The Post-Snowden Surveillance World: Network Effects, Low Marginal Costs, And Technical Lock-in
from the only-connect dept
The concept of network effects, and the lock-in they produce, are both by now fairly well known. Most people understand why Microsoft retains its stranglehold on the desktop and word processing formats, despite the availability of equivalent free alternatives like GNU/Linux and LibreOffice, just as Facebook dominates the social networking sphere. A fascinating new paper by Ross Anderson, Professor of Security Engineering at Cambridge University, uses the idea of network effects and related areas to explore some of the deeper implications of Snowden's revelations about the modern world of surveillance (pdf).
Alongside network effects, Anderson notes two other factors, familiar from the world of technology, that are increasingly visible in the world of surveillance: low marginal costs and technical lock-in. First, the network effects:
The Snowden papers show that neutrals like Sweden and India are heavily involved in information sharing with the NSA, even though they have tried for years to pretend otherwise. A non-aligned country such as India used to be happy to buy warplanes from Russia; nowadays it still does, but it shares intelligence with the NSA rather then the FSB. If you have a choice of joining a big spy network like America's or a small one like Russia's then it's like choosing whether to write software for the PC or the Mac back in the 1990s. It may be partly an ideological choice, but the economics canoften be stronger than the ideology.
Here's how low marginal costs have revolutionized world politics:
Second, modern warfare, like the software industry, has seen the bulk of its costs turn from variable costs into fixed costs. In medieval times, warfare was almost entirely a matter of manpower, and society was organised appropriately; as well as rent or produce, tenants owed their feudal lord forty days' service in peacetime, and sixty days during a war. Barons held their land from the king in return for an oath of fealty, and a duty to provide a certain size of force on demand; priests and scholars paid a tax in lieu of service, so that a mercenary could be hired in their place. But advancing technology brought steady industrialisation. When the UK and the USA attacked Germany in 1944, we did not send millions of men to Europe, as in the first world war, but a combat force of
a couple of hundred thousand troops -- though with thousands of tanks and backed by larger numbers of men in support roles in tens of thousands of aircraft and ships. Nowadays the transition from labour to capital has gone still further: to kill a foreign leader, we could get a drone fire a missile that costs $30,000. But that's backed by colossal investment -- the firms whose data are tapped by PRISM have a combined market capitalisation of over $1 trillion.
Finally, there's the technical lock-in:
First, there are lock-in effects in the underlying industries, where (for example) Cisco dominates the router market: those countries that have tried to build US-free information infrastructures (China) or even just government information infrastructures (Russia, Germany) find it's expensive. China went to the trouble of sponsoring an indigenous vendor, Huawei, but it's unclear how much separation that buys them because of the common code shared by router vendors: a vulnerability discovered in one firm's products may affect another. Thus the UK government lets BT buy Huawei routers for all but its network's most sensitive parts (the backbone and the lawful-intercept functions). Second, technical lock-in affects the equipment used by the intelligence agencies themselves, and is in fact promoted by the agencies via ETSI standards for functions such as lawful intercept.
The rest of the paper explores the implications of those factors. For example, Anderson notes that network effects lead to a surprising degree of technical integration between Western democracies and some of the less salubrious regimes around the world, notably through the export of spying technologies from the former to the latter. Another kind of integration is taking place between intelligence agencies and law enforcement:
It looks increasingly like law-enforcement and intelligence systems will merge into a single surveillance system, since the issue engages all of the three reasons that makes information markets different: there are strong network effects, there is technical lock-in growing from the fact that everyone’s using the same technology platforms and presenting warrants to the same service firms for the same data; and the back-end systems needed to aggregate, index, and analyse the product have high capital costs and very low marginal ones. Institutional arrangements are starting to reflect this; in addition to the FBI acting as the NSA’s funnel into Google and Microsoft, all UK police wiretaps are now done by the National Technical Assistance Centre, which is essentially a service window at GCHQ. There is indeed no point in making the taxpayer buy the same systems twice.
Despite these rather depressing observations and predictions, the paper does contain some upbeat thoughts. For example, Anderson emphasizes that network effects provide a good reason for the US to support a more principled kind of surveillance, in the knowledge that its current dominance will pass, and that it, too, will be subject to just the kind of spying that it currently inflicts on others:
If the barriers between nations that participate in the intelligence networks are not sustainable in the long term, and neither are the barriers between intelligence and law enforcement, then what's sauce for the goose will be sauce also for the gander. Policymakers should not delude themselves into believing that a temporary 'home field advantage', as NSA Director General Alexander put it, will last for ever, or even for the lifetime of most of us.
