The Snowden effect

A lot has been written about the whole Snowden case and some of the NSA practices for spying on us. You could argue all sorts of things about this case. A popular thing that people keep pointing out is that actually, if you know anything about security and the NSA, none of this should come as a surprise. This is indeed a valid point and a lot of crocodile tears are being shed and there is a lot of mock outrage by especially some governments that are trying to distance themselves from the whole affair. Hypocrisy is a rampant.

But it is an interesting point and it actually completely destroys the case against Snowden by the USA. The central point in that case is that Snowden supposedly leaked crucial information that will cause ‘enemies’ to adapt their behavior. In fact, that has already happened years ago. So, yes people knew and have long adapted their behavior. Whether it is terrorists, Chinese activists, or the Russian mafia, they all have learned the hard way to use technology to evade detection and keep their communication private a long time ago.

This brings me to the core point of this post: so should all of us. Snowden has clearly demonstrated that any trail you leave on the internet is subject to archiving and analysis, and may be used against you outside of the usual checks and balances provided by the law of wherever you happen to live. Some of us already knew this, some others thought those people were conspiracy theorists, and now we all know that it is about as bad as these people were saying it was all along.

This brings me to another point some people have been making. It’s the “I have nothing to hide” argument that a lot of people are using. The reasoning is that if you are a law abiding citizen, there is little of interest to discover in your online behavioral patterns so what’s the harm? The fallacy in this argument is that it depends entirely on those that do the analyzing and collecting to respect your rights and generally mean well. This is not the case. Dictators, Nigerian scammers, Terrorists, criminals, and indeed the NSA all largely have the same tools at their disposal to access your data and a wide range of motives for doing so. Your current government may be well behaved but there are no guarantees about the one that comes after. Times change. Besides, you don’t control who does the collecting. If you think the NSA is the only institute currently engaged in data collection you are a fool. The Chinese invented and perfected this game a long time ago. Most authoritarian regimes actively spy on their own citizens as well as foreign nationals using whatever technology is available to them. You may be comfortable with the NSA tracking your communications but what about the KGB, the Chinese secret service, or the Iranian government? You’d be a fool to assume you are safe from them.

So, what can be done about all this? You could argue that we should all turn into paranoid conspiracy theorists and behave accordingly by adopting all sorts of oddball technology ranging from tin foil hats to advanced encryption. This is neither feasible nor practical since tin foil hats are kind of ineffective and encryption is notoriously hard to get right even for people who supposedly know what they are doing. What’s much more practical is to scrutinize internet services for their track record regarding protecting your privacy, applying best practices regarding security, and generally doing the right things. One of the first things that happened after the Snowden case is that several major internet services started lobbying for permission to provide greater transparency on what they had been forced to expose to them. Reason: they don’t want to be caught lying to their customers about what they are doing and what they are not doing.

That is actually interesting. These companies are very worried about alienating their user base and clearly feel that they have an interest in explaining to their users how they go about protecting their privacy. That’s a start. The solution is to take this to the next level. Avoid dealing with companies and services that are known to do the wrong things and instead flock to those companies that do the right thing. The rest is a matter of darwinism: bad companies will be exposed and will adapt or perish.

The Snowden effect will be that doing so will be made a lot easier by a large crowd of people analyzing what different companies are doing with respect to your privacy and sharing their knowledge with others. That means that where some companies have been able to get away with sloppy practices and mildly aggressive tracking (e.g. Facebook and Google), it will be a lot harder for them to continue doing this without risking bad PR.

A second effect will be that the same scrutiny will be applied to politicians. After calling Snowden a traitor, there is now quite widespread support for actually taking some political action to undo some of the legislation that allowed the NSA to do their thing in the first place. Never mind the contradiction of denying the man is a whistle blower and then suddenly being in favor of backing measures that are basically about addressing some of the issues that the man exposed. Flip flopping like that is just business as usual for politicians. But whistle blower or not, it is already having a political effect. This will extend into elections, cause future scandals, and have political consequences for those that continue backing the wrong things.

The long term Snowden effect will be accountability. This is exactly what is needed.

More on MS

It’s now a few days after my previous post on the vista delay. The rumour machine on the Vista delays is now rolling. A few days ago this wild claim about 60% of vista being in need of a rewrite started circulating. Inacurate of course but it woke up some people. Now this blogpost on a blog about Microsoft (fequented by many of their employees) made it to slashdot. Regardless of the accuracy of any statements in that post, this is a PR disaster. Lots of people (the entire IT industry, stockholders) read slashdot.

There’s lots of interesting details in the comments on that post that suggest that MS has at least these problems:

  • Management is clueless and generally out of touch with development progress. Claims on release dates are totally disconnected from software development planning. Release dates announced in press releases are wishful thinking at best. This is one of the reasons the date slips so often.
  • Middle management is worse. Either they have failed to communicate down when to release or up when their people tell them release is actually impossible. Either way, they have failed doing what middle management is supposed to do: implement corporate strategy and communicate up when that strategy is not working as expected.
  • Software engineers within MS are extremely frustrated with this. Enough to voice their opinions on a public blog. A lot needs to happen before I start criticizing my employer in public. I know where the money comes from. Really, I’d probably leave long before it would get to this point. So, I interpret this as MS having a few extremely frustrated employees that might very well represent a large silently disgruntled majority. Steve Ballmer seems to be rather impopular in his own company right now (never mind his external image).
  • The best MS software engineers are leaving MS and are replaced with being people of lesser quality because MS now has to compete in the job market. I remember a few years ago that MS could cherry pick from the job market. Now the cherries are leaving. Really, if your best people are leaving and you have billions in cash to fix whatever problem is causing them to leave, you are doing something wrong (like not fixing the problem).
  • Microsoft employees are spilling stock influencing information on public blogs. Opennes is one thing but this is an out of control situation. Regardless of whether they are right, these people are doing a lot of damage.

It’s probably not as bad as the comments suggest but bad enough for MS, if only for all the negative PR. Anyway, I might be revisiting the predictions I made in my previous post. I have a feeling some of them might prove to be correct in a few months already. Very amusing 🙂