RIP Secure Email

Last month, as you may know, two American providers of secure email services exited the business.   In announcing his company's "corporate suicide," Lavabit's founder said:

"I feel you deserve to know what's going on – the first amendment is supposed to guarantee me the freedom to speak out in situations like this," Levison wrote. "Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests."

This kind of language has stimulated a wide round of hand-wringing at this latest example of the assault on privacy.  Many have suggested that a key to email privacy, in the new world order, is to avoid using service providers that have any physical ties to the United States.  But is this kind of extreme reaction justified?

I'll argue that it isn't, not because the problem isn't real but because there are no useful solutions.  I have no doubt that it's a horror show out there; in fact, I believe that the situation is far worse than the most doom-and-gloom commentators have been saying it is.  Those commentators fear that privacy is in mortal peril, but I would argue that privacy is no more endangered than a week-old roadkill carcass.  It's been dead long enough that you really should have noticed by now that it's beyond further harm, and is best spoken of only in the past tense.

For starters, email never was private to begin with.  The earliest email systems were only as secure as the administrative login on a mainframe.  Networked email was even less secure, vulnerable as it was in transit to eavesdropping and alteration.  While there have been occasional developments that seemed to move the momentum back towards privacy, such as S/MIME, PGP, and services like Hushmail, Silent Circle, and Lavabit, it must be said that these have been almost complete failures.  Their security improvements have always been offset by reduced convenience, a fatal tradeoff on today's Internet.  As I've often said, users want security at any price, so long as it's free.  And when a service like Lavabit was finally getting a bit of traction on the technical side, it was totally subverted by the hidden hand of the security state.

We can and should continue to assert the need for a secure email system, but we ought to recognize that, with few exceptions, we've never had one.  Email as we know it simply should not be used for genuinely sensitive information.  Instant messaging, when used with suitable transport encryption and no message retention, is a rather better bet for would-be conspirators, but not for anyone who wants to keep records.

It seems likely to me, however, that the essence of email service includes qualities that are fundamentally incompatible with security in today's world.  Email users are accustomed to being able to communicate easily with anyone, to retain messages for as long as they like, and to allow company monitoring of corporate email.  Each of these requirements is a significant roadblock to true privacy.

Nor should you get your hopes too high about the nationality of a provider.  It is probably true today that you could use a service in another country without the US government being able to see your data -- if you are lucky enough to choose a country that doesn't have any secret arrangements with the US.   But even then, as more people do that, how long will it take before it's made illegal to use services outside the reach of US pressure?

There are still ways to communicate secretly.  If you're planning a corporate takeover, an extramarital affair, or a heinous act of terrorism, you can find ways to use the various communication tools of the modern age to protect your plans from prying eyes.  It's just that you have to work much harder to do it, so you aren't likely to do so over small matters, which means that minor embarassments will be revealed far more often that major crimes.  (And, tragically, every evidence of strong privacy will be seen as suggestive of a possible crime.)

Email is like a crowded train station.  Most of what you say won't get noticed by anyone else, but you never know if you're standing next to a listening device or a human eavesdropper.  I'm afraid that either we shall all be living our lives in a state of constant fear, or we will have to dispense with secrets altogether.   The best response to the loss of privacy may be the growth of tolerance, so that fewer secrets will need to be kept in the first place.

CPSR: Can't Prolong Sadness, Really

Last month brought the official dissolution of Computer Professionals for Social Responsibility.  The initial reaction to this event, for those of us who cared about it, was of course sadness.  It marked the end of an era, of nearly 30 years of activism, education, and outreach.  As one who served on the CPSR Board for many years, and as President briefly, it feels a bit like an old friend has died.

