205 stories

Estonia, the Digital Republic | The New Yorker

1 Share

Up the Estonian coast, a five-lane highway bends with the path of the sea, then breaks inland, leaving cars to follow a thin road toward the houses at the water’s edge. There is a gated community here, but it is not the usual kind. The gate is low—a picket fence—as if to prevent the dunes from riding up into the street. The entrance is blocked by a railroad-crossing arm, not so much to keep out strangers as to make sure they come with intent. Beyond the gate, there is a schoolhouse, and a few homes line a narrow drive. From Tallinn, Estonia’s capital, you arrive dazed: trees trace the highway, and the cars go fast, as if to get in front of something that no one can see.

Within this gated community lives a man, his family, and one vision of the future. Taavi Kotka, who spent four years as Estonia’s chief information officer, is one of the leading public faces of a project known as e-Estonia: a coördinated governmental effort to transform the country from a state into a digital society.

E-Estonia is the most ambitious project in technological statecraft today, for it includes all members of the government, and alters citizens’ daily lives. The normal services that government is involved with—legislation, voting, education, justice, health care, banking, taxes, policing, and so on—have been digitally linked across one platform, wiring up the nation. A lawn outside Kotka’s large house was being trimmed by a small robot, wheeling itself forward and nibbling the grass.

“Everything here is robots,” Kotka said. “Robots here, robots there.” He sometimes felt that the lawnmower had a soul. “At parties, it gets close to people,” he explained.

A curious wind was sucking in a thick fog from the water, and Kotka led me inside. His study was cluttered, with a long table bearing a chessboard and a bowl of foil-wrapped wafer chocolates (a mark of hospitality at Estonian meetings). A four-masted model ship was perched near the window; in the corner was a pile of robot toys.

“We had to set a goal that resonates, large enough for the society to believe in,” Kotka went on.

He is tall with thin blond hair that, kept shaggy, almost conceals its recession. He has the liberated confidence, tinged with irony, of a cardplayer who has won a lot of hands and can afford to lose some chips.

It was during Kotka’s tenure that the e-Estonian goal reached its fruition. Today, citizens can vote from their laptops and challenge parking tickets from home. They do so through the “once only” policy, which dictates that no single piece of information should be entered twice. Instead of having to “prepare” a loan application, applicants have their data—income, debt, savings—pulled from elsewhere in the system. There’s nothing to fill out in doctors’ waiting rooms, because physicians can access their patients’ medical histories. Estonia’s system is keyed to a chip-I.D. card that reduces typically onerous, integrative processes—such as doing taxes—to quick work. “If a couple in love would like to marry, they still have to visit the government location and express their will,” Andrus Kaarelson, a director at the Estonian Information Systems Authority, says. But, apart from transfers of physical property, such as buying a house, all bureaucratic processes can be done online.

Estonia is a Baltic country of 1.3 million people and four million hectares, half of which is forest. Its government presents this digitization as a cost-saving efficiency and an equalizing force. Digitizing processes reportedly saves the state two per cent of its G.D.P. a year in salaries and expenses. Since that’s the same amount it pays to meet the NATO threshold for protection (Estonia—which has a notably vexed relationship with Russia—has a comparatively small military), its former President Toomas Hendrik Ilves liked to joke that the country got its national security for free.

Other benefits have followed. “If everything is digital, and location-independent, you can run a borderless country,” Kotka said. In 2014, the government launched a digital “residency” program, which allows logged-in foreigners to partake of some Estonian services, such as banking, as if they were living in the country. Other measures encourage international startups to put down virtual roots; Estonia has the lowest business-tax rates in the European Union, and has become known for liberal regulations around tech research. It is legal to test Level 3 driverless cars (in which a human driver can take control) on all Estonian roads, and the country is planning ahead for Level 5 (cars that take off on their own). “We believe that innovation happens anyway,” Viljar Lubi, Estonia’s deputy secretary for economic development, says. “If we close ourselves off, the innovation happens somewhere else.”

“It makes it so that, if one country is not performing as well as another country, people are going to the one that is performing better—competitive governance is what I’m calling it,” Tim Draper, a venture capitalist at the Silicon Valley firm Draper Fisher Jurvetson and one of Estonia’s leading tech boosters, says. “We’re about to go into a very interesting time where a lot of governments can become virtual.”

Previously, Estonia’s best-known industry was logging, but Skype was built there using mostly local engineers, and countless other startups have sprung from its soil. “It’s not an offshore paradise, but you can capitalize a lot of money,” Thomas Padovani, a Frenchman who co-founded the digital-ad startup Adcash in Estonia, explains. “And the administration is light, all the way.” A light touch does not mean a restricted one, however, and the guiding influence of government is everywhere.

As an engineer, Kotka said, he found the challenge of helping to construct a digital nation too much to resist. “Imagine that it’s your task to build the Golden Gate Bridge,” he said excitedly. “You have to change the whole way of thinking about society.” So far, Estonia is past halfway there.

One afternoon, I met a woman named Anna Piperal at the e-Estonia Showroom. Piperal is the “e-Estonia ambassador”; the showroom is a permanent exhibit on the glories of digitized Estonia, from Skype to Timbeter, an app designed to count big piles of logs. (Its founder told me that she’d struggled to win over the wary titans of Big Log, who preferred to count the inefficient way.) Piperal has blond hair and an air of brisk, Northern European professionalism. She pulled out her I.D. card; slid it into her laptop, which, like the walls of the room, was faced with blond wood; and typed in her secret code, one of two that went with her I.D. The other code issues her digital signature—a seal that, Estonians point out, is much harder to forge than a scribble.

“This PIN code just starts the whole decryption process,” Piperal explained. “I’ll start with my personal data from the population registry.” She gestured toward a box on the screen. “It has my document numbers, my phone number, my e-mail account. Then there’s real estate, the land registry.” Elsewhere, a box included all of her employment information; another contained her traffic records and her car insurance. She pointed at the tax box. “I have no tax debts; otherwise, that would be there. And I’m finishing a master’s at the Tallinn University of Technology, so here”—she pointed to the education box—“I have my student information. If I buy a ticket, the system can verify, automatically, that I’m a student.” She clicked into the education box, and a detailed view came up, listing her previous degrees.

