Bankless - The New American Surveillance State | Byron Tau
Episode Date: May 20, 2024✨ DEBRIEF | Ryan & David unpacking the episode: https://www.bankless.com/debrief-the-byron-tau-interview ------ Are we being watched? That’s the question we ask Byron Tau, an investigative jou...rnalist and author of “Means of Control'' that covers all about the US surveillance state. Turns out the US Government has a digital dossier of every citizen, but how? How do they collect the data? How are they using it? Can we ever get back our digital privacy? Expect to learn all that and much more in what is a deep dive into digital surveillance. ------ 📣 SPOTIFY PREMIUM RSS FEED | USE CODE: SPOTIFY24 https://bankless.cc/spotify-premium ------ BANKLESS SPONSOR TOOLS: 🐙KRAKEN | MOST-TRUSTED CRYPTO EXCHANGE https://k.xyz/bankless-pod-q2 🔗CELO | CEL2 COMING SOON https://bankless.cc/Celo ⚖️ARBITRUM | SCALING ETHEREUM https://bankless.cc/Arbitrum 🛞MANTLE | MODULAR LAYER 2 NETWORK https://bankless.cc/Mantle 🗣️TOKU | CRYPTO EMPLOYMENT SOLUTION https://bankless.cc/toku 🌐 CARTESI | APPLY FOR A GRANT https://bankless.cc/CartesiGovernance ------ TIMESTAMPS 0:00 Intro 4:42 State of Surveillance 12:24 Content vs Metadata 18:16 The Surveillance Industry 33:53 Total Information Awareness 49:50 Is the Gov Using Data Against Us? 53:10 Privacy Protections 1:05:29 The Role of Encryption 1:17:23 Surveillance Abroad 1:22:09 US vs China 1:26:04 Surveillance in Crypto 1:31:09 Closing & Disclaimers ------ RESOURCES Byron Tau https://twitter.com/ByronTau Means of Control by Byron Tau https://www.penguinrandomhouse.com/books/706321/means-of-control-by-byron-tau/ ------ Not financial or tax advice. See our investment disclosures here: https://www.bankless.com/disclosures
Transcript
Discussion (0)
Wait, wait, wait, can the data brokers sell the same information, like domestic information about U.S. citizens?
They could sell that to the U.S. government, but what this entire episode's been about.
And, like, that's crazy enough.
You're not telling me those brokers can also sell them to foreign countries.
Oh, yeah. Yeah, absolutely.
What?
Welcome to bankless, where today we're exploring the frontier of privacy.
This is Ryan Sean Adams. I'm here with David Hoffman, and we're here to help you become more bankless.
the topic of today's episode, the U.S. surveillance state. We're talking total surveillance.
Our guest is an investigative journalist who says the U.S. government has, in quotes, a digital dossier of every citizen.
Yikes. Everyone listening to this. How do they collect the data? How are they using it? Can we ever get back our digital privacy? And does crypto? Does encryption fit into the picture here?
Some questions we asked Byron on the episode today. Everyone knows that internet users give up their privacy. But you, listener, do you know,
know how far that actually goes? Do you think that U.S. citizens actually have a right to privacy?
Because I wouldn't be so sure. The United States government can't search the contents of your emails,
but does that even matter in this age when there's so much data out there? And is there even really
a difference between the authoritarian state of China and the capitalistic democracy of the United
States when it comes to our privacy? These are some of the questions that we asked Byron.
So let's go ahead and get right into that conversation with Byron. But first, a moment to talk
about some of these fantastic sponsors that make this show possible, including Cracken,
I prefer crypto exchange for 2024.
If you do not have an account with Cracken,
consider clicking the links and shutouts
and getting started with Cracken today.
If you want a crypto trading experience
backed by world-class security
and award-winning support teams,
then head over to Cracken,
one of the longest-standing
and most secure crypto platforms in the world.
Cracken is on a journey to build a more accessible,
inclusive, and fair financial system,
making it simple and secure for everyone,
everywhere to trade crypto.
Cracken's intuitive trading tools
are designed to grow with you,
empowering you to make your first or your hundreds
trade in just a few clicks. And there's an award-winning client support team available 24-7 to help
you along the way, along with a whole range of educational guides, articles, and videos. With products and
and features like Cracken Pro and Cracken NFT Marketplace and a seamless app to bring it all together,
it's really the perfect place to get your complete crypto experience. So check out the simple,
secure, and powerful way for everyone to trade crypto, whether you're a complete beginner or a
season pro. Go to crackin.com slash bank lists to see what crypto can be. Not investment advice,
crypto trading involves risk of loss.
Launching a token, worried about the IRS.
Talk to Toku for five minutes to learn how to save hundreds of thousands of dollars for you, your team, and your investors.
Now, if you do an initial consultation, Toku will cover the cost of your token valuation, which is what you need for your launch.
So don't wait, reach out to the team right now at team at Toku.com.
That's team at t-O-K-U.com.
Selo is the mobile-first EVM-com-com-com built for the real world.
Driving real-world use cases like mobile payments and mobile defy.
And with Opera MiniPay as one of the fastest growing Web3 wallets,
Sello is seeing a meteoric rise with over 300 million transactions and 1.5 million monthly active addresses.
And now Sello is looking to come home to Ethereum as a layer two.
Optimism, Polygon, Matter Labs, and Arbitrum have all thrown their hats in the ring for the cello layer two to build upon their stacks.
Why the competition?
The Sello Layer 2 will bring huge advantages like a decentralized sequencer,
off-chain data availability, secured by Ethereum validators, and one-block finality.
What does that all mean for you?
With Sellow layer 2, gas fees will stay low, and you can even pay for gas natively using
ERC20 tokens, sending crypto to phone numbers across wallets using Social Connect.
But Sellow is a community-governed protocol.
This means that Sellow needs you to weigh in and make your voice hurt.
Join the conversation into Cello forums.
Follow Sellow on Twitter and visit cello.org to shape the future of Ethereum.
Bankless Station, I'm very excited to introduce to you.
Byron Tau.
he's an investigative journalist and the author of a fantastic book. It's called Means of Control.
In that book, he shares just about everything he's learned about government surveillance and
control. This has been a multi-year project, and we are excited to have him on bank lists.
Byron, welcome to the show. Thanks so much for having me.
Okay, so you're talking to crypto people here. We have a crypto audience. So the audience has
definitely dialed in, I would say, to the subject matter of surveillance in general.
but I think the best place to start would be at the top.
So you wrote this book.
It's called Means of Control.
So the simplest possible question is, who's controlling us and what are their means?
So it's a title taken from a Thomas Pynchon quote, which I just happened to like because I thought it expressed a lot of the themes in the book.
And the quote goes something like, once the technical means of control have reached a certain size, a certain degree.
of being connected to one another, the chances for freedom are over for good. And I think that
sort of sums up some of the themes of my book, specifically around large-scale data collection
and its use by powerful forces in our society. And those forces, of course, include corporations,
but the book documents specifically how governments are acquiring large amounts of this data
and using it for various surveillance programs. Okay, so I think an underlying theme of your book is
if we don't protect these freedoms, then we may actually lose them.
And this is something I'm sure we'll return to.
I'm curious, though, if you're trying to explain this to like Normies, you know, like the problem statement, at a dinner party, let's say,
and like you're just trying to explain this in a way that doesn't seem like you're wearing a tinfoil hat,
you're a conspiracy theorist.
Like, how do you explain it to average everyday American citizens, like the problem statement, let's say,
and why it's a problem? Sure. So I think that the thing I would say is that historically in the
United States, we have limited government power by limiting the amount of information that governments
can obtain about all of us. We generally speaking require governments to go get a search warrant
or a subpoena when they look at invasive amounts of information about us. And that's traditionally
how we've limited government power and protected the privacy of citizens. However, in recent years,
so much information is available out there in the world for sale. And governments, like every other
entity on the planet, they're eager for information, and they are consumers of this commercially
available information. And that has essentially started to rewrite the social bargain, that
when you let governments buy large amounts of data on everybody, it moves us away from that
traditional notion where you limit government power by having court oversights.
you know, they have to get documents together and they have to go convince a judge to let them
look into an individual. With the sheer amount of information that's available out there in the
world from data brokers and from all sorts of other sources, that social bargain is being
upended. Okay, so what's really interesting here, Byron, is there's almost some economics at
play, and like our listeners will very much understand kind of like the economics of the
situation. It's something, again, I want to return back to in the future because it's become
very inexpensive in this digital world to collect this information.
Like, it's unprecedented.
The framers of the Constitution didn't have this kind of data collection, like cost
reduction in their mind when they frame things out.
And so I think this is a recurring theme that we'll come back to.
And I want to set a roadmap for this episode, maybe.
So first, want you to tell us what's going on today.