But the truth is that current realities call for different kinds of organizations, and that CPSR lived longer than we had any reason to expect.  CPSR was founded in the early 1980's, one of many organizations born in reaction to the Reagan-era military build up and, most particularly, the Strategic Defense Initiative, commonly known as the "Star Wars" program.  The goals of that program were so far beyond the technology of the time that it struck fear into the hearts of most knowledgeable computer scientists.  As the program was initially construed, a single bug in a staggeringly complex program could easily have cost millions of lives, even as the program gave policy makers a false sense of security about the survivability of nuclear war.  It was flat-out terrifying to many of us

Most of the organizations that formed in that era found themselves winding down after the Reagan-Bush years, and certainly not surviving to the Millennium.  CPSR was different.  At its founding, it was the only organization focused specifically on the impact of computers on society.  As Star Wars faded, CPSR turned toward issues such as electronic privacy, computerized voting, participatory design, and online government.

In fact, there were so many topics of interest that CPSR could not contain them.  Several organizations that began their lives as spinoffs from CPSR continue today, such as the Electronic Privacy Information Center (EPIC) and the 21st Century Project.  Other organizations that were not CPSR spinoffs, such as the Electronic Frontier Foundation (EFF), nonetheless diverted substantial energies from CPSR.  Over time, then, CPSR became the home for worries about the smaller issues related the role of computers in society, as the larger ones spun off to specialized groups.  

The capabilities of the Internet, and the general Millennial temperament, seem to favor more highly-focused organizations, rather than catch-alls such as CPSR.  It seems likely to me that social action groups will be more effective with such specialization, which makes the death of CPSR both more understandable and less lamentable.  But that doesn't mean that nothing is being lost.

CPSR, as a general-purpose organization, provided a social nexus for people concerned about multiple computer/society issues to exchange ideas and devise new strategies.  It's not clear to me where this is happening today, if anywhere.

But perhaps the worst aspect of CPSR's demise is that it leaves some "lesser" issues orphaned.  Sure, issues about privacy and liberty will be addressed by EPIC and EFF, but what of the issues with no such specialized organizations?  How will computing professionals organize themselve to address those issues?

Two issues, in particular, are of concern to me.  First is the question of electronic voting.  Electronic voting machines have an enorous potential to subvert democracy.   While there are individuals addressing the issue, without CPSR, I see no organizational home for them.  Second, and most ironically, is the role of computers in weapon systems and the military.  The issue which gave birth to CPSR is one of the most regretable orphans in the wake of its demise.

CPSR had a good run, and I can't shed too many tears at its end.  It was a 1980's style organization (some would say 1960's) fundamentally ill-suited to 21st century realities.  But now, as computer technologists, it is all of our responsibility to consider the social consequences of the rapidly-advancing technology we continue to build, and to create new organizations for new concerns.

Fortunately, I see signs that this is exactly what's happening.  I'm encouraged by the fact that, even as CPSR has been fading away, the importance of social responsibility has become an important part of a growing number of computer science programs.

CPSR was both too general, in the sense of trying to cover too many issues, and too exclusive, as if there could ever be computing professionals -- or even computer users, which is virtually all of us -- who do not have a moral obligation to worry about the consequences of new technologies.  In the absence of CPSR, each of us has an individual obligation to be a computer professional for social responsibility.

Tax the Internet!

Depending on whose numbers you believe, the Internet now constitutes about 2% of the global economy, or 3.8% of developed nations' economies, and its growth rate may still be exponential.

It took the Internet more than four decades to go from zero to two percent of the world economy. If, as I suspect, it's still growing along the same exponential curve that most Internet measurements have followed, a decade from now it could account for a third to a half of all global economic activity. The taboo on taxing it is worth revisiting, and several states are now doing so.

Believe it or not, the original reason why most people favored not taxing the Internet was a desire to foster its growth -- either through the direct economic savings of not being taxed, or by sparing it the potential regulatory complexities of a new kind of international commerce. Back then I thought, and still believe, that this was a very good idea, but times have changed. The Internet no longer needs special tax treatment to thrive.

There are of course complexities that stem from the nature of Internet commerce. But the sheer size of the Internet economy, two decades after its commercialization, suggests that it's past time to confront the complexities of its taxation.