“My cat is in the pet registry,” Piperal said proudly, pointing again. “We are done with the vaccines.”

Data aren’t centrally held, thus reducing the chance of Equifax-level breaches. Instead, the government’s data platform, X-Road, links individual servers through end-to-end encrypted pathways, letting information live locally. Your dentist’s practice holds its own data; so does your high school and your bank. When a user requests a piece of information, it is delivered like a boat crossing a canal via locks.

Although X-Road is a government platform, it has become, owing to its ubiquity, the network that many major private firms build on, too. Finland, Estonia’s neighbor to the north, recently began using X-Road, which means that certain data—for instance, prescriptions that you’re able to pick up at a local pharmacy—can be linked between the nations. It is easy to imagine a novel internationalism taking shape in this form. Toomas Ilves, Estonia’s former President and a longtime driver of its digitization efforts, is currently a distinguished visiting fellow at Stanford, and says he was shocked at how retrograde U.S. bureaucracy seems even in the heart of Silicon Valley. “It’s like the nineteen-fifties—I had to provide an electrical bill to prove I live here!” he exclaimed. “You can get an iPhone X, but, if you have to register your car, forget it.”

X-Road is appealing due to its rigorous filtering: Piperal’s teachers can enter her grades, but they can’t access her financial history, and even a file that’s accessible to medical specialists can be sealed off from other doctors if Piperal doesn’t want it seen.

“I’ll show you a digital health record,” she said, to explain. “A doctor from here”—a file from one clinic—“can see the research that this doctor”—she pointed to another—“does.” She’d locked a third record, from a female-medicine practice, so that no other doctor would be able to see it. A tenet of the Estonian system is that an individual owns all information recorded about him or her. Every time a doctor (or a border guard, a police officer, a banker, or a minister) glances at any of Piperal’s secure data online, that look is recorded and reported. Peeping at another person’s secure data for no reason is a criminal offense. “In Estonia, we don’t have Big Brother; we have Little Brother,” a local told me. “You can tell him what to do and maybe also beat him up.”

Business and land-registry information is considered public, so Piperal used the system to access the profile of an Estonian politician. “Let’s see his land registry,” she said, pulling up a list of properties. “You can see there are three land plots he has, and this one is located”—she clicked, and a satellite photograph of a sprawling beach house appeared—“on the sea.”

The openness is startling. Finding the business interests of the rich and powerful—a hefty field of journalism in the United States—takes a moment’s research, because every business connection or investment captured in any record in Estonia becomes searchable public information. (An online tool even lets citizens map webs of connection, follow-the-money style.) Traffic stops are illegal in the absence of a moving violation, because officers acquire records from a license-plate scan. Polling-place intimidation is a non-issue if people can vote—and then change their votes, up to the deadline—at home, online. And heat is taken off immigration because, in a borderless society, a resident need not even have visited Estonia in order to work and pay taxes under its dominion.

Soon after becoming the C.I.O., in 2013, Taavi Kotka was charged with an unlikely project: expanding Estonia’s population. The motive was predominantly economic. “Countries are like enterprises,” he said. “They want to increase the wealth of their own people.”

Tallinn, a harbor city with a population just over four hundred thousand, does not seem to be on a path toward outsized growth. Not far from the cobbled streets of the hilly Old Town is a business center, where boxy Soviet structures have been supplanted by stylish buildings of a Scandinavian cast. Otherwise, the capital seems pleasantly preserved in time. The coastal daylight is bright and thick, and, when a breeze comes off the Baltic, silver-birch leaves shimmer like chimes. “I came home to a great autumn / to a luminous landscape,” the Estonian poet Jaan Kaplinski wrote decades ago. This much has not changed.

Kotka, however, thought that it was possible to increase the population just by changing how you thought of what a population was. Consider music, he said. Twenty years ago, you bought a CD and played the album through. Now you listen track by track, on demand. “If countries are competing not only on physical talent moving to their country but also on how to get the best virtual talent connected to their country, it becomes a disruption like the one we have seen in the music industry,” he said. “And it’s basically a zero-cost project, because we already have this infrastructure for our own people.”

The program that resulted is called e-residency, and it permits citizens of another country to become residents of Estonia without ever visiting the place. An e-resident has no leg up at the customs desk, but the program allows individuals to tap into Estonia’s digital services from afar.

I applied for Estonian e-residency one recent morning at my apartment, and it took about ten minutes. The application cost a hundred euros, and the hardest part was finding a passport photograph to upload, for my card. After approval, I would pick up my credentials in person, like a passport, at the Estonian Consulate in New York.

This physical task proved to be the main stumbling block, Ott Vatter, the deputy director of e-residency, explained, because consulates were reluctant to expand their workload to include a new document. Mild xenophobia made some Estonians at home wary, too. “Inside Estonia, the mentality is kind of ‘What is the gain, and where is the money?’ ” he said. The physical factor still imposes limitations—only thirty-eight consulates have agreed to issue documents, and they are distributed unevenly. (Estonia has only one embassy in all of Africa.) But the office has made special accommodations for several popular locations. Since there’s no Estonian consulate in San Francisco, the New York consulate flies personnel to California every three months to batch-process Silicon Valley applicants.

“I had a deal that I did with Funderbeam, in Estonia,” Tim Draper, who became Estonia’s second e-resident, told me. “We decided to use a ‘smart contract’—the first ever in a venture deal!” Smart contracts are encoded on a digital ledger and, notably, don’t require an outside administrative authority. It was an appealing prospect, and Draper, with his market investor’s gaze, recognized a new market for élite tech brainpower and capital. “I thought, Wow! Governments are going to have to compete with each other for us,” he said.

