So It Turns Out, #11: What Do You Believe that No One Else Believes?
Wherein we discuss state formation and war
Hi,
(And welcome to the folks I just added to this list — hopefully you think it’s interesting!)
So here are some things I’ve been thinking about over the past few days:
State formation, rough consensus, and running code
There’s a game that you hear about, sometimes, in tech circles — asking someone in a job interview “What do you believe that very few other people believe?” The reference class matters a lot: globally speaking, something like 0.2% of people share my religion, but I don’t think that’s what the question is about. Rather, it’s the sort of question that reveals something about the questioner; startups are (generally) contrarian bets, so it’s good to know if your potential employee wants to be contrarian.
So, let me put this question to you, dear readers: what do you believe that few others believe? Setting aside the aforementioned ethnoreligious reference class, as well as a few interesting but commercially confidential nuggets of insights on various industries, here’s one thing I believe: states tend to make themselves weaker to survive crises, not stronger.
That belief, by the way, goes against the vast majority of political science literature. Charles Tilly made his career arguing that war made the early modern state, and drove state formation, arguing famously that “war made the state and the state made war.” The argument, in shorthand, is that (at least European) states went on a particular trajectory because they needed more and more resources to compete with each other and have the ability to win wars. Gathering those resources required a transition from feudal states where rulers could outsource work to vassals but got lesser resources in return, to something resembling the modern state, able to marshal the people, technology, resources, and bureaucratic capacity to plan and win wars. It’s fair to say that while this argument is contested, it’s still sort of the default assumption in lots of academic and policy circles. It’s also especially intuitive for Americans, who saw our rise to Great Power status roughly align with a rise in most of those factors, too.
But the argument isn’t (entirely) about whether nation-states can Get Big in some circumstances — it’s about whether, in general, states give up more for the long run to its domestic counterparties than they get in return to meet short-term survival needs.
Take a toy example: the King of the Realm of Awesome is about to go to war against his cousin, the King of the Land of Evilness. But the King of Awesome needs to raise an army, and his existing vassals’ swords are all rusty, with the exception of the Duke of Preparedness, and the Royal Treasury is already overstretched. The Duke of Preparedness, naturally, wants to serve his liege, but is reluctant to outfit troops that aren’t his, unless he gets some tax exemptions or domestic trade monopolies later on. The King of Awesome, fearing what would happen in battle against the King of Evilness, gratefully accepts.
The normal political science answer, the thing everyone believes, would then be:
And then after the war, the King goes and kills the Duke and takes all his stuff, forces his children to listen to the King’s bureaucrats and courtiers, and becomes even more powerful than before. After all, the King raised an army for the war! He can use that army now to do stuff, right?
I need you to understand that, empirically, this tends not to happen in most states throughout history. Rather, the result tends to be:
The King ends the war with a little more land, a lot more debt, and a bunch of nobles who can boss him around into signing Magnas Carta or giving a monopoly on coinage to the Bank of The Bankers of Awesome". And a generation later, the King’s son finds himself governing little more than a small duchy, though he does still have a nice crown.
*************
But we’re modern citizens, living in a post-post-modern state (if you’re not post-post-modern, you’re not paying attention). So what does this have to do with us?
Well, in the era of The Thing, rather a lot. Before I get to the big implication for why this crisis is weakening states, you need some context on what people are already doing.
While opinions vary about efficacy of different responses to The Thing, lots of nation-states have deployed extremely Seeing Like A State solutions to enable contact tracing — figuring out who infected individuals have been in contact with through centralized solutions, such as:
China appears to have used a bunch of solutions, including apps that gave you a red, yellow, or green rating depending on who you’d been in contact with. My sense, though I’ve seen very limited technical reporting on this, is that the apps relied on both cell phone location data, as well as individuals scanning QR codes as they moved around (e.g., scan a QR code before you enter a restaurant or board a subway; since QR codes are heavily used in China for payments already, this was pretty natural). It’s less reported, but appears to be the case, that they also had tons of folks doing extremely manual contact tracing, in addition to the apps.
Israel apparently launched multiple efforts to use cellular phone contact tracing capabilities that they previously had developed for use in national security roles, including (though reports in English-language press are a little confusing) some sort of cell-phone location data.
Singapore, by contrast, launched an open-source app called TraceTogether, which uses Apple and Google’s existing Bluetooth APIs to track what phones your phone was near, and provide that information to the Ministry of Health upon a positive diagnosis and the user’s consent to release that data to the central server. Bluetooth is neat — it offers the best location data, and can even tell how close you were to others (based on how strong the signal it received from another person’s phone was). Apple and Google only let you use it for this stuff if your phone is unlocked, however.
Except, all of these have problems:
It turns out that, well, lots of countries don’t want to build a centralized database where everyone’s contact details are in there, worrying about such casual risks as “what if we create a centralized totalitarian surveillance state forever by accident,” or “what if our infection alert system is used by vengeful survivors to hunt down the people they think got their loved ones sick,” or even “what if we screw up, and don’t ship something people are willing to use, and so a lot of people got sick who could have been saved.”
If you’re trying to do manual contact tracing, you need literally hundreds of thousands of people, with estimates ranging from 100K to 300K for the US. So you’re gonna want to automate (training 100K people to do contact tracing in a short term is a Non Trivial Problem).
If you’re trying to get people to use QR codes, good luck in a country where they’re not already adopted (having a database of every location people go, and getting a unique slip of paper taped to its front door, is a Very Non Trivial Problem).
