By now you’ve almost certainly heard the news of Apple device IDs stolen from an FBI laptop, and I’m already seeing the start of the predictable “police state” outcries. Anyone who believes the United States in 2012 is yet very close to a police state demonstrates a poor grasp of what police states through history have been like, but a country can compromise away its freedom by granting the state ever broader powers of surveillance and detention by convincing itself that those powers will only be used against bad people. The definition of “bad people” has a tendency to get ever broader over time, too.
But Marco Arment makes an interesting observation:
This is exactly the information that an ad network would want to collect. And in order to get stats from 12 million devices, it would probably need to be from a set of popular, free apps… where you’d probably see ads. Apple and the carriers probably weren’t involved at all.
And, he suggests that the “AllClearID” application, “the leader in identity theft protection,” is a likely culprit: they have a partnership with the National Cyber-Forensics and Training Alliance (NCFTA)—the group that’s actually referenced in the filename of the leaked IDs.
The thing that I find significant here, and that hasn’t been touched on much in the reporting, is that the NCFTA is a non-profit, but they’re not a government agency. They’re a private organization, founded on the “fundamental acknowledgement" that "industry stakeholders own the most significant intelligence pertaining to cyber crimes as well as some of the best subject matter experts to quickly identify and analyze this intelligence."
They’re probably right.
We absolutely should be worried about government spying on our data networks. But the scenario Antisec’s hack presents us with is a private organization collecting this information. We don’t know what other information the NCFTA or similar groups are collecting. Or, for that matter, what corporations are collecting. Unless you live completely off the grid, there’s enough data about you out there to form a picture of not just your census-style demographics but everything from your political affiliations to your porn habits. For all of the worries about the NSA’s vast data monitoring, sifting and collecting abilities—which, again, are very valid worries—the data collection that goes on in the private sector already should be pretty damn worrisome, too.
There’s an idea, popular with a lot of the techno-libertarians out here in Silly Valley, that if you remove the state from the equation things would get better on this front, by “reducing government interference.” This strikes me, though, as the height of naïveté: when they invoke the phrase state power in their most ominous voice, they always focus too much on state and not enough on power. Private spies cooperate with agencies like the FBI because it’s a means to an end. If you remove the state from the equation, what happens? The private entities keep entirely unfettered access to the data, now without even a fig leaf of accountability. And some of these entities have just as much—if not more—influence over our day-to-day lives than state agencies do. The government’s failure here doesn’t stem from their interference with the market—it stems from them interfering for the wrong side.