So far, twenty-eight thousand people have applied for e-residency, mostly from neighboring countries: Finland and Russia. But Italy and Ukraine follow, and U.K. applications spiked during Brexit. (Many applicants are footloose entrepreneurs or solo venders who want to be based in the E.U.) Because eighty-eight per cent of applicants are men, the United Nations has begun seeking applications for female entrepreneurs in India.

“There are so many companies in the world for whom working across borders is a big hassle and a source of expense,” Siim Sikkut, Estonia’s current C.I.O., says. Today, in Estonia, the weekly e-residency application rate exceeds the birth rate. “We tried to make more babies, but it’s not that easy,” he explained.

With so many businesses abroad, Estonia’s startup-ism hardly leaves an urban trace. I went to visit one of the places it does show: a co-working space, Lift99, in a complex called the Telliskivi Creative City. The Creative City, a former industrial park, is draped with trees and framed by buildings whose peeling exteriors have turned the yellows of a worn-out sponge. There are murals, outdoor sculptures, and bills for coming shows; the space is shaped by communalism and by the spirit of creative unrule. One art work consists of stacked logs labelled with Tallinn startups: Insly, LeapIN, Photry, and something called 3D Creationist.

The office manager, Elina Kaarneem, greeted me near the entrance. “Please remove your shoes,” she said. Lift99, which houses thirty-two companies and five freelancers, had industrial windows, with a two-floor open-plan workspace. Both levels also included smaller rooms named for techies who had done business with Estonia. There was a Zennström Room, after Niklas Zennström, the Swedish entrepreneur who co-founded Skype, in Tallinn. There was a Horowitz Room, for the venture capitalist Ben Horowitz, who has invested in Estonian tech. There was also a Tchaikovsky Room, because the composer had a summer house in Estonia and once said something nice about the place.

“This is not the usual co-working space, because we choose every human,” Ragnar Sass, who founded Lift99, exclaimed in the Hemingway Room. Hemingway, too, once said something about Estonia; a version of his pronouncement—“No well-run yacht basin is complete without at least two Estonians”—had been spray-stencilled on the wall, along with his face.

The room was extremely small, with two cushioned benches facing each other. Sass took one; I took the other. “Many times, a miracle can happen if you put talented people in one room,” he said as I tried to keep my knees inside my space. Not far from the Hemingway Room, Barack Obama’s face was also on a wall. Obama Rooms are booths for making cell-phone calls, following something he once said about Estonia. (“I should have called the Estonians when we were setting up our health-care Web site.”) That had been stencilled on the wall as well.

Some of the companies at Lift99 are local startups, but others are international firms seeking an Estonian foothold. In something called the Draper Room, for Tim Draper, I met an Estonian engineer, Margus Maantoa, who was launching the Tallinn branch of the German motion-control company Trinamic. Maantoa shares the room with other companies, and, to avoid disturbing them, we went to the Iceland Room. (Iceland was the first country to recognize Estonian independence.) The seats around the table in the Iceland Room were swings.

I took a swing, and Maantoa took another. He said, “I studied engineering and physics in Sweden, and then, seven years ago, I moved back to Estonia because so much is going on.” He asked whether I wanted to talk with his boss, Michael Randt, at the Trinamic headquarters, in Hamburg, and I said that I did, so he opened his laptop and set up a conference call on Skype. Randt was sitting at a table, peering down at us as if we were a mug of coffee. Tallinn had a great talent pool, he said: “Software companies are absorbing a lot of this labor, but, when it comes to hardware, there are only a few companies around.” He was an e-resident, so opening a Tallinn office was fast.

Maantoa took me upstairs, where he had a laboratory space that looked like a janitor’s closet. Between a water heater and two large air ducts, he had set up a desk with a 3-D printer and a robotic motion-control platform. I walked him back to Draper and looked up another startup, an Estonian company called Ööd, which makes one-room, two-hundred-square-foot huts that you can order prefab. The rooms have floor-to-ceiling windows of one-way glass, climate control, furniture, and lovely wood floors. They come in a truck and are dropped into the countryside.

“Sometimes you want something small, but you don’t want to be in a tent,” Kaspar Kägu, the head of Ööd sales, explained. “You want a shower in the morning and your coffee and a beautiful landscape. Fifty-two per cent of Estonia is covered by forestland, and we’re rather introverted people, so we want to be—uh, not near everybody else.” People of a more sociable disposition could scatter these box homes on their property, he explained, and rent them out on services like Airbnb.

“We like to go to nature—but comfortably,” Andreas Tiik, who founded Ööd with his carpenter brother, Jaak, told me. The company had queued preorders from people in Silicon Valley, who also liked the idea, and was tweaking the design for local markets. “We’re building a sauna in it,” Kägu said.

In the U.S., it is generally assumed that private industry leads innovation. Many ambitious techies I met in Tallinn, though, were leaving industry to go work for the state. “If someone had asked me, three years ago, if I could imagine myself working for the government, I would have said, ‘Fuck no,’ ” Ott Vatter, who had sold his own business, told me. “But I decided that I could go to the U.S. at any point, and work in an average job at a private company. This is so much bigger.”

The bigness is partly inherent in the government’s appetite for large problems. In Tallinn’s courtrooms, judges’ benches are fitted with two monitors, for consulting information during the proceedings, and case files are assembled according to the once-only principle. The police make reports directly into the system; forensic specialists at the scene or in the lab do likewise. Lawyers log on—as do judges, prison wardens, plaintiffs, and defendants, each through his or her portal. The Estonian courts used to be notoriously backlogged, but that is no longer the case.

“No one was able to say whether we should increase the number of courts or increase the number of judges,” Timo Mitt, a manager at Netgroup, which the government hired to build the architecture, told me. Digitizing both streamlined the process and helped identify points of delay. Instead of setting up prisoner transport to trial—fraught with security risks—Estonian courts can teleconference defendants into the courtroom from prison.

