#837 XR Ethics: EFF’s Danny O’Brien on the State of Civil Liberties Online

danny-obrien
Danny O’Brien is the Director of Strategy at the Electronic Frontier Foundation, which has been around since 1990. He describes it as the ACLU for geeks on the Internet as they’re made up of technologists, activists, and lawyers who are trying to preserve our civil liberties in digital spaces. I had a chance to sit down with O’Brien at the Decentralized Web Camp in July where we talked about the state of civil liberties online covering topics like encryption battles, the dynamics of decentralization, the balance between freedom and security, their approach to policy and laws, anti-money laundering challenges for cryptocurrency, challenging government surveillance, and the dilemmas faced by the centralization of power with companies like Google, Facebook, Amazon, and Apple.

LISTEN TO THIS EPISODE OF THE VOICES OF VR PODCAST

This is a listener-supported podcast through the Voices of VR Patreon.

Music: Fatality

Rough Transcript

[00:00:05.452] Kent Bye: The Voices of VR Podcast. Hello, my name is Kent Bye and welcome to The Voices of VR Podcast. So continuing on in my series of looking at XR ethics and privacy, today's episode is with Daniel O'Brien. He's the director of strategy at the Electronic Frontier Foundation. So this interview was at the Decentralized Web Camp. Each year, the Internet Archive has been gathering together all these architects of the decentralized web to look at these alternative infrastructures and architectures to do something that's different than the centralization of the current internet today. Last year at the Decentralized Web Summit, I had a chance to talk to Vint Cerf in this conversation that really stuck with me because You know, he really set down a challenge of saying, OK, well, there's certain economies of scale that happen within the Internet and there's efficiencies that come there. And so when you go to the decentralized Web, you lose a lot of those efficiencies. So there's, I guess, the normal market dynamics that are creating why we have all these big centralized powers like Facebook and Google and Amazon and Apple. And you also have this decentralized impulse, but yet maybe not enough of a cultural impulse to actually pull it off. And I think a lot of the decentralized web camp is trying to bring together these architects of the decentralized future. So people like Tim Berners-Lee and other folks who are trying to think about the next step of how to create a decentralized architecture for the internet. As kind of a technological push, so last year at the Decentralized Web Camp, I talked to Wendy Honamura, and she was really putting forth Lawrence Lessig's model of looking at how you have to turn the dial on four different aspects, whether that's the technology and architecture of the code of the systems that you're creating that create new communication dynamics, the actual culture, so you can educate people about their different behaviors, the different economic influences, so having different market dynamics that are playing into that, as well as what laws you have to pass. And so in this conversation with Daniel O'Brien, I'm trying to get all the different initiatives that the EFF is taking, especially considering that Lawrence Lessig was a advisor to EFF. And so a lot of that approach actually does address a lot of these different angles. They're kind of like this combination of these technologists, activists, and lawyers that are all trying to create what they originally envisioned as this electronic frontier. When they were founding Mission Statements from April of 1990, they established the Electronic Frontier Foundation in order to civilize the electronic frontier, to make it useful and beneficial not to just a technical elite, but to everyone, and to do this with keeping with our society's biggest traditions of free and open flow of information and communication. So they tend to fight for things like encryption and fight against laws that they think are trying to reduce different aspects of our autonomy and our freedom. So there's a lot of different trade-offs as we try to move forward and start to think about how do we handle a lot of these big centralizations of power that we have. And so it was just great to be able to sit down with Danny and to get some of his thoughts about what some of the topics that EFF is really thinking about right now and what some of the buzz and the conversations were at the decentralized web camp. So that's what we're covering on today's episode of the Voices of VR podcast. So this interview with Danny happened on Saturday, July 20th, 2019 at the Decentralized Web Camp in Pescadero, California. So with that, let's go ahead and dive right in.

[00:03:24.568] Danny OBrien: My name's Danny O'Brien, and I'm the Director of Strategy at the Electronic Frontier Foundation, which is sort of a civil liberties organization that's been around since 1990, but somewhat uniquely, we combine technologists, activists, and also lawyers. So we've been kind of the ACLU of geeks in the internet more widely for 30 years or so.

[00:03:52.569] Kent Bye: Can you give me a bit more context as to your background and your journey into working at EFF?

[00:03:57.352] Danny OBrien: Oh gosh. So I guess I was originally a journalist, as you may guess from the accent. I'm originally from the UK and I was the Silicon Valley correspondent for the London Sunday Times, but I also did a bunch of digital rights activism in the UK. The big issue in the 1990s was often about encryption. A lot of governments were trying to either prohibit people being able to use strong encryption or place back doors into it so governments could spy on people's communications. That's a big EFF issue we've fought in the courts and with projects like Let's Encrypt try to expand the use of secure communications. My background is in the UK, I did some of that work advocating and understanding that, so I helped set up a thing called the Open Rights Group, which is, and we're now several chains of description down, but it's another three-letter acronym which is the EFF of the UK. And I guess for my sins in the 90s, I did a sort of gossipy newsletter called Need to Know, ntk.net. You can go there and if you really want to hear the latest gossip from about 1997, you can find it in Glorious Courier. So that's my background.

[00:05:14.655] Kent Bye: Nice. Well, encryption seems to be one of the core foundations to this whole decentralized blockchain-enabled web that we have. So maybe you could contextualize what was able to be birthed out of now that you make encryption available. Not only do you have secure communications, but you have all these other systems of being able to mediate trust and other things as well.

