V T race. But because we have built role inthesocializationofhuman 1 right tobealoneinourthoughts eliminating foreverthefundamental basic freedoms. We are onthe verge of privacy, wearealsoendangeringour infrastructure withoutconsidering Seeking toprotectthefundamentalprivacyofnetworkinteractions. We HaveWoven The Privacy andSecurity protection offreedom ofthought government and theconstitutional cal landscape towarddemocratic self- transformation oftheWestern politi- of learningalsoenabledthe gradual man socialcondition.The opening began radicallyimproving the hu- the scientificmethod,and withit Christianity. Secularsocietyadopted of individualistformsProtestant this ledtotherevolutionaryadoption of readingandthinking.Inreligion, self-made through a privateprocess the individualselffreelydeveloped, ing, andwithittheWestern ideaof ated the experience of private read- century, moveable-typeprintingcre- communications oftheacm | doi:10.1145/2408776.2408784 At thebeginningofsixteenth works will play a dominant From nowon,thewayWeb op independentlyoftheNet. born whosebrainswilldevel- he lastgeneration angled Web february 2013 | isbeing . . Web viewpoints privacy ofnetworkinteractions,ifwe if wedonotprotectthefundamental prove thewelfareofhumankind.But ing system would immeasurably im- female. Thistrulyuniversallearn- and poor,oldyoung,male without discriminationbetweenrich of learningandculture,everywhere, listen, andparticipateineveryform ery persononEarthtoread,watch, race, shouldmakeitpossibleforev- that processthroughoutthehuman vol. 56| thoughts. to bealoneinour the fundamentalright of eliminatingforever We areontheverge The Netshouldnowuniversalize no. 2

soul. for thehumanbodyand privacy, itwillinsteadbecomeajail the Netisnotengineeredtoprotect not achievethatpromise.Indeed,if sonal informationintheNet,wewill but alsoextensivedataminingofper- permit not only active surveillance Eben Moglen ing theircooperation. ble—by law,force orfraud—ofgain- the disposalofanygovernment capa- responsibly theymanageit, isalsoat nesses seekingprofit,no matter how data, assiduouslygathered bybusi- for access toour private data. All this nies thatofferus“services” inreturn scrutinized tothesameendbycompa- and otherprivatecommunications,is family, eventhecontentofouremail What wesharewithourfriendsand those whowanttosellussomething. taneously “mined”foritsvalueto we contact—isintensivelyandinstan- what wesearchfor,read,who keeping abouthowweusetheNet— have comefromindustry. Record- lives. Theinnovationsinsurveillance constantly, asweuseittoenrichour our Netisbeingusedtospyonus, We are failing at present because

credit tk V

credit tk change. We do not controlthem;rath- cannot reador understand,muchless and tablets often contain software we These robotswecallsmartphones they knowourlocationall thetime. to heareverythinggoingon around us; what wepointthemat;they haveears we aretheirhandsandfeet. Theysee these robotshavenohandsandfeet— the sciencefictionofourchildhoods, bots livingintermixedwithhumansin clusively inourinterests.Unlikethero- service robotsthatarenotworkingex- cause wearerapidlyadoptingpersonal to readourminds. supplies informationthatcanbeused and persuadeus.Ourconsumption data tohelptheselleridentify,pursue, data scienceisnowusingourpersonal ing placement,orapoliticalcandidate, selling pharmaceuticals, toys, advertis- human socialaction.Whetheroneis aggregated behavioraldatatopredict all thisindividuallyidentifiableand cipline ofstatistics,directedatusing itself as“datascience,”isanewsubdis- mining,” whichnowpolitelyrefersto mathematics ofinferringfromit.“Data The situationismadestillworsebe- Beyond the dataitselfliesnew remedy theproblem. We needtore- this crisisare all ourcreation,wecan on aglobalscale. threat toourcommonhuman interests vast scopeoftheNet,areproducing a dividual activities,aggregated overthe unintended consequences of tinyin- nently inpower. erful new tools forremaining perma- tyrannical willhaveimmenselypow- now on,governmentsthatbecome emies. Everywhereintheworld,from ence thepopulation,andfinditsen- to usetheNetlocatesupport,influ- completely disapproveisbeginning government ofwhoseprinciplesyou somewhere intheworld,rightnow,a control. Nomatterwhatyourpolitics, personal datatoimprovetheirsocial ing means,toharnessthepowerofbig ing, tothefullestextentoftheirdiffer- states. Governmentsarerapidlymov- has ofcoursedrawntheattention influence individualsthroughtheNet of technologiestosurveil,predict,and control us. er, theyofferotherstheopportunityto Fortunately, because thepartsof This privacycrisisisecological.The Development intheprivatemarket february 2013 | vol. 56| centralized services thathurttheir individual users. Usersbeganusing and withnear-perfectreliability for and accessservicescheaply, securely, dividual serverscanprovide storage sign government acquisition. is nowcentralizedandvulnerableto gets the right tomine the data, which sophisticated accessservicestousers, for doingthestoringandproviding the serviceoperator,whoinreturn centralized databasesmaintainedby respective socialcirclesinsidehuge users’ communicationswiththeir ing services,forexample,putalltheir Current webmailandsocialnetwork- systems thatarehazardoustoprivacy. that respectusers’privacy,toreplace providing existingfunctionsinways sponsible replacementsoftware, and helpingpeopleshifttothem. the equivalentofgreentechnologies, presently doing.Itmeansproviding or businessestochangewhat they are ples. Thisdoesn’tmeanforcingpeople in keeping with certain ethical princi- build theoperatingsoftwareofNet But email and the Web are by de- First, then,weneedtobuildre- federated services,inwhich - no. 2 | communications oftheacm viewpoints 2 viewpoints