Like, so how this data marketplace works between corporations and private groups that are
collecting this data and the government how they're using it, then I think we want to talk about
the legal. Like, what protections do we actually have set up today? Because we live in a Democratic
Republic, I think, and there are some protections for citizens aren't there. And so we'll talk about
that. And then also want to get a sense of the incentives and the motivation at play, because it feels
like we're stuck in a prisoner's dilemma. It feels like we're stuck in some kind of a system. And
like, that's the question of how did we get into this system? And then where does it leave us? And then ultimately,
hopefully how do we change things and we might bring into play financial surveillance and how
crypto fits into all of this. So let's start with the state of this surveillance system today and
what's going on. So I will say Byron, bankless listeners are probably pretty informed internet users.
So if you tell them that they have very little privacy on the internet, the first reaction would be
like, yeah, tell me something I don't know. Like they won't be shocked, right? They're like,
yeah, of course the government is spying on me. But like, I want you to get into the details
because I don't think a lot of listeners know exactly how that happens or the scale at which it's
happening. So what is something that you would say to even the informed internet goer whose immediate
reaction is, yeah, of course they're spying on me? Like, what's something that they don't know
in terms of how it works and the level of surveillance that's going on here?
Well, one thing that seems to shock people is essentially that all of our consumer technologies
lead data in some way. And that goes right down to the tire pressure sensor in your car.
Even some professional intelligence officers were a little surprised by some of this when they
discovered this a few years ago. But essentially, when you turn on your car in the morning,
there's a little display screen on the car that says, you know, the tire pressure is 42 PSI.
And that sensor is not a hardwired sensor. It's actually a wireless sensor that transmits information
from your car tire to the central computer of your car,
and it's there for a perfectly good and legitimate safety reason.
But very clever governments have figured out,
hey, that's a unique identifier that comes off of this car.
And if we put the right sensor in the right place,
or we put something in front of a bridge or a tunnel,
some choke point that everyone has to go to,
we can collect that information.
And that's basically the case with almost every system
that we use in modern life,
whether that's the mail, right?
Like every time you fill out a change of address form, the postal service makes your data available to lots of people.
Every time you sign up for one of these loyalty cards, that corporation is going to sell off your data probably, or at the very least analyze your purchases.
Even when you're in sort of semi-closed social media sites, you know, people infiltrate these spaces, brokers, data scrapers, and they capture what they can see in these closed spaces and open spaces as well, like Twitter or X.
And even the system of delivering targeted advertising to billions of people on computers or on phones,
that system leaches tremendous amounts of data, and that data is obtainable by data brokers.
And so almost everywhere there is some sort of information or some sort of a technology,
it's generating a lot of data.
And very clever people who know how to take advantage of these systems that the public largely
doesn't quite know how they work have figured out ways to collect that data.
and in many cases to sell that data.
And governments have come along and decided to take advantage of these things,
to take advantage of systems that were never designed sort of with adversarial privacy
or privacy protection in mind and use them for sort of mass surveillance.
I want to put an image into listeners' heads, Byron,
that I think will help them kind of navigate this episode.
And this image is, we're going to have to talk about the difference between content and metadata.
And so that'll be my first question to you is like the delineation there.
But really, the idea here is of some sort of a Sudoku puzzle that governments are filling out.
And they're using metadata to fill out that Sudoku puzzle.
And way back in the day, when there wasn't that much data, citizens, users of the Internet,
still had a lot of privacy except for like the small amounts of metadata that we push around the Internet in whatever forms.
But now, with the explosion of devices that we all have, we have smart refrigerators,
We have Apple Watches, we have phones, we have our computers, we have iPads, there's metadata everywhere,
and now there's a lot more of just like data surface area for Sudoku puzzles of information to kind of get filled out.
And for governments, if they really want to, to get a pretty holistic picture of what exactly is going on in the places that they are investigating.
And so that's kind of like the image I want to leave with listeners.
Can we talk about the difference between content and metadata and the different level of protection?
that individuals have as internet goers.
Yeah, I like that metaphor a lot.
If I can just kind of complexify the history a little bit,
and maybe this will help answer your question
about the difference between content and metadata,
in the early history of the internet,
actually a lot of what was being sent along the network
was actually quite open and viewable
by people like systems administrators and telecoms, right?
Because the early internet was actually never designed
with privacy in mind,
even though it was a Department of Defense Network,
It was this experimental research network that people were trading kind of messages and research papers and unclassified stuff.
It was never really designed with privacy as the primary protocol.
But yet we've all moved our lives onto this entire network.
We do everything on it, right?
We bank.
We buy things.
We do therapy appointments.
There's all sorts of things now that we do on the internet on a system that was just never designed for this,
that was designed for Department of Defense, researchers and academics to trade some notes and some
early drafts of research papers. And so in the early days of the internet, you could actually
intercept things fairly easily. So if you were sending an email on one of the legacy email providers
like Gmail, like Hotmail, like Yahoo, can see it. If it, you know, in the early days of the
internet, even your telecom could see it. Your systems administrator could see all of this
information. And by information you mean the content, like the actual content of the letter of the
email. Like what you were saying to the person you were emailing right down to the
actual content of the message. Over the years, people have realized that this is a privacy problem,
right? That we don't necessarily want the telecom to be able to see your emails. We don't necessarily
want the guy in IT to be able to see everything that's transiting the network. So we've added
extra layers of encryption onto communications that we send across the internet. And sometimes
that's truly end-to-end encrypted. So you have services like Signal and Proton Mail where no one,
not even the people running in service, can see it. But more often, it's a
service like Gmail, which Gmail can see what you're saying, but the telecom can't. And this is where
the distinction and the importance of metadata comes into play. Because it's increasingly hard to intercept
things as they move along telecom networks, and that was the traditional way governments did surveillance,
right? That was a lot of what Edward Snowden revealed was that the government was just plucking
things off of the AT&T and Verizon network as data was transiting, and a lot of it was unencrypted,
and they could see everything. As you start to add encryption into them,
mix. You stop being able to see a lot of the content of the messages. Yeah, you can go to Gmail and
demand them, but you need to get a court order. There are some user protections around that.
There's like procedures and processes built in. But when it comes to metadata, when it comes to data
about the information that's being sent, a lot of that is still available. And, you know,
the Supreme Court, a long time ago drew this distinction between information that you share with
the third party and information that you keep private. So there are fewer privacy protections
for things like metadata.
In the context of communications,
metadata is like the address on the outside of an envelope,
and content is like what's inside the envelope.
And governments, by and large, now, today,
when they're filling out this Sudoku puzzle,
can get a lot of metadata.
It's a little bit harder to get content.
And that's what's led to this world,
that a lot of these data brokers are brokering metadata,
or they're brokering, you know, little puzzle pieces
or little signals from a device,
and you still have to do some homework,
you have to do some tradecraft to figure out how it's helpful in whose device it is or where this email came from.
But if you have powerful enough entities and a large enough budget and a big enough data center,
you can pretty much know everything about, you know, communications and people and things trying to be on the internet.
And just to really clearly define data versus metadata, I think there's a metaphor in your book where like the data in the pre-internet world,
imagine a letter, snail mail, physical letter on paper.
the metadata is the address of the letter and where it's going and where it's coming from.
And then there's even some additional metadata.
One might be able to glean from that.
Like, how big is the letter?
Like, is it crinkled and old?
Or is it brand new?
Like stuff like this.
Like cursory, data, cosmetic data that you can see from the outside, even though you can't
see the actual contents of the actual letter.
And, like, on the internet terms, this is like data packets or just like other little packages
of things that are flying around the internet.
And so while the content itself is largely private from the outside view, there's now a growing
amount of this out there to the point where like there's still a lot, a pretty solid way
to glean what's inside of the actual content. And so like I want to talk about just like a submerged
iceberg that's going on here because I think the lack of understanding that the average person
does not have is like how big this complex is beneath the surface. Like how much metadata is.
is and how big the industry is around collecting it. Can you just like illustrate some magnitude
of how big this submerged iceberg is here? Yeah. So, I mean, data brokers themselves are,
that's a billion dollar business. And then if you look at sort of targeted advertising,
which is, you know, these companies wouldn't call themselves data brokers necessarily,
but they are collecting huge amounts of data on people and they're making it available to
other parties, that's probably close to a trillion dollar industry. And then never mind
all of the tech companies, which they don't exactly broker data.
I mean, Google doesn't sell your personal information per se, but they sell access to you,
and they sell access to your data to lots of other parties who want to serve you targeted advertising.
So this is a massive, massive social project, and it's the way that a lot of content on the
internet is delivered, and it's the reason why so much is free, that there's just the payment for a lot
of these apps, for a lot of these services, for a lot of these websites, is your data.
And that data is probably not that valuable to you.
Like if you were to tally up individually how much you're worth to these companies, it's probably not worth a tremendous amount.
But in the aggregate of billions of people, you know, in their roles as consumers as people who you might advertise to or you might collect data on or you might sell data on, then this ends up being a pretty large industry.
And so, you know, you have all sorts of logs and information and data.
floating around about how devices, how people, how internet browsers, how cars are behaving.
And that data is tremendously interesting and valuable in a variety of uses. To advertisers,
they don't really care necessarily that it's Byron Tao, but they are interested in what I'm
interested in, what websites I visit, what search terms I'm trying to put into Google, what I buy
at the supermarket. All that data is interesting to them because they want to build a profile of me.