[00:05:34.669] Danny OBrien: Yeah, so I feel like we're sort of making the decentralized web out of a lot of parts that have been around and available since the 1970s, and actually were kind of components of the original web and the original internet. I mean, one of the reasons why people were originally confident that the very decentralized, no one's quite in control, but everyone's passing around packets system that the internet was built on, was partly because they knew that we would be able to use strong encryption to make sure that if I'm trying to give you a packet on the other side of the world, not everybody along the way is going to be able to see everything that we're doing. So public key encryption was like a huge part of that. But there were also some sort of ramifications about that. That's based on math. But there are a lot of other ramifications about that. that we're only really beginning to see play out. So I mean, just to give you the big buzzword one, right? Bitcoin and the whole blockchain space is based around comparable bit of math that people sort of theorizing, hey, this might give us a chance to create currency or, you know, ways of having unique things in the digital space, a digital space which otherwise it's very hard to prevent things being copied. We have some way of making things kind of unique and provable. All of that stuff is really kind of old math at this point, but the biggest challenges were partly putting this together and understanding what the ramifications of it were, and bluntly governments and other sort of established power bases can get pretty intimidated by some of these ramifications too. And not necessarily in like, you know, a terribly autocratic kind of way. It's just like, once you start thinking through some of these consequences, you end up going, oh, this could be pretty risky or destabilizing. And I think that amongst a lot of people there's sort of like a worry or a hesitancy because we've just gone through a period where all these amazing things happened and then we kind of found out the bad consequences of them. And so now people are a little bit nervous about new technologies. It's not quite as purely exciting and optimistic as it was. But at the same time, we're kind of trying to fix those problems that we just created, and a lot of the solutions are already embedded in what we have. It seems a little fuzzy, so let me try and drill a bit further down on that. The internet was originally planned and designed and used a lot of these techniques like encryption and routing and being able to copy content very cheaply and easily. And part of the model was to have this very decentralized system. As it turns out, various bits of that system actually centralized really quickly. They ended up being run by the Googles and the Facebooks and the Microsofts and the Amazons of the world. I think that a lot of the fixes to that involve trying to work out how we can re-decentralize this stuff to give people more autonomy, And at the same time, kind of learn from the lesson of that and make sure that this time we do it, it doesn't just immediately turn into these big power blocks again. So a lot of very smart people trying to mull over what we got wrong last time.

[00:09:14.688] Kent Bye: Yeah, last year at the Decentralized Web Summit, I had a chance to talk to Corey Doctorow, and he was talking about how, you know, once you implement certain laws or rules that you may intend to try to enforce certain, let's say, copyright for YouTube or whatnot, if you are requiring a certain amount of anybody that uploads content has to compare any music against this giant database that requires a certain amount of capital, but then what seems to be legislation that would be protecting copyright holders, it's actually sort of enforcing this regulatory dominance of these companies that have to have an enormous amount of capital to even follow those laws. And so I guess how does EFF figure out where does the government come in with the laws and what needs to be challenged in order to have like internet freedom?

[00:09:59.639] Danny OBrien: So I think one of the things that's really challenging to think about regulation in this space is like you have a problem and society, maybe government, but society in general wants that fixed. And the first instinct you have is to look around to find out who's in charge, right? You go, okay, here's a problem. Who is in charge of fixing that? And a lot of the solutions in a decentralized environment there is no answer to that, right? So in the early years of the internet growing, people would literally come up and say, well, like, who's in charge of the internet? Like, there's obviously someone who's running this. And it was very difficult to say, well, I guess it's Tim Berners-Lee, but you're not going to be able to get anybody, or, you know, Vint Cerf or whatever. They don't actually have any power in this environment because the whole point is to shift the power to the edges of the network, so you grant people the ability to sort of like connect and there's no concentration power. Now we're in a situation where that's much harder to argue, right? Like if somebody, if the US Congress says, okay, there's fake news, there's harassment, there are all of these things, let's bring the person in charge to here to answer for this. they call up Mark Zuckerberg, right? They call up, like, you know, people at the top of Google, they get Jeff Bezos in, right? And it's a perfectly reasonable thing to say these are probably the people who are in charge of the Internet. The solution that here and a lot of people are thinking about is your problem is not that Jeff Bezos and Mark Zuckerberg are doing the wrong thing or evil, it's that they shouldn't have that amount of power. No one should have it. Absolute power will corrupt anybody. You can't just put in a better version of Mark Zuckerberg and think this is going to be fixed. And that's tricky because what you want governments to do and you want the technology to enable is all of that power to go back to the users so that they're actually in control of their digital life. And that seems crazy to a regulator to just this moment where we've got someone in the office who might be able to fix this. You're taking all that power away from them. And of course, the truth is, is also. Nobody in those positions of power is going to say, you know what you need to do, you need to strip me of anything I can do. If you listen to like the testimony of Zuckerberg and others, what they're doing is coming and offering solutions. So they're going, we have some really smart geeks who are going to work on artificial intelligence and machine learning and they will fix this fake news problem and they will fix this harassment problem. And if you wonder regulators actually about privacy, actually we're totally down for some privacy regulation. And this sort of shocks people. They assume that these big companies would fight to the death to prevent regulation. And it's true for like, you know, 90% of their life. But when they can see it coming, they want a seat at the table, right? They want regulation that is written, that legitimizes their business models, keeps them roughly the same shape, And you know, if worse comes to worse, ensures that they have jobs and that their interests are catered for. So when you're talking about something like a solution like decentralizing, like none of those people are going to suggest that and you have to kind of do it at a grassroots level. And the biggest fight you have as an organization like the Electronic Frontier Foundation is sort of making sure that when people aim at Facebook to kind of control what the bad things that Facebook does, they don't accidentally hit the groups that are trying to create the alternative to Facebook that will hopefully emerge after we've gone through this period. Touch wood.