privacy because they gained tangible whom the operator “cooperates.” We convenience at no apparent cost. No need to explain that every little deci- one knew how to run her own mail When we act to sion to give away one’s own informa- server or Web server, and we did not improve our own tion also gives away other peoples’. We make it easy to learn. But we can—and can teach people that when we act to we should—help people to use free privacy we are also improve our own privacy we are also software and a coming flood of inex- protecting the privacy protecting the privacy of our children, pensive “personal server” hardware to our families, and our friends. If we make personal privacy appliances. of our children, our help people around us to understand The FreedomBox Foundation I am families, and our the effects their actions have on oth- currently advising is an example of an ers, they will decide for themselves attempt in this direction, making free friends. what changes they should make. personal privacy software for creating Untangling the Web, restoring pri- such appliances. Small, inexpensive, vacy in what we do and anonymity in power-miserly devices you just plug in what we read, will not be easy. Many and forget, they keep your communi- fine businesses will make a little less cations private, help you navigate the money if we do not offer all our per- Web without being spied on, and let sonal data to be mined by intermedi- you share with the world, safely. Let aries on their behalf. Governments— me get technical for a few sentences to pretty much all governments of every describe how. social sharing replace Facebook and stripe—are rapidly discovering how Much of the implementation of similar “services,” that have imposed much real control they can get with- such a software stack involves using centralized storage, data mining, and out showing their hands if they make existing tools. A privacy control. use of the currently misconfigured, proxy located in the router between a Soon, such privacy servers will be anti-privacy Net. A consensus of the user’s smartphone or PC browser and available to replace your home wireless great and the good against privacy is the public Net can remove advertising router or other similar device at even forming; the one against anonymity is and Web bugs, manage cookie flow, lower cost, but with enormous overall already full-blown. Imagine how dif- and improve browsing privacy and social benefit. Think of them as per- ferent our world would be if all the security by providing “HTTPS every- sonal coal-scrubbers that cost next to books in the West for the last half-mil- where.” Automating use of SSH prox- nothing and improve the atmosphere lennium had reported their readers to ies and personal VPNs can not only we all breathe. headquarters, including informing protect the privacy of Web access be- But this is not all. We must also the Prince or the Pope how many sec- hind the FreedomBox used as a router, provide clear, factual, technical pub- onds each reader spent on each page. it can also provide secure communi- lic education about privacy and “the The book, which anyone could read to cations and privacy-protected Web cloud.” Currently basic technical in- herself in the privacy of her mind, is access from a mobile device used on formation is either altogether missing being replaced by an appliance that untrusted networks away from home. from or else distorted in the public tracks your reading for the booksell- Some of the tools needed for per- debate. We need to help people un- er, subject to the Prince’s subpoena. sonal privacy appliances are com- derstand why they might be better off It will not be easy to save privacy. But binations of existing functionality. storing their personal data on physi- if we believe in liberty, we have abso- Combining a HTTPS Web server and cal objects in their possession rather lutely no choice. a XMPP server with OpenPGP-based than in other peoples’ data centers in authentication, for example, along “the cloud.” We should make the re- Eben Moglen ([email protected]) is Professor of Law at and founding director of the with a method for building the “web sults of “data science” accessible to a Software Freedom Law Center in New York. of trust” through exchange of public public that will never interest itself in Copyright held by author. keys embodied in QR codes (the 2D the mathematics. barcodes that smartphones already We must help people think eco- scan) yields a method for secure text, logically about privacy. Users do not voice, and video chat that is easy for recognize that their correspondents’ ordinary users to deploy. That in turn privacy is also reduced when they use also easily extends to a method for a “free” email service that reads and secure communication with journal- data mines email sent and received. ists and public media outlets for re- They do not realize that everyone in laying video and audio recorded with the photographs they post on central- mobile phones. Beyond our present ized social networking services is be- stage of development lie the new tools ing facially identified and tagged. That we need to build, like federated social the social networking service’s opera- networking software that can smooth- tor has access to all those pictures and ly and without disrupting the web of all the tags, and so does anyone with

3 communications of the acm | february 2013 | vol. 56 | no. 2