Danny Weitzner: What we realized with the web is that for better or for worse, we in fact, have entered what might look like a panoptic world, a world in which maybe not everything that we do, but so much of what we do is is recorded. The idea of somehow putting that genie back in the bottle, or somehow wrapping up all that data in a confidentiality framework, became obviously impractical, if not impossible, so what it pushed us to think about was a different approach to privacy, which I would actually argue is grounded in some early areas of law. But it’s an approach to privacy that emphasizes accountability. 

Noshir Contractor: Welcome to this episode of Untangling the Web, a podcast of the web science trust. I am Noshir Contractor and I will be your host today. On this podcast we bring in thought leaders to explore how the web is shaping society and how society in turn is shaping the web. 

Our guest today is Danny Weitzner, who you just heard talking about privacy on the Web. Danny is a 3Com Founders Principal Research Scientist at MIT Computer Science and Artificial Intelligence Laboratory. That’s CSAIL for short. He’s also the founding director of the MIT Internet Policy Research Initiative. His research interests include accountable systems, privacy, cybersecurity and online freedom of expression. Danny was the U.S. Deputy Chief Technology Officer for Internet Policy in the White House under former President Obama and also led the World Wide Web Consortium’s public policy activities. He is a recipient of the International Association of Privacy Professionals Leadership Award (in 2013), the Electronic Frontier Foundation Pioneer Award (in 2016), and was named a Fellow of the National Academy of Public Administration (in 2019). Danny is a proud founding member of the Web Science Trust and will be a keynote speaker at the upcoming 2021 ACM Web Science virtual conference. Welcome, Danny.

Danny Weitzner: Thank you, Nosh It’s great to be with you.

Noshir Contractor: Thank you so much for taking time I want to start, of course by remembering and going back in history. You were one of those who were there at the start of the entire web science movement. And as I just mentioned, you were a founding member of the Web Science Trust. And so take us back to how this all began. 

Danny Weitzner: Thank you. And this really takes us back to 2004 and 2005, when Professor Wendy Hall, Professor Nigel Shabbat, and Professor Tim Berners Lee and I, shortly thereafter, joined by Professor Jim Hendler, got together, and frankly realized that the web didn’t quite have a place in computer science academia, and even more so didn’t quite have a place in the larger social science and humanities research communities. So the web by this time, of course, had an enormous impact on society. Much more was yet to come. But we knew because of really both Tim’s invention, and because so many people gathered around the web so quickly, that this was a world changing technology. But what we realized was that, oddly enough, computer science didn’t think the web was all that interesting at the time, because it was actually quite simple technology, elegantly designed, of course, but not not pressing the state of the art of any established field in computer science. 

And at the same time, we knew that the way that the web was designed, and the way it was being adopted in societies all around the world, were creating enormous questions of privacy and cybersecurity and equity of access and the nature of democracy and the future of work and on and on and on. Coming from a computer science and a law background, we didn’t feel we had the tools to really wrestle with those questions. So the founding of web science was in some sense, a simultaneous play to both the social science community to help us understand the impact of this extraordinary invention, and the computer science community to focus its attention on how we should be designing the web and related technologies going forward in order to meet society’s most important goals.

Noshir Contractor: Let’s start by talking about what your focus has been largely in the area of combining web science, and the computer science aspects of it with, with the law, and in particular, with privacy issues when we think about technology and privacy, one of the things that has gone into the public sensibility is Michel Foucault’s notion of the panopticon where you now have the ability to watch everyone everywhere, all the time, But I also wanted to note that you have spent a lot of time on another concept that Michel Foucault brought up, that doesn’t get quite as much attention. And that’s the concept of countervailance. So tell us what are the differences between panopticon and countervailance and how both of these are important for web science?

Danny Weitzner: Sure. You know, I think that what the web crystallized, for us, is a recognition that to a first approximation, almost every action of significance is going to end up being recorded digitally somewhere available for access, available for analysis, and available for reuse. What we realized with the web is that for better or for worse, we in fact, have entered what might look like a panoptic world, a world in which maybe not everything that we do, but so much of what we do is recorded. And it’s often recorded for good reasons, because we get some value out of it. We write messages in email, because we want to communicate, we record our fitness data because we want to monitor our health. The idea of somehow putting that genie back in the bottle, or somehow wrapping up all that data in a confidentiality framework, became obviously impractical, if not impossible. And so what it pushed us to think about was a different approach to privacy, which I would actually argue is grounded in some early areas of law. But it’s an approach to privacy that emphasizes accountability. 

