The #nymwars? WTF?
Gather around the digital campfire, children, while the Gray Alpha Bitch Geek reminisces about the not-so-distant past. Pull up a log file and have a seat.
A while back, about two years many of us didn’t officially know the NSA had fingers in so many pies but they did already. In fact, they have been messing with stuff for years. It’s their job, and they are as enthusiastic as puppies. Which is why we need good oversight which…well…
Anyway, in 2011 on the occasion of the launch of Google Plus, the EFF, a core of activists including myself, I’m sure you’re shocked (on and off of G+, as some of us were banhammered), and a reasonable plethora of journalists around the net (special thanks to Violet Blue) locked horns with Google over their plans from launch to institute a “real name” policy, which eventually linked the required real name to the Google Profile and PII (personally identifying information) in the Google Wallet.
At the time, Google Plus’s exec Vic Gundotra at the time was trying to sell the community that this was a move based on online civility — that using a real name was like wearing a shirt into a restaurant, just a basic sign of civilized behavior.
This is not supported by research or over thirty years of online experience (dig in the nymwars links below, they are full of links to corroborating and contrasting research).
One of the great amusing moments of my life was when Stephen Clift and I were scheduled at a journalism conference to do a Weekend Update slamdown he-said-she-said on strong identity vs strong pseudonymity/anonymity online (relating to public forums mostly) — just the two of us — and it turned into a love fest of appropriate context and “Yeah, and…”‘s. (It helped that we’ve admired each other’s organizing work from our middle 90s community networking/digital divide days…)
Pseudonymity (the use of a consistent name, not your “real life” name, used as a signifier over time, such as “Deep Throat,” “Mark Twain,” “Georges Sand,” “Thomas Pynchon,” or “Madonna”) is a well established marker of online community civility — only throw-away identity, where the identity can change from session to session like a hit-and-run, tends to real harshness, and even that runs to mental fallacies. People who will be harsh under a pseudonym or throw away identity will be harsh under their real name (and will create realistic pseudonyms like “Michael Donovan” rather than roXXXors666 to get around automated controls) — there are no shortage of asshats, for example, on newspaper sites that insist on real names, or on Facebook with its real name policy — or indeed, on G+ today.
Pseudonyms are a longstanding tradition in American history. Our founding fathers, many of them, could not stand each others’ guts, and wrote opinion papers under pseudonyms as part of the crafting of the Constitution mainly so their ideas could be evaluated separated from the personalities involved. Some theorists speculate that women may have been involved in the crafting of some of these papers also — something that would not have been deemed proper at the time.
In earlier times, broadsheets were published leading into and during the Revolutionary War under pseudonyms because…well, our founding fathers wouldn’t have lived to be gray old fathers if the Redcoats had tracked their identities, now would they?
Although we might not expect a public company to be a guardian of the public trust, Google often positions itself as a big company with an equally big heart — with a motto of “Don’t be evil.” So this puts them under the spotlight when they make a corporate decision to balk (not even just ignore) push back from many civil society and civil liberties groups and extremely public ethical arguments regarding their own policies.
Today we look at Google and say, “Why did they put all that effort and take the PR hit for the #nymwars?” What do we know today that we didn’t know then?
My dad (a labor and civil rights organizer and canny politician) used to say, follow the money, follow the pain, follow the pressure and influence. Only failing that, follow the egomaniacs in power, who will fabricate red herring arguments using the above. But there will always be red herring disinfo to cover real motivations. (I can’t tell you how much I miss my dad…)
We know a few things.
We know that the Google Play Store was readying for launch, and that the harvesting of real names and joining of real names to Google Wallet information was going to be of special value to Google suddenly. Before Google Play, pseudonyms were more valuable than real identities to Google. (Also, there are special advantages in neuromarketing to using a real name policy, per conversations with several marketing specialists from major social game companies after I published an article on the topic on Gamasutra.)
For example, say there were a young man in Texas who worked at the Attorney General’s office. At work, he was buying office supplies and legal software for the AG’s office.
But at home, under a pseudonym gmail account, he was surfing all-inclusive Caribbean gay resort vacations.
This young man does not want those identities ever to be joined at the hip, or the Google Wallet, in any way that the government would be able to discover. And to a marketer — Google’s real clients pre-Play Store — those two identities are more valuable separated, and of no special extra value joined.
But once Google starts doing its own retail business, having those two identity joined at the hip (that is where many people carry their Wallets?) becomes attractive. It’s also attractive to other people who want identities sorted out.
Which brings us to the next conundrum.
Build it, and they will come for you.
Rewind. In 2002, shortly after 9/11, the previous generation of NSA-like spooks under Admiral John Poindexter attempted to establish the Total Information Awareness Office, whose logo (Remember, kids, the friendly All-seeing Eye says, “knowledge is potential!”) nearly graced the header of this article, but I preferred the elegant hornet (that will become clear by the end of the article).
But TIA? You couldn’t ask for a more insanely crazy logo if you wanted one. It looked like the lovechild of Dr Strangelove and The Illuminatus! Trilogy. We did not make it up. I used to have a tin lunchbox with the dang thing on it, it was so funny (sadly, no lunchboxes, but now you can get a total awareness thong).
This project basically was building up to PRISM Lite. It proposed to gather personally identifying information about citizens of the US, on a domestic basis, and build the grandaddy of ID databases among other programs, like reading through email, metadata, all sorts of now-familiar things.
Many freaked out. Not only was Poindexter smacked on the wrist, but guidelines were set that forbade the spymasters from building and collating such a database of such domestic information into the future.
It didn’t forbid them from buying the data, however, as I remember…heh…
So the program was moved under the NSA around 2004.
We all know by now, that the NSA has been a bully to the cloud services. Although they are literally forbidden to mention the legal, rather than software/hardware surveillance backdoors, there’s this nasty mechanism called the National Security Letter. If an agency under the Department of Homeland Security comes to you and serves you with one of these babies, you give them what they ask for. You don’t tell users what you gave the agency, or that anything is being given up. You don’t say that the letter has been served (that’s illegal too — you are under perpetual gag order. It’s extremely likely that the cloud services are under these NSLs regarding user data transfer details. They can’t tell us so. They want to.
The government agency is under obligation to pay you market value for the data seized — which the NSA does (per conversation with Bill Binney at CFP2013) through shell corporations so there isn’t a sore thumb NSA payment on the company books. Sort of like eminent domain.
This means that, on the Identity Network, your real name, financial info, address, purchasing history, and all the information that privacy mavens for decades have been fighting the government to keep them from collating for decades?
It is now presumably in a database in Crypto City along with your metadata from 2006 (please read this story and note the date in May 2006 — I was writing about this stuff back then, seven years pre-Snowden) or their new and improved Utah data bunkers.
And Google (particularly Gundotra) said, “What could possibly go wrong? You hysterical little people!”
We have no definite answers. But more questions. Many more questions.
And now, Google is launching a circumvention network that involves proxy and encryption but not anonymity? Color me… Curious, but skeptical and concerned. What are the privacy policies on this circumvention tool, and how are Google’s silent partners insulated from any data that might be contacted in transit?
Hey, Eric Schmidt! Don’t be evil. Let someone else do it for you.
Build the biggest honeypot in the history of the world. Let the hornets come and steal the honey from the bees.