The New American Surveillance State | Byron Tau

This episode discusses the pervasive surveillance state in the United States, focusing on the extensive data collection by the government and private entities, and the implications for privacy and civil liberties.

1. The U.S. government has extensive digital dossiers on its citizens, obtained through data brokers.
2. Consumer technologies leak vast amounts of data, which can be collected and used for surveillance.
3. The legal framework for privacy protection is outdated and insufficient in the digital age.
4. Historical efforts like the Total Information Awareness program aimed to integrate vast data sets for surveillance.
5. Encryption and other privacy tools are crucial for protecting individual freedoms.

1: Introduction and Overview

Ryan and David introduce the topic of government surveillance and privacy issues in the digital age. Ryan Sean Adams: "The U.S. government has, in quotes, a digital dossier of every citizen." David Hoffman: "Do you think that U.S. citizens actually have a right to privacy?"

2: Byron Tau's Insights on Surveillance

Byron Tau discusses his book "Means of Control" and explains the scale of data collection by the government. Byron Tau: "Once the technical means of control have reached a certain size... the chances for freedom are over for good."

3: Data Brokers and Government Surveillance

The conversation covers how data brokers collect and sell data to the government and other entities. Byron Tau: "Governments, like every other entity on the planet, they're eager for information."

4: Legal and Ethical Implications

Discussion on the legal framework surrounding privacy and government surveillance. Ryan Sean Adams: "Why are they collecting data on U.S. citizens?" Byron Tau: "There is no legal prohibition on the U.S. government going out and purchasing that data."

5: The Role of Encryption

The importance of encryption and other privacy tools in protecting individual freedoms. David Hoffman: "Encryption is a defensive tool that gives max power to the defender."

6: Conclusion and Practical Advice

Practical tips for listeners on how to protect their digital privacy. Byron Tau: "If you are uncomfortable with this world, pay for the service that you find valuable."

1. Use encrypted email services like ProtonMail.
2. Adopt messaging apps with end-to-end encryption, such as Signal or WhatsApp.
3. Be mindful of app permissions and limit access to your location and personal data.
4. Support privacy-focused technologies and services by paying for them when possible.
5. Regularly update your software and use strong, unique passwords for your accounts.
6. Consider using VPNs and ad blockers to enhance online privacy.
7. Stay informed about privacy laws and advocate for stronger protections.
8. Be cautious about sharing personal information on social media and other public platforms.
9. Opt-out of data collection programs whenever possible.
10. Educate yourself and others about the importance of digital privacy and security.

Are we being watched?

That’s the question we ask Byron Tau, an investigative journalist and author of “Means of Control'' that covers all about the US surveillance state.

Turns out the US Government has a digital dossier of every citizen, but how? How do they collect the data? How are they using it? Can we ever get back our digital privacy?

Expect to learn all that and much more in what is a deep dive into digital surveillance.

People

Byron Tau, Ryan Sean Adams, David Hoffman

Companies

Google, Facebook, Apple, ProtonMail, Signal, WhatsApp

Books

"Means of Control" by Byron Tau

Guest Name(s)

Byron Tau

Content Warnings

None

Ryan Adams
Wait, wait, wait. Can the data brokers sell the same information, like domestic information about us citizens? They could sell that to the US government, despite what this entire episode has been about. And they're like, that's crazy enough. You're not telling me those brokers can also sell them to foreign countries?

Byron Tau
Oh, yeah, yeah, absolutely. What?

Ryan Adams
Welcome to bankless, where today we're exploring the frontier of privacy. This is Ryan. Sean Adams. I'm here with David Hawk Hoffman. And we're here to help you become more bankless.

The topic of today's episode, the US surveillance state. We're talking total surveillance. Our guest is an investigative journalist who says the US government has, in quotes, a digital dossier of every citizen. Yikes. Everyone listening to this, how do they collect the data?

How are they using it? Can we ever get back our digital privacy? And does crypto, does encryption fit into the picture here? Some questions we asked Byron on the episode today. Everyone knows that Internet users give up their privacy.

David Hoffman
But you, listener, do you know how far that actually goes? Do you think that us citizens actually have a right to privacy? Cause I wouldn't be so sure. The United States government can't search the contents of your emails. But does that even matter in this day and age when there's so much data out there?

And is there even really a difference between the authoritarian state of China and the capitalistic democracy of the United States when it comes to our privacy? These are some of the questions that we asked Byron. So let's go ahead and get right into that conversation with Byron. But first, a moment to talk about some of these fantastic sponsors that make this show possible, including Kraken, our preferred crypto exchange for 2024. If you do not have an account with Kraken, consider clicking the links in the show notes and getting started with Kraken today.

If you want a crypto trading experience backed by world class security and award winning support teams, then head over to Kraken, one of the longest standing and most secure crypto platforms in the world. Kraken is on a journey to build a more accessible, inclusive, and fair financial system, making it simple and secure for everyone everywhere. To trade crypto, Krakens intuitive trading tools are designed to grow with you, empowering you to make your first or your hundredth trade in just a few clicks. And theres an award winning client support team available twenty four seven to help you along the way, along with a whole range of educational guides, articles and videos with products and features like Kraken Pro and Kraken NFT Marketplace and a seamless app to bring it all together. Its really the perfect place to get your complete crypto experience.

So check out the simple, secure and powerful way for everyone to trade crypto. Whether you're a complete beginner or a seasoned pro. Go to kraken.com banklists to see what crypto can be. Not investment advice. Crypto trading involves risk of loss.

Launching a token worried about the IR's? Talk to Toku for five minutes to learn how to save hundreds of thousands of dollars for you, your team and your investors. Now if you do an initial consultation, Toku will cover the cost of your token valuation, which is what you need for your launch. So don't wait. Reach out to the team right now@teamoku.com.

Dot that's Team Dash u.com Sello is the mobile first EVM compatible carbon negative blockchain built for the real world, driving real world use cases like mobile payments and mobile defi. And with Opera minipay as one of the fastest growing web three wallets, Celo is seeing a meteoric rise with over 300 million transactions and 1.5 million monthly active addresses. And now Cello is looking to come home to Ethereum as a layer two optimism. Polygon matter Labs and Arbitrum have all thrown their hats in the ring for the celo layer two to build upon their stacks. Why the competition?

The Celo layer two will bring huge advantages, like a decentralized sequencer, off chain data availability secured by Ethereum validators, and one block finality. What does that all mean for you? With celo layer two, gas fees will stay low, and you can even pay for gas natively using ERC 20 tokens, sending crypto to phone numbers across wallets using social connect. But Celo is a community governed protocol. This means that Celo needs you to weigh in and make your voice heard.

Join the conversation in the Celo forums, follow Celo on Twitter, and visit celo.org. To shape the future of Ethereum bankless nation. I'm very excited to introduce to you Byron Tao. He's an investigative journalist and the author of a fantastic book. It's called means of control.

Ryan Adams
In that book, he shares just about everything he's learned about government surveillance and control. This has been a multi year project, and we are excited to have him on bankless. Byron, welcome to the show. Thanks so much for having me. Okay, so you're talking to crypto people here.

We have a crypto audience, so the audience is definitely dialed in, I would say, to the subject matter of surveillance in general. But I think the best place to start would be at the top. So you wrote this book. It's called means of control. So the simplest possible question is, who's controlling us, and what are their means?

Byron Tau
So it's a title taken from a Thomas Pynchon quote, which I just happen to like because I thought it expressed a lot of the themes in the book. And the quote goes something like, once the technical means of control have reached a certain size, a certain degree of being connected to one another, the chances for freedom or over for good. And I think that sort of sums up some of the themes of my book, specifically around large scale data collection and its use by powerful forces in our society. And those forces, of course, include corporations. But the book documents specifically how governments are acquiring large amounts of this data and using it for various surveillance programs.

Ryan Adams
Okay, so I think an underlying theme of your book is, if we don't protect these freedoms, then we may actually lose them. And this is something I'm sure we'll return to. I'm curious, though, if you're trying to explain this to, like, normies, you know, the problem statement in at a dinner party, let's say, and, like, you're just trying to explain this in a way that doesn't seem like you're wearing a tinfoil hat. You're a conspiracy theorist. Like, how do you explain it to average, everyday american citizens?

Like, the problem statement, let's say, and why it's a problem. Sure. So I think that the thing I would say is that historically in the United States, we have limited government power by limiting the amount of information that governments can obtain about all of us. We, generally speaking, require governments to go get a search warrant or a subpoena when they look at invasive amounts of information about us. And that's traditionally how we've limited government power and protected the privacy of citizens.