They don't necessarily care about me as an individual, you know, like by name, but they want to be able to serve relevant ads to me.
They don't care about you, your soul, but they care about you, the object.
Exactly, exactly.
Like, I can be a number to them because, you know, they could synonymize me and just call me some number and they don't have to get too deep into my personal identity.
But they want to know a lot about, you know, what that synonymized number is doing on the Internet.
But governments get very interested in this stuff, too.
and they have very, very different missions.
And there's a very interesting quote that I put in the book from a senior intelligence
community official.
And he basically said, you know, we actually kill people off of metadata, right?
We make targeting life and death decisions in the military and the intelligence community
based on sort of small snippets of information that we can glean about people, whether it's
their social network, whether it's their proximity to a known terrorist safe house,
whether it's who they're communicating with.
Those things can inform life or death targeting decisions because basically the behaviors that we all engage in reveal a lot about us who were associated with what we're doing, what we're interested in. You can divine a lot of information off of metadata. You don't have to listen to a terrorist phone call to necessarily know that he or she is a terrorist, right? If they're at a known terrorist training camp and their phone is there, that's a pretty good sign. And so you don't need to wiretap them necessarily. That's a good
data point that often that's all the military has to sort of identify that this is that person and
this is where they are and call in the drones. So where we are so far is we're talking about how
powerful metadata actually is. And it looks like in this digital world we've moved to,
it's tremendously powerful. And there are these data brokers, as you say, so there's this whole
industry of data collectors. And I think a lot of people are aware of this from sort of a,
I guess, yeah, we are the product, right? We live on the internet. So we are the product. So of course
companies are collecting data about us in order to serve us ads. I think the new part here is that
the U.S. government is actually a purchaser of that data set. And when you were just talking about
the case where there's sort of a terrorist and like the military is going after a certain individual,
for instance, that feels, I think, when you say that to someone who lives in the U.S., like a foreign
adversary type of situation, right? And I guess that's what the military is there to do in the
best of cases, right? Where it gets creepy is when they start collecting data about us. And I just want to
ask the basic question, like, why are they doing that? So let's say Google, Facebook, all of these
data brokers, tire gauge information, you know, Wi-Fi signal information, you go through
story after story in your book of all of this metadata that we are essentially leaking. And how are we
leaking it? Just by living our lives. You know, we're just trying to live our lives, right? And we're
giving off, throwing off all of this data. That's one thing if it gives us an ad that, you know,
gets put in front of us. And sometimes, you know, that ad is valuable because I didn't know I wanted
that thing. So thank you. But it's another thing if our government is using that metadata to what?
Like, so why are they collecting it on U.S. citizens? Is there a rationale there?
Yeah. So at the highest levels, all governments, like all corporations and like nosy journalists,
are trying to better understand the world in furtherance of whatever mission they have.
And, you know, government isn't a monolith, right? Government does a lot of things. Government
delivers services to citizens. It does planning, like transportation planning. It tries to fight
disease outbreaks. And data is useful in all those scenarios. A lot of the data that I talk about
that's useful for sort of military operations is also useful for benign transportation planning
or trying to understand the COVID-19 outbreak. So not everything the government does with data is sort of
necessarily scary or implicates people's civil rights. So at the highest levels, governments are
collecting this data because they're curious and they have some mission or some problem that they need
to solve. And so when you move to entities like intelligence agencies, the military, and the police,
those are entities with a lot of power to cause very serious consequences to individuals. And that's
why I focus primarily on those entities and less on the entities that are trying to figure out
where to put a bus stop or where the best route for a light rail line is. Those are important government
functions, but they have less of a dramatic impact on individuals, and they implicate less government
power. So take these government entities with these law enforcement intelligence, national security,
or public safety missions. They're all collecting this data because they have an important function
in our society. You know, the military and the intelligence community are charged with keeping us
safe largely from foreign adversaries, but domestic law enforcement entities are charged with
solving crimes and, you know, ensuring public safety. And governments are obtaining data
largely for those purposes. So you have, often the military and the intelligence community,
they're largely focused abroad. You know, certainly sometimes they acquire data sets on the United
States, but at the federal level in the 21st century, there are a lot of checks and balances
around what the intelligence community and the military do with data on Americans.
Now, what they do with data abroad, that's sort of a different question.
But, you know, domestic data, that's well protected, and there are well-established procedures
and civil rights sort of protections built into those systems.
When you talk about the police and you talk about entities like DHS or the FBI, those are
entities that have much more direct missions that are applicable to U.S. citizens.
And this is where sort of thornier civil rights questions come into play.
Like, when is it appropriate for the United States government to buy large amounts of data,
or even local governments or state governments, to buy large amounts of data to do things like solve crimes,
to do things like figure out where criminals are, to try to do surveillance, to try to prevent crime?
Those are those thorniest civil rights questions that I think are raised by this kind of data acquisition.
And historically, by and large, as I've said, we have limited the power of those entities to sort of root around in the lives of individuals because we think that's the best way to protect liberty.
And often things that traditionally require the approval of a judge, like let's take these massive amounts of location data sets that are available.
They come off of our phones.
They come off of our apps.
They come off of targeted ads.
and they show the movement of millions, if not hundreds of millions, if not billions of devices
around the world.
You know, law enforcement has started buying access to those databases.
And that data can often show things that one time they needed to fill out a search warrant,
go to a judge and say, give me some, you know, historic cell data on this person because
I think he or she has committed a crime.
And that's where sort of the civil rights and civil liberties problems really start to
compound when you're talking about government use of this data.
Yeah, Byron, it just seems like, and this is the main message of your book, and I think an
important message for everyone to hear, not just bankless listeners, but I hope the broader
society hears this, is the government doesn't actually have to be the ones collecting the data,
right? They can be a step removed from this process. All they have to do is buy it from someone
who has it. Who's selling it. Yeah. And our surveillance capitalism, like, creation, this thing that
we've created on the internet and all of the digital information pushing out,
means there are companies out there that know just about everything about what we do through metadata,
like, period. They know where we are right now from our cell location data. They know what our
internet search history is. They know everything about us. And if the government can just simply,
they don't have to collect it themselves, they could just purchase it. Well, that's like the most
obvious loophole in history. And I'm like almost surprised that we haven't connected these dots yet
as a society. But I just want to understand the mechanics of how this works. Let's say some data
broker, data provider has all of this data. You're telling me the government, FBI, let's say,
we'll use kind of like the internal domestic police type servants, DHS or FBI. You're telling me
that they can just like use our taxpayer dollars, right, and go purchase that data set on their own
citizens. And there's like nothing that would prevent them or block them from doing it. And
in fact, the companies are kind of happy because, like, they get to sell a product. Is that really
how it works? It's just like, hey, company, we want this data. Will you sell it to us? Yeah, sure.
Here you go. That's how it works. Yep, that's exactly how it works. There are these data sets on
the population, on the movement of cars, on the movement of phones, on, you know, people's home
address history or their employment, all sorts of sort of biographical details. There are large
data sets on people's social media habits and what they say in either open social media networks
like X slash Twitter or semi-open ones like Facebook and Instagram and TikTok. All of that is
available for sale and there is no legal prohibition on the U.S. government going out and purchasing
that data on its own citizens for the purposes of public safety, for the purposes of intelligence,
for the purposes of surveilling people. Now, some of these agencies,
either don't do it as a manner of policy because they sort of want to be seen as respecting
the civil rights of Americans. Some of them have very strict rules on how they acquire this data,
and some have no rules at all because in the United States there are more than 10,000
different law enforcement entities. And those range from very sophisticated, well-funded,
well-run ones with histories of abuse that are now overseen very carefully by Congress and
the executive branch to very small police departments that,
operate with very little oversight from their local governments. And so there is no legal prohibition
on the acquisition of this kind of bulk information on Americans from companies, from data brokers.
So I'm going to let David jump in here in a second, but just like it strikes me how much of a
precarious position that puts us in as citizens, because where it's basically like, you know,
a trust me bro type model that the government won't use this vast power of data against us.
Right. And we'll talk about the legality a little bit later and what like a veneer of civil liberties and laws actually protect us. But wow, that feels like a very vulnerable position to be in when we can't do anything. We can't just like not get this data collected.
Yeah. And, you know, the United States in its recent history and the lifespan of people who are alive today has experienced intelligence and law enforcement agencies going a little bit too far against domestic groups who have been critical of the government.
government. You know, you look at what happened during the civil rights movement or the anti-war
movement in Vietnam and the way that the FBI and the NSA and the CIA saw those groups as
potential threats to social order and use the tools of the state, use surveillance tools,
to monitor those groups and those individuals in ways that today we would consider unlawful
and massive violations of civil liberties. So it's not that long ago that we've seen government
power be turned in ways against domestic critics that I think today we would be very uncomfortable
with. And back then, the amount of data available on people was quite limited. I mean, today you're
talking about, you know, an entire digital dossier on almost every citizen that's pretty
exhaustive. And it's available through the corporations, the largest sort of companies in the
world have kind of assembled this information. And these tiny data brokers and data aggregators
are collecting it all from these places and making it available for sale to basically everyone.