[00:14:07.335] Kent Bye: Well, it seems to me that there's other things emergent from society, whether it's harassment, trolling, but there's also money laundering and terrorism. The governments actually like that there's like a kill switch for a lot of this content. If it's going through these different networks, they can have the content moderation. And so they kind of like the being able to turn that off. But there's other aspects of money laundering that I think that Facebook is proposing Libra, a form of cryptocurrency. And I think You know there's a little bit of hesitation because like oh if they start to actually exchange money back and forth are they going to be evading taxes on money there but also there's this whole thing of if they shut that down is it possible for anybody to run their own cryptocurrency and to have the risks of money laundering still there and different regulatory approaches of trying to control money laundering and money that is going to terrorists. So there seems like these huge geopolitical issues that get boiled down to these laws that then will potentially impact not only Facebook, but everybody in the decentralized community trying to run a currency.

[00:15:05.848] Danny OBrien: Yeah. So one of the problems here is that people don't necessarily have an intuitive sense of the extent and the invasiveness of new laws or even just new approaches, right? I mean, I don't want to sound like I'm constantly going, no regulation, right? Or like the states will ruin this because it's entirely possible for the commercial space to kind of break these rules themselves and sort of steer us into a more dystopian way all on their own. And I see them as both kind of this set of very powerful actors who are kind of blundering around in this space. But to get to your point, I think that the challenge is Let's say money laundering, right? So if you go into like the financial space and the banking space, it's actually kind of shocking how invasive they are in terms of people's privacy. Again, partly as a consequence of commercial actors. So you have a choice between MasterCard and Visa, right? For most transactions. And both of those companies actually have an amount of credit data on you. Like they really do know a huge chunk of your life and they basically trade that information with the Facebooks of the world. They're a 20th century Facebook. They have all of this knowledge and they trade on it and you can't really escape that. If you go within the deeper banking system and the financial sector, for legitimate reasons, to combat money laundering and all of these things, there's also an incredible amount of invasions of your financial privacy or tracking that goes on. But the thing about that is it's kind of cabined, right? Like I don't think that most people are super upset with that because they see it as being within the banking system, within like, you know, major money transactions. And most of the things that we do don't really feel like they're part of that. Like, you know, a lot of times I pay in cash, right? And I have a really intuitive understanding that who knows what I'm doing, right? It's me and the person I'm paying cash to, right? And that's fine, right? That's okay. I don't feel oppressed in a particular way. So the problem comes when you end up with more payment systems going into a digital space and governments, because they're concerned of money laundering, want to expand that pretty invasive monitoring that goes on in a chunk of the financial industry to literally everything and everybody, right? Because if we're all in that digital transaction financial community, then we could end up in a situation very easily where all of that stuff is tracked and monitored. It's almost the default, right? And similarly, when you have something like cryptocurrency come along, which has some of the attributes of cash, it's very easy to see it through that banking money laundering lens and go holy cow this is like the most dangerous thing in the world we need to expand this stuff the truth is though is that it's really easy to just flip a switch and suddenly create something that's profoundly more invasive than the situation that we live under now with hugely damaging consequences not only in kind of autocratic regimes or places like China but also just in society. You get into a situation where everything is tracked and everyone is tracked and We can chat about the horrible things that can happen in that environment, but let's just assume that your listeners can think about, right, you've read 1984 or whatever. So what we have to do is try and work out these regulations and create these things so they still create spaces for people's autonomy and freedom from being monitored. And we still have those rights, and we have a kind of balanced approach to these problems that we will always have around us but we kind of try and draw a line between like how invasive we are. I mean the easiest way to think about this is like we don't allow the police to kick down the door of anybody's house or have them sit in the corner watching everything you do and the reason why we do that is because we have a pretty strong intuitive sense that that's idea we're creating environments where that's happening because we don't necessarily intuitively realize that if you give Facebook the entire payment system of the planet the consequences of that or you create a regulatory environment that says we want to make sure that we can track every penny that goes anywhere on the planet

[00:20:09.030] Kent Bye: Well, last year I was talking to Wendy Hanamura and she was talking about how the way that they designed the Decentralized Web Summit was looking to Lawrence Lessig's idea of the four different ways that you can really turn the knobs to be able to shift culture and shift the collective behaviors and that's through the culture and through information that people have and that's driving their behaviors through different media artifacts and information. through the economy, there's different economic competitors that can come up. There's the laws that you actually pass the laws. And then there's actually like building the technology and the code that actually is some sort of just complete alternative. So it feels like here at the Decentralized Web Camp, you have people who are trying to build that technological alternatives. You have people that are trying to cultivate the cultures that would support that and to build the awareness around these issues around privacy. And then I guess the business model is a big open question for how people get paid. And we just talked about money laundering and maybe some of the potential challenges there. But there seems to be potentially some role for the law, that they have laws. And so what should that law or regulatory aspect be in helping create a context to be able to have protections where we need it, but also to maximize that freedom?