Byron Tau
However, in recent years, so much information is available out there in the world for sale, and governments, like every other entity on the planet, they're eager for information, and they are consumers of this commercially available information. And that has essentially started to rewrite the social bargain that when you let governments buy large amounts of data on everybody, it moves us away from that traditional notion where you limit government power by having court oversights. You know, they have to get documents together, and they have to go convince a judge to let them look into an individual with the sheer amount of information that's available out there in the world from data brokers and from all sorts of other sources. That social bargain is being upended. Okay, so what's really interesting here, Byron, is there's almost some economics at play, and our listeners will very much understand, kind of like the economics of this situation.

Ryan Adams
It's something, again, I want to return back to in the future because it's become very inexpensive in this digital world to collect this information. Like it's unprecedented. The framers of the constitution didn't have this kind of data collection, like cost reduction in their mind when they frame things out. And so I think this is a recurring theme that we'll come back to, and we want to set a roadmap for this episode, maybe. So first, want you to tell us what's going on today.

Like, so how this data marketplace works between corporations and private groups that are collecting this data and the government, how they're using it. Then I think we want to talk about the legal, like, what protections do we actually have set up today? Because we live in a democratic republic, I think. And there are some protections for citizens, aren't there? And so we'll talk about that.

And then also want to get a sense of the incentives and the motivation at play because it feels like we're stuck in a prisoner's dilemma, feels like we're stuck in some kind of a system. And like, that's the question of how did we get into this system, and then where does it leave us? And then ultimately, hopefully, how do we change things? And we might bring into play a financial surveillance and how crypto fits into all of this. So let's start with the state of this surveillance system today and what's going on.

So I will say, Byron, bankless listeners, probably pretty informed Internet users. So if you tell them that they have very little privacy on the Internet, the first reaction would be like, yeah, tell me something I don't know. They won't be shocked, right? They're like, yeah, of course the government is spying on me. But I want you to get into the details because I don't think a lot of listeners know exactly how that happens or the scale at which it's happening.

So what is something that you would say to even the informed Internet goer whose immediate reaction is, yeah, of course they're spying on me. What's something that they don't know in terms of how it works and the level of surveillance that's going on here? Well, one thing that seems to shock people is essentially that all of our consumer technologies lead data in some way, and that goes right down to the tire pressure sensor in your car. Even some professional intelligence officers were a little surprised by some of this when they discovered this a few years ago. But essentially, when you turn on your car in the morning, there's a little display screen on the car that says the tire pressure is 42 psi.

Byron Tau
And that sensor is not a hardwired sensor. It's actually a wireless sensor that transmits information from your car tire to the central computer of your car. And it's there for a perfectly good and legitimate safety reason. But very clever governments have figured out, hey, that's a unique identifier that comes off of this car. And if we put the right sensor in the right place or we put something in front of a bridge or a tunnel, some choke point that everyone has to go to, we can collect that information.

And that's basically the case with almost every system that we use in modern life, whether that's the mail, right? Like, every time you fill out a change of address form, the postal service makes your data available to lots of people. Every time you sign up for one of these loyalty cards, that corporation is going to sell off your data, probably, or at the very least, analyze your purchases. Even when you're in sort of semi closed social media sites, people infiltrate these spaces, brokers, data scrapers, and they capture what they can see in these closed spaces and open spaces as well, like Twitter or X. And, you know, even the system of using, of delivering targeted advertising to billions of people on computers or on phones, that system leeches tremendous amounts of data.

And that data is obtainable by data brokers. And so almost everywhere there is some sort of information or some sort of a technology. It's generating a lot of data. And very clever people who know how to take advantage of these systems that the public largely doesn't quite know how they work have figured out ways to collect that data and in many cases, to sell that data. And governments have come along and decided to take advantage of these things, to take advantage of systems that were never designed with adversarial privacy or privacy protection in mind and use them for sort of mass surveillance.

David Hoffman
I want to put an image into listeners heads, Byron, that I think will help them kind of navigate this episode. And this image is going to, we're going to have to talk about the difference between content and metadata. And so that'll be my first question to you, is, like, the delineation there, but really, the idea here is of some sort of a sudoku puzzle that governments are filling out, and they're using metadata to fill out that sudoku puzzle. And way back in the day, when there wasn't that much data. Citizens, users of the Internet, still had a lot of privacy, except for, like, the small amounts of metadata that we push around the Internet in whatever forms.

But now with the explosion of devices that we all have, we have smart refrigerators, we have Apple watches, we have phones, we have our computers, we have iPads. There's metadata everywhere. And now there's a lot more of just, like, data surface area for Sudoku puzzles of information to kind of get filled out and for governments, if they really want to, to get a pretty holistic picture of what exactly is going on in the places that they are investigating. So that's kind of like the image I want to leave with listeners. Can we talk about the difference between content and metadata and the different level of protections that individuals have as Internet goers?

Byron Tau
Yeah, I like that metaphor a lot. If I can just kind of complexify the history a little bit, and maybe this will help answer your question about the difference between content and metadata. In the early history of the Internet, actually, a lot of what was being sent along the network was actually quite open and viewable by people like systems administrators and telecoms. Right? Because the early Internet was actually never designed with privacy in mind, even though it was a department of Defense network.

It was this experimental research network that people were trading kind of messages and research papers and unclassified stuff. It was never really designed with privacy as the primary protocol. But yet we've all moved our lives onto this entire network. We do everything on it, right? We bank, we buy things, we do therapy appointments.

There's all sorts of things now that we do on the Internet on a system that was just never designed for this, that was designed for Department of defense researchers and academics to trade some notes and some early drafts of research papers. And so in the early days of the Internet, you could actually intercept things fairly easily. So if you were sending an email on one of the legacy email providers, like Gmail, like Hotmail, like Yahoo, Yahoo can see it. In the early days of the Internet, even your telecom could see it. Your systems administrator could see all of this information.

David Hoffman
And by information, you mean the content, like the actual content, the action of the letter of the email, like what. You were saying to the person you were emailing, right down to the actual content of the message. Over the years, people have realized that this is a privacy problem, right? That we don't necessarily want telecom to be able to see your emails. We don't necessarily want the guy in it to be able to see everything that's transiting the network.

Byron Tau
So we've added extra layers of encryption onto communications that we send across the Internet. And sometimes that's truly end to end encrypted. So you have services like signal and protonmail where no one, not even the people running in service, can see it, but more often it's a service like Gmail, which Gmail can see what you're saying, but the telecom can't. And this is where the distinction and the importance of metadata comes into play, because it's increasingly hard to intercept things as they move along telecom networks. And that was the traditional way governments did surveillance, right?

That was a lot of what Edward Snowden revealed was that the government was just plucking things off of the AT and T and Verizon network as data was transiting, and a lot of it was unencrypted, and they could see everything. As you start to add encryption into the mix, you stop being able to see a lot of the content of the messages. Now, you can go to Gmail and demand them, but you need to get a court order. There are some user protections around that. There's procedures and processes built in.

But when it comes to metadata, when it comes to data about the information that's being sent, a lot of that is still available. And the Supreme Court a long time ago drew this distinction between information that you share with a third party and information that you keep private. So there are fewer privacy protections for things like metadata in the context of communications. Metadata is like the address on the outside of an envelope, and content is like what's inside the envelope. And governments, by and large, now, today, when they're filling out this sudoku puzzle, can get a lot of metadata.

It's a little bit harder to get content. And that's what's led to this world, that a lot of these data brokers are brokering metadata, or they're brokering little puzzle pieces or little signals from a device. And you still have to do some homework, you have to do some training to figure out how it's helpful in whose device it is or where this email came from. But if you have powerful enough entities and a large enough budget and a big enough data center, you can pretty much know everything about communications and people and things trying to be on the Internet. And just to really clearly define data versus metadata, I think there's a metaphor in your book where the data in the pre Internet world, imagine a letter, snail mail, physical letter on paper.

David Hoffman
The metadata is the address of the letter and where it's going and where it's coming from. And then there's even some additional metadata one might be able to glean from that. Like how big is the letter? Is it crinkled and old or is it brand new? Like stuff like this, like cursory data, cosmetic data you can see from the outside even though you can't see the actual contents of the actual letter.

And on the Internet terms, this is like data packets or just other little packages of things that are flying around the Internet. And so while the content itself is largely private from the outside view, there's now a growing amount of this out there to the point where, like, there's still a lot, a pretty solid way to glean what's inside of the actual content. And so, like, I want to talk about just like a submerged iceberg that's going on here because I think the lack of understanding that the average person does not have is like how big this complex is beneath the surface, like how much metadata is and how big the industry is around collecting it. Can you just like, illustrate some magnitude of how big this submerged iceberg is here? Yeah, so, I mean, data brokers themselves are, that's a billion dollar business.