I am not arguing (here) that taxes should be higher or lower overall, but simply that they will be increasingly unbalanced and unfair if they are only imposed on an exponentially shrinking portion of the economy.

The mechanics of Internet taxation will be tricky, to say the least, but current tax codes aren't exactly simple, either. It seems to me that Internet taxation could be made tractable by beginning with a few core principles, such as:

1. All mechanisms should be designed for feasibility and simplicity of implementation. This will dictate certain architectural decisions, such as seller-side tax collection, and it will also work to minimize bureaucracy and wasted time.

2. The introduction of Internet taxation should minimize disruption to existing government revenues. This means that when possible, revenue from taxing particular Internet actions should go to the jurisdiction of the seller that received the revenue. For example, in the USA, sales tax from Internet transactions should be directed to the buyer's state of residence. The seller's venue can be taxed in other ways, but without residence-based sales tax, tax revenue would tend to drain away from populous jurisdictions that don't host Internet services.

3. Internet taxes should be as uniform as possible across all tax jurisdictions. For example, although the state that receives sales tax should be determined by the buyer's residence, the amount of the tax should be decided more globally if possible. The economic distortions at such places as the Massachusetts/New Hampshire or San Diego/Tijuana borders serves no useful purpose and would probably be even worse if applied to Internet taxes.

4. National tax regimes should complement each other whenever possible. Rules should be written with reciprocity in mind. It isn't reasonable to expect a small merchant in Haiti to deliver tax collections to every taxing domain on the planet, but it is certainly reasonable to expect a large multinational vendor to do so, at least for jurisdictions where it conducts business.

Having said that, what exactly can reasonably be taxed? The easiest case is basic Internet access, which is already often taxed locally at the "last mile." This is an appropriate offset for the local infrastructure costs, and satellite services could be treated in the same way -- the local folks can see the dishes and enforce the rules. A uniform sales tax rate would avoid competition between jurisdictions, and would be almost a necessity for a value added tax.

Internet advertising is currently largely untaxed. Taxing it might slow the growth of Internet advertising, but few people would shed a tear for that, and it could be a large source of revenue if exponential growth continues. This could be addressed as a sales tax on the transaction in which the advertising is purchased, but the taxing jurisdiction might be near-impossible to work out, and would be an undeserved windfall for a few jurisdictions. It would be much more tractable if the advertising delivery agent (e.g. Google) collected and reported geographic information to facilitate the distribution of taxes to the domain of the "eyeballs."

However, it should be noted that there are a lot of poorly-thought-out proposals for taxing aspects of the Internet that would be implausible to tax. A "click tax" sounds promising until you realize that someone could write a program that just sits around raising someone's taxes. An email tax would get buried in technical and regulational complexity, given the difficulty of sorting out the true identity of a sender or receiver. Taxes on social networking success are slightly more plausible, where there's a single entity to perform identification and reporting, but it still isn't clear which activities it would make sense to tax.

Finally, there is a strong case to be made for particularly taxing the most bandwidth-hungry applications, and plowing the proceeds back into infrastructure upgrades. Video-heavy services such as YouTube and Skype might reasonably be expected to contribute to the continued upgrade of infrastructure that their services help make necessary.

I certainly don't claim to have all the answers, but if the role of the Internet in our economy is still growing exponentially, then it's surely time to open a discussion around the topic of how it might make sense to tax the Internet.

Betraying My Oldest Friend

Every now and then, you say or do something that you can't take back, and it changes your life forever.  Sometimes it's a good thing, like having a child.  But when it's a betrayal of something you love, you will carry the regret to your grave.

For me the archetype of such betrayal is Winston Smith, in Orwell's 1984. Imprisoned by the all-powerful government, he has already endured countless tortures, but clings to the notion that he has never betrayed Julia, the love of his life.  To break this last shred of autonomy, his torturers confront him with his deepest fear, being eaten alive by rats.  Facing this horror he begs, "Don't do it to me, do it to Julia."   As his torturers understand, those nine words can never be taken back, and when he is reunited with Julia -- who has had a similar experience -- the knowledge of their mutual betrayal dooms their relationship.