[00:21:17.380] Danny OBrien: I mean, we at EFF, Larry Lessig was a board member for many years, and this is sort of in our DNA, right? We're constantly looking for, okay, what pedal can you lean on? So we build technology like Let's Encrypt and Privacy Badger when we feel that that's going to change things. And we go to the courts and challenge things in the courts when there's an opportunity there. We try and do norm setting. like we try and like go okay what is the ethical or what is culturally what we should be doing and we try and like work out how to enable businesses so that businesses feel classically in the sort of environment around copyright for instance where some companies can do stuff that's incredibly useful but might be scared because the sort of very intrusive nature of copyright law would make them feel uncomfortable. We try and set the norm so that actually they feel comfortable that they're not suddenly going to get sued by the RAA or whatever. Okay, so now we're definitely in one of those moments where we're playing these pedals, and everybody's trying to do that. In the lore, I hope I'm not repeating myself, but I think the biggest problem that we have right now is that there doesn't seem to be anything that really requires proactive new lores. A lot of the easiest thing you want to do is just take the interpretations of the existing lores and go, okay, this just maps to this in this new environment. I guess my, because I'm sort of like nervous and paranoid by nature, I think like some of our concerns are about like new hasty laws to solve these earlier problems end up spilling over. I mean, again, try and be concrete. We just went through this in Europe, where Europe passed a copyright directive. The copyright directive was pretty clearly attempted to solve the problem of the news media industry in Europe losing advertising dollars and the perception that Google and Facebook and these companies were making money. The copyright industry worried about that too. So setting up a law that would re-divert money from the big tech companies to these stumbling companies. But the problem with that is that it also targeted these companies, the European alternatives to Facebook and Google, right? It was creating copyright filters that if this law is badly interpreted, would mean that the decentralized web has to put in filters, commercial filters, that are actually manufactured and sold by Apple, Google. these companies, right? So it's screwed up, right? Like they try and fix one problem and they create a new set of problems for the very alternatives these giants they're trying to tackle. So I think that's the biggest concern right now. The other one is when you have a new and exciting technology, there are two stories that you can write about it. One of them is you can talk about how wonderful it is and how super exciting and how it's going to change the world. And the other one is you talk about how it's the end of the world, it's going to be terrible. And depending on which one of those gets prevalence early on really affects the new laws and regulations that go around it. And you can watch this play out with cryptocurrency, right? You can watch this play out because some people are super excited about the opportunities and some people really can convey very compactly a narrative that it's like awful for the environment and it's enabling all kinds of like bad money laundering and all of these things. These things can be true simultaneously right and the challenge is like well How do we steer this towards the good stuff and away from the bad stuff? And when you're faced with like a new technology, really the strong temptation is just to go, let's not think about this, just ban it, right? Let's just make sure this doesn't happen. And usually what happens is the technology kind of just grows in the cracks when you do that and it just means that the bad stuff carries on and you never get to see the good stuff. I think we have a pretty reasonable track record in the past of at least getting some of the good stuff out of technology and then recognizing pretty quickly where the bad things are and then beginning to try and tackle that. This is the hard period this is the hard period where everyone can see that this technology is incredibly powerful but they don't agree on Whether this power will be misused or used well, and therefore the instinct is to go slow down shut it down Prevent it from happening

[00:26:15.569] Kent Bye: Well, in covering the virtual reality space and talking to different people who were thinking about things like biometric data, privacy, and privacy in general, there is this whole third-party doctrine. Talking to Jennifer Granick last year from ACLU, she was saying that any data that you give to a third party has no reasonable expectation to remain private, meaning that not only does the government have the ability to go to that company and to request access, but the more and more people that start to give over that data, then it starts to weaken the Fourth Amendment protections of that data. So it seems to me that this whole third-party doctrine thing, when Jennifer was talking about the Carpenter case, that there was at least a indication that there's a good trajectory of where it's going, but still at the same time we have this third-party doctrine that was created in a context where we don't have the very minute details of our lives from where we're at, our location, our biometric data eventually at some point tapping into these emotional cues, eventually our EEG data. I mean, we're starting to get to the point where any data you give over to a third party, and if that's not private, then we're living in a dystopic world. And so I'm just curious what the EFF is doing in terms of the third party doctrine.

[00:27:25.075] Danny OBrien: Right. So we have like a whole gang of people working on the expanding, or at least like running it through the ramifications of the Carpenter decision. which Jennifer's absolutely right, this is like our first indication that the US Supreme Court is like going, maybe the third party doctrine is not so much a good idea in an environment where any kind of communication and any kind of interaction has to go through an intermediary. I feel like because we associate Facebook with like the opposite of privacy, I think that people don't necessarily catch on to like one of the reasons why Facebook won very early on and did so well was because the alternative was speaking in public, right? Like if you put something on the web, everyone could see it or no one could see it. you could do authentication on your website but that was very difficult, right? You couldn't just share with your friends and the deal that Facebook struck with the world was here is a way that you can talk relatively privately to your friends and neighbors or your family or whatever and the other part of the deal is that you can talk to your friends but Mark Zuckerberg now has to be one of your friends, right? Mark needs to see it all too. And in the third party doctrine, that means that there's no privacy there, right? The government can come and get that data because you shared it with someone. And thinking more broadly and thinking, for instance, in virtual reality, right? The fact that the data is recordable and goes through intermediaries mean that some of those protections just evaporate. It also has these other sort of interesting ramifications, which is that if you accept that virtual reality is a place where terms of service can be imposed or controls can be set up, or we can monitor pervasively because, hey, we're actually monitoring this stuff anyway as a consequence of how we're locating things or creating a database of where things or people are, then you begin to affect things like freedom of association, right? So one of the real places that we're trying to push judges in the US and elsewhere is to understand that it's not just about privacy, it's about freedom of association. It's about your ability to meet with someone else and have that right protected. So in some of our court cases right now of mass surveillance and government collection of metadata, we've been making this argument not that it affects privacy so much as it affects, if you know everybody I'm speaking to, like who I'm speaking to, then that means the government is collecting a database of organizations I'm a member of. And we have a bunch of really good court decisions from the civil rights era of the United States, where state actors were kind of trying to collect databases of who were members of civil rights organizations. And that was shown to be unconstitutional. So we kind of want to do the same thing in this environment. So a lot of this stuff is about mapping existing civil liberties and perhaps pointing out the ramifications of changes you make in the digital space that might eliminate those civil liberties completely or, you know, thinking more positively, actually increase them. So, you know, historically in the internet I've always described freedom of speech issues as being on a bit of a sort of like downhill ride, right? Like, if you let things go as they're naturally progressing, you tend to get more freedom of expression. Whereas privacy issues are uphill, right? Or going upstream, right? Like, you actually have to do an incredible amount of work in a digital environment to prevent privacy from just withering away. So, at EFF, we're trying to do both, right? We're trying to expand and protect freedom of expression because, understandably, people sometimes feel like that's a real rollercoaster, you know? Like, we're going to, like, how much free expression do we need before this becomes an actual problem? and you're trying to work out what the parameters of that is and on the privacy side you're desperately trying to like construct these legal societal business and cultural norms to protect even just the amount of privacy people had before the digital revolution.