Byron Tau
And then if you look at sort of targeted advertising, which is, you know, these companies wouldn't call themselves data brokers necessarily, but they are collecting huge amounts of data on people and they're making it available to other parties. That's probably close to a trillion dollar industry. And then nevermind all of the tech companies, which they don't exactly broker data. I mean, Google doesn't sell your personal information per se, but they sell access to you and they sell access to your data to lots of other parties who want to serve you targeted advertising. So this is a massive, massive social project and it's the way that a lot of content on the Internet is delivered.

And it's the reason why so much is free that there's just the payment for a lot of these apps, for a lot of these services, for a lot of these websites is your data. And that data is probably not that valuable. You, if you were to tally up individually how much you're worth to these companies, it's probably not worth a tremendous amount. But in the aggregate of billions of people in their roles as consumers, as people who you might advertise to or you might collect data on or you might sell data on, then this ends up being a pretty large industry. And so you have all sorts of logs and information and data floating around about how devices, how people, how Internet browsers, how cars are behaving and that data is tremendously interesting and valuable in a variety of uses to advertisers.

They don't really care necessarily that it's buyer and tao, but they are interested in what I'm interested in, what websites I visit, what search terms I'm trying to put into Google, what I buy at the supermarket. All that data is interesting to them because they want to build a profile of me. They don't necessarily care about me as an individual, you know, like by name, but they want to be able to search relevant ads to me, government service. They don't care about you. Your soul, but they care about you.

David Hoffman
The object. Exactly. Exactly. I can be a number to them because they could synonymize me and just call me some number and they don't have to get too deep into my personal identity, but they want to know a lot about what that synonymized number is doing on the Internet. But governments get very interested in this stuff, too, and they have very, very different missions.

Byron Tau
There's a very interesting quote that I put in the book from a senior intelligence community official, and he basically said, you know, we actually kill people off of metadata, right? We make targeting life and death decisions in the military and the intelligence community based on sort of like, small snippets of information that we can glean about people, whether it's their social network, whether it's their proximity to a known terrorist safe house, whether it's who they're communicating with. Those things can inform life or death targeting decisions because basically the behaviors that we all engage in reveal a lot about us who are associated with what we're doing, what we're interested. Interested in. You can divine a lot of information off of metadata.

You don't have to listen to a terrorist phone call to necessarily know that he or she is a terrorist. If they're at a known terrorist training camp and their phone is there, that's a pretty good sign. And so you don't need to wiretap them necessarily. That's a good data point that often that's all the military has to sort of identify that this is that person and this is where they are calling the drones. So where we are so far is we're talking about how powerful metadata actually is.

Ryan Adams
And it looks like in this digital world, we've moved to it. It's tremendously powerful. And there are these data brokers, as you say. So there's this whole industry of data collectors, and I think a lot of people are aware of this from sort of a. I guess, yeah, we are the product.

Right. We live on the Internet, so we are the product. So, of course companies are collecting data about us in order to serve us ads. I think the new part here is that the US government is actually a purchaser of that data set. And when you were just talking about the case where there's sort of a terrorist and, like, the military is going after a certain individual, for instance, that feels, I think when you say that to someone who lives in the US, like a foreign adversary type of situation.

Right. And I guess that's what the military is there to do in the best of cases. Right. Where it gets creepy is when they start collecting data about us. And I just want to ask the basic question, like, why are they doing that?

So let's say Google, Facebook, all of these data brokers, tire gauge information, wifi signal information. You go through story after story in your book of all of this metadata that we are essentially leaking. And how are we leaking it? Just by living our lives. We're just trying to live our lives and we're giving off, throwing off all of this data.

That's one thing. If it gives us an ad that gets put in front of us. And sometimes that ad is valuable because I didn't know I wanted that thing. So thank you. But it's another thing.

If our government is using that metadata to what? So why are they collecting it on us citizens? Is there a rationale there? Yeah. So at the highest levels, all governments, like all corporations and like, nosy journalists are trying to better understand the world in furtherance of whatever mission they have.

Byron Tau
And, you know, government isn't a monolith, right? Government does a lot of things. Government delivers services to citizens. It does like, transportation planning. It tries to fight disease outbreaks.

And data is useful in all those scenarios. A lot of the data that I talk about that's useful for sort of military operations is also useful for benign transportation planning or trying to understand the COVID-19 outbreak. So not everything the government does with data is sort of necessarily scary or implicates people's civil rights. So at the highest levels, governments are collecting this data because they're curious and they have some mission or some problem that they need solve. And so when you move to entities like intelligence agencies, the military, and the police, those are entities with a lot of power to cause very serious consequences to individuals.

And that's why I focus primarily on those entities and less on the entities that are trying to figure out where to put a bus stop or where the best route for a light rail line is those are important government functions, but they have less of a dramatic impact on individuals, and they implicate less government power. So take these government entities with these law enforcement, intelligence, national security, or public safety missions. They're all collecting this data because they have an important function in our society. You know, the military and the intelligence community are charged with keeping us safe, largely from foreign adversaries. But domestic law enforcement entities are charged with solving crimes and ensuring public safety.

And governments are obtaining data largely for those purposes. So you have often the military and the intelligence community, they're largely focused abroad. Certainly sometimes they acquire datasets on the United States. But at the federal level in the 21st century, there are a lot of checks and balances around what the intelligence community and the military do with data on Americans. Now, what they do with data abroad, that's sort of a different question.

But domestic data that's well protected, and there are well established procedures and civil rights sort of protections built into those systems. When you talk about the police and you talk about entities like DHS or the FBI, those are entities that have much more direct missions that are applicable to us citizens. And this is where sort of thornier civil rights questions come into play. Like, when is it appropriate for the United States government to buy large amounts of data, or even local governments or state governments to buy large amounts of data, to do things like solve crimes, to do things like figure out where criminals are, to try to do surveillance, to try to prevent crime? Those are those thorniest civil rights questions that I think are raised by this kind of data acquisition.

And historically, by and large, as I've said, we have limited the power of those entities to root around in the lives of individuals because we think that's the best way to protect liberty. Often things that traditionally required the approval of a judge, like, let's take these massive amounts of location datasets that are available. They come off of our phones, they come off of our apps, they come off of targeted ads, and they show the movement of millions, if not hundreds of millions, if not billions of devices around the world. Law enforcement has started buying access to those databases, and that data can often show things that one time they needed to fill out a search warrant, go to a judge and say, give me some historic cell data on this person, because I think he or she has committed a crime. And that's where sort of the civil rights and civil liberties problems really start to compound when you're talking about government use of this data.

Ryan Adams
Yeah, Byron, it just seems like, and this is the main message of your book. And I think an important message for everyone to hear, not just bankless listeners, but I hope the broader society hears this is the government doesn't actually have to be the ones collecting the data. Right. They can be a step removed from this process. All they have to do is buy it from someone who has it, who's selling it.

Yeah. And our surveillance capitalism, like creation, this thing that we've created on the Internet and all of the digital information pushing out means there are companies out there that know just about everything about what we do through metadata, like, period. They know where we are right now from our cell location data. They know what our Internet search history is like. They know everything about us.

And if the government can just simply. They don't have to collect it themselves, they could just purchase it. Well, that's like the most obvious loophole in history. And I'm, like, almost surprised that we haven't connected these dots yet as a society. But I just want to understand the mechanics of how this works.

Let's say some data broker, data provider has all of this data. You're telling me the government, FBI, let's say, will use kind of like the internal domestic police type servants, DHS or FBI. You're telling me that they can just, like, use our taxpayer dollars, right, and go purchase that data set on their own citizens and there's, like, nothing that would prevent them or block them from doing it. And in fact, the companies are kind of happy because, like, they get to sell a product. Is that really how it works?

It's just like, hey, company, we want this data. Will you sell it to us? Yeah, sure. Here you go. That's how it works.

Byron Tau
Yep. That's exactly how it works. There are these data sets on the population, on the movement of cars, on the movement of phones, on people's home address history or their employment, all sorts of biographical details. There are large data sets on people's social media habits and what they say in either open social media networks like X Twitter, or semi open ones like Facebook and Instagram and TikTok. All of that is available for sale.

And there is no legal prohibition on the US government going out and purchasing that data on its own citizens for the purposes of public safety, for the purposes of intelligence, for the purposes of surveilling people. Now, some of these agencies either don't do it as a matter of policy because they sort of want to be seen as respecting the civil rights of Americans. Some of them have very strict rules on how they acquire this data, and some have no rules at all, because in the United States, there are more than 10,000 different law enforcement entities. And those range from very sophisticated, well funded, well run ones with histories of abuse that are now overseen very carefully by Congress and the executive branch to very small police departments that operate with very little oversight from their local governments. And so there is no legal prohibition on the acquisition of this kind of bulk information on Americans from companies from Databar.