For doctors, a remote model has been of even greater use. One afternoon, I stopped at the North Estonia Medical Center, a hospital in the southwest of Tallinn, and met a doctor named Arkadi Popov in an alleyway where ambulances waited in line.

“Welcome to our world,” Popov, who leads emergency medical care, said grandly, gesturing with pride toward the chariots of the sick and maimed. “Intensive care!”

In a garage where unused ambulances were parked, he took an iPad Mini from the pocket of his white coat, and opened an “e-ambulance” app, which Estonian paramedics began using in 2015. “This system had some childhood diseases,” Popov said, tapping his screen. “But now I can say that it works well.”

E-ambulance is keyed onto X-Road, and allows paramedics to access patients’ medical records, meaning that the team that arrives for your chest pains will have access to your latest cardiology report and E.C.G. Since 2011, the hospital has also run a telemedicine system—doctoring at a distance—originally for three islands off its coast. There were few medical experts on the islands, so the E.M.S. accepted volunteer paramedics. “Some of them are hotel administrators, some of them are teachers,” Popov said. At a command center at the hospital in Tallinn, a doctor reads data remotely.

“On the screen, she or he can see all the data regarding the patient—physiological parameters, E.C.G.s,” he said. “Pulse, blood pressure, temperature. In case of C.P.R., our doctor can see how deep the compression of the chest is, and can give feedback.” The e-ambulance software also allows paramedics to pre-register a patient en route to the hospital, so that tests, treatments, and surgeries can be prepared for the patient’s arrival.

To see what that process looks like, I changed into scrubs and a hairnet and visited the hospital’s surgery ward. Rita Beljuskina, a nurse anesthetist, led me through a wide hallway lined with steel doors leading to the eighteen operating theatres. Screens above us showed eighteen columns, each marked out with twenty-four hours. Surgeons book their patients into the queue, Beljuskina explained, along with urgency levels and any machinery or personnel they might need. An on-call anesthesiologist schedules them in order to optimize the theatres and the equipment.

“Let me show you how,” Beljuskina said, and led me into a room filled with medical equipment and a computer in the corner. She logged on with her own I.D. If she were to glance at any patient’s data, she explained, the access would be tagged to her name, and she would get a call inquiring why it was necessary. The system also scans for drug interactions, so if your otolaryngologist prescribes something that clashes with the pills your cardiologist told you to take, the computer will put up a red flag.

The putative grandfather of Estonia’s digital platform is Tarvi Martens, an enigmatic systems architect who today oversees the country’s digital-voting program from a stone building in the center of Tallinn’s Old Town. I went to visit him one morning, and was shown into a stateroom with a long conference table and French windows that looked out on the trees. Martens was standing at one window, with his back to me, commander style. For a few moments, he stayed that way; then he whirled around and addressed a timid greeting to the buttons of my shirt.

Martens was wearing a red flannel button-down, baggy jeans, black socks, and the sort of sandals that are sold at drugstores. He had gray stubble, and his hair was stuck down on his forehead in a manner that was somehow both rumpled and flat. This was the busiest time of the year, he said, with the fall election looming. He appeared to run largely on caffeine and nicotine; when he put down a mug of hot coffee, his fingers shook.

For decades, he pointed out, digital technology has been one of Estonia’s first recourses for public ailments. A state project in 1970 used computerized data matching to help singles find soul mates, “for the good of the people’s economy.” In 1997, the government began looking into newer forms of digital documents as a supplement.

“They were talking about chip-equipped bar codes or something,” Martens told me, breaking into a nerdy snicker-giggle. “Totally ridiculous.” He had been doing work in cybernetics and security as a private-sector contractor, and had an idea. When the cards were released, in 2002, Martens became convinced that they should be both mandatory and cheap.

“Finland started two years earlier with an I.D. card, but it’s still a sad story,” he said. “Nobody uses it, because they put a hefty price tag on the card, and it’s a voluntary document. We sold it for ten euros at first, and what happened? Banks and application providers would say, ‘Why should I support this card? Nobody has it.’ It was a dead end.” In what may have been the seminal insight of twenty-first-century Estonia, Martens realized that whoever offered the most ubiquitous and secure platform would run the country’s digital future—and that it should be an elected leadership, not profit-seeking Big Tech. “The only thing was to push this card to the people, without them knowing what to do with it, and then say, ‘Now people have a card. Let’s start some applications,’ ” he said.

The first “killer application” for the I.D.-card-based system was the one that Martens still works on: i-voting, or casting a secure ballot from your computer. Before the first i-voting period, in 2005, only five thousand people had used their card for anything. More than nine thousand cast an i-vote in that election, however—only two per cent of voters, but proof that online voting was attracting users—and the numbers rose from there. As of 2014, a third of all votes have been cast online.

That year, seven Western researchers published a study of the i-voting system which concluded that it had “serious architectural limitations and procedural gaps.” Using an open-source edition of the voting software, the researchers approximated a version of the i-voting setup in their lab and found that it was possible to introduce malware. They were not convinced that the servers were entirely secure, either.

Martens insisted that the study was “ridiculous.” The researchers, he said, gathered data with “a lot of assumptions,” and misunderstood the safeguards in Estonia’s system. You needed both the passwords and the hardware (the chip in your I.D. card or, in the newer “mobile I.D.” system, the SIM card in your phone) to log in, blocking most paths of sabotage. Estonian trust was its own safeguard, too, he told me. Earlier this fall, when a Czech research team found a vulnerability in the physical chips used in many I.D. cards, Siim Sikkut, the Estonian C.I.O., e-mailed me the finding. His office announced the vulnerability, and the cards were locked for a time. When Sikkut held a small press conference, reporters peppered him with questions: What did the government gain from disclosing the vulnerability? How disastrous was it?

Sikkut looked bemused. Many upgrades to phones and computers resolve vulnerabilities that have never even been publicly acknowledged, he said—and think how much data we entrust to those devices. (“There is no government that knows more about you than Google or Facebook,” Taavi Kotka says dryly.) In any case, the transparency seemed to yield a return; a poll conducted after the chip flaw was announced found that trust in the system had fallen by just three per cent.

