There’s dark and scary trend in technology. A true panopticon, where bureaucrats can plot the movements of every citizen on a map minute by minute, read every message, know at all times who's talking to whom, is technically possible today to the extent that it’s not already here.
That kind of power imbalance between people and their government is a threat to freedom everywhere, both in places that have democracy and in places that don't have it yet. More powerful tools for an authoritarian state to suppress a group who desire rights or freedom or a more participatory government have never existed.
Fixing this, not just through policy but through technology, is critically important.
Panopticon refers to a 19th-century prison design. The wardens can always see you, but you can't see them. Surveillance is about control, especially when it affects a whole population simultaneously and continuously.
Here's what I think needs to happen.
E2E must be the norm for all personal communications. Signal and WhatsApp have delivered huge progress toward that for calls and texts. I’m working on end-to-end encrypted email.
Software distribution must use deterministic builds and multisigs. Gitian and bitcoind are great examples. The current norm, where every device you own can be auto-updated to run anything by a bunch of different organizations at any time, is not OK.
Software must be open and auditable. Closed source is acceptable on the server, but everything I run on my device should be either open source, sandboxed, or both.
- Hardware must be open and auditable. I should be able to check that my phone is not hardware backdoored. Anything that is not open--such as the baseband processor--should be untrusted at the hardware level.
Where do we start?