Ryan Adams
So I'm going to let David jump in here in a second. But just like it strikes me how much of a precarious position that puts us in as citizens, because it's basically like a trust me, bro type model that the government won't use this vast power of data against us. Right. And we'll talk about the legality a little bit later and what a veneer of civil liberties and laws actually protect us. But, wow, that feels like a very vulnerable position to be in when we can't do anything.

We can't just, like, not get this data collected. Yeah. And, you know, the United States, in its recent history, in the lifespan of people who are alive today, has experienced intelligence and law enforcement agencies going a little bit too far against domestic groups who have been critical of the government. You know, you look at what happened during the civil rights movement or the anti war movement in Vietnam and the way that the FBI and the NSA and the CIA saw those groups as potential threats to social order and used the tools of the state, used surveillance tools to monitor those groups and those individuals in ways that today we would consider unlawful and massive violations of civil liberties. So it's not that long ago that we've seen government power be turned in ways against domestic critics that I think today we would be very uncomfortable with.

Byron Tau
And back then, the amount of data available on people was quite limited. I mean, today you're talking about an entire digital dossier on almost every citizen. That's pretty exhaustive. And it's available through the corporations. The largest companies in the world have kind of assembled this information, and these tiny data brokers and data aggregators are collecting it all from these places and making it available for.

For sale to basically everyone. Not, you know, they largely sprung up to cater to corporations, but the government market is a nice little secondary market for them, and it's a nice little profit stream. Yeah. It also keeps them on the good side of the government, too, as a nice little by product. At this point in the conversation, Byron, can we introduce the topic, the kind of the concept of total information awareness?

David Hoffman
Can you define what this is and how it fits into this story. Sure. So total information awareness was a program that was stood up after September 11, and the theory behind it was basically the government actually had a lot of information about the September 11 hijackers. It knew that two people affiliated with al Qaeda had come into the country. It knew that there were a bunch of people that were taking flying lessons but were completely uninterested in learning how to take off or land, which is very suspicious.

Byron Tau
And by and large, the intelligence community had a ton of information that bin Laden was trying to do something in the United States. They didn't know exactly what. And so after 911, there was this belief that the government actually had a lot of information already. What it failed to do was connect the dots, to weave together these threads into something that was actionable, and they could do something about, like, pick up these two guys in Los Angeles or sort of stop some of these people from boarding planes because their pattern of behavior was suspicious. So total information awareness was a research program set up by the Pentagon, and it was quite controversial from the start, even in the sort of very fearful days after 911, this program prompted a backlash that I think was a little bit surprising to both the Pentagon as well as sort of civil society, and essentially what they were trying to do.

And it was only a research program. It never got actually off the ground and actually stood up and actually was running an active surveillance program. But what it was trying to do is take all this corporate data that existed out there and things like travel records, purchase history and credit data and address history, and weave all that data together with the government's secret data. And what they were trying to do was look for patterns and outliers and potential indicators of terrorist attacks in these huge volumes of commercial data. So, hypothetically, if you were to have rented a Penske truck and purchased a large amount of fertilizer and purchased a number of hotel rooms along a route towards Washington, DC, each of those things individually is not suspicious.

But if a single individual is doing that, well, that might be a template to someone building a bomb and trying to detonate it in the nation's capital. So that was the aim of this research program. But it prompted this very furious backlash. It was bipartisan back then. This was 2003.

Congress got wind of what the Pentagon was doing. Ordinary Americans were saying, well, this is a giant spy database, and it's not just directed at the Middle east or all these trouble spots in the world. It's directed at me, and I'm angry about it. And so Congress actually wound down this program and it's kind of one of the only times in the immediate post 911 era where the civil libertarians won any sort of real victory on civil rights and privacy. But it was seen as a bridge too far back, even in 2003, even less than 24 months after the 911 attacks.

So it really sort of highlights a couple of themes, that America still is a country that's very cranky and very civil libertarian, and that this was a bipartisan effort to wind this thing down. The other theme it highlighted was the government realized that these tools were valuable. But talking about them too publicly, letting Congress get wind of them and letting the public weigh in too much on them, endangered their use. There started to be a lot more secrecy around some of these programs. Not that they're classified.

Right. You can't really classify commercial data per se, but talking about them openly was seen as a mistake and one that really prompted a public backlash. And it was one that these government contractors and these researchers would learn from and try to keep this stuff as much as possible from being on the public's radar. So I think, I want to bring up a metaphor here, kind of adjacent. In 1970, there was the Bank Secrecy act, which created this, like, $10,000 reporting requirement to the IR's as part of the commercial banking layer.

David Hoffman
So any sort of transaction that was $10,000 or higher had to be reported to the IR's. And this is just like, kind of similar concepts. Just like we need to make sure that we're not doing any sort of, like, fraudulent stuff or any terrorists or any, like, damaging taxes, all that kind of things. And this has also kind of encroached on our privacy. Again, we can debate the merits of this, but that's kind of here nor there.

One thing that has happened is that that $10,000 in 1970 is actually in today's dollars, something like $2,300. And so there has been, because of inflation, this creeping encroachment on surveillance with our financial transactions. And I want to carry that same metaphor over to the explosion of metadata. Due to the whole, like, explosion of devices that exist in today's world, it has been easier and easier and easier for governments to fill in that Sudoku puzzle to achieve total information awareness simply because that data is free on the Internet to collect by anyone. Since it's free to collect by anyone, it is collected by anyone.

And then the government now has an easier time accessing the data they need to achieve this goal of total information awareness. Now, not every part of the government has this goal. Only a minority of the government has this goal of total information awareness. But when someone has it, like we know it's achievable, which kind of the punchline of this episode and your book is that, well, if it is so trivially easy to fill in the Sudoku puzzle that induces total information awareness, then what is individual privacy in the world of the 2020s, in America and beyond? And so that's kind of like the question I don't really think anyone truly has an answer to, or at least not a very good one, is.

Byron, what is our privacy level in modern times, with all of the data that's everywhere? Do we have privacy in this day and age? Yeah, it's a good question. I've been asked about this a lot, and I think there's two ways to see it. One, a lot of this data is being collected under the guise of being used for corporate use cases.

Byron Tau
If you read the privacy policies of any of these services or these apps, they say stuff like, oh, well, we collect your information, but it's all de identified, or it's anonymized, and we only want to serve you targeted ads. And maybe it makes some noises about having to turn over data to the government in the event of a subpoena or some sort of a process, but by and large, you're telling the population that you're collecting it for corporate purposes. But of course, none of these companies can guarantee that once data is collected, the data could be used for anything. So there's a view that sees this collection of data by corporations as sort of a bait and switch when governments acquire it, and that there's not really informed consent. That's one way to see it.

The other way to see it is maybe the social bargain is simply being rewritten. Right? Like in the seventies, when the government decided that essentially, you don't really have a tremendous amount of privacy in your bank records, right? And that we're going to deputize the banks to do basically our enforcement for us and send us suspicious activity reports and make them report any deposit over this amount of money. Well, maybe that was a renegotiation of the social bargain that we've lived with ever since.

And maybe the same thing is happening in the digital sphere. Maybe in exchange for all these great technological services and the wonderful ability for us to record a podcast over me sitting in this little booth and you guys sitting in your homes, maybe the social bargain is just all these powerful entities are going to have our data, and there's nothing we can do about it. And I don't have a good answer. What really motivated me to write the book is I did want to make this trade off very explicit to people. Right.

Because I do think corporations in some ways try to minimize or hide how much data they collect on people, because I do think they realize people do consider it a little unseemly. Yeah, they'll still download the app, but they don't love it. And then on the government side, I think it's the same thing that governments don't want the population to realize how much data is out there for collection and just how much of it ends up in government hands in one way or another. And so it's a great question and I don't know the answer, but I definitely wrote this book as a way to educate people about what's happening with data, with government power, and with corporate power. Yeah, I think for a lot of people listening in, just like, you know, the ordinary american or just like, by the way, we're using the US as a use case.

Ryan Adams
I imagine this happens in Europe and just like, in another place in the world to, like, even more dialed up. But I don't think we ever consciously made that decision to change the social contract. It's just kind of like, happened to us. And it always favors those centralized entities that have more power and disenfranchises those with less power and makes them even less powerful. And so that, I think, is the trade off to acknowledge.

I want to go back to this total information awareness because you were talking about, like the early two thousands, and it seems like Congress stepped in, they did the right thing. Right? I am imagining that. And I want you to verify this from the research that you've done. We're just all assuming there is another database out there that they don't talk about, that is basically doing total information awareness.

Right. Even though Congress said, no, you can't do that, Pentagon, they said, okay, lesson learned. We won't tell anyone next time. We won't make a big deal out of it, and we'll go do it somewhere else. I'm just operating under the assumption that that is the case.

Is that a, like, reasonable assumption to make? Is that basically the assumption that you're making and the average listener should make? So let me put it this way. Everything that that program was researching at the time has basically become reality, right? Like this ability to scan large amounts of data for anomalies that exist.