This is where we come to focus on the idea of countervailance or surveillance. Because we can’t lock up all of our personal data perfectly to prevent misuse, what we instead have to do is actually surveil how that data is used, actually monitor how that data is used and by whom, and make sure that the rules that we want to live by are still respected. Our challenge now is to understand how to enforce those rules. The other side of web science has made, I think, a very important contribution to our work here, as well. That’s really the social science methods that we’ve been able to deploy to understand the impact of different kinds of privacy environments on people’s behavior. One of the critical privacy harms that we have to insure against in this increasingly transparent world is the risk of creating chilling effects. The very worst thing we could do on the web in our society, is chill people’s behavior and make them feel that if they interact too much in public, if they shared their thoughts too much, that somehow there’ll be negative repercussions for that. Tthe ultimate irony of the web, which is all about opening up information,would be if the result was that everyone went off and hid in their corners. We’ve taken this approach of trying to protect privacy through greater accountability, number one, and number two, to try to really understand the nuances of how people’s behavior is affected one way or another, by privacy. 

Noshir Contractor: So on the one hand, where panopticon was saying pay attention to the prisoners,  countervailance is saying pay attention to the prison guards.

Danny Weitzner: That is exactly right. We know that, particularly in the world today, where so much of our data is held by really a relatively small number of very powerful private organizations. I’d say still, we have not yet cracked this code of providing adequate accountability, either from a technical perspective or from a legal perspective. You know, it’s one of the things that I think we didn’t anticipate even in the mid 2000s, and certainly not, I think, when the web was initially designed. The web was meant as a great decentralizing force. And, of course, what we now have, at least in some arenas, is an extraordinarily centralized set of forces. That I think remains one of the great challenges really for web science.

Noshir Contractor: I’m reminded that, at least at one point, you were the head of a group at MIT called a decentralized information group, that was DIG for short.

Danny Weitzner: That’s right. I’ll say with a bit of humility, that we probably placed too much emphasis on the power of technical architecture to control social outcomes. Many in the internet community and the personal computer and computer community generally thought that if if individuals had information power in their hands, that we would end up in an almost a kind of decentralized nirvana where where power was radically distributed, and large institutions wouldn’t be the kind of threat that we see them as often. And I think we’ve just candidly got that wrong. And in a way it took, the attitude of web science to recognize why that was the wrong perspective, why that was a an overestimation of the power of technology and underestimation of all the social forces that determined the context in which that technology was was really used.

Noshir Contractor: You mentioned, Danny, that countervailance is something that should be embraced by these few private organizations that are controlling so much of our data. Can you talk a little about what active transparency would look like? 

Danny Weitzner: So really, accountability, through  countervailance requires a very thorough record, a log, an audit trail, you might say, of all the uses of personal information. And it requires the ability for independent third parties, which might include individuals, but probably needs to be more robust organizations, to actually assess how that information is being used. 

As an example, we did a piece of work a piece of research with some colleagues of mine who work in cryptography, and theory of computation. And the case study that we took was the example actually of electronic surveillance conducted by governments for good reasons. When governments do a wiretap or or surveil criminals’ email or something, we want that activity to be secret, at least from the criminal, otherwise, the surveillance doesn’t work very well, and law enforcement aims are thwarted. But at the same time, we want to make sure that the police who were conducting those surveillance activities are actually following the rules, they’re only getting the information they’re entitled to get, are only using it for purposes related to the actual criminal investigation. And so we developed a cryptographic technique using zero knowledge proofs, and certain kinds of public ledger technologies in order to keep the computational processes secret, but at the same time record enough of them in a publicly visible way that you could prove to the public, that the police were actually conducting this activity using this very intrusive power in a way that was that was accountable. The same kind of thing you would want to see in lots of private sector contexts.

Noshir Contractor: Well, this is going to be a good challenge because it’s almost like we see an adversarial arms race between  the private companies that own a lot of this data, and privacy activists who are trying to challenge them. 

Danny Weitzner: That’s right. It’s again, where the two sides of web science, the ingenuity and system design, and insight from social and behavioral science really need to come together. Because we have to understand the larger picture of accountability that we’re trying to produce the kind of human behavior, the kind of institutional behavior, we’re trying to incentivize, and then figure out how to build the right systems to help that happen.

Noshir Contractor: Absolutely. That is very exciting for a lot of us in social and behavioral sciences to be thinking about those issues. I also want to take us back, as you have in your writings, back to Ben Franklin, who was the first postmaster of the US and the newspaper publisher, and had a key role in making our communication infrastructure, a provision for that infrastructure written into the constitution. Can you take us a little bit from there, and how it then led to all of the recent regulation and policies associated with what we know about the web today?