[00:32:09.016] Kent Bye: Well, just in thinking in terms of mass surveillance, and we have these U.S. companies, we have U.S. citizens, where there's supposed to be some levels of constitutional protections in terms of not having a direct fire hose from these centralized companies in the United States feeding into the government. you know, in light of the Snowden documents that were released, there seemed to be at least some levels of that fire hose being opened up for these international contexts. And I guess maybe you could contextualize a little bit in terms of what's actually happening with this relationship between mass surveillance, because it seems like the relationships between the government and these companies is that they have a little bit of these backroom sweetheart deals that they're getting this information piped into them and so there seems to be a little bit of a conflict of interest in terms of like going to these same politicians and say all of a sudden we're going to be cutting off all these intelligence sources like they don't seem to be motivated to try to turn that off and to keep it there. So just curious to hear how you think about what's happening.

[00:33:06.886] Danny OBrien: I mean without I mean, again, like I'm sort of talking in these very broad terms and I hope that's okay and we can drill down to like, you know, specifics. But when I'm thinking about this at the sort of 40,000 feet level, one of the fundamental flaws in both the legal regimes and the geopolitical regimes and actually how we individually sort of think about it is a bunch of this surveillance stuff emerged and evolved in the intelligence espionage part of government and That has always been an area that has been really fenced off from effective oversight and Really the rule of law because the deal here is that in this sort of James Bond espionage environment There's an understanding that if you're not breaking your own laws, you're certainly breaking the laws of another country Right? Like, I'm pretty sure that what spies do in other countries is not in conformance with those countries' laws. And part of the sort of lessons that were learned through Watergate and the CIA's adventures in the Cold War and so forth, and watching other societies kind of struggle with the takeover of democratic systems by the KGB or the equivalent. Some of the boundaries and the definitions were, for instance, one of the conclusions of the growth in espionage and the risks that were perceived in the 70s about how this was threatening the US domestic political environment. was to say, okay, we do have spies, we do have secret agents, we do have wiretapping, but that should only take place outside of the United States, right? And I mean, this sounds sort of, you know, a typical kind of American response to this, where we have like constitutional rights within our borders, but everything else is up for grabs. But it's also pretty much what every other country does too. Every country goes, okay, we're going to spy on people, but we're only going to spy on foreign agents. We're only going to spy on people in other countries. And the thing that changed in the 90s and 2000s was a global internet which connected people all around the world, normal individuals, with people in other countries and organizations and publications in other countries. And the shifting of the goals of those counter-espionage and intelligence services from spy versus spy, where you're like going, okay, we know there's these KGB agents, so we're going to like place bugs in their embassy or whatever. To hey we could do this for everyone right like we can collect information on everyone and like we can collect information on all the traffic that's going through these digital pipes and. OK sure the international traffic which we know we're allowed to access. is sort of mixed up with the domestic traffic, but we'll deal with that problem later, right? We'll collect it all, and then we'll set up some rules that say we're not allowed to look at American citizens. And in other countries, they say, we won't look at UK citizens, or we won't look at French nationals. We'll just, we'll sort that out later. And it's just completely the wrong model because in a world where it was only sporadic that you were like looking at or had access to what was going on in outside your country and you were really targeting a few actors, state actors, to where you're spying on everyone in the rest of the world and Incidentally, also collecting all the data in your current country, because that was just a small part of this global internet traffic, just transformed what was like the one part you could hope in government that was not governed by the rule of law, that was allowed to break the law, was allowed to bend all the rules, was allowed to take a black budget that had no entries defined for it and has very little oversight from any kind of external political party or group because it's all very classified and it's all very secret and we just have to trust this national security. flips the whole thing on its head, right? The biggest argument that I make to politicians around the world is you've created a surveillance system that's aimed at you, right? Like, you don't think that, like, other less morally upstanding politicians than you aren't going to use this against you? Like, we saw this happen in Watergate. We saw this happen before. Like, we built these systems to try and desperately protect the open society from the spies and lawbreakers that it felt was necessary to protect itself. So that's the big switch. And like what we're trying to do in our arguments in the courts and our conversations with lawmakers and also to sort of explain to the world is we have to flip this back. Sure, we can move the intelligence services into a thing where they're dealing with, and God knows, like, in some ways, it's amazing how badly they do the thing that they most need to do, right? Like, for instance, the critical infrastructure of the internet is, like, riddled with security bugs and flaws, right? And the people fixing that are largely volunteers. Right? Like they're people who sit there and like, you know, oh I found a bug and send it off. Or at best they're making their own personal information security researcher living through finding these exploits and then selling them to vendors or selling them to governments. and the very organizations that you would think would be absolutely freaking out that this critical national infrastructure is so riddled and vulnerable to foreign attacks by Chinese actors or whoever. is buying these exploits and keeping them secret, or finding them for themselves and then exploiting them without fixing the problem. It's exactly the opposite of what these institutions should be doing. They should be doing everything they can to raising the security level of the entire infrastructure. So we have to change the role of the intelligence services and we have to like re-establish democratic control of this very pervasive surveillance problem that we have. And I think that was what Edward Snowden was sort of trying to do, right? He was trying to go, look, we need to have like a debate about this. And I think we got some of that debate, but not all the pieces have kind of been connected together yet.