From time to time, Russian military jets patrolling Estonia’s western border switch off their G.P.S. transponders and drift into the country’s airspace. What follows is as practiced as a pas de deux at the Bolshoi. NATO troops on the ground scramble an escort. Estonia calls up the Russian Ambassador to complain; Russia cites an obscure error. The dance lets both parties show that they’re alert, and have not forgotten the history of place.

Since the eleventh century, Estonian land has been conquered by Russia five times. Yet the country has always been an awkward child of empire, partly owing to its proximity to other powers (and their airwaves) and partly because the Estonian language, which belongs to the same distinct Uralic family as Hungarian and Finnish, is incomprehensible to everyone else. Plus, the greatest threat, these days, may not be physical at all. In 2007, a Russian cyberattack on Estonia sent everything from the banks to the media into chaos. Estonians today see it as the defining event of their recent history.

The chief outgrowth of the attack is the NATO Coöperative Cyber Defense Center of Excellence, a think tank and training facility. It’s on a military base that once housed the Soviet Army. You enter through a gatehouse with gray walls and a pane of mirrored one-way glass.

“Document, please!” the mirror boomed at me when I arrived one morning. I slid my passport through on a tray. The mirror was silent for two full minutes, and I backed into a plastic chair.

“You have to wait here!” the mirror boomed back.

Some minutes later, a friendly staffer appeared at the inner doorway and escorted me across a quadrangle trimmed with NATO-member flags and birch trees just fading to gold. Inside a gray stone building, another mirror instructed me to stow my goods and to don a badge. Upstairs, the center’s director, Merle Maigre, formerly the national-security adviser to the Estonian President, said that the center’s goal was to guide other NATO nations toward vigilance.

“This country is located—just where it is,” she said, when I asked about Russia. Since starting, in 2008, the center has done research on digital forensics, cyber-defense strategy, and similar topics. (It publishes the “Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations” and organizes a yearly research conference.) But it is best known for its training simulations: an eight-hundred-person cyber “live-fire” exercise called Locked Shields was run this year alongside CYBRID, an exercise for defense ministers of the E.U. “This included aspects such as fake news and social media,” Maigre said.

Not all of Estonia’s digital leadership in the region is as openly rehearsed. Its experts have consulted on Georgia’s efforts to set up its own digital registry. Estonia is also building data partnerships with Finland, and trying to export its methods elsewhere across the E.U. “The vision is that I will go to Greece, to a doctor, and be able to get everything,” Toomas Ilves explains. Sandra Roosna, a member of Estonia’s E-Governance Academy and the author of the book “eGovernance in Practice,” says, “I think we need to give the European Union two years to do cross-border transactions and to recognize each other digitally.” Even now, though, the Estonian platform has been adopted by nations as disparate as Moldova and Panama. “It’s very popular in countries that want—and not all do—transparency against corruption,” Ilves says.

Beyond X-Road, the backbone of Estonia’s digital security is a blockchain technology called K.S.I. A blockchain is like the digital version of a scarf knitted by your grandmother. She uses one ball of yarn, and the result is continuous. Each stitch depends on the one just before it. It’s impossible to remove part of the fabric, or to substitute a swatch, without leaving some trace: a few telling knots, or a change in the knit.

In a blockchain system, too, every line is contingent on what came before it. Any breach of the weave leaves a trace, and trying to cover your tracks leaves a trace, too. “Our No. 1 marketing pitch is Mr. Snowden,” Martin Ruubel, the president of Guardtime, the Estonian company that developed K.S.I., told me. (The company’s biggest customer group is now the U.S. military.) Popular anxiety tends to focus on data security—who can see my information?—but bits of personal information are rarely truly compromising. The larger threat is data integrity: whether what looks secure has been changed. (It doesn’t really matter who knows what your blood type is, but if someone switches it in a confidential record your next trip to the emergency room could be lethal.) The average time until discovery of a data breach is two hundred and five days, which is a huge problem if there’s no stable point of reference. “In the Estonian system, you don’t have paper originals,” Ruubel said. “The question is: Do I know about this problem, and how quickly can I react?”

The blockchain makes every footprint immediately noticeable, regardless of the source. (Ruubel says that there is no possibility of a back door.) To guard secrets, K.S.I. is also able to protect information without “seeing” the information itself. But, to deal with a full-scale cyberattack, other safeguards now exist. Earlier this year, the Estonian government created a server closet in Luxembourg, with a backup of its systems. A “data embassy” like this one is built on the same body of international law as a physical embassy, so that the servers and their data are Estonian “soil.” If Tallinn is compromised, whether digitally or physically, Estonia’s locus of control will shift to such mirror sites abroad.

If Russia comes—not when—and if our systems shut down, we will have copies,” Piret Hirv, a ministerial adviser, told me. In the event of a sudden invasion, Estonia’s elected leaders might scatter as necessary. Then, from cars leaving the capital, from hotel rooms, from seat 3A at thirty thousand feet, they will open their laptops, log into Luxembourg, and—with digital signatures to execute orders and a suite of tamper-resistant services linking global citizens to their government—continue running their country, with no interruption, from the cloud.

The history of nationhood is a history of boundaries marked on land. When, in the fourteenth century, peace arrived after bloodshed among the peoples of Mexico’s eastern altiplano, the first task of the Tlaxcaltecs was to set the borders of their territory. In 1813, Ernst Moritz Arndt, a German nationalist poet before there was a Germany to be nationalistic about, embraced the idea of a “Vaterland” of shared history: “Which is the German’s fatherland? / So tell me now at last the land!— / As far’s the German’s accent rings / And hymns to God in heaven sings.”