I  have twice in my life been conscious of such a life-changing betrayal.  I regret them both, but would still repeat them if I could.  Both may sound trivial to many readers, but my regret is painfully real and deep.

The first was over a quarter century in the past.  I have always been a baseball fan, a fanatic partisan of the New York Mets, who I fell in love with as the perennial doormats of the National League.  In the American League, however, I found a second favorite, the team of all my relatives, the accursed Boston Red Sox.  For two decades, I rooted for both, confident -- in the era before interleague play --  that they would never face each other, which could only happen if both somehow met in the World Series.

In 1986, as any baseball fan can tell you, that actually happened.  I was over the moon, saying (and believing) that I would love every minute of the Series, no matter which of my two favorite teams won.   I held onto that belief until the final inning of the sixth game, with the Red Sox an out away from breaking their famous curse, when Bill Buckner committed perhaps the most famous error in baseball history.  At the very worst moment in nearly a century of suffering for Red Sox fans, I jumped to my feet and cheered myself hoarse.

I can say that it was inevitable, and that anyone would cheer their favorite team over their second favorite.  But I found I could never call myself a Red Sox fan again.  I had betrayed them as surely as Winston betrayed Julia.

My second great betrayal happened just this week.  To understand it, you should know that I was a bit of a prodigy as a child.  I was reading adult books at the age of 2, and had more or less finished high school by the end of third grade.  Books have always been my best friend.  For 53 of my 55 years, I don't think there has been a single day when I haven't spent at least an hour reading; even hiking the Appalachian Trail, I endured considerable extra weight rather than do without books.

The emergence of e-books has left me wary and conflicted.  The logic of e-books is obvious, especially to someone like me, who is away from home travelling more often than not.   Depending on the length of my trip, I typically carry 10 to 30 pounds of reading material, and I have a bad back, so switching to e-books would appear a no-brainer.

But I couldn't do it.  Books have been my most faithful friends since about the time I was toilet trained.  To cast them aside for the hottest, sleekest new model seemed unthinkable, and as shallow and faithless as casting aside my wife of 35 years for a similarly hot, sleek new model.  (Of course, Amazon doesn't sell the latter for under $100, but I digress.)

But every time I travelled, I found myself gazing at the lightly-loaded and paper-free modern travellers with more envy than when I gazed at... ok, that's enough of that analogy.  I even experimented with reading a couple of books on my smartphone, where the tiny screen allowed me to pretend I'd tried e-books and found them wanting.

Then, a few weeks ago, I got an iPad for work purposes, and, after some dithering, decided to give e-books "one more try."  I was only a few chapters into my first e-book, Walter Isaacson's magnificent biography of Steve Jobs,  when I realized there was no going back.  

Then, within a day or so of that realization, I went out to lunch at an Ann Arbor deli that happened to be a few doors down  from Nicola's Books, one of our last remaining independent book stores.  Walking towards the deli, I saw Nicola's and instantly found myself struggling to fight off tears.  I love independent bookstores almost as much as I love books themselves, and I felt like I'd put a knife into Nicola's heart.

I doubt I can ever go back.  Carrying so much less baggage when I travel, buying each book the moment I decide to start reading it, and beginning to reduce the miles of bookshelves that fill my house -- these are unarguably good things, and I can no more regret this decision than I can regret cheering for the Mets in 1986, or than Winston Smith could regret betraying Julia to avoid the worst death he could imagine.  

But we can regret the consequences even if we can't regret the choice.   Winston Smith didn't want to lose Julia, and I didn't want the Red Sox to lose, or the independent bookstores to vanish.  Sometimes, betraying something you love is the unavoidable cost of a greater good.  But I don't expect ever to get over it; 26 years later, I still feel guilty every time I look a Red Sox fan in the eye.