Not, you know, they largely sprung up to cater to corporations, but the government market is a
nice little secondary market for them, and it's a nice little profit stream.
Yeah, it also keeps them on the good side of the government, too, as a nice little byproduct.
At this point in the conversation, Byron, can we introduce the topic, the concept of total information
awareness?
Can you define what this is and how it fits into this story?
Sure. So total information awareness was a program that was stood up after September 11th. And the theory behind it was basically the government actually had a lot of information about the September 11th hijackers. It knew that two people affiliated with Al-Qaeda had come into the country. It knew that there were a bunch of people that were taking flying lessons, but were completely uninterested in learning how to take off or land, which is very suspicious. And by and large, the intelligence community had a ton of information that bin Laden was trying to do something.
something in the United States. They didn't know exactly what. And so after 9-11, there was this belief
that the government actually had a lot of information already. What it failed to do is connect the dots
to weave together these threads into something that was actionable and they could do something about,
like pick up these two guys in Los Angeles or, you know, sort of stop some of these people from boarding
planes because their pattern of behavior was suspicious. So total information awareness was a
research program set up by the Pentagon. And it was quite controversial from the start. Even in the
sort of very fearful days after 9-11, this program prompted a backlash that I think was a little
bit surprising to both the Pentagon as well as sort of civil society. And essentially what they
were trying to do, and it was only a research program, it never got actually off the ground and
actually stood up and actually was running an active surveillance program. But what it was trying to do is
take all this corporate data that existed out there and things like travel records and purchase
history and credit data and address history. And we've all that data together with the government's
secret data. And what they were trying to do was look for patterns and outliers and potential
indicators of terrorist attacks and these huge volumes of commercial data. So hypothetically,
if you were to have rented a Penske truck and purchased a large amount of fertilizer and purchased a
number of hotel rooms along a route towards Washington, D.C. Each of those things individually is not
suspicious. But if a single individual is doing that, well, that might be a template to someone building a
bomb and trying to detonate it in the nation's capital. So that was the aim of this research program.
But it prompted this very furious backlash. It was bipartisan back then. This was 2003. Congress got
wind of what the Pentagon was doing. You know, ordinary Americans were saying, well, this is a giant spy
database and it's not just directed at the Middle East or all these trouble spots in the world. It's
directed at me and I'm angry about it. And so Congress actually wound down this program. And it's kind of
one of the only times where in the immediate post-911 era where the civil libertarians won any sort
of real victory on civil rights and privacy, but it was seen as a bridge too far back even in 2003,
even less than 24 months after the 9-11 attacks. And so it really sort of highlights a couple of themes
that America still is a country that's very cranky and very civil libertarian and that, you know,
this was a bipartisan effort to wind this thing down. The other theme it highlighted was the government
realized that, you know, these tools were valuable, but talking about them too publicly, letting
Congress get wind of them and letting the public weigh in too much on them, you know, endangered
their use. And so there started to be a lot more secrecy around some of these programs.
Not that they're classified, right? You can't really classify commercial data per se. But, you know,
talking about them openly was seen as a mistake and one that really prompted a public backlash.
And it was one that, you know, these government contractors and these researchers would learn from
and, you know, try to keep this stuff as much as possible from being on the public's radar.
So I think I want to bring up a metaphor here that's kind of adjacent. In 1970, there was the Bank Secrecy Act, which created this like $10,000 reporting requirement to the IRS as part of like the commercial banking layer. So any sort of transaction that was $10,000 or higher had to be reported to the IRS. And this is just like kind of similar concepts, just like, you know, we need to make sure that we're not doing any sort of like fraudulent stuff or any terrorists or any like dealging taxes, all the kind of things. And this has also kind of encroached on our privacy.
and we can debate the merits of this, but it's kind of here nor there. One thing that has happened is
that that $10,000 in 1970 is actually, in today's dollars, something like $2,300. And so there has been,
because of inflation, this creeping encroachment on surveillance with our financial transactions.
And I want to carry that same metaphor over to the explosion of metadata due to the whole, like,
explosion of devices that exist in today's world. It has been easier and easier and
easier for governments to fill in that Sudoku puzzle to achieve total information awareness,
simply because that data is free on the internet to collect by anyone. Since it's free to collect
by anyone, it is collected by anyone. And then the government now has an easier time accessing
the data they need to achieve this goal of total information awareness. Now, not every part of the
government has this goal. Only a minority of the government has this goal of total information
awareness, but when someone has it, like, we know it's achievable, which kind of the punchline of
this episode and your book is that, well, if it is so trivially easy to fill in the Sudoku puzzle
that induces total information awareness, then what is individual privacy in the world of the 2020s
in America and beyond? And so that's kind of like the question I don't really think anyone truly
has an answer to, or at least not a very good one, is like, Byron, what is our privacy level
in modern times with all the data that's everywhere? Do we have?
privacy in this day and age?
Yeah, it's a good question.
You know, I've been asked about this a lot, and I think there's two ways to see it.
One, a lot of this data is being collected under sort of the guise of being used for
corporate use cases, right?
So if you read the privacy policies of any of these services or these apps, they say stuff
like, oh, well, you know, we collect your information, but it's all de-identified or it's
anonymized, and we only want to serve you targeted ads.
And, you know, maybe it makes some noises about having to turn over data to the government in the event of a subpoena or some sort of a process.
But by and large, you're telling the population that you're collecting it for corporate purposes.
But of course, none of these companies can guarantee that.
Once data is collected, the data could be used for anything.
And so, you know, there's a view that sees this collection of data by corporations as sort of a bait and switch when governments acquire it,
and that there's not really informed consent.
And that's one way to see it.
The other way to see it is maybe the social bargain is simply being rewritten, right?
Like in the 70s, when the government decided that essentially you don't really have a tremendous amount of privacy in your bank records, right,
and that we're going to deputize the banks to do basically our enforcement for us and send us suspicious activity reports
and make them report any deposit over this amount of money, well, maybe that was a renegotiation of the social bargain that we've lived with ever since.
and maybe the same thing is happening in the digital sphere.
Maybe in exchange for all these great technological services
and the wonderful ability for us to record a podcast
over me sitting in this little booth
and you guys sitting in your homes,
maybe the social bargain is just, you know,
all these powerful entities are going to have our data,
and there's nothing we can do about it.
And, you know, I don't have a good answer.
What really motivated me to write the book
is I did want to make this tradeoff very explicit to people, right?
Because I do think corporations, in some ways,
try to minimize or hide how much data they collect on people, because I do think they realize
people do consider it a little unseemly. Yeah, they'll still download the app, but they don't love it.
And then on the government side, I think it's the same thing, that, you know, governments don't
want the population to realize how much data is out there for a collection and just how much of it
ends up in government hands in one way or another. And so it's a great question, and I don't know the
answer. But I definitely wrote this book as a way to educate people about what's happening with
data, with government power, and with corporate power. Yeah, I think for a lot of people listening
and just like, you know, the ordinary American or just like, by the way, we're using the U.S.
is the use case. I imagine this happens in Europe and just like another place in the world to
like even more dialed up. But I don't think we ever consciously made that decision to change
the social contract. It's just kind of like happened to us. And it always like favors those
centralized entities that have more power and disenfranchises.
those with less power and makes them even less powerful. And so that I think is the tradeoff to
acknowledge. I want to go back to this total information awareness because you were talking about
like the early 2000s and it seems like Congress stepped in. They did the right thing, right?
I am imagining that, and I want you to verify this from the research that you've done,
we're just all assuming there is another database out there that they don't talk about
that is basically doing total information awareness, right?
even though Congress said, no, you can't do that Pentagon, they said, okay, lesson learned,
we won't tell anyone next time. We won't make a big deal out of it and we'll go do it somewhere else.
I'm just operating under the assumption that that is the case. Is that a reasonable assumption to make?
Is that basically the assumption that you're making and the average listener should make?
So let me put it this way. Everything that that program was researching at the time has basically become reality, right?
this ability to scan large amounts of data for anomalies that exists.
They were trying to do social network mapping,
so they were trying to figure out who knows who just based on stuff like who they call
or who they associate with or who they're – the government is very good at doing all these things.
So basically all the technologies and those lines of research that they were doing
have become reality and are operationalized by the government.
On the other hand, I do think Americans are a little too cynical post-Snowden
about just how much data, you know, governments acquire.
Like, yes, they acquire huge amounts of data, but the government also tries to be thoughtful
about privacy and civil liberties.
And there really are legitimate rules in place, at least at the national level, about
when you access these things.
And I'm talking specifically about the military and the intelligence community.