Anderson even manages to see hope that the experience of addressing the consequences of network effects in the world of surveillance may lead to broader gains in the future:
The regulation of surveillance might therefore be a useful early example of what governance could look like in a future networked world, and may in fact be one of the hardest such problems that we face. It contains elements of both fear and hope: fear that an apparatus of global surveillance might be captured by an oppressive successor empire, and hope that there might be no successor, but merely civilisation (whatever that means). This asymmetry may introduce the possibility of new approaches, and nudge realists from selfishness to more enlightened selfishness. As for liberal thinking, the lesson is that we don't just have to rely on international institutions; there are extremely powerful network effects in play, which will be a force for pacification and stability; we must work with them.
As that indicates, this is an extremely thoughtful and wide-ranging paper that draws together a number of big issues -- surveillance, privacy, governance, geopolitics etc. It's an important contribution to the debate initiated by the release of NSA and GCHQ documents by Edward Snowden, and anyone interested in what the longer-term implications of those revelations will be really ought to read it.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: lock-in, marginal costs, network effects, ross anderson, security, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
Good Until
the firms whose data are tapped by PRISM have a combined market capitalisation of over $1 trillion.
The capitalization of the firms "tapped" has little to do with the costs of operating the NSA or any other "spy" agency. The argument would be better made pointing out the costs of setting up and maintaining PRISM and related activities - except that much of it is again labor intensive, which moots the entire argument.
Also, technical lock in isn't something that breaks down borders, if anything it's motivation for countries to invest in their own internal industries to try to out perform - or at least perform as well. Cisco is good, but their market domination isn't for life.
[ link to this | view in chronology ]
someone is getting warrants?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
We have not moved on from the 19th century- have we?
"If they'd rather die, then they had better do it and decrease the surplus population."
- Ebenezer Scrooge
Hm - is bringing in Scrooge a bit like bringing in "the Nazis"?
[ link to this | view in chronology ]
Windows remains the OS of choice because it's the most supported by third party companies and because Linux is too complicated for the average person. If the Linux program you're looking for isn't something hugely popular and well known, chances are that it's a command-line only program requiring long strings of obscure parameters to do anything useful.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
No, but often I'll go looking for a program for Windows, to accomplish a specific task, like converting something, and I almost always run across Linux programs in the search results. Sometimes I click on the site, not realizing that it's devoted to Linux, and most of the time, the program turns out to be a command line program.
[ link to this | view in chronology ]
Re:
I don't actually think this is true. But I think you meant something different: that Windows is the most supported by the companies who made the software most people use.
"and because Linux is too complicated for the average person"
Linux is no more complicated than Windows is (and in many things, it's a lot LESS complicated). The actual problem is that people believe that Linux is more complicated, because that perception was cemented years ago, when it was actually true.
"If the Linux program you're looking for isn't something hugely popular and well known, chances are that it's a command-line only program requiring long strings of obscure parameters to do anything useful."
This is simply incorrect.
[ link to this | view in chronology ]
Re: Re:
Is there a Linux version of Microsoft Word? Photoshop? Excel? Maybe it has a ton of game support, like Call of Duty? Dead Space? Mass Effect? The Tomb Raider series?
Did I miss the Linux section at Staples? Best Buy? Walmart? Gamestop?
Will Logitech support be able to help me when I need a Linux driver for my joystick?
Linux is no more complicated than Windows is (and in many things, it's a lot LESS complicated). The actual problem is that people believe that Linux is more complicated, because that perception was cemented years ago, when it was actually true.
https://help.ubuntu.com/community/RestrictedFormats/BluRayAndHDDVD
This is simply incorrect.
What's the most popular video encoding program on Linux? I don't know for certain, but I'd guess ffmpeg. How do you convert files with ffmpeg?
http://linuxers.org/tutorial/how-convert-video-files-various-other-video-formats-using-ffmpeg
How about using Mencoder which is included with Mplayer? Here's the example string I found on the net for converting a file to AVI format;
mencoder -sws 2 -oac mp3lame -ovc lavc -lavcopts vcodec=mpeg4:vbitrate=1000:vhq:vpass=1 -ffourcc XVID input.ext -o /nul
mencoder -sws 2 -oac mp3lame -ovc lavc -lavcopts vcodec=mpeg4:vbitrate=1000:vhq:vpass=2 -ffourcc XVID input.ext -o "output.avi"
Apparently it can also create other formats, but then you have to read the manual for ffmpeg as well, and integrate its commands into the Mencoder command string.