Byron Tau
They were trying to do social network mapping, so they were trying to figure out who knows who just based on stuff like who they call or who they associate with or who they're. The government is very good at doing all these things. So basically, all the technologies and those lines of research that they were doing have become reality and are operationalized by the government. On the other hand, I do think Americans are a little too cynical post Snowden about just how much data governments acquire. Like, yes, they acquire huge amounts of data, but the government also tries to be thoughtful about privacy and civil liberties.

And there really are legitimate rules in place, at least at the national level, about when you access these things. And I'm talking specifically about the military and the intelligence community. These sort of big national, you know, the NSA, the CIA, the FBI, they are not perfect entities, but they have pretty strong rules in place about how you use data on the US population. Often you can acquire it, but you. You have to minimize it or you have to do all sorts of other things.

When it comes to what happens abroad, I would be a lot less circumspect, right. I do think the United States government collects huge, huge volumes of data on the global population due to its technological power. The fact that so much data is routed and stored in the United States, the fact that our homegrown tech companies are global brands that collect data on the entire planet, you can assume that the US government collects huge amounts of information about the global public. The real issue also is that not every agency is the NSA, the CIA, and the FBI, who have come under scrutiny over the years, who have had their own abuses revealed and are very carefully monitored. When you go down to the level of state police departments, when you go down to the level of local police departments, even sometimes the FBI, which has a domestic mission, these are entities with a lot freer hand to acquire the exact same amounts of data and do things with a lot less public transparency and oversight?

And that's the real sort of concern here. The other concern is that a lot of these intelligence community rules around how you use american data, they're simply that, they're rules. They could be sort of changed at any time. They could be quietly rescinded. We don't know to what extent people violate them and how often they're punished.

They don't have the force of law in a lot of cases. So that's another concern, right? That we're relying on the goodwill and sort of the self restraint of these entities without having strong privacy protections enshrined in law about what these agencies can do at all levels of government. Have you ever felt that the tools for developing decentralized applications are too restrictive and fail to leverage advancements from traditional software programming. There's a wide range of expressive building blocks, conventional smart contracts, and solidity development.

David Hoffman
Don't waste your time building the basics from scratch and don't limit the potential of your vision. Cartesi provides powerful and scalable solutions for developers that supercharge app development. With a Cartesi virtual machine, you can run a full Linux OS and access decades of rich code libraries and open source tooling for building in web three. And with Cartesi's unique roll up framework, you'll get real world scaling and computation. No more competing for blockspace.

So if youre a developer looking to push the boundaries of whats possible in web three, Cartesi is now offering up to $50,000 in grants. Head over to Cartezis grant application page to apply today, and if youre not a developer, those with staked CTSI can take part in the governance process and vote on whether or not a proposal should be funded. Make sure youre vote ready by staking your CTSI before the votes open Arbitrum is the leading Ethereum scaling solution that is home to hundreds of decentralized applications. Arbitrum's technology allows you to interact with Ethereum at scale with low fees and faster transactions. Arbitrum has the leading defi ecosystem, strong infrastructure options, flourishing NFTs, and is quickly becoming the web three gaming hub.

Explore the ecosystem at Portal Arbitrum IO are you looking to permissionlessly launch your own arbitrum orbit chain? Arbitrum orbit allows anyone to utilize Arbitrum's secure scaling technology to build your own orbit chain, giving you access to interoperable, customizable permissions with dedicated throughput. Whether you are a developer, an enterprise, or a user, arbitrum orbit lets you take your project to new heights. All of these technologies leverage the security and decentralization of Ethereum experience web three development the way it was always meant to be, secure, fast, cheap, and friction free. Visit Arbitrum IO and get your journey started in one of the largest Ethereum communities.

New projects are coming online to the mantle layer two every every single week. Why is this happening? Maybe its because mantle has been on the frontier of layer two design architecture since it first started building mantle da powered by technology from Eigen da. Maybe its because users are coming onto the mantle layer two to capture some of the highest yields available in DeFi and to automatically receive the points and tokens being accrued by the $3 billion mantle treasury in the mantle rewards station. Maybe its because the Mantle team is one of the most helpful teams to build with, giving you grants, liquidity support and venture partners to help bootstrap your mantle application.

Maybe it's all of these reasons all put together. So if you're a dev and you want to build on one of the best foundations in crypto, or you're a user looking to claim some ownership on Mantle's defi apps, click the link in the show notes to getting started with Mantle. We don't want to get to what protections legally we have in place today. But just curious, and going through this entire story, did you come across like swaths of evidence that the government is actively using this data to breach civil liberties, like right now? Because I think a set of listeners is going to hear all of this and say, yeah, Byron, that's terrible, but if they're not using it against us, then what's the actual problem here?

Ryan Adams
And I'll worry about it when I hear something in the news where like the government is like, you know, systematically doing something nefarious to its population. Did you come across evidence of these kind of civil liberties breaches? Yeah, it was very clear that, for example, DHS was using mobile phone data that was drawn from apps to round up people who were in the country unlawfully. A lot of those people sort of skip their detention hearings. So it depends on sort of how you feel about immigration enforcement, how you view that government effort.

Byron Tau
But that was certainly a domestic focused attempt to go out and find people who jumped bail on their immigration hearing or whatever. Again, that's a perfectly valid lawful government mission. But they were using data that was available for purchase and data that they didn't go through the process of going to get a court to oversee. And there's another example. Again, it was DHS.

They were using this, again, this commercially available phone location data to sort of surveil the United States border and look for people who are crossing illegally. And they found one guy who had dug a border tunnel underneath the US border fence and was smuggling drugs between the KFC, like this abandoned KFC on his side on the US border and some houses on the KFC, Kentucky fried chicken, a Kentucky fried chicken. They were probably linked to the cartel. They dug a border tunnel under the fence and the tunnel surfaced in an abandoned Kentucky fried chicken restaurant on the US side and on the mexican side. It was some house that was pretty close to the border, so it wasn't even that big of a tunnel.

But to do that kind of a surveillance program, you need to acquire data on the entire us border and probably the entire us population. And there's sort of a trust us aspect to this, which is, oh, we won't abuse it. And I don't think we know exactly what DHS did with this data. How many times it was sort of queried improperly, how many times people looked up their spouse or their tinder date on it, and we just don't know. And because this is commercially available data, again, there's no real sort of law around using it.

It's all policies and norms, and maybe you get written up and maybe you get disciplined. So we just don't know. These are black boxes. So even if you sort of approve of locking up cartel members who are digging a border tunnel or going around and deporting people who've skipped their detention or immigration hearing or their deportation hearing, you know, again, it's sort of a black box as to how this data is used. And there's no real legal teeth behind telling these agencies that they can't query it for improper purposes.

David Hoffman
Yeah, and I think bankless systems will be all too familiar with just the general concept that acutely individual instances can be with, done with the best intentions, and we can have an entire generation of the best of intentions happening. And maybe all of those events, those acute events of, you know, privacy breaches also, you do help the public welfare. Yet nonetheless, as a status quo, without strong assurances about individual privacy, it doesn't take too much of a change in the status quo to return, like, best of intentions into, like, some sort of authoritarian control. And so that kind of brings us to the legality question, Byron, which is just like, what assurances do individuals actually have where, like, say, God forbid, the United States falls into the hand of an authoritarian leader and we lose our democratic, western liberal values that we've built up for the past, over two centuries. And so I think maybe listeners think, probably intuitively, that we have a right to privacy somewhere in our laws.

But maybe you could clarify how true that statement actually is. Where do citizens of the United States actually get their protection for privacy? Sure. So the most basic element of their protection from sort of government intrusion into their lives is the Fourth Amendment requires probable cause for some sort of a search. If it's your house, usually that has to take the form of a search warrant that you go before a judge and swear out.

Byron Tau
But if you're driving along on a public highway and the cop smells marijuana, that might be enough probable cause to search your car. But the basic protection of the Fourth Amendment derives from this idea of this sort of abstract notion that it has to be something that you wanted to protect and to keep private. So if you have your drug paraphernalia out in the open, out on the seat next to you in your car, and it's plainly visible to everyone who walks by your car, you don't really have too much Fourth Amendment protection. However, if you keep some documents in a safe in your basement, and, you know, that's clearly an expressed intention to keep information private. So that's sort of the basis of Fourth Amendment law.

The problem came about in the modern era when all these corporations sprung up. First the telephone company and the telegraph, and then banks and bank transfers. And so american consumers started to have to give information to these companies. And so when you dial phone numbers on your phone, you have to tell the phone company who you want to call. So the phone company has a little log of what numbers your line is dialed and how long you spoke to them.