These sort of big national, you know, the NSA, the CIA, the FBI, they are not perfect
entities, but they have pretty strong rules in place about,
how you use data on the U.S. population. Often you can acquire it, but you have to minimize it
or you have to do all sorts of other things. When it comes to what happens abroad, I would be a lot
less circumspect, right? I do think the United States government collects huge, huge volumes of data
on the global population due to its technological power, the fact that so much data is routed
and stored in the United States, the fact that our homegrown tech companies are global brands
that collect data on the entire planet, you can assume that the U.S. government collects huge
amounts of information about the global public. The real issue also is that not every agency is the
NSA, the CIA, and the FBI who have come under scrutiny over the years, who have had their own
abuses revealed and are very carefully monitored. When you go down to the level of state police
departments, when you go down to the level of local police departments, even sometimes the FBI,
which has a domestic mission, these are entities with a lot for your hand to acquire the exact same
amounts of data and do things with a lot less public transparency and oversight. And that's the real
sort of concern here. The other concern is that a lot of these intelligence community rules around
how you use American data, they're simply that they're rules. They can be sort of changed at any
time. They could be quietly rescinded. We don't know to what extent people violate them and how
often they're punished. They don't have the force of law in a lot of cases. And so that's another
concern, right? That we're relying on the goodwill and sort of the self-restraints of these
entities without having strong privacy protections enshrined in law about what these
agencies can do at all levels of government. Have you ever felt that the tools for developing
decentralized applications are too restrictive and fail to leverage advancements from
traditional software programming? There's a wide range of expressive building blocks beyond
conventional smart contracts and solidity development. Don't waste your time building the basics from
scratch and don't limit the potential of your vision.
Cartese provides powerful and scalable solutions for developers that supercharge app
development.
With a Cartese virtual machine, you can run a full Linux OS and access decades of rich code
libraries and open source tooling for building in Web3.
And with Cartezi's unique roll-up framework, you'll get real-world scaling and computation.
No more competing for Blockspace.
So if you're a developer looking to push the boundaries of what's possible in Web3,
Cartesee is now offering up to $50,000 in grants.
head over to Cartesey's grant application page to apply today.
And if you're not a developer, those with staked CTSI can take part in the governance process
and vote on whether or not a proposal should be funded.
Make sure your vote ready by staking your CTSI before the votes open.
Arbitrum is the leading Ethereum scaling solution that is home to hundreds of decentralized applications.
Arbitrum's technology allows you to interact with Ethereum at scale with low fees and faster transactions.
Arbitrum has the leading defy ecosystem, strong infrastructure options,
flourishing NFTs and is quickly becoming the Web3 gaming hub.
Explore the ecosystem at portal.arbitrum.com.
Are you looking to permissionlessly launch your own Arbitrum orbit chain?
Arbitrum allows anyone to utilize Arbitrum's secure scaling technology to build your own orbit chain,
giving you access to interoperable, customizable permissions with dedicated throughput.
Whether you are a developer, an enterprise, or a user, Arbitrum orbit lets you take your project to new heights.
All of these technologies leverage the security and decentralization of Ethereum.
Experience Web3 development the way it was always meant to be.
Secure, fast, cheap, and friction-free.
Visit arbitram.io and get your journey started
in one of the largest Ethereum communities.
New projects are coming online to the Mantle Layer 2 every single week.
Why is this happening?
Maybe it's because Mantle has been on the frontier of Layer 2 design architecture
since it first started building Mantle DA,
powered by technology from EigenDA.
Maybe it's because users are coming onto the Mantle Layer 2
to capture some of the highest yields available in Defi
and to automatically receive the points and tokens being accrued by the $3 billion
Mantle treasury in the Mantle reward station.
Maybe it's because the Mantle team is one of those helpful teams to build with, giving you grants,
liquidity support, and venture partners to help bootstrap your Mantle application.
Maybe it's all of these reasons all put together.
So if you're a dev and you want to build on one of the best foundations in crypto or
you're a user looking to claim some ownership on Mantle's defy apps, click the link in
the show notes.
So getting started with Mantle.
We don't want to get to what protections legally we have in place today.
But just curious, and going through this entire story, did you come across, like, swaths of evidence that the government is actively using this data to breach civil liberties, like right now?
Because I think a set of listeners is going to hear all of this and say, yeah, Byron, that's terrible.
But if they're not using it against us, then what's the actual problem here?
And I'll worry about it when I hear something in the news where, like, the government is, like, you know, systematically doing something nefarious to its population.
Did you come across evidence of these kind of civil liberties breaches?
Yeah, it was very clear that, for example, DHS was using a mobile phone data that was drawn from apps to round up people who were in the country unlawfully.
You know, a lot of those people sort of skip their detention hearings.
So it depends on sort of how you feel about immigration enforcement, how you, you know, view that government effort.
But that was certainly a domestic focused attempt to go out and find people who, you know, jumped bail on their immigration.
hearing or whatever. Again, that's a perfectly valid lawful government mission, but they were using
data that was available for purchase and data that, you know, they didn't go through the process
of going to get a court to oversee. And then, you know, there's another example. Again, it was
DHS. They were using this, again, this commercially available phone location data to sort of
surveil the United States border and look for people who are crossing illegally. And they found
one guy who would dug a border tunnel underneath the U.S. border fence and was smuggling drugs
between the KFC, like this abandoned KFC on his side on the U.S. border and some houses on the
KFC, a Kentucky fried chicken?
A Kentucky fried chicken.
They were probably linked to the cartels.
They dug a border tunnel under the fence, and the tunnel surfaced in an abandoned Kentucky fried chicken restaurant on the U.S. side.
And on the Mexican side, it was some house that was pretty close to the border.
So it wasn't even that big of a tunnel.
But to do that kind of a surveillance program, you need to acquire data on the entire
U.S. border and probably the entire U.S. population.
And there's sort of a trust us aspect to this, which is, oh, we won't abuse it.
And I don't think we know exactly what DHS did with this data.
How many times it was sort of queried improperly?
How many times people looked up their spouse or their, you know, their Tinder date on it?
And we just don't know.
And because this is commercially available data, again, there's no real sort of law around using it.
It's all policies and norms and maybe you get written up and maybe you get disciplined.
So we just don't know.
These are black boxes.
So even if you sort of approve of, you know, locking up cartel members who are digging a border tunnel or going around and deporting people who've skipped their detention or immigration hearing or their deportation hearing, you know, again, it's sort of a black box as to how this data is used.
and there's no real legal teeth behind telling these agencies that they can't query it for improper
purposes.
Yeah, and I think bankless systems will be all too familiar with just the general concept
that acutely individual instances can be done with the best intentions.
And we can have an entire generation of the best of intentions happening.
And maybe all of those events, those acute events of privacy breaches also do help the public
welfare.
Yet nonetheless, as a status quo, without strong assurances about individual.
privacy, it doesn't take too much of a change in the status quo to return best of intentions
into some sort of authoritarian control. And so that kind of brings us to the legality question,
Byron, which is just like, what assurances do individuals actually have where, like, say,
God forbid, the United States falls into the hand of an authoritarian leader and we lose our
democratic Western liberal values that we've built up for the past, like, you know, over two
centuries. And so, like, I think maybe listeners think probably intuitively that we have a right to privacy
somewhere in our laws, but maybe you could clarify how true that statement actually is. Like,
where do citizens of the United States actually get their protection for privacy? Sure. So the most
basic element of their protection from sort of government intrusion into their lives is the Fourth
Amendment. And the Fourth Amendment often, you know, requires probable cause for some sort of a
search. You know, if it's your house, usually that has to take the form of a search warrant
that you go before a judge and swear out. But, you know, if you're driving along on a public
highway and the cop smells marijuana, you know, that might be enough probable cause to search
your car. But the basic protection of the Fourth Amendment derives from this idea of this sort
of abstract notion that it has to be something that you wanted to protect and to keep private. So if you
have your drug paraphernalia out in the open, out on the seat next to you in your car,
and it's plainly visible to everyone who walks by your car, you don't really have too much
Fourth Amendment protection. However, if you keep some documents in a safe in your basement,
and, you know, that's clearly an expressed intention to keep information private. So that's sort of
the basis of Fourth Amendment law. The problem came about in the modern era when all these
corporations sprung up, first the telephone company and the telegraph and then banks and bank transfers,
you know, and so American consumers started to have to give information to these companies.
And so when you dial phone numbers on your phone, you have to tell the phone company who you want to call.
And so the phone company has a little log of what numbers your line is dialed and how long you spoke to them.
That's how they bill you for the long distance calls.
Same thing with your bank.
You have to tell your bank when you write a check what the routing number is of the person you want to pay.
