who needs to spy on citizens when you have access to their social networks?

Some governments (or, rather, some people who run countries (since we now live in the Age of the Individual (AI)) or, rather, some people who run some region of the world, from your block on up) would very much like to read the minds of its citizens. Not as thought police you understand. Just to be able to make sure that the wrong-thinking people can get picked out as early as possible. And not in any overt way. It’s just that if a person becomes a “person of interest” it would be good to be able to monitor what they are thinking. Right? The status update box offered by many cloud-based consumer services functions precisely as a thought box. “What’s on your mind?” it asks and we reply, telling our friends, and we hope only our friends, the most important thing we have to tell them at that particular moment.

facebook thought box
please put a thought in the thought box

So the closest thing people who run things have to reading the minds of the people who are part of the things they run is the Thought Flows of those Cloud-based services that provide an opportunity to the people who live in those organizations or regions. So why wouldn’t government authorities want access to our News Feeds? Our status update boxes? Here’s a report (by Barton Gellman/ TECHLAND (TIME)) dated Jan 14 2011 on one between twitter and the “feds” — the paragraph doesn’t identify the particular “feds” in question. The relevant paragraph:

Federal prosecutors want to indict Julian Assange for making public a great many classified documents. In December the feds obtained a secret order instructing Twitter to hand over private account contents for Assange and four Wikileaks associates, including network addresses, connection logs, credit card information and identities of everyone they talked to. The order forbade Twitter to notify those affected, among them Birgitta Jónsdóttir, a member of Iceland’s parliament.

The “secret order” is a National Security Letter (I warn you, if that’s a concern, if you click on the link you’ll be reading it — the links are from TIME in that paragraph, not me) and you can read all about the ACLU’s fight on our behalf over those here and in this article (pub Jan 9 2011): Twitter shines a spotlight on secret F.B.I. Subpoenas, by Noem Chen at The New York Times. The key point is that an NSL “allows the FBI to forbid or “gag” anyone who receives an NSL from telling anyone about the record demand.” (from the ACLU article) — my italics.

Contrast this with the situation that came to pass in Tunisia recently. In The Inside Story of How Facebook Responded to Tunisian Hacks, published Jan 24 2011, Alexis Madrigal of the Atlantic reports as follows, where Ammar is the nickname given by Tunisians to “the authorities that censor the country’s Internet.”

At Facebook, [“Facebook’s Chief Security Officer Joe”] Sullivan’s team decided to take an apolitical approach to the problem. This [“Ammar was in the process of stealing an entire country’s worth of passwords”] was simply a hack that required a technical response. “At its core, from our standpoint, it’s a security issue around passwords and making sure that we protect the integrity of passwords and accounts,” he said. “It was very much a black and white security issue and less of a political issue.”

Which is fine and the rest of the article goes on to discuss Facebook’s response to this challenge. But the issue is this: What would Facebook have done if Tunisia had in place a system of secret orders as the US does and had simply given a representative of Facebook such a letter and said you operate in our country and please hand over this information? What, that’ll never happen you say? And they’ll just turn around and say no? I point you to the Google Transparency Report and this quote from the FAQ I retrieved today:

The “data requests” numbers reflect the number of requests we received about the users of our services and products from government agencies like local and federal police. They don’t indicate whether we complied with a request for data in any way. When we receive a request for user information, we review it carefully and only provide information within the scope and authority of the request. We may refuse to produce information or try to narrow the request in some cases.

We would like to be able to share more information, including how many times we disclosed data in response to these requests, but it’s not an easy matter. The requests we receive for user data come from a variety of government agencies with different legal authorities and different forms of requests. They don’t follow a standard format or necessarily seek the same kinds of information. Requests may ask for data about a number of different users or just one user. A single request may ask for several types of data but be valid only for one type and not for another; in those cases, we disclose only the information we believe we are legally required to share. Given all this complexity, it’s a difficult task to categorize and quantify these requests in a way that adds meaningful transparency, but we plan to in the future.

In the article on Facebook there’s also this quote from Mr. Sullivan:

Though Sullivan is the unflappable type, the Tunisian situation seemed to force him into a bit of reflection. “When you step back and think about how Internet traffic is routed around the world, an astonishing amount is susceptible to government access,” he noted.

Hmm. I first mentioned the Guardians of Access in a post nearly two years ago, assuming that governments as controllers of Internet access were always on peoples’ minds and going on to talk about the other GOA. Was I wrong? Is no-one thinking about this? Why has the “turning off “of the Internet in Egypt been such a surprise? (See also this post about “the voice of cldwrld” from Dec. of 2009.)

Perhaps it would be worthwhile for Google and Facebook to get together on this one? And perhaps every other social network in the world? That operates in-country or world-wide? Like those on this list.