs $30,000. But that's backed by colossal investment -- the firms whose data are tapped by PRISM have a combined market capitalisation of over $1 trillion.
Finally, there's the technical lock-in:
First, there are lock-in effects in the underlying industries, where (for example) Cisco dominates the router market: those countries that have tried to build US-free information infrastructures (China) or even just government information infrastructures (Russia, Germany) find it's expensive. China went to the trouble of sponsoring an indigenous vendor, Huawei, but it's unclear how much separation that buys them because of the common code shared by router vendors: a vulnerability discovered in one firm's products may affect another. Thus the UK government lets BT buy Huawei routers for all but its network's most sensitive parts (the backbone and the lawful-intercept functions). Second, technical lock-in affects the equipment used by the intelligence agencies themselves, and is in fact promoted by the agencies via ETSI standards for functions such as lawful intercept.
The rest of the paper explores the implications of those factors. For example, Anderson notes that network effects lead to a surprising degree of technical integration between Western democracies and some of the less salubrious regimes around the world, notably through the export of spying technologies from the former to the latter. Another kind of integration is taking place between intelligence agencies and law enforcement:
It looks increasingly like law-enforcement and intelligence systems will merge into a single surveillance system, since the issue engages all of the three reasons that makes information markets different: there are strong network effects, there is technical lock-in growing from the fact that everyone’s using the same technology platforms and presenting warrants to the same service firms for the same data; and the back-end systems needed to aggregate, index, and analyse the product have high capital costs and very low marginal ones. Institutional arrangements are starting to reflect this; in addition to the FBI acting as the NSA’s funnel into Google and Microsoft, all UK police wiretaps are now done by the National Technical Assistance Centre, which is essentially a service window at GCHQ. There is indeed no point in making the taxpayer buy the same systems twice.
Despite these rather depressing observations and predictions, the paper does contain some upbeat thoughts. For example, Anderson emphasizes that network effects provide a good reason for the US to support a more principled kind of surveillance, in the knowledge that its current dominance will pass, and that it, too, will be subject to just the kind of spying that it currently inflicts on others:
If the barriers between nations that participate in the intelligence networks are not sustainable in the long term, and neither are the barriers between intelligence and law enforcement, then what's sauce for the goose will be sauce also for the gander. Policymakers should not delude themselves into believing that a temporary 'home field advantage', as NSA Director General Alexander put it, will last for ever, or even for the lifetime of most of us.
Anderson even manages to see hope that the experience of addressing the consequences of network effects in the world of surveillance may lead to broader gains in the future:
The regulation of surveillance might therefore be a useful early example of what governance could look like in a future networked world, and may in fact be one of the hardest such problems that we face. It contains elements of both fear and hope: fear that an apparatus of global surveillance might be captured by an oppressive successor empire, and hope that there might be no successor, but merely civilisation (whatever that means). This asymmetry may introduce the possibility of new approaches, and nudge realists from selfishness to more enlightened selfishness. As for liberal thinking, the lesson is that we don't just have to rely on international institutions; there are extremely powerful network effects in play, which will be a force for pacification and stability; we must work with them.
As that indicates, this is an extremely thoughtful and wide-ranging paper that draws together a number of big issues -- surveillance, privacy, governance, geopolitics etc. It's an important contribution to the debate initiated by the release of NSA and GCHQ documents by Edward Snowden, and anyone interested in what the longer-term implications of those revelations will be really ought to read it.