And so, you know, as governments started to take advantage of things like wiretack,
tapping telephones or telegraphs before that, or acquiring bank records, there became this very
interesting legal question, which is, well, does this person have any Fourth Amendment privacy rights
in the data that they've given to a company like a bank or a telephone company? And the answer
that the Supreme Court came to in the 60s and the 70s was basically no, that, you know, you don't
have privacy protections in information you give to a third party. So in the case, in the case,
case of telephone records, the government did need a search warrant or some kind of a court order
to listen in on your phone call, right? Like to hear what you and the person you're communicating
with are saying. They need a probable cause of a crime to do that. But they don't need probable
cause to get all the phone numbers you've dialed. The same thing happened with banking records,
right? You know, the court's logic was, if you provide this information to a third party,
you've lost your privacy expectation in it. And that maybe made sense.
for a time in the 70s. But today, there's almost nothing you can do in modern life that doesn't involve
conveying information to a third party. Once upon a time, we stored all the documents that were
valuable to us in, you know, a file cabinet in our home office. Once upon a time, you know,
we spoke to people largely in person. We made doctor's appointments over the phone and then
showed up in person to the office. Things are changing, right? There's basically nothing you can do
on the internet that doesn't involve sending packets to someone else. And the problem has emerged
that this doctrine is outdated and is frankly unsuited for the modern world because it essentially
means that any time we give information to a third party, we sort of lost our core Fourth Amendment
protections in it, right? So everything you store on Google Drive or every, you know,
communicating with a therapist over a telemedicine appointment or basically the cloud.
Yeah, the cloud.
All of it.
You've lost your Fourth Amendment protections in that information because someone else can see it.
Now, again, Congress over the years has put some laws into place.
So, you know, Google can't just transfer the entire contents of your cloud to the police.
You know, we've written rules that deal with some of these technologies.
But by and large, that core Fourth Amendment protection doesn't apply to data that's in the hands of corporations.
There's some evidence that the thinking, legal thinking on this, has changed.
slowly. For example, in 2018, the Supreme Court issued a landmark decision that said, hey, actually,
people do have an inherent right to privacy in the totality of their movements as revealed through
their cell phone. And so you can't just go to a cell phone carrier and demand, you know,
a month's worth of my movement records. You have to articulate that you think that this shows
some criminal activity and you have to go get something like a search warrant. You know,
So there is a slow emergence of a different strain of thinking on this, but the courts move
at glacial pace. And by the time they get around to seriously considering a lot of these
issues, you know, maybe 10, 15, 20 years from now. And so in that intervening time, you have
governments acquiring masses of data on, you know, the population with not a ton of legal clarity on
what the future might look like on these outdated legal doctrines. Yeah, so maybe just to really just
to find a problem statement here. The Fourth Amendment actually doesn't formally state that individuals
have a right to privacy. More states that they have a right to not be searched without cause,
which is very different. And I think really the punchline of your book is talking about the way that
that Fourth Amendment has been nerfed just by the properties of modern day internet. Like,
can you be a normal citizen without having a cell phone and
internet access. Not really. You can't really operate in society without those things. And so you can't
really operate as a sovereign individual in society without giving up your privacy. And so there is no
amendment. There is no law that provides like a base principles like constitutional right to privacy.
And that's the thing that is truly missing from this modern sphere where I think everyone would
kind of agree that, you know, the values that America stands on would somewhere, somehow provide a right to
privacy from the citizens, but we're just missing that. Well, I just want to add to that, David.
So it feels very much like the founders would have added that if they thought about the internet,
could have imagined that world, if they could have think about it. So imagine the level of
information that we're talking about here to create a, as Byron put it, a dossier of every citizen.
Imagine how, like, expensive that would have been in the late 1700s. Okay? So, like,
to go figure out David Hoffman's, like, location, all of his movements, what he buys on a given
days this, like how much money he has, like where he stores all of his wealth, like what his
preferences are, who he votes for. In order to gather all of that information, you would need
like a full-time spy assigned to your house that like...
Your district, right, for your repopulation of people, yeah. Exactly. And that would just be
like not feasible. It would be too expensive. And now the economics of collecting all of that same
information have basically dropped to zero. So I think they would have added it if they could
have imagined this world, but like, that was just not the late 1700s. We haven't really revised
the thing, have we? Yeah, and the Supreme Court has occasionally flirted with the notion that perhaps
citizens do have an abstract right to privacy, that if you look at the sort of general gist of the
Bill of Rights and the Constitution, it really does maybe hint at this idea that you should be,
that largely citizens should be left alone unless there's a good reason to bother them, right? If you
look at, you know, some combination of the Third Amendment, which says, you know, the government
can't quarter troops in your house, and the Fourth Amendment, which says they can't search you,
and the Fifth Amendment, which says you can't incriminate yourself. Like, if you squint hard enough
at all those provisions in the Constitution, maybe you can come up with some doctrine that, yeah,
the Constitution does contain some right to privacy. And the Court did articulate that briefly
in the 1970s in a case surrounding marital use of contraception. So,
a married couple wanting to use birth control in the privacy of their own bedroom and the privacy
of their home. Connecticut had a law that said, you know, you can't do that. And the court said,
no, you know, the constitutional doctrine that we're going to rely on to say, you know,
this married couple can use contraception and this Connecticut law is unconstitutional is this
right to privacy. But the court has grown a little bit more doctrinaire, a little less inclined
to see sort of abstract privacy rights just floating around out there and that aren't specifically
in the text of the Constitution. And so I do think the legal world is sort of moved away from this
abstract right to privacy. Maybe it's still in our laws in some vague sense. But it's not something
you can walk into court in sight as, you know, if your rights are violated, you can't just
march in and claim this abstract right to privacy that the court articulated in the 70s.
Now, of course, our lawmakers can still write laws, right? Just because something's not in the
Constitution doesn't mean they can't address it through our legal system.
And Congress has historically actually been pretty good, at least in the 20th century, about writing privacy laws.
You know, if you look at, you know, there's pretty detailed laws about use of credit data, like data that credit cards and credit bureaus collect on us.
There's pretty detailed rules and laws around health care information.
And Congress even at one point went so far as to protect the privacy of cable television subscribers from having their information sold by cable companies.
And at one time, because a journalist went and acquired some judge's video rental history, they actually made it illegal for video stores to share people's video rental histories in the 1980s.
So Congress can write these rules if it wants to on top of our Constitution.
The problem is in the modern era, as everything has become interconnected, they just haven't done so, right?
There is no comprehensive privacy framework for data in the United States, and there have been various efforts over the years.
And essentially, we are alone among industrialized democratic countries in not having some sort of a national level privacy law that just sets out what expectations and rights Americans have when a corporation collects information about us.
And that's a huge problem in the 21st century when so much of our lives are collected by these digital services where there are just no firm rules of the road.
Byron, one other thing I want to, you know, like run by you and get your thought on or get your feedback on.
And so, you know, the crypto community, you know, the crypto part of cryptocurrency stands for
cryptography.
And so we are big believers in, you know, let's do everything we can in Congress and on the
legal side to protect civil liberties.
There's also some things we can do on the technology side of things, and particularly
this encryption thing.
So imagine the world where you have no Fourth Amendment protections for your data when it
goes to the cloud.
And that is not only true for the metadata, but also all of the world.
but also all of these companies can just read the contents of your email messages, right?
Fortunately, we have fought some wars in the past to maintain encryption.
And if you ran across in some of your studies that the early 1990s and what we call
the kind of the Crypto Wars 1.0, where there's this thing called PGP encryption, pretty good
encryption, and it was on the munitions list, export list.
Like, this is a weapon type of technology, and we can't actually export it outside of the U.S.
and basically, you know, SSL, HTTP technology was illegal.
Fortunately, this kind of thing got overturned, but there were cryptographers like, you know,
Philip Zimmerman who were actually like, you know, potentially going to be brought to court
over these types of things.
And it was kind of like the surveillance state pushing back and saying, no, we want a backdoor
encryption, right?
We want clipper chips.
And so you could do encryption in air quotes, but we just want a way to like see into it.
And we don't have to tell anyone else.
It'll just be our kind of thing.
So one tool, I guess I would say, in addition to the law and the Constitution and Congress
and all of these things that I feel like is in the hands of the people is actually encryption,
a defensive tool.
And that's the reason we're so passionate about it because it gives max power to the defender.
And even the NSA with all of their resources cannot like hack and brute force attack something
that is strongly encrypted.
What are your thoughts on that in general?
The idea that, you know, part of the solution here is let's just get.
cryptography in the hands of everybody. So maybe the protection that you're talking about on metadata,
right, is like we encrypt the contents of our message. Maybe we can also encrypt the metadata,
too. And then it's not up to, you know, whether agencies can see it. They just have no ability
to see it. So we don't have to trust them any longer. Do you have any thoughts on that take?
Yeah, I think encryption is a very, very important tool, you know, for people who care about privacy,
for people who want some security in their digital lives, encryption is incredibly important.
And, you know, it's funny. There's actually an anecdote in my book about this metadata,
encrypting the metadata question. And, you know, it kind of worked out in a surprising way.
So one of the things Snowden revealed, you know, in the slides that got leaked and in some of the
news reports that were published, were that essentially these ad networks that are on all of our
phones were sending the metadata for ads unencrypted.
So if you were tapping the Verizon telephone system or the international cables that connect continents, which the U.S. government and its allies were, you could read all the metadata from ad networks.
And so you could see when somebody opened Angry Birds, for example, or whatever app was popular at the time, just because, you know, when you open Angry Birds, it would send some message back to its server.