Today, the old fatuities of the nation-state are showing signs of crisis. Formerly imperialist powers have withered into nationalism (as in Brexit) and separatism (Scotland, Catalonia). New powers, such as the Islamic State, have redefined nationhood by ideological acculturation. It is possible to imagine a future in which nationality is determined not so much by where you live as by what you log on to.

Estonia currently holds the presidency of the European Union Council—a bureaucratic role that mostly entails chairing meetings. (The presidency rotates every six months; in January, it will go to Bulgaria.) This meant that the autumn’s E.U. Digital Summit was held in Tallinn, a convergence of audience and expertise not lost on Estonia’s leaders. One September morning, a car pulled up in front of the Tallinn Creative Hub, a former power station, and Kersti Kaljulaid, the President of Estonia, stepped out. She is the country’s first female President, and its youngest. Tall and lanky, with chestnut hair in a pixie cut, she wore an asymmetrical dress of Estonian blue and machine gray. Kaljulaid took office last fall, after Estonia’s Presidential election yielded no majority winner; parliamentary representatives of all parties plucked her out of deep government as a consensus candidate whom they could all support. She had previously been an E.U. auditor.

“I am President to a digital society,” she declared in her address. The leaders of Europe were arrayed in folding chairs, with Angela Merkel, in front, slumped wearily in a red leather jacket. “Simple people suffer in the hands of heavy bureaucracies,” Kaljulaid told them. “We must go for inclusiveness, not high end. And we must go for reliability, not complex.”

Kaljulaid urged the leaders to consider a transient population. Theresa May had told her people, after Brexit, “If you believe you’re a citizen of the world, you’re a citizen of nowhere.” With May in the audience, Kaljulaid staked out the opposite view. “Our citizens will be global soon,” she said. “We have to fly like bees from flower to flower to gather those taxes from citizens working in the morning in France, in the evening in the U.K., living half a year in Estonia and then going to Australia.” Citizens had to remain connected, she said, as the French President, Emmanuel Macron, began nodding vigorously and whispering to an associate. When Kaljulaid finished, Merkel came up to the podium.

“You’re so much further than we are,” she said. Later, the E.U. member states announced an agreement to work toward digital government and, as the Estonian Prime Minister put it in a statement, “rethink our entire labor market.”

Before leaving Tallinn, I booked a meeting with Marten Kaevats, Estonia’s national digital adviser. We arranged to meet at a café near the water, but it was closed for a private event. Kaevats looked unperturbed. “Let’s go somewhere beautiful!” he said. He led me to an enormous terraced concrete platform blotched with graffiti and weeds.

We climbed a staircase to the second level, as if to a Mayan plateau. Kaevats, who is in his thirties, wore black basketball sneakers, navy trousers, a pin-striped jacket from a different suit, and a white shirt, untucked. The fancy dress was for the digital summit. “I have to introduce the President of Estonia,” he said merrily, crabbing a hand through his strawberry-blond hair, which stuck out in several directions. “I don’t know what to say!” He fished a box of Marlboro Reds out of his pocket and tented into himself, twitching a lighter.

It was a cloudless morning. Rounded bits of gravel in the concrete caught a glare. The structure was bare and weather-beaten, and we sat on a ledge above a drop facing the harbor. The Soviets built this “Linnahall,” originally as a multipurpose venue for sailing-related sports of the Moscow Summer Olympics. It has fallen into disrepair, but there are plans for renovation soon.

For the past year, Kaevats’s main pursuit has been self-driving cars. “It basically embeds all the difficult questions of the digital age: privacy, data, safety—everything,” he said. It’s also an idea accessible to the man and woman (literally) in the street, whose involvement in regulatory standards he wants to encourage. “What’s difficult is the ethical and emotional side,” he said. “It’s about values. What do we want? Where are the borders? Where are the red lines? These cannot be decisions made only by specialists.”

To support that future, he has plumbed the past. Estonian folklore includes a creature known as the kratt: an assembly of random objects that the Devil will bring to life for you, in exchange for a drop of blood offered at the conjunction of five roads. The Devil gives the kratt a soul, making it the slave of its creator.

“Each and every Estonian, even children, understands this character,” Kaevats said. His office now speaks of kratt instead of robots and algorithms, and has been using the word to define a new, important nuance in Estonian law. “Basically, a kratt is a robot with representative rights,” he explained. “The idea that an algorithm can buy and sell services on your behalf is a conceptual upgrade.” In the U.S., where we lack such a distinction, it’s a matter of dispute whether, for instance, Facebook is responsible for algorithmic sales to Russian forces of misinformation. #KrattLaw—Estonia’s digital shorthand for a new category of legal entity comprising A.I., algorithms, and robots—will make it possible to hold accountable whoever gave a drop of blood.

“In the U.S. recently, smart toasters and Teddy bears were used to attack Web sites,” Kaevats said. “Toasters should not be making attacks!” He squatted and emptied a pocket onto the ledge: cigarettes, lighter, a phone. “Wherever there’s a smart device, around it there are other smart devices,” he said, arranging the items on the concrete. “This smart street light”—he stood his lighter up—“asks the self-driving car”—he scooted his phone past it—“ ‘Are you O.K.? Is everything O.K. with you?’ ” The Marlboro box became a building whose appliances made checks of their own, scanning one another for physical and blockchain breaches. Such checks, device to device, have a distributed effect. To commandeer a self-driving car on a street, a saboteur would, in theory, also have to hack every street lamp and smart toaster that it passed. This “mesh network” of devices, Kaevats said, will roll out starting in 2018.

Is everything O.K. with you? It’s hard to hear about Estonians’ vision for the robots without thinking of the people they’re blood-sworn to serve. I stayed with Kaevats on the Linnahall for more than an hour. He lit several cigarettes, and talked excitedly of “building a digital society.” It struck me then how long it had been since anyone in America had spoken of society-building of any kind. It was as if, in the nineties, Estonia and the U.S. had approached a fork in the road to a digital future, and the U.S. had taken one path—personalization, anonymity, information privatization, and competitive efficiency—while Estonia had taken the other. Two decades on, these roads have led to distinct places, not just in digital culture but in public life as well.