How about Mupen64Plus, the cross-platform Nintendo 64 emulator? How do you configure the controls? It couldn't be easier! You just find the InputAutoCfg.ini file and manually edit it to set the controls, which the Wiki page says "...shouldn't be too hard to figure out...";
http://code.google.com/p/mupen64plus/wiki/ControllerSetup
Yes, there are some front ends available for these programs, but the fact that they're not integrated into the program means that they almost never give you access to all the options available.
You'll probably tell me that I've cherry-picked some obscure examples, but I see this sort of thing virtually every time I look at Linux programs.
[ link to this | view in chronology ]
Re: Re: Re:
Not sure how this question supports your claim that "Windows remains the OS of choice because it's the most supported by third party companies". You've only named three third party companies. It really gets more to my point, that you're talking about the most popular software, not the most companies that make software.
BTW, there are Linux programs that accomplish the same thing as (and can exchange files with) those products.
"How do you convert files with ffmpeg?"
The most popular method is to use VLC, which is a GUI-based program. Remember that the Unix design philosophy is to intentionally make the GUI and the "engine" two different things. Behind the scenes, the work may be getting done by ffmpeg (or some similar tool), but you're only interacting with a GUI. Most of the people I know who use Linux but aren't Linux nerds never use the command line for anything, period. It's entirely unnecessary unless you are doing deeply technical, nerdy stuff (and even then, it's rarely mandatory, just easier).
BTW, there are several very good GUI front ends for Mencoder as well. You never have to use the mencoder command line directly.
"but the fact that they're not integrated into the program means that they almost never give you access to all the options available."
Also simply not true.
"You'll probably tell me that I've cherry-picked some obscure examples, but I see this sort of thing virtually every time I look at Linux programs."
If you've cherry picked, you did a bad job of it as your examples don't actually hold up. If that's all you see when you look at Linux programs, you're looking at the wrong things. Try including a window manager in your search term (if you use KDE, for example, search for "KDE video converter").
Or, if that's too obscure, just browse through your package manager's catalog.
[ link to this | view in chronology ]
Re: Re: Re: Re:
How many stores can you walk into and buy Linux software?
Yes, yes, I know, with Linux, you can download everything! The problem is that I see computer owners all the time who can't do anything unless they have a printed manual in front of them telling them exactly what to do. Even then, some of them can't figure it out and have to call the company for help. Half the people I know can't even figure out where their web browser saves the files when they download them!
How many of the large game companies like EA and Activision support Linux?
When they walk into Walmart and want to buy an HP printer, is it going to come with Linux drivers?
BTW, there are Linux programs that accomplish the same thing as (and can exchange files with) those products.
And if they need to use those specific programs at work, they're not going to want to learn a different program at home. I know people who get confused by the differences between Hotmail and gmail, even though they offer pretty much all the same functions. The fact that the buttons are in different places or named differently has them scratching their heads.
I have a friend whose main computer has gotten so slow, it's basically unusable. Even I don't know how to fix it without wiping it and re-installing everything from scratch. I did that to an old laptop that someone gave them and while it wasn't fast, it worked fine. I installed free, lightweight, antivirus and firewall software, made sure it would connect automatically to their WiFi, etc. I tested it on all the popular sites like YouTube, Hotmail, etc. It worked fine. Now they claim that they can't get on the internet and that it's popping up all kinds of warnings. They had another computer that someone gave them, which they had hooked up to their TV in the living room. They decided to disconnect the main one, which was too slow, and start using this one. Now they claim that they can't get on the net and that it's popping up warnings. I told them to call Comcast and ask why they can't connect to the net, but they didn't want to do that because they were afraid that they wouldn't be able to follow Comcast's instructions or answer their questions.
I'll be perfectly honest; I do a lot of things that would probably give most security experts nightmares. I turn off the AV real-time scanning when it starts slowing things down, I download and run programs from authors' personal web sites (although I do scan everything and I try to use common sense about what I download), I visit web sites that Google claims are a risk and I use an administrator account because my attempts at installing programs to use from a limited user account were a miserably failure. And yet, I don't have even a fraction of the problems that my friend has on a regular and on-going basis.