And if you were in the right place and you could intercept the information, you know, you could say, oh, this particular device opened Angry Birds.
right now. That was just the power you had. That is so crazy. Yeah, monitoring the fiber optic cables
network. Now, after Snowden, a lot of these tech companies were like the NSA is doing what? So they
encrypted the transmission of metadata. So a lot of these ad networks now don't send internet information
on the open web. However, at the same time, or around the same time as these companies were adding
encryption, so very clever defense contractors figured out, hey, we could just buy the exact same
from a data broker, right? The data broker is now inside the ad network. They're seeing all
the bids. They're seeing every time someone opens Angry Birds, we've got to serve them an ad.
We're in the network and we want to bid on it, but we can actually save all the information that
even if we lose the bid, you know, we can save all the phones that are opening Angry Birds all
the time. And so the government just started buying this data. So encryption is very, very important,
But, you know, it doesn't sometimes solve the fundamental surveillance capitalists or motivations of some of these companies and these clever government agencies that find the exact same way to do something through a commercial arrangement.
But I would say that for people who, especially on the content side, you know, I'm very, I use a lot of encrypted technologies.
You know, I love signal.
You know, I message and WhatsApp aren't perfect.
They are encrypted.
Apple can't see your communications.
Facebook can't see your WhatsApp communicate.
I do use proton mail frequently. I have a Google account, but I try to primarily use an
encrypted email account. None of these things are perfect, right? Your device could be hacked. You can
lose your password. There's all sorts of, you can be socially engineered. There's stuff, it's not a
100% panacea for everything, but it certainly will give you a lot more privacy and a lot more security
than the alternatives. And, you know, the funny part is that law enforcement complains constantly
about encryption. And, you know, they say, well, it's going dark and all this stuff. But if you were to
honestly give them some truth serum and say, you know, are crimes easier to solve in 2023 or 1992?
I think they would have to conclude that even if the criminal is using encryption, I'm pretty sure
crimes are easier to solve today because there's just more information out there. You know,
think about the O.J. Simpson case. There'd be, you know, forget the glove or, you know, there'd be
logs from his nest thermostat and his ring doorbell and the car would have, you know, logs about
when it was turned on. It would be very possible to convict OJ. Simpson today, based on all the metadata
that the, you know, smart homes and cars and devices all generate in a way that wasn't true in
the 1990s. And so, you know, encryption is very, very important as a technology and a tool. And, you know,
for people that care about their privacy, I would strongly recommend encrypted services.
Byron, I think if you got them on that truth serum, not only would they say that, they'd also confess to fully encrypting all of their stuff. They are using encryption. They are not going to allow their stuff to be unencrypted as well. I mean, they want these civil liberties too.
That's exactly right. And it's actually, it's funny because when I was doing this reporting on the government's use of data brokers, I stumbled onto this amazing, like, 300-page FBI document that was like an exhaustive list of how to opt yourself out of every data broker.
and how to set up your phone to be super anonymous.
So government agencies, people that work in these government positions, they know darn well
just, you know, how much information.
More than anybody, I'm sure.
And they are enthusiastic adopters of opting out of data brokers and making sure their
phone emits very little, if any, digital exhaust.
Are there any just like tips and tricks that you have?
I know you talked about using proton mail, using signal, but either other additional things
that you use or things that you've heard other people who are highly informed. Any other tricks that
you can care to share? Yeah, I mean, philosophically, I would say that if you're uncomfortable with
the social bargain of paying in your data for services, then, you know, I would return the internet
to a more basic arrangement, which is just to pay for the service that you find valuable. You know,
I actually pay a few bucks a month for proton mail because I think it's a useful and valuable
service and it cannot monetize my data. It needs to survive in some other way. You know, I donate a
few, you know, like two or three dollars a month to signal. Again, this is a nonprofit organization. It's a
tool I rely on. I want to support it and I want to make sure that it's a thriving business. And,
you know, a lot of these companies that collect data actually, you know, they're not necessarily evil.
They're doing it because there is some public resistance to paying money for things on the
internet. And it's not free to make software. You know, it's not free to pay coders. It's not free to
rent the server space. It's not free to have a lawyer and an HR person to draw up a privacy
policy and to onboard people. None of this is free. I think there's this sort of techno-utopian
notion on the internet that, hey, we can all just have volunteers writing open source freeware.
Well, that's not how it's shaken out over the past 30 years. So if you are uncomfortable with
this world, I'm not saying that paid services never spy on you or never exploit your data,
but it at least moves the internet towards an arrangement where, you know, we've returned to the basics of capitalism, which is, you know, you give me something I find valuable and I give you money for it. Beyond that, you know, I would just be generally careful about, like, permissions. Permissions are very important. You know, you don't need to give every random app access to your location. If you're in the Apple ecosystem, you know, Apple actually makes it very easy to say, oh, okay, I want an Uber right now.
allow once or I'll allow when I use the Uber app, but not 24-7. You can do that with your weather
apps or you can just type the location where you're at. So be careful about these permissions
because people... Why that's not standard is beyond me. Right. And people are like giving these
random apps from who knows what developer access to their photo rolls, their calendars, their
contacts. A lot of that's valuable information. I mean, you may have some very sensitive things
in your photo role or on your calendar. If you know, if you're a
journalist, it shows who you're meeting with. So do you really want to give, you know, some developer who,
you know, people don't have a sense that, like, a human can look at it, but they can, right?
Like, if you give permission to some app to look at your calendar, like a person could look.
Are they? Probably not, but they could. So that kind of being careful with permissions, I think,
is super valuable. And, you know, there's like all sorts of ad blockers and VPNs. If you want to go
down that rabbit hole, there's great resources for it. There's books by this guy.
Michael Bezell, the privacy community on Reddit is actually super active and is generally a pretty
smart group of people. There are all sorts of places you can go if you really want to get advanced
on some of this stuff. But the basics are just to be careful with what you put on your phone and
definitely be careful about the permissions. It's hard though. It's bad user experience. It takes
time. It's more difficult to do this, right? Privacy is bad UX. And this is why I think like most
people don't and because we haven't seen like the really bad experience of it being exploited in a way
that feels very, very threatening, at least up to this point. So I think a lot of people just don't do it.
I'm curious at this point of the conversation, we primarily been talking about the U.S. I was wondering,
Byron, if you've explored outside of the U.S., right? So there's an element of, I don't know if it's
worse in Europe. You mentioned maybe there are some better privacy, like, rights there, but like maybe it's
like worse in Europe. I don't know. And then I think about other countries like, man, if it's like this
in the U.S., which at least has a history of protecting civil liberties in these ways. What's it like
in, you know, Russia? What's it like in China? It does not have a history of these types of things,
or it's just kind of a constitution that, you know, purchase civil liberties anywhere near
the same way. Do you have a commentary on outside of the bounds of the U.S.? What's going on?
I do, and I'm glad you asked. And I focus my book on the U.S. for two reasons. One, as you say,
we're a rule of law country, and we have historically, you know, protected civil rights and civil liberties
by limiting government power. So, you know, I focus on the U.S. because it's, you know, my home country,
it's where I grew up, it's what I know the best, it's what I cover. But, you know, absolutely,
all of these things and all of these concerns are equally applicable to foreign governments
and, in fact, are probably more applicable to foreign governments. Now, if you're, you know, a dissident,
if you fled an authoritarian country, if you have spoken out against an authoritarian country and you
live in the United States, these foreign governments can get these exact same data sets.
And the U.S. government is very aware of this, that even as they use these data sets for their
own lawful mission, that they are very, very, very concerned about how China and Russia and other
adversaries can acquire data on our population. And that's why you've seen in recent months,
the Biden administration and Congress both sort of take some very strong actions to try to crack down on the flows of data to these countries.
And again, they can do the same thing to their domestic population, right?
That, you know, authoritarian countries with good cyber intelligence programs acquire this kind of data.
You know, there's ample evidence of this that other countries are aware of these capabilities.
You know, Israel's not an authoritarian country, but they do collect this data.
there are three Israeli vendors that sell it. And we don't quite know the extent to which they
sell the ability to collect large amounts of, say, advertising data to other countries. But
these vendors exist. There's been reporting on them. And I've talked to plenty of other
national security officials that say, yeah, China gets these data sets. Russia gets these data sets.
Well, wait, wait, wait. Can the data brokers sell the same information, like domestic information
about U.S. citizens? They could sell that to the U.S. government. This is what this entire
episode's been about. And, like, that's crazy enough.
You're not telling me those brokers can also sell them to foreign countries.
Oh, yeah.
What?
Absolutely.
Well, until recently, the Biden administration passed an executive order that says, you know, certain countries of concern, which I believe they're probably going to designate China or Russia and North Korea and a few others, there is a prohibition on transferring data to entities in those countries or connected with their governments or their sort of civil society.
And so there are rules coming on this, but until very recently, perfectly acceptable for a data broker to sell to the Chinese Communist Party's Ministry of State Security or whatever.
Now, maybe they wouldn't, right?
Just out of an abundance of caution.