[00:40:28.326] Kent Bye: So we're here at the Decentralized Web Camp. What are some of the topics that people are really interested in talking to you about?

[00:40:34.092] Danny OBrien: So I think people are concerned about laws and government actions that are really going to destabilize what they're doing. As we speak, for instance, Kazakhstan has just introduced a thing that we were worried that they were going to do, which is require everybody in Kazakhstan to add a certificate, a thing into the browsers, into the computer, which means that everybody in Kazakhstan now has to accept that the Kazakhstan government can verify that something is correctly encrypted. And then they started man-in-the-middling all HTTPS traffic, all secure encrypted traffic, going in and out of Kazakhstan. For some people, it's like, oh, I guess that's bad for people in Kazakhstan, but I'm not in Kazakhstan. The people in this community are like, this is really bad news, because if this spreads, it completely undermines the security of our systems. And because when you're building decentralized systems, you sort of want to be able to move packets around in a way that if you're using your friends and neighbors to move data around, which is what services like Secure Scuttlebutt use, then anything that sits on the client and monitors all of that just blows the security model out of the water. So they're worried about those sort of actions. They're also worried or curious because these aren't really organizations in the traditional sense, right? Like, there's very few people here who are necessarily a traditional company. They're just a bunch of people hacking on code. And that means they're very uncertain about how to even interface with governments or regulations. So again, talking about Secure Scuttlebutt, they've just started an NGO in France, which is sort of going to be their way of interfacing with governments and the regulatory infrastructure. and like trying to work out how to do that. This is not something actually that we have a profound level of expertise about but we definitely have worked with people working on this problem and it's like a matter of connecting people together. And like honestly the big question everybody has is like what do we do about the Facebooks and the Googles and the Apples and the Amazons. And that's a problem that we've been thinking a lot about internally at EFF. We really sort of strongly feel that these companies, the centralized power is a bad thing. It's led to very bad consequences and these companies need to be broken down or the power redistributed a bit more, re-decentralized as it were. And we've been having great conversations here and great conversations with sort of academics and researchers and thinkers in that area about what to do. I mean, I don't think anyone's got like the perfect solution here, but it's really nice to speak to people who are thinking deeply about this rather than just being pessimistic and saying, this is just the dystopian world we live in. Or really coming up with dumb ideas that aren't going to fix things, which is, like I say, the thing that we're fighting stupidity. Well-meaning and less well-meaning stupidity on the internet is sort of the thing that we try and tackle the most.

[00:44:07.661] Kent Bye: That's a good flavor of what's happening here at the decentralized webcam and a lot of the concerns here. And I'm wondering if you could talk a bit about what you see as like either some of the biggest open questions that you're trying to answer or open problems you're trying to solve more generally.

[00:44:22.635] Danny OBrien: So again, sort of breaking up or otherwise sort of mitigating the problems of very centralized power is definitely one of them. I think that sometimes you have to think about situations when you've been successful and therefore things are changing. So we've been super successful increasing the level of encryption online. We work with Mozilla and other organizations to do this thing called Let's Encrypt, which made it free for people to turn on encryption on their websites. That means that basically the level of encrypted web traffic now is like 80, 90% for a lot of users. And also secure messaging services are spreading, end-to-end encrypted messaging services. So you have Signal, you have WhatsApp, you have Wire, you have HERE, Matrix, which is moving that way in a decentralized way. So there's a lot of stuff that's now secure and encrypted. But what this means is that governments and others are really trying to work out ways of undermining that. And so we're seeing a new wave of laws being passed or proposals being made to put in back doors, to create things like GCHQ, which is the British NSA has proposed this thing called the ghost, which is this idea where you allow governments to secretly add another person to your group chat, or if you're talking one-on-one on an encrypted system, to turn that into a group chat without you knowing. So it's not sort of breaking the encryption, it's more sort of persuading the user interface, the people who build user interfaces to lie to you. So we're seeing that go through and the big new wave, which I mentioned briefly Kazakhstan and what they're doing, but what we're really seeing a big push is governments to say we need to control the software on your device. We need to take some of that out of your control and out of the control of the companies really who have given it to you and have client-side scanning where we monitor for bad things on your computer. And I'm really concerned about that move and a lot of people here are as well because again a lot of their security and privacy guarantees and ability to build a decentralized internet really revolve on you being able to use the power of your computer and the power of your smartphone for your own needs rather than the needs of a big company or rather than the needs of a random state actor. And that's super scary, like we really feel that whatever happens in civil liberties and human rights online, whether it's we live in a centralized world where we control the worst instincts of those big companies or a decentralized world where we have a lot of autonomy ourselves, the thing that's really going to break that is if we can no longer own our own devices and say that they're working on our behalf. So that's the big picture and I think that we have a lot of allies here. Honestly I feel like we have a lot of allies within these companies. The problem is that sometimes government makes them an offer that they can't refuse and sometimes their incentives just mean that like actually they're not really standing up for their own users, they're standing up for their business model. And we just need like a little bit of power in our technology, a little bit of freedom for us to push back against both of those enormous pressures.