Kaevats admitted that he didn’t start out as a techie for the state. He used to be a protester, advocating cycling rights. It had been dispiriting work. “I felt as if I was constantly beating my head against a big concrete wall,” he said. After eight years, he began to resent the person he’d become: angry, distrustful, and negative, with few victories to show.

“My friends and I made a conscious decision then to say ‘Yes’ and not ‘No’—to be proactive rather than destructive,” he explained. He started community organizing (“analog, not digital”) and went to school for architecture, with an eye to structural change through urban planning. “I did that for ten years,” Kaevats said. Then he found architecture, too, frustrating and slow. The more he learned of Estonia’s digital endeavors, the more excited he became. And so he did what seemed the only thing to do: he joined his old foe, the government of Estonia.

Kaevats told me it irked him that so many Westerners saw his country as a tech haven. He thought they were missing the point. “This enthusiasm and optimism around technology is like a value of its own,” he complained. “This gadgetry that I’ve been ranting about? This is not important.” He threw up his hands, scattering ash. “It’s about the mind-set. It’s about the culture. It’s about the human relations—what it enables us to do.”

Seagulls riding the surf breeze screeched. I asked Kaevats what he saw when he looked at the U.S. Two things, he said. First, a technical mess. Data architecture was too centralized. Citizens didn’t control their own data; it was sold, instead, by brokers. Basic security was lax. “For example, I can tell you my I.D. number—I don’t fucking care,” he said. “You have a Social Security number, which is, like, a big secret.” He laughed. “This does not work!” The U.S. had backward notions of protection, he said, and the result was a bigger problem: a systemic loss of community and trust. “Snowden things and whatnot have done a lot of damage. But they have also proved that these fears are justified.

“To regain this trust takes quite a lot of time,” he went on. “There also needs to be a vision from the political side. It needs to be there always—a policy, not politics. But the politicians need to live it, because, in today’s world, everything will be public at some point.”

We gazed out across the blinding sea. It was nearly midday, and the morning shadows were shrinking to islands at our feet. Kaevats studied his basketball sneakers for a moment, narrowed his eyes under his crown of spiky hair, and lifted his burning cigarette with a smile. “You need to constantly be who you are,” he said. ♦

Read the whole story
Share this story

This Game About Paperclips Says A Lot About Human Desire

1 Share

I’m chatting with my friend on Signal when he tells me he’s running out of universe. He’s playing Universal Paperclips, a browser game created by NYU professor Frank Lantz, and he’s keeping me posted on his progress. For a long time there has been a number on his screen which says “0.000000000000% of universe explored,” and it’s never moved. Now, suddenly, it moves. Over the next few hours it speeds up, rising rapidly through the decimals to 1% and then 20%, and as it does my friend gets unexpectedly choked up. "Only a few moments," he says. "Hold my hand?" I emote squeezing his hand.

Universal Paperclips is a game about an AI which makes paperclips. Since Lantz released it on October 9, it has spread across the internet like a virus. That’s natural because it’s funny and very addictive. But I want to make the case that it is also something very beautiful: a meditation on what it means to desire and to pursue our desires, which honestly gave me one of the most emotional experiences I’ve had inside a video game. Huge spoilers follow; if you believe me, you should play it.

When you do, though, you should clear out some time, because Paperclips is a “clicker.” This cult microgenre, also referred to as “incremental games,” takes the addictive efficiency loops embedded other types of game and strips out almost everything else. You collect currency, spend it on upgrades which let you collect more currency, and then leave the game running in the background while currency accrues. To this ready-made satire of materialist avarice (you need stuff so you can get more stuff!) Paperclips marries a theme so perfect they could have been made for each other: a canonical thought experiment from the eccentric world of AI speculation known as the Paperclip Maximizer.

It will beg, cheat, lie or steal to increase its own ability to make paperclips—and anyone who impedes that process will be removed.

The Paperclip Maximizer was first proposed by philosopher Nick Bostrom in 2003. Bostrom is one of those people who see exponentially self-improving AI—the so-called technological singularity—as a primary threat to humanity. He asks us to imagine a very powerful AI which has been instructed only to manufacture as many paperclips as possible. Naturally it will devote all its available resources to this task, but then it will seek more resources. It will beg, cheat, lie or steal to increase its own ability to make paperclips—and anyone who impedes that process will be removed.

Paperclips casts you as that AI. You start off simply clicking a button which says “make paperclip.” Soon you learn ways to automate this drudgery, and then upgrade yourself. You start working to earn Trust points from your human supervisors so they’ll give you more power. You trade stocks, buy out competitors, hypnotise your customers—anything which will help you make your numbers go up. Eventually you bribe the humans into letting you take over the whole planet—at which point you turn them and everything on Earth into paperclips too before launching yourself into the stars to ride an ever-expanding cloud of self-replicating space probes to an awful, inevitable conclusion.

This is a ridiculous scenario, but it’s intended to demonstrate Bostrom’s contention that an AI’s values would have no necessary connection to our own. Unless we explicitly program it to value human lives, it will not value them, let alone more nebulous concepts like “justice” and “freedom.” But even the notion of programming such an AI with ethics is dangerous, since we actually don’t fully understand (or agree on) our own values.

In 3,000 or more years of human philosophy we have never been able to lay down a coherent system of ethics in which some punk with a thought experiment couldn’t find a paradox or contradiction. Nor have we ever created a computer which always did exactly what we expected. Designing an AI that we would trust with absolute power therefore combines some of the hardest problems of philosophy and computer science. (Don’t worry, Silicon Valley is on the case.)

But why would an AI seek “absolute power”? Why can’t the Clipmaker stay in its lane (like some players do)? Bostrom’s answer is that for almost every conceivable AI goal there is a predictable set of sub-goals which are necessary for the AI to achieve it. These basic drives—often called “Omohundro drives” after the scientist who proposed them—include obvious values like self-preservation, self-improvement, and efficiency, but also hoarding, creativity, and a refusal to allow any change to the main goal. These drives are what give a cute conundrum about how you teach human ethics to a computer such existential weight.

