Re: <nettime> What should GCHQ do?

["t byfield" <tbyfield@panix.com>]

On 24 May 2015, at 7:09, William Waites wrote:

> And so we have arrived at the economic problem. The business model of
> advertising has the same basic requirements as mass
> surveillance. Thwarting one by decentralisation and ensuring
> confidentiality of communications means thwarting the other. Improving
> safety and security by encouraging pervasive encryption means finding
> a new economic model for the Internet that does not depend on
> surveillance, that transcends the Web2.0 model of capturing users in
> silos. Surely this too can be a fruitful direction for research.

The ethos of our time is something like *I can therefore I will.* If 
something technically possible, it becomes imperative to do it. It's not 
an individual, philosophical imperative, something that you or I 'must' 
do -- that wouldn't really matter. It's a systemic, probabilistic 
imperative, something that someone else will end up doing sooner or 
later -- which matters very much. If something is possible, it seems 
inevitable. 'Technology' is the field where this dialectic plays out: 
whatever gets drawn into those dialectics becomes 'technology.' I think 
this helps to explain why our time is dominated by engineering and law 
(note: not 'business' or 'finance'), two disparate professions that are 
united by one strange feature: both are organized around limit cases. 
They operate through ultraist logic, extrapolating everything to its 
logical extreme and proceeding on that basis.

Normally I don't go in for oracular bluster like that, but when it comes 
to cryptography I've learned to make an exception. The alternative is to 
trust the mathematicians. That's no exaggeration: one of the rallying 
cries of the crypto crowd is 'trust the math.' I don't, because math 
doesn't exist in the abstract. Its relationship to engineering is 
obvious: engineers implement math, they make it real, make it happen. 
Its relationship to law is less obvious. I don't mean ITAR, Wassenaar, 
or any other mechanism by which states would standardize or regulate 
cryptography. Instead, I mean the kinds of individual and collective 
sovereignty that cryptography enables through various implementations. 
The Cypherpunks understood this potential in their own way ('crypto 
anarchy'), and the Bitcoin/altcoin advocates understand it in other ways 
-- hence all the experimentation and excitement about things like side 
chains.

Hard crypto everywhere all the time has become one of those internet 
pietisms that's hard to challenge. First of all, anyone who does so ends 
up with some really troubling bedfellows (e.g., the NSA). But even if we 
ignore that kind of implication (i.e., ultraist extrapolation), we 
quickly come to basic, practical questions: If you want anything less 
than absolute crypto, where and how would you draw the lines? For 
example, the lines between what's permitted and what's forbidden, or 
what's practically possible or impossible, or for how long (e.g., key 
length vs 'Moore's Law' and misc innovations).

I'm skeptical about crypto absolutism because one of its first effects 
would be, in effect, to *privatize* everything. 'Public' would be 
reduced to whatever was cracked or leaked, as if Wikileaks and Snowden 
were the norm rather than the harrowing exception. And that would apply 
not just to social or communicative records but also -- as anyone who's 
lost a key or a password knows -- to one's own records. And isolated 
cases, which now seem almost like thought experiments -- questions about 
whether the US's Fifth Amendment, against being compelled to provide 
witness against oneself includes passwords, for example -- would become 
near-daily considerations.

Discussions of cryptography *should* involved questions like this, but 
they don't because no one has an incentive to discuss them. Opponents of 
crypto are happy mongering the ~four horsemen (terrorists, organized 
criminals, money launderers, and c-pornographers, more or less), and too 
many crypto advocates are absorbed in exotic last-mile opsec projects. 
Recently, I read a casual remark that Baudrillard is cited more often in 
'critical accounting' than he was in the humanities. I doubt that's 
true, and the field of critical accounting is completely new to me, but 
it sounds like it could be promising -- as a part of a broader challenge 
to the naive positivism of

I don't know the solution to this all, and I don't know where bright 
lines should be drawn. But I do think that the growing 'moral' push 
toward secure communications is troubling, and that preserving 
'insecure' communications channels as a legitimate choice is vital.

Cheers,
T


#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime@kein.org