That's how they bill you for the long distance calls. Same thing with your bank. You have to tell your bank when you write a check what the routing number is of the person you want to pay. And so as governments started to take advantage of things like wiretapping telephones or telegraphs, before that, that or acquiring bank records, there became this very interesting legal question, which is, well, does this person have any Fourth Amendment privacy rights in the data that they've given to a company like a bank or a telephone company? And the answer that the Supreme Court came to in the sixties and the seventies was basically no, that you don't have privacy protections in information you give to a third party.

So in the case of telephone records, the government did need a search warrant or some kind, kind of a court order to listen in on your phone call. Right. Like to hear what you and the person you're communicating with are saying. They need a probable cause of a crime to do that, but they don't need probable cause to get all the phone numbers you've dialed. The same thing happened with banking records.

Right. You know, the court's logic was, if you provide this information to a third party, you've lost your privacy expectation in it. And that maybe made sense for a time in the seventies, but today, there's almost nothing you can do in modern life that doesn't involve conveying information to a third party. Once upon a time, we stored all the documents that were valuable to us in a file cabinet in our home office. Once upon a time, we spoke to people largely in person.

We made doctor's appointments over the phone and then showed up in person to the office, things are changing. There's basically nothing you can do on the Internet that doesn't involve sending packets to someone else. And the problem has emerged that this doctrine is outdated and is, frankly, unsuited for the modern world, because it essentially means that any time we give information to a third party, we sort of lost our core Fourth Amendment protections in it. Right. So everything you store on Google Drive or every, you know, communicating with a therapist over a telemedicine appointment or basically, the cloud.

Yeah, the cloud. All of it lost your Fourth Amendment protections in that information because someone else can see it. Now, again, Congress over the years has put some laws into place so Google can't just transfer the entire contents of your cloud to the police. We've written rules that deal with some of these technologies, but by and large, that core Fourth Amendment protection doesn't apply to data that's in the hands of corporations. There's some evidence that the legal thinking on this is changing slowly.

For example, in 2018, the Supreme Court issued a landmark decision that said, hey, actually, people do have an inherent right to privacy in the totality of their movements as revealed through their cell phone. And so you can't just go to a cell phone carrier and demand a month's worth of my movement records. You have to articulate that you think that this shows some criminal activity and you have to go get something like a search warrant. So there is a slow emergence of a different strain of thinking on this. But the courts move at glacial pace, and by the time they get around to seriously considering a lot of these issues, maybe 10, 15, 20 years from now, in that intervening time, you have governments acquiring masses of data on the population with not a ton of legal clarity on what the future might look like on these outdated legal doctrines.

David Hoffman
Yeah. So maybe just to really just define the problem statement here, the Fourth Amendment actually doesn't formally state that individuals have a right to privacy. It more states that they have a right to not be searched without cause, which is very different. And I think, really the punchline of your book is talking about the way that that Fourth Amendment has been nerfed just by the properties of modern day Internet. Like, can you be a normal citizen without having a cell phone and Internet access?

Not really. You can't really operate in society without those things. And so you can't really operate as a sovereign individual in society without giving up your privacy. And so there is no amendment, there is no law that provides, like, a base principles like, constitutional right to privacy. And that's the thing that is truly missing from this modern sphere, where I think everyone would kind of agree that the values that America stands on would somewhere, somehow provide a right to privacy from its citizens.

But we're just missing that. Well, I just want to add to that, David. So it feels very much like the founders would have added that if they. They thought about the Internet, could have. Imagined that world, if they could think about it.

Ryan Adams
So imagine the level of information that we're talking about here to create a, as Byron put it, a dossier of every citizen. Imagine how, like, expensive that would have been in the late 17 hundreds. Okay, so like, to go figure out David Hoffman's, like, location, all of his movements, 24/7 yeah. What he buys on a given basis, like how much money he has, where he stores all of his wealth, what his preferences are, who he votes for. In order to gather all of that information, you would need, like, a full time spy assigned to your house that.

David Hoffman
Like, your district for your population of people. Exactly. And that would just be, like, not feasible. It would be too expensive. And now the economics of collecting all of that same information have basically dropped to zero.

Ryan Adams
So I think they would have added it if they could have imagined this world. But, like, that was just not the late 17 hundreds. We haven't really revised the thing, have we? Yeah. And the Supreme Court has occasionally flirted with the notion that perhaps citizens do have an abstract right to privacy, that if you look at the sort of general gist of the Bill of Rights and the Constitution, it really does maybe hint at this idea that you should be.

Byron Tau
That largely citizens should be left alone unless there's a good reason to bother them. Right. If you look at some combination of the Third Amendment, which says the government can't quarter troops in your house, and the Fourth Amendment, which says they can't serve you, and the Fifth Amendment, which says you can't incriminate yourself if you squint hard enough at all those provisions in the Constitution, maybe you can come up with some doctrine that. Yeah, the Constitution does contain some right to privacy. And the court did articulate that briefly in the 1970s in a case surrounding marital use of contraception.

So a married couple wanting to use birth control in the privacy of their own bedroom, in the privacy of their home, Connecticut had a law that said, you can't do that. And the court said, no, the constitutional doctrine that we're going to rely on to say this married couple can use contraception in this Connecticut law is unconstitutional is this right to privacy. But the court has grown a little bit more doctrinaire, a little less inclined to see abstract privacy rights just floating around out there and that aren't specifically in the text of the Constitution. And so I do think the legal world has sort of moved away from this abstract right to privacy. Maybe it's still in our laws in some vague sense, but it's not something you can walk into court and cite, as you know, if your rights are violated, you can't just march in and claim this abstract right to privacy that the court articulated in the seventies.

Now, of course, our lawmakers can still write laws, right? Just because something's not in the constitution doesn't mean they can't address it through our legal system. And Congress has historically actually been pretty good, at least in the 20th century, about writing privacy laws. If you look at, there's pretty detailed laws about use of credit data, like data that credit cards and credit bureaus collect on us. There's pretty detailed rules and laws around healthcare information.

And Congress even at one point, went so far as to protect the privacy of cable television subscribers from having their information sold by cable companies. And at one time, because a journalist went and acquired some judges video rental history, they actually made it illegal for video stores to share people's video rental histories in the 1980s. So Congress can write these rules if it wants to, on top of our constitution. The problem is, in the modern era, as everything has become interconnected, they just haven't done so right. There is no comprehensive privacy framework for data in the United States, and there have been various efforts over the years.

And essentially, we are alone among industrialized democratic countries in not having some sort of a national level privacy law that just sets out what expectations and rights Americans have when a corporation collects information about us. And that's a huge problem in the 21st century, when so much of our lives are collected by these digital services, where there are just no firm rules of the road. Byron, one other thing I want to run by you and get your thought on or get your feedback on. And so the crypto community, the crypto part of cryptocurrency stands for cryptography. And so we are big believers in let's do everything we can in Congress.

Ryan Adams
And on the legal side to protect civil liberties, there's also some things we can do on the technology side of things, in particular, this encryption thing. So imagine the world where you have no fourth amendment protections for your data when it goes to the cloud. And that is not only true for the metadata, but also all of these companies can just read the contents of your email messages. Right. Fortunately, we have fought some wars in the past to maintain encryption.

I don't know if you ran across in some of your studies that the early 1990s and, like, what we call the kind of the crypto wars 1.0, where there's this thing called pgp encryption, pretty good encryption, and it was on the munitions list, export list. Like, this is a weapon type of technology, and we can't actually export it outside of the US and basically SSL, HTTPs. And this encryption technology was illegal. Fortunately, this kind of thing got overturned. But there were cryptographers like Philip Zimmerman who are actually potentially going to be brought to court over these types of things.

And it was kind of like the surveillance state pushing back and saying, no, we want to backdoor encryption, right? We want Clipper chip, and so you could do encryption in air quotes, but we just want a way to, like, see into it and we don't have to tell anyone else. It'll just be our kind of thing. So one tool, I guess I would say, in addition to the law and the Constitution and Congress and all of these things that I feel like is in the hands of the people, is actually encryption a defensive tool. And that's the reason we're so passionate about it, because it gives Max power to the defender.

And even the NSA, with all of their resources, cannot, like, hack and brute force attack something that is strongly encrypted. What are your thoughts on that? In general, the idea that part of the solution here is, let's just get cryptography in the hands of everybody. So maybe the protection that you're talking about on metadata is like, we encrypt the contents of our message. Maybe we can also encrypt the metadata, too.

And then it's not up to whether agencies can see it. They just have no ability to see it, so we don't have to trust them any longer. Do you have any thoughts on that take? Yeah, I think encryption is a very, very important tool for people who care about privacy, for people who want some security in their digital lives. Encryption is incredibly important.