I'm not saying I'm invulnerable, I just find it strange that I do all the things I shouldn't and my system is working fine, while they have full-time AV protection and only use their computer for a fraction of what I do and they have nothing but problems.
The fact is that they really don't have a clue what they're doing. Want to tell them to take a screenshot of the error and send it in email? Not only do you have to describe how to create a screenshot, you have to describe how to save it, how to locate the file they just saved, how to start an email from scratch, how to attach the file...
I'd like to say that they're the exception, but this describes most of the computer owners I know. Most of them wouldn't know how to change their desktop resolution if their lives depended on it. "Ooh, nice wallpaper image!" "Thanks, I'll give you the program to install it."
The most popular method is to use VLC, which is a GUI-based program.
That doesn't surprise me. Maybe that's why I see so many screwed up videos on the net.
I actually didn't know that VLC had an option to convert videos, mainly because I've never liked VLC. I formed a very negative opinion of it when the first version I tried wouldn't play a single video. Then they released a version that played the video, but the audio was completely garbled. When they finally got it to play both video and audio correctly, it still used more CPU than any other video player and the fullscreen controls were a bad joke. Not to mention that I could easily crash it by just playing with the options. It always seemed like they were more concerned with adding obscure features than in making sure they had a stable player that worked properly.
In any case, I just tried converting a video with it. I fed it a 1280x544 MKV file and told it to convert it to an AVI file. It selected a video width of 720, but set the height at 576, which produced a 4:3 image, which is completely wrong. While I know how to calculate the correct image height, most people probably wouldn't and would just use the defaults. It also apparently only does single-pass encoding, which often doesn't produce the best results, especially with the default bitrate of 900.
BTW, there are several very good GUI front ends for Mencoder as well. You never have to use the mencoder command line directly.
Apparently none of those front ends exist for Windows, because I've tried all the ones I could find and they all pretty much suck. There's MeWIG, which doesn't allow you to change any of the audio settings, doesn't allow you to encode only a portion of the video for sample purposes and only encodes to AVI and OGM. Oh, did I mention that it doesn't even work? Despite having the location for Mplayer and Mencoder properly set, the progress bar instantly shoots across and it claims it's finished, even though nothing was written. Then there's Tencoder, which has more options, but still doesn't allow you to encode just a portion of the file. I've tried every Mencoder front end I could find and wasn't happy with any of them.
Also simply not true.
Front ends rarely have the same range of options as the program offers from the command line. In the examples above, I've yet to find a front end (for Windows) for Mencoder that offers the option to set the start and stop times for encoding, even though both are available from the command line (-ss xxx for seconds to start and -frames xxx how many frames to encode).
Check out Mednafen, a cross-platform (mostly on Linux OSs), multi-system emulator. There are a bunch of front ends for it, but I've yet to find one that gives you a GUI for remapping the controls. That still has to be done by pressing a hotkey and then following the instructions in the window, which forces you to remap about twice as many controls as needed for whatever system you're currently emulating. Most all the front ends I tried are purely there to allow you to select a game to play and then Mednafen takes over and all configuration is done through hotkeys or by editing a config file.
[ link to this | view in chronology ]
Optimism
"Policymakers should not delude themselves into believing that a temporary 'home field advantage', as NSA Director General Alexander put it, will last for ever, or even for the lifetime of most of us."
" It contains elements of both fear and hope: fear that an apparatus of global surveillance might be captured by an oppressive successor empire,"
The implication being that the current empire isn't oppressive?
[ link to this | view in chronology ]
You want the US to admit what!!?!
HAHAHAHAHAHAHAHAHAHAHA
[ link to this | view in chronology ]
re: Optimism
The implication being that the current empire isn't oppressive?
I think that he's giving the benefit of the doubt, nasch. Also, the NSA leaks to the DoJ that we know of (important words those) are regarding the war on drugs and the war on terror. Once this particular information vector expands to include other functions (prosecuting, say, copyright violations and acts in conflict with specific religious moralities) then we will have attained a greater magnitude of oppression.
It's very likely that the NSA is also using their surveillance information to track hackers (no matter what kind of hat they wear, the NSA seems to think they're all bad). That's a degree of oppression that we shouldn't tolerate, granted, but the oppression can get certainly worse.
[ link to this | view in chronology ]
Re: re: Optimism
No argument there.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]