Internet Monitoring, Attribution, and Governance in the age of Global Digital Convergence and Persistent Connectivity

This is a controversial topic; I expect disagreement but ask that you think about these issues as objectively as possible.  Conversations about government monitoring of public communications and governance of the Internet bring about very strong if not volatile reactions, but these questions need to be raised and discussed as rationally as possible.  It is my position that some manner of monitoring, attribution, and governance is inevitable, arguably essential.  It is extremely dangerous for a society to put so much of its critical infrastructure connected to a technology and not develop the mechanisms to protect it.   Whether we should have moved so rapidly into adopting Internet based technologies in these areas of society is another discussion but for the purposes here doesn't matter - it is.  This leaves the important questions, how much is enough, or too much, and what do we require of our government as far as protection?  The answers to these questions can not be static for a society but need to evolve as the society evolves.  I personally find myself in an awkward position, as I would normally support strong personal privacy and civil liberty constraints in physical space but find myself thinking about the ideas of digital privacy and digital civil liberty very differently.  The source of this lies in the concept of privacy within publicly controlled and available spaces and the capabilities of the technology to affect the greater commons public safety.  I believe it is precisely the conflict between these two concepts that is changing the direction of governments interpretations around what should and should not be monitored or governed and shaping the reaction of individual citizens to the governments changes in policy.

In todays more advanced digital societies, more and more of public communications and information are moving to platforms being run by commercial companies that are not just looking to provide a service to its users and primarily concerned with how beneficial the service is to those users.  Within social media platforms the users are not just the consumers but are also the product; product for the advertising and marketing firms that are looking to harvest user activities for information that will allow them to better target advertisements.  Internet companies, especially social media companies are working feverishly to own the consumption chain, from eyeballs to register.  This requires having access to enormous repositories of information on the personal details of its consumers to be effective.  This isn’t a malicious objective per se, it’s a matter of efficiency as they see it.  Objectively, if companies can discern consumption preferences and boundaries the better they will be at marketing products to consumers.  In consumption-based societies to consider this not a good thing seems a bit psychotic.  This of course requires some deeper knowledge of the consumer’s habits, associations, etc.  At a high level this is just inevitable efficiency built into an evolving system.  But an environment is being created that encourages all of us to share, connect, participate online and through this activity many benefits will be bestowed upon us.  Unfortunately problems that arise from this level of connectivity not just for individuals but also for organizations, for nations, are significant.  These problems are significant enough, they create enough opportunity for malicious activity that some governance and monitoring seems required, like police patrolling the streets, shouldn’t laws and governance adapt to patrol the digital streets of cyberspace to keep the commons safe?  If the answer is no then why is it tolerable that police patrol our neighborhoods?  If the answer is no then those that use the Internet should not have any sense of entitled security when they use the Internet.  This said the opportunities for over reach are also significant.  Access to this data with the right set of tools can be extremely powerful for any organization to use, and abuse.

This is by no means a simple conclusion.  The issues are complex and after much analysis I have determined are unresolvable.  Take one example, but one of the most controversial, the efforts of US Intelligence agencies, who’s responsibilities are to monitor information sources for intelligence on foreign threats.  Now there are long standing laws that stipulate their authorities stop with domestic activities, which falls under the responsibility of the FBI and now DHS and other domestic federal agencies.  Intelligence disciplines have been developed in signals intelligence, imagery intelligence, emitter intelligence, etc to monitor foreign electronic emissions for intelligence that help to defend US interests.  The rise of the Internet and more specifically social media globally for communications, even amongst groups the US would consider foreign threats really complicate intelligence missions.  After all, how do you tell the difference between a US person and an Iranian person on Facebook?  How can you discern whether or not the Anwar al-Awlaki profile on Twitter belongs to the real person or is a fake?  Maybe we should require 100% online accountability, then at least of a crime is committed it will be easier to identify the culprits.  This of course has its own challenges as the Internet is not a geographically bounded technology and is used frequently by people around the world to communicate freely about civil rights and other social abuses by oppressive governments and other organizations.  Blanket attribution would put many people at risk.

All of this activity is occurring on services mostly operated by US commercial companies.  It is well documented that organizations that pose a threat to national security or US interests abroad use social media for distributed communications and collaboration, even recruiting.  But there isn’t a middle of the road here.  US Intelligence organizations either develop capabilities and initiatives to monitor social media which requires that they monitor all of it and then separate out data based on their authorities on the back end, or they turn away from it which means the US will have a growing blind spot in its ability to identify threat activity that falls under their mission requirements.  Now US social media companies such as Facebook and Twitter with an international consumer base are not going to police this themselves, nor will they just let the US intelligence apparatus in, it would destroy their international market.  The US Telco and ISPs seem to be the next likely point of entry to gain access to these communications as most of them have a much more geographically defined client base.  But there seems to be no rational public dialogue about the activities of law enforcement or the US intelligence agencies in these matters.  The public response seems only to be stay out, way out.  Yet at the same time, when disasters strike the first place people will point to is the government.  This seems evident with the recent tragedy in Colorado where James Holmes was able to buy significant amounts of weaponry and personal armor online to stage a lethal assault against US citizens in a movie theater.  Comments seemed to come almost immediately questioning why he was able to acquire so much ammo.  Why was this activity not flagged?

Now the other issue surrounds what is and what is not private?  Prior to social media, prior to consolidated purchasing records, travel databases, value club cards, etc. this what not an issue.  There were no centralized places to harvest such detailed personal information.  Not that we are being forced to use these conveniences, we use them voluntarily.  Now that these databases exist there is a great temptation to plug in to them and develop complex rule sets to look for anomalies that can provide early indications of future threats.  But what of this data should or should not be accessible?  Should public posts made on public platforms such as Twitter be monitored?  How about publicly accessible data from Facebook pages?  Isn’t the use of either one of these platforms public capabilities just like talking in the town square?  Do we have a right to privacy to these communications?  What about purchasing history collected by credit card companies?  Buying 6000 rounds of ammunition before Internet shopping required the individual to at least show up in a store somewhere.  Now that same person can sit in his basement and order 100 rounds from 60 different shops.  The same person can communicate from a private location with a group of individuals and organize every detail of an offensive operation.  As a society are we ok with firmly stating that no one should monitor or protect against growing online capabilities.  If we are not, if we think someone should, then who?  The ease and accessibility of these services creates new societal vulnerabilities.  How to protect the commons given these new vulnerabilities requires a tough conversation, but unfortunately like most things today seems to only be covered when highly opposed politicized organizations want to assert there righteous positions.


How do we have a rational dialogue about an issue that carries with it such negative connotations and visceral reactions.  I am a skeptic, I don't think we will.  I think this will continue to be a majorly divisive issue made more complicated by societies distrust and simultaneous reliance on its government for basic necessities.