As horrible as Internet surveillance is, the alternative could have been far worse
While the Internet has turned into a global surveillance machine, with only tech-aware and privacy-aware people opting out of the surveillance, it’s important to remember that we could have had something far worse. In the 1990s, the telcos were aggressively pushing for their own version of a packet switched network – and had they won over the Internet’s simplicity, we wouldn’t even have had the option to turn on privacy today.
As cryptography-everywhere is being rolled out as a concept, some technology seniors are talking in terms of “unf×cking the Internet”, lamenting how the Internet has turned into a global surveillance network never envisioned by the research pioneers.
It’s important to remember that as surveilled as the Internet is, the telco industry has always been gleefully happy than to provide all sorts of governments with all sorts of surveillance. Internet and technology companies are the telco industry’s diametric opposite here. In the SS7 standards body, which produces telco industry communications standards, there is even a working group for “Lawful Interception”: no matter what is communicated, the Lawful Interception group ensures that law enforcement should always have access to it. The Internet Engineering Task Force (IETF) has nothing of the kind.
Thankfully, the Internet outcompeted the the telecom giants’ offerings in the 1990s because the Internet is stupid. It has absolutely nothing built in. No privacy, no security, no identity. Particularly no “lawful interception”. All it knows is how to get a packet of data from point A to point B in the most efficient way, and it does so exceedingly well. In this, it totally blew away the telco industry’s complex SS7 network.
Yes, the telecom giants had an Internet of their own, as hard as it is to imagine today. An entire network of their own. It was called the X.25 standard, and they were pushing for it heavily. All households should be connected to a dumb terminal, which they could rent from the telecom giants, and where said telco industry would act as gatekeepers of who got access to sell directly to households through this terminal.
It sounds preposterous.
Except it wasn’t. It was so good at the time, it actually beat the Internet in one country, France. The system there was called Minitel, and it provided households with the conveniences the Internet provided at the time – the ability to book tickets, rent cars, order pizza, the works. And of course, the was no privacy at all. It was all centrally controlled by a few giants who were happy to not just nickel-and-dime you for everything you did on the network – for which you had to rent a terminal in the first place – but also happily shared your habits with the government, and likely sold them for profit too.
There was no opting out of surveillance.
There was no VPN, no Tor, no PGP, no https.
There was no way to add privacy and security layers on top of the telco industry’s network, not if you were at the end user. You were at the mercy of what was offered from your telco provider.
(As a result, France joined the end-user Internet revolution far later than other countries: they did not have the same built-up demand for home services, as this demand was satisfied by their telco Minitel solution. Of course, the Internet would quickly outgrow whatever the telcos could offer, or wanted to offer, and at this point, French households started abandoning Minitel.)
If the Internet hadn’t been stupid enough – which is a good thing here – to exclude all security and privacy from the start, we would quite likely have been stuck with a telecom network where everything was centralized, and you didn’t even have the right to install a single app, much less transmit something unapproved on the network. You would not have had the option of adding privacy and security layers. As the French example shows, we were but a hairsbreadth from having a global Minitel instead of the Internet.
But today, we’re in a situation where we can fix this. As end users, and as service providers.
Privacy remains your own responsibility.