Mumbai: Richard Stallman , president of the Free Software Foundation, is best known for having launched the free software, mass collaboration GNU project. However, despite being a veteran techie, he does not use a mobile phone, surfs the Internet anonymously for fear of compromising his personal data in cyberspace, does not purchase goods online and discourages the use of paid software and proprietary data formats. In an interview on Monday, Stallman said he believes that while the state is essential to society, its snooping can pose a bigger danger to individuals than terrorism. He also insists that companies have no business tracking people, and fears that the so-called Internet of things, which envisages more and more devices getting connected online, will only add to unwarranted surveillance by the state and companies. Edited excerpts:
Surveillance is on the rise. China has its Great Firewall, the US has its National Security Agency (NSA) and India has its Central Monitoring System (CMS).
China has its Great Firewall, which is a censorship system and horrible form of surveillance that requires identifying every Internet user. This is what enables China to punish anyone who says things they don’t like. India has the same system and that’s not acceptable.
I’ve been told, for instance, that anything said online which offends religion will be removed from the Internet. It’s intellectual censorship, the worst kind of censorship. The US has lots of surveillance and some censorship too. The worst part of US censorship is in the name of copyright. Surveillance violates human rights, privacy. It is incompatible with democracy.
But governments say they track records, phone calls, etc., since they have to protect their borders and individuals from terrorists.
Terrorists are a secondary danger. The state itself is the biggest danger. It is more powerful than anything else. If it runs amuck, it can do far more damage that any group or entity or even more than what an underground terrorist can do. But the state is essential for many purposes, so we have to maintain democratic control over the state so that we ensure that it doesn’t commit crimes, that it respects human rights, and so on. However, the state tends to do things secretly. So how can we control it when we can’t even find out what it is up to?
Tell them not to do that customization. Those companies have no business tracking people. Their real reason is to profile people and sell the use of those profiles. I don’t let websites find who I am. I surf the Internet from computers that are not mine, that are used by other people also. I also do not give my name anywhere.
How do you purchase goods online?
I buy almost everything I want from physical stores and I pay cash. If I can’t do that, I ask my friends to order it online.
Going by your logic, you’re putting him or her in jeopardy.
These are people who regularly do that. I don’t encourage them to purchase goods online. I would encourage anyone to join me in paying cash. But I have friends who do think like me. I’m not causing them any harm if I cause any confusion in their digital dossiers by using their account to pay for online goods.
This, however, is clearly not the best solution. So we need an anonymous way to pay for website services. If you contact a website through an anonymous tool like Tor (a system that uses proxy servers to allow users to surf anonymously), all you have to solve is the problem of anonymous payment. And that, too, was solved in the 1980s when David Chaum invented digital cash (Chaum was the inventor of many cryptographic protocols, as well as ecash and DigiCash).
Will the Internet of things, where companies talk about connecting all devices, compromise privacy further?
This word (Internet of things) is dangerous. I don’t want my computers being connected.
Has something gone wrong with the way the Internet was originally conceived?
Yes. First, there is non-free software that users don’t control, and the owner controls the programme. And the owner is very likely to spy on users today. Second, when the Internet was conceived, it was about peer-to-peer networking. Today, it aims at connecting users to servers, and this gives rise to many abuses such as surveillance. There is surveillance at the server and ISP (Internet service provider) level. Surveillance is also being extended to mobile phones, which is why I don’t keep one, to cars and even to people’s movements. With facial recognition, I expect the government to increase its surveillance.
In this context, you must have heard of India’s Aadhaar card, which has used biometrics with the help of eye and fingerprint scanners and a facial recognition system.
This is very dangerous. In general, biometrics and national identity numbers and cards, when used for a number of purposes, are a threat to human rights. Mere listing of a national identity number, as they do in Brazil, results in coordinated surveillance.
What’s the way out then?
There’s a phrase: Who watches the watchman? Now we know that whistleblowers do that. There’s a good example in (Edward) Snowden, whom I admire and thank. But the state tries to persecute whistleblowers, which is why we have few heroes like Snowden who reveal what the state is up to. So we must reduce the level of surveillance by the state so that it cannot find whistleblowers. This is essential to preserve democracy. If a state can reliably tell who has spoken with you (referring to journalists), then a whistleblower can’t work by talking to you. If the state can find who talks to you, that’s too much surveillance.
How do we get surveillance below that limit? Will a privacy law help?
The usual proposal is to limit the state from accessing digital dossiers. This won’t work because if the state labels whistleblowing as a crime, it will anyway have the authority to look at the dossiers. Once data is collected, it will be misused. We must, therefore, not collect the data. We must redesign digital systems such that they do not collect data. Hence, the telephone system must not know who talks to you. It must not record it.
You believe that redesigning digital services will also help alter the situation.
The standard design approach of companies is to log as much as you can. This is not only for snooping purposes. It’s considered good design because if there’s a failure, you have all the information about why it happened. So I understand why engineers design in such a manner. But most companies want to collect data about people and facilitate the use of that data.
Privacy requires just the opposite—collect as little data as possible, keep the data for as short a time as possible, and keep the data localized so that it’s not accessible and not collected anywhere.