Byron Tau
And it's funny, there's actually an anecdote in my book about this metadata encrypting, the metadata question, and it kind of worked out in a surprising way. So one of the things Snowden revealed in the slides that got leaked and in some of the news reports that were published were that essentially these ad networks that are on all of our phones were sending the metadata for ads unencrypted. So if you were tapping the Verizon telephone system or the international cables that connect continents, which the US government and, and its allies were, you could read all the metadata from ad networks. And so you could see when somebody opened angry birds, for example, or whatever app was popular at the time, just because when you open angry birds, it would send some message back to its server. And if you were in the right place and you could intercept the information, you could say, oh, this particular device opened angry birds right now.

That was just the power you had. That is so crazy. The fiber optic cables network. Now, after Snowden, a lot of these tech companies were like, the NSA is doing what? So they encrypted the transmission of metadata.

So a lot of these ad networks now don't send Internet information on the open web. However, at the same time, or around the same time as these companies were adding encryption, some very clever defense contractors figured out, hey, we could just buy the exact same information from a data broker. The data broker is now inside the ad network. They're seeing all the bids. They're seeing every time someone opens angry birds, we got to serve them an ad.

We're in the network and we want to bid on it, but we can actually save all the information that even if we lose the bid, we can save all the phones that are opening angry birds all the time. The government just started buying this. Data encryption is very, very important, but it doesn't sometimes solve the fundamentals, surveillance capitalists or motivations of some of these companies and these clever government agencies that find the exact same way to do something through a commercial arrangement. But I would say that for people who, especially on the content side, I use a lot of encrypted technologies. I love signal iMessage.

And WhatsApp aren't perfect. They are encrypted. Apple can't see your communications. Facebook can't see your WhatsApp communications. I do use protonmail frequently.

I have a Google account, but I try to primarily use an encrypted email account. None of these things are perfect, right? Your device could be hacked. You can lose your password. There's all sorts of.

You could be socially engineered. There's stuff. It's not a hundred percent panacea for everything, but it certainly will give you a lot more privacy and a lot more security than the alternatives. The funny part is that law enforcement complains constantly about encryption, and they say, well, it's going dark and all this stuff, but if you were to honestly give them some truth serum and say, are crimes easier to solve? In 2023 or 1992.

I think they would have to conclude that even if the criminal is using encryption, I'm pretty sure crimes are easier to solve today because there's just more information out there. Think about the OJ Simpson case. There'd be, forget the glove, there'd be logs from his nest thermostat and his ring doorbell. And the car would have logs about when it was turned on. It would be very possible to convict OJ Simpson today based on all the metadata that the smart homes and cars and devices all generate in a way that wasn't true in the 1990s.

So encryption is very, very important as a technology and a tool. And for people that care about their privacy, I would strongly recommend encrypted services. Byron, I think if you got them on that truth serum, not only would they say that they'd also confess to fully encrypting all of their stuff, they are using encryption. They are not going to allow their stuff to be unencrypted as well. I mean, they want these civil liberties, too.

That's exactly right. Actually, it's funny because when I was doing this reporting on the government's use of data brokers, I stumbled onto this amazing 300 page FBI document that was like an exhaustive list of how to opt yourself out of every data broker and how to set up your phone to be super anonymous. So government agencies, people that work in these government positions, they know darn well just how much information more than anybody. And they are enthusiastic adopters of opting out of data brokers and making sure their phone emits very little, if any, digital exhaust. Are there any just, like tips and tricks that you have?

David Hoffman
I know you talked about using protonmail using signal, but either other additional things that you use or things that you've heard, other people who are highly informed, any other tricks that you can care to share? Yeah, I mean, philosophically, I would say that if you're uncomfortable with the social bargain of paying in your data for services, then I would return the Internet to a more basic arrangement, which is just to pay for the service that you find valuable. I actually pay a few bucks a month for Protonmail because I think it's a useful and valuable service and it cannot monetize my data. It needs to survive in some other way. I donate a few, like two or $3 a month to signal.

Byron Tau
Again, this is a nonprofit organization. It's a tool I rely on. I want to support it, and I want to make, make sure that it's a thriving business. And a lot of these companies that collect data, actually, they're not necessarily evil. They're doing it because there is some public resistance to paying money for things on the Internet.

And it's not free to make software, it's not free to pay coders. It's not free to rent the server space. It's not free to have a lawyer and an HR person to draw up a privacy policy and to onboard people. None of this is free. I think there's this.

This sort of techno utopian notion on the Internet that, hey, we can all just have volunteers writing open source freeware. Well, that's not how it's shaken out over the past 30 years. So if you are uncomfortable with this world, I'm not saying that paid services never spy on you or never exploit your data, but it at least moves the Internet towards an arrangement where we've returned to the basics of capitalism, which is you give me something I find valuable and I give you money for it. Beyond that, I would just be generally careful about permissions. Permissions are very important.

You don't need to give every random app access to your location if you're in the Apple ecosystem. Apple actually makes it very easy to say, oh, okay, I want an Uber right now. I'll allow once, or I'll allow when I use the Uber app, but not 24/7 you can do that with your weather apps, or you can just type the location where you're at. So be careful about these permissions, because people. Why that's not standard is beyond me.

Right. And people are like, giving these random apps from who knows what developer access to their photo roles, their calendars, their contacts. I mean, a lot of that's valuable information. I mean, you may have some very sensitive things in your photo roll or on your calendar. If, you know, if you're a journalist, it shows who you're meeting with.

So do you really want to give some developer who. People don't have a sense that a human can look at it, but they can. If you give permission to some app to look at your calendar, a person could look, are they? Probably not, but they could. So being careful with permissions, I think, is super valuable.

And there's all sorts of ad blockers and VPN's. If you want to go down that rabbit hole, there's great resources for it. There's books by this guy, Michael Bazelle. The privacy community on Reddit is actually super active and is generally a pretty smart group of people. There are all sorts of places you can go if you really want to get advanced on some of this stuff, but the basics are just to be careful with what you put on your phone and definitely be careful about the permissions.

Ryan Adams
It's hard, though. It's bad user experience. It takes time. It's more difficult to do this. Right.

David Hoffman
Privacy is bad. Ux. This is why I think most people don't, and because we haven't seen, seen like the really bad experience of it being exploited in a way that feels very, very threatening, at least up to this point. So I think a lot of people just don't do it. I'm curious, at this point of the conversation, we primarily been talking about the US.

Ryan Adams
I was wondering, Byron, if you have explored outside of the US, right. So there's an element of, I don't know if it's worse in Europe. You mentioned maybe there are some better privacy rights there, but maybe it's worse in Europe. I don't know. And then I think about other countries like, man, if it's like this in the US, which at least has a history of protecting civil liberties in these ways, what's it like in Russia?

What's it like in China? Does not have a history of these types of things, or it's just kind of a constitution that approaches civil liberties anywhere near the same way. Do you have commentary on, outside of the bounds of the US, what's going on? I do, and I'm glad you asked. And I focus my book on the US for two reasons.

Byron Tau
One, as you say, we're a rule of law country, and we have historically protected civil rights and civil liberties by limiting government power. So, you know, I focus on the US because it's my home country, it's where I grew up. It's what I know the best. It's what I cover. But absolutely all of these things and all of these concerns are equally applicable to foreign governments, and in fact, are probably more applicable to foreign governments.

Now, if you're a dissident, if you fled an authoritarian country, if you have spoken out against an authoritarian country and you live in the United States, these foreign governments can get these exact same data sets. And the US government is very aware of this, that even as they use these datasets for their own lawful mission, that they are very, very, very concerned about how China and Russia and other adversaries can acquire data on our population. And that's why you've seen in recent months, the Biden administration and Congress both sort of take some very strong actions to try to crack down on the flows of data to these countries. And again, they can do the same thing to their domestic population. Right.

That authoritarian countries with good cyber intelligence programs acquire this kind of data. There's ample evidence of this, that other countries are aware of these capabilities. Israel is not an authoritarian country, but they do collect this data. There are three israeli vendors that sell it, and we don't quite know the extent to which they sell the ability to collect large amounts of, say, advertising data to other countries. But these vendors exist.

There's been reporting on them, and I've talked to plenty of other national security officials that say, yeah, China gets these data sets, Russia gets these data sets. Wait, can the data brokers sell the same information, like domestic information about us citizens? They could sell that to the US government. That's what this entire episode it's been about. And they're like, that's crazy enough.

Ryan Adams
You're not telling me those brokers can also sell them to foreign countries? Oh, yeah. What? Absolutely. Well, until recently, the Biden administration passed an executive order that says certain countries of concern, which I believe they're probably going to designate China and Russia and North Korea and a few others.