[00:48:02.983] Kent Bye: And finally, what do you see as the ultimate potential of decentralized systems and freedom online and technology and what that might be able to enable?

[00:48:14.952] Danny OBrien: You know, I'm so glad you asked. because a lot of this stuff sounds just so dystopian and so sort of depressing and so sort of like even when people are pushing back it feels very much like you know the French resistance or something or a plucky group of desperados fighting for freedom and you know I still feel like the arc of this and the arc of much technology is actually to a better digital world, right? And I think that a lot of the fears that we have and a lot of the anxiety we have come from that just not happening yet, right? So I feel like most people's negative reactions to digital technology is because they don't feel like they're in control. They don't know what the hell's going on, they don't know where their personal data is going, and they click through a million contracts that they don't read and can't understand, and they just feel that their own freedom and autonomy is being taken away from them. And really, if I think about a positive idea of the future, I mean, we can talk about jet cars and we can talk about magical telepathy and amazing VR worlds, but I actually feel some of the parts that I'm looking forward to the most is just feeling kind of safe and comfortable. in the world that we live in. We're actually, I mean it's a podcast so you can't really see this, so very beautifully we're in this sort of Californian terrain right now and I can look over right now and see the sea and like I've been going out there after these like intense conversations and like sitting in a field going, This is lovely. And I kind of just want that emotion to be in my use of technology. And like, you know, you and I and your listeners probably get that quite a lot. Like, get that a bit where you're like, this is nice. Like, I've got some control and like, you know, I feel empowered in this situation. But there's a lot of times when we don't feel like that. And I'm sad to say that I think many, many people who use and have to use technology don't feel like that right now. And I want them to feel safe, secure, and feel like this is for them. Because it should be. And that's what we've tried to build. And that's what we're all working to make.

[00:50:37.605] Kent Bye: Is there anything else that's left unsaid that you'd like to say to the decentralized community?

[00:50:41.718] Danny OBrien: Yeah, hello Decentralized Gaming. You know, actually, I'm sorry about this, but I have to sort of point it out. So the Electronic Frontier Foundation is actually membership supported. Like, it's very nice. We've had lots of people come up and say, hey, I've been a supporter for many years. And if any of this rings true to your listeners, just join us and be a member. Apart from the money, which is nice, when we go to Congress and when we go to the European Parliament and we go to these places, the obvious question people ask is, well, who do you represent? What's your constituency? And you know, the pat answer we go is like, well, we're from the internet, right? But actually the thing that makes them listen is we say, we represent 50,000 people who really care about this stuff and want their voice heard amongst the Facebooks and the Googles. So if you go to EFF.org slash donate and like join, it's really cheap and there's some nice stickers and t-shirts and please help.

[00:51:45.790] Kent Bye: Awesome. Great. Well, thank you so much for sitting down and sharing all this information. So, thank you.

[00:51:50.174] Danny OBrien: It was really a pleasure to talk these things through and think these things through. Thank you.

