We need a Theia
Some prophecies come true.
For example, Shoshana Zuboff’s third law: In the absence of countervailing restrictions and sanctions, every digital application that can be used for surveillance and control will be used for surveillance and control, irrespective of its originating intention.
She forecast that in 1989, with In the Age of the Smart Machine. Then she reported on its effects in 2018, with The Age of Surveillance Capitalism.
The business model of surveillance capitalism is tracking-based advertising, which the trade calls adtech. It works by spying on individuals using social media, and by placing tracking beacons in people’s browsers and apps. In social media, the idea is to drive up “engagement.” In browsers and apps, the idea is to use surveilled personal information to aim ads.
As a direct result of adtech, bulwarks of civilization, such as democracy and journalism, are being weakened or destroyed by algorithmically-driven tribalization and other engaging but icky human tendencies. Also, by funding the spread of false (but engaging!) information during a pandemic, adtech has contributed to the deaths of countless people.
All just so we can be advertised at. Personally.
Facebook and Google are right and easy to blame; but the whole adtech fecosystem is a four-dimensional shell game with thousands of players. It’s also so thick with complex data markets and data movements that there is also no limit to the number and variety of vectors for fraud, malware, and spying by spooks, criminals, political operatives, and other bad actors. It’s a dark world where anyone can create or steal mindshare, hack beliefs and opinions, sow doubt, spread hate, turn friends and families against each other, drive otherwise calm people into mobs and violence — all while journalism and democracy fail to affect the cause. But, take away adtech and most of that shit doesn’t happen.
So, what to do?
Regulate it? We already have that with the GDPR and the CCPA. And what have those given us? Well, thanks to the GDPR, we are now mere “data subjects,” while the “data processors” and “data controllers” are the sites, apps, and services of the world. What privacy we enjoy is at their grace, and valved only by whatever we do when confronted by cookie notices at their digital front doors. Nearly all of those notices nudge us to continue being tracked, usually with an easily clicked ACCEPT button, or by giving us additional “choices” on a “cookie settings” popover panel that offers some number of sliders that don’t make clear which sides are ON and OFF, and give us no way to recall what we’ve accepted or where. All our settings are recalled only by sites and services and their third parties, every one of which is incentivized by the adtech business to continue violating our privacy, only now rationalized by our having “consented” to it.
The CCPA’s main effect has been to add a layer on the GDPR cookie requirement that gives us the option to tell a site not to sell our data. There is also now a new bureaucracy: the California Privacy Protection Agency.
These two laws have also created a giant cottage industry around giving companies ways to obey the letter of privacy law while screwing its spirit. To see how big this industry is, look up GDPR+compliance and CCPA+compliance and see how many dozens of millions of results you get. (I get 158 million and 58.4 million respectively. Of course, YMMV.)
Opt-in might seem like a better approach, except it can’t work: not when the prevailing operating model for websites, apps, and services remains client-server, which requires that your options are provided entirely by those entities, each looking and working differently (having been provided by any one of the millions of service providers in those search results) and each with its own unfriendly 10,000-word terms and privacy policies.
And yes, it might be nice to try out a system by which a person might request tracking. But that will only work if sites, services, and apps agree to that person’s own terms and privacy policies, and both sides have their own system for keeping records of agreements and means for auditing compliance. While there is work toward that (e.g. the IEEE’s P7012 working group, with which I am involved), the adtech-based surveillance capitalism only grows (thanks especially to bots and their masters).
Defenders of adtech say it funds the “free Web,” free search, and other graces of digital living. But that’s like saying billboards give us gravity and shopping malls give us sunlight. Also, most of the money Google makes is from search advertising, nearly all of which is driven by context (the search terms themselves) rather than by surveillance-based assumptions about the person doing the search. If you search for mattress sellers in your town, your search terms are far more useful than whatever else it is that Google’s robots might know about you by having followed your digital ass all over cyberspace.
Fact is, every business on the Internet can live just fine without adtech. Including every publisher out there.
It’s still early, folks. If digital technology is going to be with us for unforeseeable decades, centuries, or millennia, that means our Digital Age is roughly about as far along as Earth was when it got clobbered by another planet, now called Theia, about 4.5 billion years ago.
Humans weren’t here to watch, but it now seems likely (at least to science) that we owe to Theia our water, our days and nights, our seasons, and our Moon. Have we any of the equivalents yet on Digital Earth? I suspect the answer is mostly no.
Perspective: 4.5 billion years may seem like a long time, especially when you consider that it’s more than a third the age of the Universe, which came into existence about 13.8 billion years ago; but neither span seems very long when you also consider that the Universe will last another trillion years or more. Meaning the Universe is just a startup.
So: what’s our Theia?
To answer that, it will help to look at what has failed so far.
Let’s start with Do Not Track. Conceived in 2007 by Sid Stamm, Chris Saghoian, and Dan Kaminsky, Do Not Track was a polite request not to be tracked away from a visited website. Here in the physical world, we send a similar request when we wear clothing to conceal the private parts of our bodies, when we draw curtains across the windows in our homes, or when we walk out of a building in faith that nobody will follow us.
But, in the absence of manners and norms for respecting privacy in the dawning years of the Internet, it was easy for the Interactive Advertising Bureau (IAB), adtech’s trade association, to rally the whole online advertising business, including its dependents in online publishing, into ignoring Do Not Track. Even the major browser makers were cowed into compliance, in effect working for sites and services rather than for you and me. (At the W3C, the Web’s standards body, Do Not Track was ironically but predictably re-branded Tracking Preference Expression.)
After that happened in 2013, people took matters into their own hands, turning ad blocking into the biggest boycott in human history by 2015.
But even that wasn’t enough, because the adtech industry fought ad blockers too — and still do. (They also never got the signal that people who block ads might be worth more as customers than those who don’t.)
Then came the GDPR in Europe and the CCPA in California, which arrived in 2018 and 2020, respectively; and we know how those have turned out, so far.
To see how bad tracking still is, in massive spite of the GDPR and the CCPA, check out Blacklight (by The Markup) and PageXray (by Fou Analytics). Surveillance Capitalism remains the norm.
Finally, there are the privacy browsers: Brave, Epic and Tor. While these each provide privacy protection (as do, in different ways, Safari, Firefox, and tweaks of Chrome), none are a Theia. Not yet, anyway. Because adtech is still here. We need it gone.
What will make our digital world economy inhabitable by real human customers, and not mere “users,” “data subjects,” “consumers” other labels given them by marketing, the tech industry, and regulators who can’t imagine a person operating at full agency? How will we get an Intention Economy that grows around that agency, much as life grew around a planet that has days, nights, seasons, and water, rather than rock, dirt, and clouds?
Whatever form our Theia takes, it needs to support solutions to market problems that only customers can provide. Is it one or more of the solutions listed at that link? Or is it something completely new?
All that matters is blowing up adtech. That’s it.
Oh, and if anyone is interested, I am about to let the domains theia.club and theia.live lapse out. Let me know if you want one, or both.
This piece expands on one by the same title published at Customer Commons on November 28, 2020