Meredith L. Patterson (maradydd) wrote,
Meredith L. Patterson

  • Mood:

The Revision History of Democracy

Apart from being one of our nation's founding documents and an eloquent call to resistance against tyranny, the Declaration of Independence happens to be a great template for how to structure a logical argument as a springboard for further action. Its form is that of a syllogism, one of the oldest methods of deductive reasoning. First it establishes the major premise, a proposition which sets up the second half of the conclusion. Paraphrased, it looks like this:

All governments which fail to protect the natural rights of their citizens, or derive their powers from their citizens' consent, must be altered or replaced.
Then the minor premise, a proposition which sets up the first half of the conclusion. I'll just quote directly this time:

The history of the present King of Great Britain is a history of repeated injuries and usurpations, all having in direct object the establishment of an absolute Tyranny over these States.
Now the rules of inference apply: the King's actions harm his American citizens; citizens who are being harmed by their government have a duty to alter or replace that government; therefore, the inevitable conclusion is

That these United Colonies are, and of Right ought to be Free and Independent States; that they are Absolved from all Allegiance to the British Crown, and that all political connection between them and the State of Great Britain, is and ought to be totally dissolved; and that as Free and Independent States, they have full Power to levy War, conclude Peace, contract Alliances, establish Commerce, and to do all other Acts and Things which Independent States may of right do.
But right now I'm not as interested in the overall logical structure as I am in the snapshot of history that occupies the twenty-seven points that Jefferson included as support for the minor premise. Why? Because they're the first entries in the United States' bug tracking system. Each one is a complaint from users, and more importantly, the Constitution provides patches for each one. A few examples:
  • "He has refused his Assent to Laws" — Article 1, Section 7. Congress can override a presidential veto.
  • "He has made Judges dependent on his Will alone" — Article 3. The judiciary and its independence are established by Constitutional authority, not that of the executive.
  • "He has affected to render the Military independent of and superior to the Civil power" — Article 2, Section 2. The president is Commander-in-Chief of the military and it is subject to the executive branch.
  • "For Quartering large bodies of armed troops among us" — Third Amendment. Bans this practice entirely.
The Declaration calls out the abuses of tyrannical individuals, and the Constitution aims to establish a system of government — a protocol, if you'll forgive the nerdy indulgence — that is resistant to bad actors. But over the last 200+ years, we've discovered a terrible, terrible thing: the Constitution is not sufficiently Byzantine-resistant.

No, no, put the guns down, we're not being invaded by ancient Greeks. If a protocol is Byzantine-resistant, then it still does what it's supposed to even when some pieces fail on their own or are compromised by an outside party. The checks and balances established in the Constitution are an early example of this: if any one branch is compromised, the other two can halt or reverse actions taken by that branch. The judiciary can even revert actions taken by a compromised legislature and executive acting in concert, as long as a member of the citizenry is willing to bring action — the extra check on the incredible power of the judiciary is that the people have to invoke it.

But all these systems have a lot of moving parts, and what we've discovered, to our horror and disbelief, is that it's not necessary for an attacker to compromise an entire branch of government in order to bend the government to its interests without regard to the interests of the citizenry. In fact, the amount of effort required is comparatively quite small. We can break this down with a small abstract example. Suppose that there's a network made up of several thousand nodes, of types A, B, and C. Controlling the entire network so that it always spits out whatever output you want, in any situation, requires you to take over at least half of the A nodes, at least half of the B nodes, and some number of C nodes. However, if you only want to control some outputs in certain situations, then you only need to subvert a particular 10%1 of the A nodes and a particular 10% of the B nodes. If you control any C nodes, that's gravy.

Oh, and each node advertises its function.

Since it's easy to identify which nodes to target, a smart attacker will compromise only the exact nodes it needs to control in order to get the results it wants. Anything else is a waste of effort. This beautiful system, designed to resist tyranny by making all actions contingent upon the will of an accountable majority, has a giant, gaping flaw that renders it vulnerable to having its actions controlled by a small but clever minority.

The name of this vulnerability is regulatory capture.

Regulations are established by offices within the executive branch. They are not laws. Congress can amend regulations, but there is no public accountability for the regulations themselves. Nor is there any accountability for other actions regulatory agencies take; the populace cannot vote in a different chairman of the FCC during the next election cycle if the previous one refused to investigate telcos that conspired with the NSA to wiretap U.S. citizens illegally, nor can they call for a vote of no confidence in P.J. Crowley or Janet Napolitano for dropping millions of dollars on possibly dangerous and widely hated full-body scanners peddled by former DHS head Michael Chertoff when it turns out that the scanners don't even do what Chertoff claims they do.

It isn't in the telcos' interests to let their customers know "oh, by the way, we were snooping on your phone calls and email." It's bad for business. It is in Rapiscan's interest, as well as Michael Chertoff's personally, to grab as big a piece of the TSA's $300 million advanced-imaging-technology pie as they possibly can. The safety, privacy, and other fundamental human rights of the citizens — whose interests are supposed to be protected by the regulatory agencies! — have been left by the wayside, because the agencies have fallen victim to regulatory capture.

Now, there are perfectly good practical reasons to have regulatory agencies. If you're going to have publicly funded infrastructure of any kind, it follows that there will be policies on how money will be spent on building and maintaining that infrastructure, how the infrastructure will be operated, &c. The postal service (whose regulatory authority over the mails is implied in the Postal Clause of the Constitution) is one of the less broken examples of this; it's run afoul of the First Amendment in the past, but the Supreme Court has been vigilant about this in the last century. However, the postal service is almost unique among United States regulatory agencies in one respect: it regulates itself and individuals, but not corporations. USPS holds nearly no regulatory authority2 over Federal Express, UPS or DHL. (Technically, these aren't even mail carriers. USPS holds a legal monopoly over non-urgent letters.) This is why you never hear anyone railing about "postal special interests" on the news, the way you do about the pharmaceutical industry or the insurance industry. There is little that a package carrier can do to stack the deck in its own favor. (The flip side, of course, is that USPS can't make guarantees about contract carriers. You have a guarantee of privacy in USPS-delivered mail that you don't from FedEx. Except from postal inspectors, of course; who watches the watchmen? Which is why I said it's less broken.)

Cue defendants of regulatory agencies citing all the reasons why the FDA, FCC and so on were established in the first place. You'll talk about it in the comments anyway and far be it from me to stop you, but keep in mind, I'm already well aware. I've read my Upton Sinclair, and when it comes to the FCC you might say I'm a little obsessive. We attempted to establish regulatory agencies to protect the rights and interests of citizens. This intention is noble, but the implementation has failed. The onus now is on us, as citizens, to track down the bug — or bugs — that allow regulatory capture attacks to succeed, file the report, and if the current maintainers are unable or unwilling to implement a patch, replace the maintainers with ones who will.

If we can't pull that off, I suppose we could just fork the codebase.

ETA: bramcohen tweets a fascinating article about spontaneous order, superlinear growth, and economies of scale with respect to cities. Tangentially related, but related all the same.

110% is probably a huge overestimate in terms of raw numbers. However, the cost to compromise a node varies, tending to increase as you go up in the bureaucratic hierarchy. It takes a lot of social capital, and probably a lot of money, to influence the Secretary of the Interior. It takes a lot less to influence the director of a national park, so if you want that contract to build a new lodge, you're better off schmoozing the director. And if all you want to do is dump hazardous waste, you can probably buy off a couple of park rangers much more cheaply than disposing of it properly would cost.
2USPS gets to decide what constitutes a hazardous good, e.g., ammunition.
Tags: a people without history, civics, hacking, politics, this is why we can't have nice things

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.