And honestly, probably the Chinese government, if they were doing this, and they almost certainly are, according to my sources, would probably be a little more clever about it, right?
they'd probably set up a company in Cyprus or in Singapore that they owned ownership stake in,
and the data would, you know, you'd contract with that company for advertising purposes,
and then the data would flow to China after that.
And the vendor would be none the wiser.
But, I mean, as far as I know, there was no legal prohibition on selling this data to foreign adversary governments
because it's a commercial product, right?
There's no restrictions on this data as of right now, unless you're talking about, like,
video rental histories and some other very narrow categories of stuff. But data that you've legally
licensed and you've legally or sort of legally collected, I mean, that's fair game in almost
every circumstance. Maybe one more punchline that I'd like to leave listeners with is that in
China, the CCCP has like a very different relationship with its own tech sector than what we
have in the West. Like it's a much more formal integration between the state of China and the
tech sector of China. Like certain tech startups in China are actually just like,
formally endorsed, supported, financed even by the actual government to help, like, boon their own,
like, you know, GDP and capitalistic growth and, you know, capitalism over there. But also,
these are, like, basically, like, close to state-run facilities just with some capitalism also built in.
So, like, very formal, intimate integration between China's tech sector and the government.
And why are you laughing, right?
I think I know what you're about to ask, David. Go ahead.
Yeah. Well, inside of the United States, we have a little bit more freedom.
a little bit more protections, a little bit more laws, separation.
There's a separation of Silicon Valley and the United States government.
Famously, like, these two entities don't really like each other.
But also nonetheless, with these, like, data broker middlemen,
with all of these capitalistic incentives,
the United States has just like one of many buyers of data.
I'm wondering, is there really all that much of a difference between the United States government
and, like, the tech sector and what China has?
It's like, do we have the same thing just with extra steps?
Yeah, exactly.
It's actually a great question.
And it's one I've thought a lot about.
Now, the caveat is I'm not an expert in China.
Sure.
But I've tried to do a little bit of reading as a layperson and a researcher about how things work there.
And if anyone's interested, there's an excellent book by my former colleagues at the Wall Street Journal called Surveillance State.
I think it's Josh Chin and another colleague of mine wrote that book.
And, you know, basically the thing I think is happening here is that the amount of data on,
the average Chinese citizen, the average American citizen, probably isn't wildly different.
And what's different about China is that it's taken a step of taking all this corporate data
and forcing or compelling these companies to weave it in one giant database,
and they push that straight down to the level of kind of the local public safety's police departments.
Now, America has a lot of data that's out there for sale on us,
but more data in America is locked up in private databases, and not every company sells data on its users.
Many companies, while they have data on their users and could turn it over upon request or upon getting a court order,
they don't just blanket, give it to the government, right? Google doesn't give backdoor access to everyone's Gmail account to the United States government.
Now, it has to comply with certain warrants. The government can go get that data under certain circumstances, but it's not just a data dump.
So America hasn't quite gotten to the point of weaving together these huge amounts of databases,
and it certainly hasn't gotten to the point of just pushing it down to officer-friendly at your local precinct station.
And the other thing that's important to say is, you know, while we are trending in similar directions on sort of data collection for public safety and intelligence,
America is still a rule of law country, it's a democracy.
China is not.
China's an authoritarian country.
It's credibly been accused of genocide and Xinjiang.
And so we don't want to compare kind of the systems directly. We just want to talk about sort of data collection. And so there's no moral equivalence between these countries. But yes, the trends are not that different. We are trending towards governments having more power, more information, and for citizens to be subject to much more monitoring than historically they have been.
Byron, this has been great. As we start to close this out, I just want to get your insight into some of the challenges we're maybe facing in crypto. I know that financial surveillance is kind of
a subset, like a narrow subset of all of the different surveillance that you cover. You talk about
communication surveillance, obviously location surveillance, all of this various metadata. But
financial surveillance is kind of top of mind for crypto. David was mentioning the bank
secrecy acts like earlier. And obviously, that has continued to squeeze and constrict.
And one thing that we often talk about is with the world of digital money, we don't even
have the same privacy protections as we did with cash. Like cash is going away. But think about
what you actually had with cash. Number one, it was peer to peer. So you didn't have to go through
a third party at all. And also, it was private. Right? So, like, no one kind of, like, knows
whether I gave you a $20 bill or not. It's completely private. And you lose that when cash is
converted into sort of the digital realm. So part of what we're trying to do is preserve some of that
freedom in crypto. But we forgot to do one thing, which is make the blockchain itself completely
private. And so we run into the situation where we actually, we have our own set of
of data brokers, where if I'm moving around Bitcoin or if I'm moving around some ether and all
of my transaction activity, it's actually on a public ledger. Like, you can go see. Now, I'm pseudo-inonymous,
so no one necessarily knows it's me, but a whole bunch of parties do. So like the exchange that I'm
using do, there's companies, data brokers, like chain alias that you were talking about a digital
dossier. I'm sure they have a digital dossier of everybody listening to bankless right now in
terms of like at least a user ID. Maybe they don't know your name, but they probably do. And they
know your assets, they know your transaction history. Like we've leaked all of this data. And
Byron, in the places that we have tried to preserve encryption technology, so privacy layers,
we have open source developers actually getting rested, almost like Philip Zimmerman style
Cryptoys 1.0. Basically, court cases saying you can't encrypt, you can't have peer-to-peer
transmission of value of data. So there's a court case called Tornado Cash. Now, I don't expect you to be
familiar with all of these details. And, you know, like, of course, because this is sort of, you know,
deep bankless topic. But I'm just wondering, do you have any, I guess, advice for us? Do you have any
just thoughts to kind of leave the crypto community with with respect to financial surveillance?
And, yeah, and just any thoughts on this? Well, it's funny you mentioned chain analysis because one of the,
I think the founder of it actually came out of one of the programs I write about in
my book, I think he was working with the FBI on one of these data broker programs right after 9-11
and moved into the crypto space. Yeah. So, you know, it's a very, very good question. And I'm not a
crypto guy. It's not a topic I'm deeply familiar with. But I have thought a lot about financial
privacy and the ways, as David said about the Bank Secrecy Act, the ways in which over the last
50 or 60 years, people have been conditioned to give up their financial privacy and to not have any
expectation in the financial, like that their financial transactions stay private. And that's been
supercharged by technology like Venmo and instant transfers and all sorts of other things. And so,
you know, it is a demonstration of the fact that, you know, over time, if people don't sort of assert
these privacy rights, if they don't push back, if civil society doesn't sort of stand up and
challenge some of these things, that yes, like an entire industry, an entire aspect of
people's lives can be swallowed up and no longer do people have any real expectation of privacy.
And in 2024, if you say that you think the Bank Secrecy Act or the requirement to file a
suspicious activity report is privacy violation, you're largely seen as a crank.
But, you know, by and large, this is true that our financial privacy, you know, has been sort
of whittled away over the years. And the same thing could happen in other aspects of our lives.
You know, you have seen pushes from companies who want to scan people's devices or run algorithms on people's email accounts and, you know, geo-fence certain places and deem everyone who enters sort of suspicious. You know, all of these things are things that today civil society pushes back on. But, you know, in 20, 30 years, I wonder what the state of privacy will be in these other areas in our society. So I think that's the big picture thought I have on that question.
Overall, Byron, understanding what you know and having learned what you've learned, just are you optimistic or pessimistic about just the future of our rights as users, as internet goers, as individuals inside the United States as it comes to privacy?
You know, it's a good question. I mean, by nature, I'm a cynical person, and if you look at the long arc of, you know, the ways in which governments access data, the arc bends towards government access to data. At the same time, you know, these are real social questions that I think we as a society to ask ourselves. And I do think the fundamental civil liberties and civil rights issue of the 21st century is going to be, where do we set the dial on government access to private stores of information, right? I don't.
think the correct answer to it is to set it at zero or the government gets access to nothing,
but also setting it at 100 isn't acceptable either. And so where you draw lines, what rules
you put into place, how companies and governments and civil society and citizens all make choices
about, you know, where they put their data and what rules are required and what procedures are
required to access it. These are very, very important questions. And I think, you know, my book was
aimed at prompting a discussion about them, but I don't have great answers.
Well, Byron, you did a fantastic job. This is really the first step in this battle for hearts and
mind is to just make people aware, just educate them on what's going on.
Hopefully, they can kind of like see the tradeoff and fight for privacy in the officials
they elect and the laws they support and this kind of thing. So thank you so much for doing more
of that today and educating the folks at Bankless. We greatly appreciate it.
Thanks so much for having me.
Bankless Nation, the book that we talked about today is called
called The Means of Control, how the Hidden Alliance of Tech and Government is creating a new
American surveillance state. Absolutely a fantastic book. You have to check out and send to your friends.
And I will end with this. As usual, crypto is risky. You could lose what you put in. But we are
headed west. The futurist in crypto, at least I hope it is. This is the frontier. It's not for
everyone. But we're glad you're with us on the bankless journey. Thanks a lot.