Danny Weitzner: Yeah, Ben Franklin, as the revolution as the American Revolution was happening, recognized that, we had to figure out how to knit together these 13 colonies, which had quite a bit of diversity to them, and quite a bit of distance separating them. It was for that reason that he persuaded his colleagues, the other founders, that creating a system of public post roads was an absolute priority. And this was in marked contrast to the European postal systems at the time, which were his reference point. These were mostly available to the royalty and privileged members of society. And Ben Franklin said that, oh, this has got to be a public service available to everyone, and most importantly, without discrimination as to content. So he really was, in some ways, the first American network architect. And secondly, he envisioned how this network of post roads could actually create a vibrant free press. Because of the intricacies of the way the postal charges worked, he realized that he had a way to give postmasters a particular advantage in being recipients of information. The newspaper names even that we’re used to, the New York Times, well, that was the times at which the ships arrived, the Washington Post — the reason that postmasters became newspaper publishers, is they got their mail for free. So it meant this network of postmasters could exchange information all around the country, and then publish it in their newspapers. And what they actually did is they sent each other their newspapers back and forth across these post roads. Franklin in this way, built a network that not only enabled the movement of physical goods, but enabled the movement of ideas.

Noshir Contractor: And so we come from there to also the provision where,the information providers or the platforms if you were not necessarily liable for what kind of content was put on some of these platforms. If you come to the 1996 communication decency Act in Section 230, in particular, tell us about what was the original thinking behind that, and how that may or may not have changed in today’s world,

Danny Weitzner: The carriers, the internet platforms, that included everyone from internet service providers to web hosting providers to the current internet platforms that we know of, today, social networks, Twitter, Facebook, Google, etc. Section 230 provided that these platforms would number one, not be liable for the speech of their users. So that if I get on Facebook, and I insult someone, that person might be able to sue me if my insult was sufficiently harmful, but they the person cannot sue Facebook. 

I was at the Center for Democracy and Technology at the time, very much in the middle of Congress’s debate about how to approach the internet. What what a number of us realized was that if we really wanted these platforms to enable robust free speech, we couldn’t put the platform’s in the position of having to monitor and assess their potential liability for every single piece of information that flowed across the network, exactly in the same way, as you suggested Nosh, that if we told postmasters, they were liable for the contents of every message ever, every letter that they carried, then the mail would come to a halt. 

But Section 230 also did something else, which is very important. It also said that, if platforms take steps to remove content that might be considered by their users to be offensive or harmful, for whatever reason, that they would not be liable for those actions. And that was a very intentional design, to encourage platforms to create environments that would would suit the communities that were using them. We knew we couldn’t possibly have one single content standard, to govern all the information on the internet, it just would be too complicated. What we envisioned was that there would be many different platforms, each of which would perform this kind of function and create environments that was that were targeted to different audiences. 

Now, what we didn’t envision, as we talked about before, is that we would only have three or four platforms at any one time. In the early 2000s, not long after section 230 was was enacted by Congress, there were over 8000 Internet Service Providers just in the United States, and literally hundreds and hundreds of web hosts. Again, the early days of the internet was a much more decentralized, less concentrated environment. Today, it’s reasonable to ask what we should be expecting of these dominant platforms when it comes to speech, but I still think the underlying goal of Section 230 as a free speech protecting rule remains every bit as important now.

Noshir Contractor: Indeed, I want to turn our attention now to some more recent work that you’ve been doing in the context of the public health pandemic, trying to understand how we reach a balance between privacy and public health. And your project which is titled Private, Automated Contact Tracing or PACT for short can you tell us a little bit about how this would work in terms of balancing public health, good and privacy of the individual?

Danny Weitzner: To begin with, just to set the context, we’re now a little bit more than a year into the pandemic, and just a little more than a year ago, my colleague at MIT, Ron Rivest, who’s really one of the world’s leading cryptographers, and an extraordinary computer scientist, came to me and said, we need to figure out whether it’s possible to do privacy-preserving, contact tracing. It was understood even then, in early March of 2020, t hat because COVID was an infectious disease, deploying the traditional public health approach of contact tracing was critical — that once you find a case, you have to very quickly figure out who else might have been exposed to that individual and make sure that they quarantine or take appropriate steps both to protect themselves and to to limit the spread of the disease. 

What we saw at the time, was that the countries that were hit with COVID, first, that just happened to be in Asia — China, Taiwan, South Korea, others, some of these countries very quickly adopted, very innovative, but very intrusive, smartphone based surveillance techniques. After the pandemic started in China, in order to travel around it all, you had to have a kind of a COVID pass, which showed that your, your risk of exposure was limited. And this was all based on a highly centralized system that Chinese public health authorities built in order to detect who might have been in close proximity to someone else who had been tested positive for COVID. And these were all systems that were used, that were developed. using the GPS capabilities of our smartphones. That is they were location based systems. 

