All Your Data Are Belong To Us

Back in the days before general availability of the Internet, an Engrish phrase found its way into geek history through the 1992 European release of Zero Wing, a Mega Drive port of an arcade video game. The phrase, just seven words long, read "All your base are belong to us", and this grammatical error in translation has survived 25 years of memedom. Most people will probably not remember where the phrase came from, but they'll certainly understand the intention. This broken English popped into my head while listening to Episode 1154 of Phoneboy Speaks, where Dameon was talking about how an American judge ruled that police can force a person to reveal the passcode for their mobile phone. The first thought that crossed my mind was "I'm surprised it took this long", but the two immediately after were — naturally — questions: "At what point is it acceptable for a person's entire digital history to be usurped by local law enforcement or a government?" and "Do we own our data?"

All Your Data Are Belong to Us

Our digital devices carry an incredible amount of information. Far more than most of us realize. With just my phone, the local police department would be able to determine where I've been every day for the last few years, who I've interacted with, my relationship with those people, email histories, message histories, GPS locations for at least 6,000 occasions1, plus a bunch of other data that could make my life a complete and total open book. Add to this the information stored on my encrypted notebook and mostly-encrypted 52TB NAS, and there's very little about me that a dedicated team of investigators couldn't figure out.

A lot of people might shrug and say "who cares? Nothing to hide, nothing to fear!" and move on to something else, but Dameon was right when he said that this is pretty much forcing a person to testify against themselves. Not every country in the world provides its citizens or visitors with the same rights, but there are general rules about what can and cannot be used as evidence. The problem is that our electronics reveal so much about us that it's easier to simply take possession of these tools and extract the information desired instead of following procedures, obtaining subpoenas, and requesting information the old fashioned way. If a person is not permitted the right to keep the data collected by their personal electronics locked, then does a person have the right to own data? If the answer is "yes", then a subpoena should be required before any sort of data extraction takes place. If the answer is "no", then people need to start asking themselves if it's worth having data at all.

Poof!

Following the trends that local and federal governments around the world are taking in the name of "keeping citizens safe", we're likely to see nations that once touted the freedom of their people remove the right to digital privacy. The United States and several European nations have strongly lobbied to have encryption protocols without backdoors deemed illegal, and people are arrested and compelled under all sorts of dire circumstances to reveal passwords to authorities in the name of "fighting terror". There's no reason for why, by 2022, people won't understand that if they're arrested, they'll need to unlock their phones and laptops and hope like heck nobody finds anything that might be twisted and used against them in a court of law.

Our own property will be used against us regardless of whether we are guilty or not, and the data copied from our devices to law enforcement systems will most certainly not be destroyed after a person is found innocent of all charges. No … that won't do at all. Especially if the police are trying to build a case against activists who are starting to rock the boat a little too much.

But what are the options? Sure, we could decide to not own modern cell phones and laptops and live off the grid, but this just isn't very realistic anymore. Instead what people need is the option to have their electronics in a perpetual "default" state, where information is destroyed locally as soon as someone is done using an application, and the hardware must be fully capable of playing ball with the software.

While out for my afternoon walk I started thinking about what a cell phone that was almost always in the default state would look like from a software point of view. Anonymous VPNs would need to be in place right out of the box, and the network adapters would need to randomize the MAC address every time it connected to a network. Applications would need to always be wiped on close and, in the case of browsers, tabs would need to be impossible. Everything would have to operate in a single window, otherwise cookies and LocalStorage tokens couldn't be saved long enough to use social services like Twitter and Facebook. People would have to get used to using complex passwords for every service and sign in every time they open an application, and the phone would need to essentially disconnect from the cell towers unless it's being used for outbound traffic. Also, if there is a camera on the device, photos would need to be instantly stored somewhere online as local storage would be impossible.

With a device like this, you could surrender it to authorities and they'd have almost nothing to go on without subpoenaing the phone company and 3rd-party services to provide data, which is what they should be doing if a person was arrested for a serious crime. A laptop would need to work effectively the same way, and there are very secure flavours of Linux that already do much of what I outlined above. Is it ideal? Not in the least. It does, however, make it harder for an untrustworthy law enforcement or government agency to take a digital snapshot of your entire life and keep it forever.

But is it worth it? Is this something that enough regular people would consider doing to send a very clear message to the authorities? Our right to privacy and our right to not self-incriminate are key elements of citizenship in many of the world's countries. Will bad people do bad things and use computers to coordinate these activities? Absolutely. Will good people do good things and use computers to coordinate those activities? Absolutely. But to treat everyone exactly the same, revoking any semblance of agency we have over our own data, is lunacy.

The concept of privacy is not a blanket statement to mean that nobody can access our private lives or details. Privacy is our right to choose what we share and how we share it. Losing the ability to refuse a demand for our passwords is essentially the end of personal data ownership which would then lead to the obvious question: if we don't own our data, who does?

I, for one, would not be comfortable with a government owning all of the rights to the 1s and 0s I generate. It's a recipe for disaster.


  1. I have over 6,000 photos on my phone, and the operating system attaches GPS coordinates to each photo.