No, we don't.
We have probably a few hundred doing hard-core surveillance. We have another few thousand functioning as enablers by making social media and ad networks really attractive. We have a whole lot of non-engineers insisting on placing ads and tracking on their websites.
And then there's the mass bulk of software engineers that have nothing to do with it, and nothing they do will stop it.
50% of doctors decide to stop doing something, and it gets noticed. 99% of software engineers decide to take enormously strong stands against surveillance even at great personnel cost, and surveillance continues on as if nothing happened, except maybe those who work on it get paid a bit more to make up for decreased supply.
It may, in that weird 20th/21st century fashionable-self-loathing way, feel really good to blame the group you're a part of, but basically what you're proposing won't do anything at all. You're imputing to "software engineers" in general abilities they don't collectively have. You've got to attack it at the demand level, you will never be able to control the supply. This also matters because if you waste your energy with that approach, you might decide you've done something about the problem and stop trying when in fact you've done nothing.
Work in the greater D.C. area. Within a 150-200 mile radius, there are literally tens of thousands of developers working directly on surveillance. Probably even more. How do I know this? From random sampling. Go to any tech event, talk to any program manager at any government contractor. The work and money is in surveillance.
And, that's just government surveillance. All that tech is then spilling over into corporate surveillance. Location and behavioral tracking is big money. How do I know this? Because, sadly, that's how I have to make my money. The problem is that there's always another grunt like me willing to create the systems that enable this.
The solution: Use all of this surveillance tech and data to expose all of the VIPs. Publicly post where they are and where they've been, who they've been with, what they read, and what they buy. You do this and laws will be created pretty quickly.
One thing which became apparent to me when I began to focus on this issue was the fact there are countless other services which provide services to other services, all of which have some degree of access to upstream customer data. For example, if you log to a hosted logging service, some of your customer's data is sent to them. If that service use AWS, then data is sent to Amazon. And so on.
http://www.stackgeek.com/blog/kordless/post/a-code-of-trust
Arguing efforts to make things better is pointless is a very dangerous thing to do, assuming we actually want things to be better. Cognitive dissonance is a powerful force, especially when there are startups to be built!
Everyone knows how the invasion of Iraq was a complete mistake. Has someone gone to jail?
The public is not going to shutdown anything they are wholly complicit in and benefit from. Which is why empires eventually fall.
This has happened in the past and the reaction from the individual people has been to 180 completely on their opinion of surveillance (there was a recent post with sources, but I don't have it handy). This could work.
Yup. And the magic of digital content, software being a kind of it - it's infinitely copyable. It takes one guy to write a surveillance package and open-source it or have their company sell it, and everyone can now use it.
It's not engineers who make the decision to use surveillance technology. Hell, for most of the work a software engineer does, most of the data coming from surveillance tech doesn't even matter.
Sure, it turns out using centralized web services has helped the government with things such as PRISM, but that doesn't mean we should blame people for those development practices rather than the government.
Prior to PRISM, pretty much any reasonable person would assume that the blobs you store in S3 aren't going to be looked at anyone or, worst case, metadata will be seen by AWS employees for debugging stuff.
What we have done is make things a ton better for developers; we can make things quicker and more easily which empowers society/humanity. The fact that it's incidentally contributed to a surveillance society through no intent of the developers in a way you wouldn't reasonably expect does not make the developers culpable.
It is true that customer data is trusted with a lot of services-of-services nowadays, but do you want to go back to the stone age where the only people who can store anything must run their own hardware with their own databases and so on?
The right thing to do here is to call for better use of encryption where possible and, for surveillance issues, to reign in the unreasonable government programs that make this practice result in such problems.
I'd like to think that'd be the case, but consider one of the more-recent privacy intrusions with "The Fappening" ... very little became of that, despite the wealthy, high-profile individuals involved. I realize they weren't the politically connected, but they were certainly what society considers "VIPs".
Laws will be created pretty quickly, but only to protect VIPs.
I beg to differ. Where you concentrate power, you have to expect abuse.
> It is true that customer data is trusted with a lot of services-of-services nowadays, but do you want to go back to the stone age where the only people who can store anything must run their own hardware with their own databases and so on?
That's a false dichotomy. Yes, I want to go back to people running their own hardware with their own databases. And to have that work as easily as your favourite cloud service. There isn't anything inherent in running your own hardware that requires that to be a major burden.
I have hardware in my pocket that is hundreds of times more powerful than the first web servers I every worked on. There is no technological reason why that same hardware couldn't be used. I'd love to have a PAN based around my phone (which is way more local to me that much of the "hardward with their own databases" that I've ever worked on. Federation to Facebook/Google/Instagram/whatever the next big thing is would be amazing. And the reason it hasn't happened even though powerful hardware is everywhere isn't due to lack of technology.
This statement is in conflict with itself logically. It's arguing that diminished trust levels for data are rationalized to achieve a savings in time and cost to run the infrastructure for the application. The conflict comes about when you start assuming the data has acceptable levels of trust requirements for a given customer. The fact is, you can't speak for my trust levels, which is exactly what is being discussed in the link.
I get to say what trust levels I want for my software and data. Not being able to use the software because I can't trust it is an unacceptable proposition, so I challenge our abilities to build something better than what we have today, and do so without rationalizing why we aren't building it.
Sure there is. Climate control, redundancy/backups, and power consumption/reliability, to name a few, are all concerns that we get to delegate to "the cloud," that are 100% "inherent in running your own hardware."
I applaud your usability argument, but there are most certainly inherent burdens to running your own hardware that don't exist for cloud services.
A 10 watt server doesn't need climate control.
> redundancy
Is mostly a matter of software.
> backups
Is also mostly a matter of software. With some simple peering mechanism, you can store backups on your friends' servers (and they on yours). Though a standardized pure backup storage API for cloud storage of encrypted backups at one (or more) of a multitude of providers might be a useful option to have.
> power consumption
Is a matter of plugging a plug into a socket in the wall.
> reliability
Is also mostly a matter of software.
Now, I am not saying that running your own datacenter is no work, but running a server or two for your personal needs or for the needs of a small company should be possible to make almost a no-brainer.
There is no technical reason why you shouldn't be able to buy a bunch of off-the-shelf mini-servers for a hundred bucks or so a piece that you can peer by connecting them with an ethernet or USB cable or whatever might be appropriate and that you then connect to the internet wherever you like and that automatically replicate their data among each other and allow easy installation of additional services via a web interface, with automatic software upgrades, and allow you to rebuild the state of a broken server by connecting a new one and clicking on a few buttons in the web interface ... well, there are many ways to solve the details, but my point is: cloud providers also don't employ one admin per machine, but rather automate the management of their machines to make things efficient--there isn't really any reason why much of the same automation strategies (which are mostly software, after all) shouldn't be usable on decentralized servers in people's homes.