If you’re doing contact tracing by cell tower data, you can just demand your national telcos comply, in basically any country, but you don’t have super high resolution on that location data (the FCC estimates 3/4 of a mile; it’s probably more useful to track a specific person who you already know is infected, than to figure out which people encountered that person). I would also note that some of the reports assert that the Shin Bet has a ~10 foot radius on its data — maybe they’re combining cell phone data with some other sources of data to improve the resolution.
If you’re trying to use Bluetooth — which has the most granular position data of any of these — you have the problem that iOS and Android phones, as a general rule, limit the ability of 3rd-party apps to use Bluetooth except when the phone is unlocked and the app is in the foreground (i.e., taking up the whole screen). So it doesn’t work when the phone is, for example, locked and in your pocket, or even unlocked when you’re looking at Instagram instead. Which it presumably is most of the time. And these were architecture decisions made many versions ago, mainly because lots of governments were concerned about privacy on mobile devices.
So if you want to actually solve the problem — you’re gonna need one hell of an answer on how to do this in a decentralized privacy-preserving way, AND Apple and Google’s buy-in to do it while the app is closed, AND nation-states working with you.
So it turns out that a bunch of academic cryptographers and privacy researchers — at MIT, Stanford, and a bunch of European universities — pretty quickly converged on a fairly common set of answers for how to do this with Bluetooth and some crypto wizardry. And Apple and Google more or less took and tweaked those answers, and shipped a draft specification for how they planned on implementing it in Bluetooth, while preserving privacy, and keeping a decentralized approach.
But, oh yeah, nation-states. There’s three approaches:
The Germany approach, best described as, “oh cool, thanks for shipping this, we’ll just build on top of your thing now.”
The France approach, best described as, “I don’t want to, just let me use Bluetooth when the phone’s locked, and let me use a centralized protocol that allows me to identify users without their consent.”
The UK approach, which can be described as the French approach + even stronger assertions of the need for a central server with everyone’s data, resulting in amazing statements by otherwise-credible UK interlocutors such as NCSC’s Ian Levy writing things such as government such as:
In what follows, I use the word 'anonymous' in its security sense. That's different to the definition under GDPR and other law. The proper legal descriptions of the data we use are in the Data Protection Impact Assessments, which will be published.
Needless to say, not exactly convincing (though I very much feel his pain, here — GDPR sometimes feels like it was written by Klingon auditors who had never heard of the concept of software engineers, translated by lawyers into Latin, and then quickly whipped up into English through a last minute visit to translate.google.com).
And more importantly, unless Apple and Google both reverse their previous stances on Bluetooth and medical privacy right quick, and get everyone to install new, less private versions of their operating systems, pretty darn irrelevant, too.
*************
So, we’ve got a bunch of nation-states. They’re in a crisis. They need — or believe they need — really cool whizbang phone tracing stuff in order to meet that crisis. And despite years of blustering demanding that Apple and Google weaken their security to make it easier for law enforcement backdoors or national security surveillance or whatever, it turns out that in a real crisis where they need tech to do what they want, the only real functional answer is: Do what Apple and Google want, or go hat in hand to Apple and Google to ask them for something different.
Apple and Google, in other words, have a strategic hole card — the ability to ship, or not ship code to the devices most citizens use. Sure, nation states can hold guns (literal or metaphorical) to their heads, but what are they going to do, really? Even if they made Apple and Google change their mobile OSes, how would they get everyone to install it? (Even Singapore is having trouble with getting people to install their app). Code isn’t just law; what code you can get to run is determining material facts on the ground. And whether or not France and the UK like it, I suspect they’ll go the way of Germany, as well.
We talk a lot around here about the Crypto Wars — the desire of nation-states to force Apple and Google to come up with some unspecified solution to the “problem” of cryptography allowing you to share private thoughts and have them stay private — and the recurring efforts of nation-states to paint tech as the bad guy. This is a long-term goal they’ve had for decades! Well, after this crisis, assuming this tool works (fingers crossed), everyone will see Apple and Google saving the day, while protecting everyone’s privacy. How do you think the next round of the Crypto Wars between tech and nation-states will go, then?
Personally, I wouldn’t bet on the nation-states.
*************
(Note: it is especially important to me in this context that you understand that I am not recommending for or against the use of any contact tracking solution, but just trying to explore the solution space here as related to potential trends. You should throw many, many lawyers, civil rights advocates, privacy engineers, regulators, etc. at any discussion, much less any decision, related to this topic at all. Seriously, don’t screw this up.)
Advances in pedagogy, Zoom edition:
When in doubt, fight everyone:
It is important to me that you see these glowing dolphins:
And that you please enjoy this cub in a tub:
Finally, please respect your cat if he levels up in this challenging time:
Other news:
Should I ever resign on principle from a job, I could only hope to have my employability described this way.
Next time, on Dave Kasten:
Wherein we discuss the inexplicable deliciousness of the Trader Joe’s dessert labeled simply, “Party Cake.”
Disclosures:
Views are my own and do not represent those of current or former clients, employers, friends, or my cat.
I may on occasion use Amazon Affiliate or similar links when referencing things I’d tell you about anyways. As an Amazon Associate I earn from qualifying purchases; I donate the proceeds to charity. While Substack has a paid subscription option, I don’t have any plans to use it at this time and anyone who gets this newsletter now surely won’t be ever paying for their subscription.