Dear Dr Lessig, end-point hardware and procedures are law as much as code is

In a recent blog post, Dr Lawrence lessig says:

Think about this practically. Cyberanarchists notwithstanding, it was clear even in 1999 that there would be government and surveillance in cyberspace just as in real space. But the potential was that it could be better. Not just better only in finding the crook, but in not invading privacy. An FBI agent listening to a telephone call is always tempted to wander or misuse. S/he is human, and bad is in our blood. A computer sniffing for signals of crime only wanders as far as the code allows. And so the key is how and whether we regulate how far the code can wander—and do so both in law and in code.

We don’t know yet whether Snowden is telling the truth. Lots of people have denied specifics, and though his interview is compelling, just now, we literally don’t know.
But what we do know are the questions that ought to be asked in response to his claims. And specifically, this: Is it really the case that the government has entrusted our privacy to the good judgment of private analysts? Are there really no code-based controls for assuring that specific surveillance is specifically justified? And what is the technology for assuring that rogues paid by our government can’t use data collected by our government for purposes that none within our government would openly and publicly defend?

Because the fact is that there is technology that could be deployed that would give many the confidence that none of us now have. “Trust us” does not compute. But trust and verify, with high-quality encryption, could. And there are companies, such as Palantir, developing technologies that could give us, and more importantly, reviewing courts, a very high level of confidence that data collected or surveilled was not collected or used in an improper way. Think of it as a massive audit log, recording how and who used what data for what purpose. We could code the Net in a string of obvious ways to give us even better privacy, while also enabling better security.

Dr Lessig, I could not agree with you more, we’d better trust code (or better intrisically transparent telematics) to spy us rather than NSA agent or contactor.

That’s exactly what our User Verified Social Telematics project is aiming to achieve, but it won’t be enough to have intrisically effective control on code, but we need intrically transparent control over end-point hardware and procedures as well.

We should therefore talk about “telematics is law” rather than “code is law”

In a recent blog post, Dr Lawrence Lessig says:

Think about this practically. Cyberanarchists notwithstanding, it was clear even in 1999 that there would be government and surveillance in cyberspace just as in real space. But the potential was that it could be better. Not just better only in finding the crook, but in not invading privacy. An FBI agent listening to a telephone call is always tempted to wander or misuse. S/he is human, and bad is in our blood. A computer sniffing for signals of crime only wanders as far as the code allows. And so the key is how and whether we regulate how far the code can wander—and do so both in law and in code.


We don’t know yet whether Snowden is telling the truth. Lots of people have denied specifics, and though his interview is compelling, just now, we literally don’t know.
But what we do know are the questions that ought to be asked in response to his claims. And specifically, this: Is it really the case that the government has entrusted our privacy to the good judgment of private analysts? Are there really no code-based controls for assuring that specific surveillance is specifically justified? And what is the technology for assuring that rogues paid by our government can’t use data collected by our government for purposes that none within our government would openly and publicly defend?

Because the fact is that there is technology that could be deployed that would give many the confidence that none of us now have. “Trust us” does not compute. But trust and verify, with high-quality encryption, could. And there are companies, such as Palantir, developing technologies that could give us, and more importantly, reviewing courts, a very high level of confidence that data collected or surveilled was not collected or used in an improper way. Think of it as a massive audit log, recording how and who used what data for what purpose. We could code the Net in a string of obvious ways to give us even better privacy, while also enabling better security.

Dr Lessig, I could not agree with you more, we’d better trust code (or better intrisically transparent telematics) to spy us rather than NSA agent or contactor.

That’s exactly what our In a recent blog post, Dr Lawrence lessig says:

Think about this practically. Cyberanarchists notwithstanding, it was clear even in 1999 that there would be government and surveillance in cyberspace just as in real space. But the potential was that it could be better. Not just better only in finding the crook, but in not invading privacy. An FBI agent listening to a telephone call is always tempted to wander or misuse. S/he is human, and bad is in our blood. A computer sniffing for signals of crime only wanders as far as the code allows. And so the key is how and whether we regulate how far the code can wander—and do so both in law and in code.

We don’t know yet whether Snowden is telling the truth. Lots of people have denied specifics, and though his interview is compelling, just now, we literally don’t know.
But what we do know are the questions that ought to be asked in response to his claims. And specifically, this: Is it really the case that the government has entrusted our privacy to the good judgment of private analysts? Are there really no code-based controls for assuring that specific surveillance is specifically justified? And what is the technology for assuring that rogues paid by our government can’t use data collected by our government for purposes that none within our government would openly and publicly defend?


Because the fact is that there is technology that could be deployed that would give many the confidence that none of us now have. “Trust us” does not compute. But trust and verify, with high-quality encryption, could. And there are companies, such as Palantir, developing technologies that could give us, and more importantly, reviewing courts, a very high level of confidence that data collected or surveilled was not collected or used in an improper way. Think of it as a massive audit log, recording how and who used what data for what purpose. We could code the Net in a string of obvious ways to give us even better privacy, while also enabling better security.

Dr Lessig, I could not agree with you more, we’d better trust code (or better intrisically transparent telematics) to spy us rather than NSA agent or contactor.

That’s exactly what our User Verified Social Telematics project is aiming to achieve, but it won’t be enough to have intrisically effective control on code, but we need intrinsically transparent control over end-point hardware and procedures as well.

We should therefore talk about “telematics is law” rather than “code is law”

Rufo Guerreschi