Byron Tau
There is a prohibition on transferring data to entities in those countries are connected with their governments or their sort of civil society. And so there are rules coming on this, but until very recently, perfectly acceptable for a data broker to sell to the Chinese Communist Party's ministry of state security or whatever. Now, maybe they wouldn't just out of principle, an abundance of caution, and honestly, probably the chinese government, if they were doing this, and they almost certainly are, according to my sources, would probably be a little more clever about. Right. They probably set up a company in Cyprus or in Singapore that they owned ownership stake in.

And the data would you contract with that company for advertising purposes? And then the data would flow to China after that, and the vendor would be none the wiser. But, I mean, as far as I know, there was no legal prohibition on selling this data to foreign adversary governments because it's a commercial product. Right. There's no restrictions on this data as of right now, unless you're talking about, like, video rental histories and some other very narrow categories of stuff.

But data that you've legally licensed and you've legally or sort of legally collected, I mean, that's. That's fair game in almost every circumstance. Maybe one more punchline that I'd like to leave listeners with is that in China, the CCCP has, like, a very different relationship with its own tech sector than what we have in the west. Like, it's a much more formal integration between the state of China and the tech sector of China. Like certain tech startups in China are actually just formally endorsed, supported, financed even by the actual government to help boon their own GDP and capitalistic growth and capitalism over there.

David Hoffman
But also, these are basically close to state run facilities, just with some capitalism also built in. So very formal, intimate integration between China's tech sector and the government and. Why are you laughing, Ryan? I think I know what you're about to ask. David.

Ryan Adams
Go ahead. Yeah. Well, inside of the United States, we have a little bit more freedoms, a little bit more protections, a little bit more laws, separation. There's a separation of Silicon Valley and the United States government. Famously, like, these two entities don't really like each other, but also nonetheless, with these, like, data broker middlemen, with all of these capitalistic incentives, the United States has just like, one of many buyers of data.

David Hoffman
I'm wondering, is there really all that much of a difference between the United States government and the tech sector and what China has? It's like, do we have the same thing just with extra stuff? Yeah, exactly. It's actually a great question, and it's one I've thought a lot about. Now, the caveat is I'm not an expert in China, but I've tried to do a little bit of reading as a layperson and a researcher about how things work there.

Byron Tau
And if anyone's interested, there's an excellent book by my former colleagues at the Wall Street Journal called surveillance State. I think it's Josh Chin and another colleague of mine wrote that book. And basically the thing I think is happening here is that the amount of data on the average chinese citizen, the average american citizen probably isn't wildly different. And what's different about China is that it's taken a step of taking all this corporate data and forcing or compelling these companies to weave it in one giant database. And they push that straight down to the level of.

Of the local public safety police departments. Now, America has a lot of data that's out there for sale on us, but more data in America is locked up in private databases. And not every company sells data on its users. Many companies, while they have data on their users and could turn it over upon request or upon getting a court order, they don't just blanket give it to the government. Google doesn't give backdoor access to everyone's Gmail account to the United States government.

Now, it has to comply with certain warrants. The government can go get that data under certain circumstances, but it's not just a data dump. So America hasn't quite gotten to the point of weaving together these huge amounts of databases, and it certainly hasn't gotten to the point of just pushing it down to officer friendly at your local precinct station. And the other thing that's important to say is, while we are trending in similar directions on data collection for public safety and intelligence, America is still a rule of law country. It's a democracy.

China is not. China's an authoritarian country. It's credibly been accused of genocide and Xinjiang. And so we don't want to compare kind of the systems directly. We just want to talk about sort of data collection.

And so there's no moral equivalence between these countries. But, yes, the trends are not that different. We are trending towards governments having more power, more information, and for citizens to be subject to much more monitoring than historically they have been. Byron, this has been great. As we start to close this out, I just want to get your insight into some of the challenges we're maybe facing in crypto.

Ryan Adams
I know that financial surveillance is kind of a subset, like a narrow subset of all of the different surveillance that you cover. You talk about communication surveillance, obviously location surveillance, all of this various metadata. But financial surveillance is kind of top of mind for crypto. David was mentioning the bank secrecy acts earlier and obviously as continuing to squeeze and constrict. And one thing that we often talk about is, with the world of digital money, we don't even have the same privacy protections as we did with cash.

Like, cash is going away. But think about what you actually had with cash. Number one, it was peer to peer. You didn't have to go through a third party at all. And also, it was private, right?

So, like, no one kind of, like, knows whether I gave you a $20 bill or not, it's completely private. And you lose that when cash is converted into sort of the digital realm. So part of what we're trying to do is preserve some of that freedom in crypto, but we forgot to do one thing, which is make the blockchain itself completely private. And so we've run into this situation where we actually, we have our own set of data brokers where if I'm, like, moving around bitcoin or if I'm moving around some ether and all of my transaction activity, it's actually on a public ledger. Like, you can go see now I'm pseudo anonymous, so no one necessarily knows it's me.

But a whole bunch of parties do. So, like, the exchange that I'm using do. There's companies data brokers like chainalysis that you were talking about a digital dossier. I'm sure they have a digital dossier of everybody listening to bankless right now in terms of, like, at least a user id. Maybe they don't know your name, but they probably do.

And they know your assets, they know your transaction history. Like, we've leaked all of this data. And, Byron, in the places that we have tried to preserve encryption technology, so privacy layers, we have open source developers actually getting arrested, almost like Philip Zimmerman style, cryptowars 1.0, basically court cases saying you can't encrypt, you can't have peer to peer transmission of value of data. So there's a court case called tornado cache. Now, I don't expect you to be familiar with all of these details, and of course, because this is sort of deep bankless topic.

But I'm just wondering, do you have any, I guess, advice for us? Do you have any just thoughts to kind of leave the crypto community with, with respect to financial surveillance and. Yeah, and just any thoughts on this? Well, it's funny you mentioned chainalysis because one of the, I think the founder of it actually came out of one of the programs I write about in my book. I think he was working with the FBI on one of these data broker programs right after 911 and moved into the crypto space.

Byron Tau
Yes. So, you know, it's a very, very good question, and I'm not a crypto guy. It's not a topic I'm deeply familiar with. But I have thought a lot about financial privacy and the ways, as David said, about the Bank Secrecy act, the ways in which over the last 50 or 60 years, people have been conditioned to give up their financial privacy and to not have any expectation in the financial like that their financial transactions stay private. And that's been supercharged by technology like venmo and instant transfers and all sorts of other things.

And so it is a demonstration of the fact that over time, if people don't sort of assert these privacy rights, if they don't push back, if civil society doesn't sort of stand up and challenge some of these things, that, yes, an entire industry, an entire aspect of people's lives can be swallowed up and no longer do people have any real expectation of privacy. And in 2024, if you say that you think the Bank Secrecy act or the requirement to file a suspicious activity report is privacy violation, you're largely seen as a crank. But, you know, by and large, this is true, that our financial privacy has been sort of whittled away over the years, and the same thing could happen in other aspects of our lives. You know, you have seen pushes from companies who want to scan people's devices or run algorithms on people's email accounts and geofence certain places and deem everyone who enters sort of suspicious. All of these things are things that today civil society pushes back on.

But in 2030 years, I wonder what the state of privacy will be in these other areas in our society. So I think that's the big picture. Thought I have on that question. Overall, Byron, understanding what you know and having learned, what you've learned, just are you optimistic or pessimistic about just the future of our rights as users, as Internet goers, as individuals inside the United States as it comes to privacy? You know, it's a good question.

I mean, by nature I'm a cynical person. And if you look at the long arc of the ways in which governments access data, the ARC bends towards government access to data. At the same time, these are real social questions that I think we as a society need to ask ourselves. And I do think the fundamental civil liberties and civil rights issue of the 21st century is going to be where do we set the dial on government access to private stores of information? Right.

I don't think the correct answer to it is to set it at zero where the government gets access to nothing. But also setting it at 100 isn't acceptable either. And so where you draw lines, what rules you put into place, how companies and governments and civil society and citizens all make choices about where they put their data and what rules are required and what procedures are required to access it. These are very, very important questions, and I think my book was aimed at prompting a discussion about them, but I don't have great answers. Well, Byron, you did a fantastic job.

Ryan Adams
That's really the first step in this battle for hearts and mind is just make people aware, just educate them on what's going on. Hopefully they can kind of see the trade off and fight for privacy in the officials they elect and the laws they support and this kind of thing. So thank you so much for doing more of that today and educating the folks at bankless. We greatly appreciate it. Thanks so much for having me.

Bankless nation, the book that we talked about today is called means of control, how the hidden alliance of tech and government is creating a new american surveillance state. Absolutely a fantastic book you have to check out and send to your friends. And I will end with this. As usual, crypto is risky. You could lose what you put in.

But we are headed west. The future is in crypt. At least I hope it is. This is the frontier. It's not for everyone.

But we're glad you're with us on the bankless journey. Thanks a lot.