[00:51:54.758] Kent Bye: So, that was Danny O'Brien. He's the Director of Strategy at the Electronic Frontier Foundation. So, a number of different takeaways about this interview is that, first of all, Well, as we talk about a lot of these issues of technology, what's really striking to me is that there's all these different trade-offs between these different contexts. So you look at something, for example, anti-money laundering. There's different implications of fraud and being able to prevent fraud from happening. But yet at the same time, what is our right to have autonomy around what our bank transactions are? Because we have this huge surveillance that's happening with all these financial companies. And so they're trying to prevent things like money laundering and terrorism and they've implemented things like AML, which is anti money laundering and know your customer KYC. So the AML KYC, all these regulations. So what's that mean for people to just exchange value with each other without being tracked and for that information to be sold across different contexts? So I think generally the EFF tends to try to think about these different things, some of these aspects of our civil liberties. And the metaphor that Danny said is that, you know, there's some things that like freedom of expression, it actually increases the more that you have these communications technologies, but yet some of them you end up fighting an uphill battle so that if you just let things roll, then you actually have this complete erosion of all of our privacy. and there's things like the third party doctrine that sounds like that they're looking at the implications of the carpenter case and to see if that is going to be able to set a precedent that could be expanded because you know before that supreme court decision on the carpenter case you go back to like the 70s when this was originally instituted then You know, it wasn't in an era where you have all these communications technologies, which is essentially they set the precedent that said any data or information you give to a third party, you as an individual are no longer expecting that to be private, which means that the government can go to that entity and start to request that information without a warrant. It's just like a subpoena. It's like a lower level And with the Snowden documents being leaked, a big part of Edward Snowden recently being on the Joe Rogan podcast, he specifically cited the third party doctrine as saying that's the legal justification for a lot of this bulk collection of data on everybody. And Danny was just saying that, you know, that's like the exact wrong model to do, which is just to collect information and surveil everything that everybody is doing and to try to sort out some of the legal implications of having your rights as an individual within the country honored by that country within its borders and how they treat their own citizens. But there's this whole aspect of the freedom of assembly, which is also really interesting to hear, which is that, you know, we have a right to be able to meet with other people without that being tracked of who we were meeting with and when. There's this whole aspect of metadata collection, which is a lot of this surveillance that happens around conversations, not necessarily about what we're saying to people, but it could be just as valuable just to know who we're talking to and when, and to be able to track that metadata layer gives all sorts of information. And that is also being tracked and you don't hear about bulk metadata collection and how that information is being treated at all. If they still have access to that, then there's still the ability to be able to see who we're talking to and when. So the EFF has all sorts of different initiatives of looking at privacy, badger, let's encrypt. And, and encryption was a hot topic that Facebook having to deal with, with the recent testimony that Mark Zuckerberg was giving in front of the financial services committee. And there were people who were bringing up like, Hey, maybe an encryption is going to be harmful for like sex trafficking and child pornography. And so you have these other implications of if you have complete secure communications between two people. then it could be encouraging different types of illegal activity. And how do you start to mitigate that? And what I would say is that, you know, there's certain aspects of the bad behavior and the technology can't be the only solution. I think the EFF has been fighting for people to have the right to have secure encrypted communications. And there are different aspects of the laws and the cultural norms that we have in society, as well as the economic dynamics. And so with all of these different issues, you have to kind of figure out what sort of lever you're pushing. And, you know, I don't know what the answer to this is, what kind of what makes it like these ethical dilemmas is that there is never these perfect answers. But I think the EFF at least is trying to try to push forward and challenge a lot of these assumptions that we have to be completely tracked and surveilled. And I think a lot of the government is trying to push for a lot of the safety aspects. And I think the EFF is just really trying to preserve the civil liberties and preserve these aspects of our autonomy. So you have these tensions that are playing out and all these variety of different issues. But the big one that seemed to come up over and over again for Danny is just talking about what do you do with these huge mega corporations like Google, Facebook, Amazon, and Apple, who have just such a huge consolidation of power, the economies of scale and the different market dynamics over time that's just created these entities that are so large that you start to have these communications networks that are so big, then they become like national security risks when they get hijacked in different ways. Yes, it's great to have people connected, but it could actually be a little bit more resilient to have these decentralized connections with people. It may be harder to do massive information warfare. So I think the different technological architecture, you know, what that actually looks like. Secure Scuttlebutt was an entity that came up quite a bit at the decentralized webcam. Started with cultivating a very tight knit community first and foremost. And Daniel Brand had mentioned that they're trying to form like an NGO in France, but a lot of the community members from secure scuttlebutt came in and they really helped to set up and contributed a lot to the decentralized web camp. And, uh, that was like the buzz for me. The big takeaway was. this whole entity and community of secure scuttlebutt and the different ways in which they were building their own decentralized architectures. It's really built from a community first. So just to see things like that, I love going to the decentralized webcam just because it's bringing together some of the most brilliant architects of these future systems that I think are going to potentially provide some alternative to a lot of this centralization. Also, the big takeaway was I don't think there's going to be any economic algorithm that's going to be a thing that on its own is going to change these different dynamics that look into things like Securiscoba, it came from the network and the community of individuals that were really tightly knit with each other. And it was out of that community that the technology grew. And so I think the antidote for a lot of this could actually be turned towards a more cultural and these networks of people being connected to each other. And so that was at least a big trend that I came out of from the decentralized webcam. I ended up doing about 18 interviews at the decentralized web camp, aired one with Tristan Harris. He was there. Uh, this is the second one. I've got another 16. There's actually a good contingent of people that were looking at the decentralized web when it comes to the open metaverse. And so I have a number of interviews there with like XO kid and different people from the metaverse makers group. And Phil Prosdale was there. I have an update from him on high fidelity and what's happening with his pivot away from like social VR and into more of like distributed work. So a lot of really great insights from people about what's happening with the decentralized web. Some of it is very technical in terms of getting into some of these different architectures. And I ended up doing about 30 interviews at the previous decentralized web summit that was in 2018. And I've aired a number of those already, but there's also a good chunk of other stuff looking at a lot of these decentralized architectures. It's a. It's a community that I started to track, but it is different enough from VR that it almost merits its own podcast. And I could start up five other podcasts that I want to really dive into philosophy and mathematics and artificial intelligence and consciousness, and as well as these decentralized web technologies. So at some point I want to start to get everything together to be able to launch into these other topics and do these deep dives into this other stuff. But for now, this is just a bit of a taste of the decentralized webcam. especially because we're talking about ethics, we're talking about these different dynamics. And I think the EFF is really at the forefront of doing a lot of these legal battles and going to court and fighting for different aspects of encryption and having these different initiatives like the Privacy Badger and Let's Encrypt with Mozilla. And they're just really trying to advocate a lot of these best practices for safety, security, and to push these different aspects of liberty and civil liberties online with our digital technologies. So that's all that I have for today. And I just wanted to thank you for listening to the Voices of VR podcast. And if you enjoy the podcast, then please do spread the word, tell your friends and consider becoming a member of the Patreon. This is a list of supported podcast. And so please do consider becoming a member of the Patreon. I really do rely upon listeners like yourself in order to go to these different conferences and to bring you this type of coverage. So $5 a month is a great amount to give in order to allow me to continue to bring you this coverage. So you can become a member and donate today at patreon.com slash whatsoever. Thanks for listening.

More from this show