We realized that it was simply going to be unacceptable in the United States or other democratic countries, to have that kind of intrusive surveillance, whether or not it was going to work. And so we realized that, from talking with colleagues in public health, that really all that mattered, in assessing exposure risk for COVID was proximity to another individual, not your absolute location in the world. We realized that really what public health authorities needed was a way to detect who had been in close proximity for a sufficiently long time, to someone who tested positive, and that we needed a way to get notifications to those individuals who were potentially exposed. We at MIT with some colleagues at BU and Carnegie Mellon and other universities, worked very quickly to develop a protocol that would provide this kind of exposure notification based on proximity, not location in order to protect privacy. And we had colleagues also based in Switzerland, mostly EPFL, who also were developing very similar protocols. 

Once we released our protocol, Apple and Google announced that they were going to work together to adopt a very similar design. And they have, I think, to their great credit, worked extraordinarily hard together to develop a single system, which is deployed on both the Android and the iOS systems to enable exposure notification. The critical property of this system is from a privacy perspective, is that it doesn’t collect any information about your location, it keeps any personal information about your proximity to an infected person, and any personal information about your infection status, entirely private to you, as the individual user.

If I’m an infected person, I don’t know who I infected. If I’m a contact of an infected person, I don’t know who infected me. And probably most significantly, and perhaps most controversially, the public health authorities don’t know any of this. Our system relies on notification to individuals, who then are instructed to contact public health authorities to take further action. This was a, you know, a decision that we took quickly, but not thoughtlessly, because we felt that if we built a system that required that everyone trust their governments to hold this information securely and without any risk of adverse consequences, that would just discourage too many people from using the system. 

What we see around the world now is that states and countries that have deployed the system, there’s anywhere between 20 and 50% of the population uses the system. That’s a big number, but also reflects some substantial hesitation. This is another web science challenge. We are right now studying trying to learn how people have made decisions about whether or not to deploy this, this service, whether or not to turn  this app on, on their smartphones. And we don’t have what I would regard is statistically relevant data yet, and we certainly haven’t published anything yet on it. But very early indications suggest that people are making pretty complex decisions that have to do with a sense of trade-offs. It’s not just a question of whether my I’m giving up too much privacy or not, it’s a question of what am I getting for it? Am I getting a system that’s actually going to protect me? It’s actually going to protect my community, my family or not? There’s a huge amount to learn about how people make those decisions,, what’s the right way to communicate about them. Even though, we’re well into the pandemic, and even though we designed the system,really in a matter of weeks, I think it’s going to take us longer to really understand some of the details of how it’s actually being used and understood.

Noshir Contractor: Well we’ve done quite a tour de force today talking about all the thinking and research that you’ve done in helping with policy in the area of privacy as applied to platform providers as applied to public health. Talk a little bit about training the next generation of web science scholars and one of the pioneering courses that you have been teaching in collaboration with colleagues at Georgetown Law School, between computer science and law students.

Danny Weitzner: When I left the government in 2012, my colleague, David Vladek, who is a law professor at Georgetown and was the head of consumer protection at the Federal Trade Commission’s did a lot of very, very important work on privacy investigations, David and I, wanted to keep working together. And we had both spent a lot of time working on privacy legislation together that had been proposed by the Obama administration. So we said well let’s let’s see if we can help law students and computer science students to work together on developing privacy legislation. This has developed into a course this now in its sixth year, and we bring together 15 law students and 15 computer science students, do a kind of a crash course on privacy law, a crash course on relevant, computer science concepts. And then we give teams of students made up of two law students and two computer science students the particular privacy challenge and we say, understand the challenge, technically, and come up with a legislative response to it. You know, we thought when we started this course, that what we were teaching about with privacy. And of course we do that. What we learned is that what we actually are teaching is how lawyers and computer scientists can work together.

And I think what we’re really learning is that addressing public policy challenges that web science brings to the fore, is really a team sport, that it really isn’t something that any one discipline could go off by itself, and either study alone, or act on alone.

Noshir Contractor: In closing here, your research and your teaching are absolutely stellar examples of how web science has to live up to the spirit of serving at the intersection of these different disciplines, and so I am really grateful that you took the time to talk with us about some of these issues, for your thought leadership over the decades on this particular topic. And as a shameless plug for those who would like to hear more wonderful words of wisdom from Danny, I would encourage you to think about attending the Virtual 2021 ACM web science conference From June 21 to June 25, where Danny has graciously agreed to be a keynote speaker, so thank you again, Danny, for joining us today.

Danny Weitzner: Nosh, thank you so much, I really appreciate you having me. This was wonderful.