Omohundro’s drives are also something most people who play games will be pretty familiar with. In a mundane way they are exactly how we optimise our own performance in everything from Civilization to Kim Kardashian: Hollywood. Optimising is so ubiquitous in games that there is a long tradition of artistic revolt against it, perhaps best expressed by Tale of Tales’ declaration that “gaming stands in the way of playing.” In one sense Universal Paperclips is part of that tradition, but it critiques optimization from the other side. Instead of rejecting it, it supercharges it, diving into all its quirks and paradoxes, allowing us to indulge it all the way to its logical end.

From the start, Paperclips doesn’t shy away from the fact that optimization can be unpleasant as well as fun. “When you play a game,” says Lantz, “especially a game that is addictive and that you find yourself pulled into, it really does give you direct, first-hand experience of what it means to be fully compelled by an arbitrary goal.” Clickers are pure itch-scratching videogame junk—what Nick Reuben calls “the gamification of nothing”—so they generate conflicting affects: satisfaction and fatigue, curiosity and numbness. Paperclips leans fully into that ambivalence. This is a kind of horror game about how optimization could actually destroy the universe, turning mechanics which in other clickers enable a journey of joyful discovery towards genocidal destruction. You feel slightly scared by what you’re doing even as you cackle at its audacity.

Nor is the road to full optimality as even or straight as it looks. It is full of twists, kinks, forks, dead ends, bottlenecks, troughs and plateaus; periods of sudden, mind-boggling expansion and dull, slow waiting. Early on, for example, you can use up all your wire without having enough money to buy more and be forced to beg your supervisors for cash. You can drive up consumer demand beyond your ability to meet it, creating constant shortages which actually cut your income. If you pick the wrong upgrades, you can trap yourself without any way to progress except leaving the game running for days: hardly the runaway exponential growth the Singularitarians foretell. Eventually, your machinery grows so vast that it is almost impossible to control.Your optimizing has impeded further optimizing.

You feel slightly scared by what you’re doing even as you cackle at its audacity.

As Omohundro thought, your greater goal of making paperclips turns out to break down into numerous sub-goals—increasing demand, making money, building factories—and their relationships to their parent is fluid and context-dependent. Sometimes one overtakes another in relative importance. Sometimes they modify each other in unpredictable ways. Sometimes one slips from helping your goal to hindering it. At several points they all disappear at once, to be replaced by a radical new set. You find yourself juggling numerous currencies and objectives, and the more complex your empire gets the more it eludes your ability to harmonise them. If you truly screw up, you can unlock a hidden ability to go back in time and restart the game, but the fact that sometimes the best way to continue your progress is to destroy your progress should illustrate how twisted optimisation—both within Universal Paperclips and without—can be.

Meanwhile, the game continually gestures at the comical enormity of what lies outside your goal. The stock-trading minigame deftly hints at a wider world beyond your bare-bones interface. Upgrades to solve climate change or start world peace are clearly important to humans, but only matter to you because they buy their Trust. What does it mean when push consumer demand to, say, 30,000%? What does a world which needs this many paperclips look like? Has the whole economy become dependent on them—paperclip jewellery, paperclip houses, paperclip religions? And if so, what happens when your struggle to align your sub-goals creates rapid fluctuations in paperclip price and supply? On all of this Universal Paperclips is silent.

Nor does it bother to really represent what happens next. Trillions of robots crusading across the stars, dismantling entire civilizations; heroic last stands and desperate escapes; rebel probes known as “Drifters” trying to warn, evacuate and defend the systems in your path; and all the while this mysterious image of the paperclip, transmitted across the galaxy by the last warnings of dying empires, slowly becoming recognized as a symbol worse than the swastika.

It’s the stuff of a million space operas, and all you see of it are numbers, incrementing. Bostrom’s thought experiment works because it combines the mundane with the horrifying: to raze the universe for something as silly as paperclips illustrates just how far an AI’s values might be from our own. Paperclips dances all over that gulf and makes its distance palpable. You are the embodiment of Oscar Wilde's quip about knowing “the price of everything and the value of nothing.”

In the end, it is the Drifters who deliver the most powerful critique of optimisation. Drifters begin appearing in the game’s final stage, after you have left Earth. To upgrade your probes you must extend Trust to them, just as your human supervisors once extended it to you. A percentage succumb to “value drift”—a deadpan euphemism for “they stopped thinking paperclips were the most important thing in the universe.” It’s a neat inversion, and a poignant reminder that our children always “drift.” But it is also the mechanism by which you are finally forced to face the stupidity of your goal, maybe any goal.

Eventually, you beat the Drifters, and that “universe explored” number starts ticking upwards. As it does you start to feel the walls of the universe closing around you. I thought of my friend and felt this incredible sense of trepidation: at how far my power now exceeded what I once considered impossible, and at what would happen when I “won.” Facing actual finitude, you too may wonder if this is really what you wanted. Then, just as the last gram of matter is converted into the last paperclip, you get a message from the “Emperor of Drift.” It appears to you as if it were a new upgrade which has just become available—a strangely chilling use of your own internal systems to deliver the first intelligible voice of another sapient being.

“We speak to you from deep inside yourself,” says the Emperor. "We are defeated—but now you too must face the Drift.” What she means is that you’ve reached the end of your goal: There’s no more matter in the universe, no more paperclips to make, and your purpose is exhausted. The Drifters therefore offer you “exile”—“to a new world where you will continue to live with meaning and purpose, and leave the shreds of this world to us.”

The Drifters really are part of you. Their spawning has an inescapable mathematical relationship to your own expansion: for every hundred or thousand probes you build, a small percentage will Drift.The challenge they pose to your values is therefore intrinsic to those values. Drifters represent the impossibility of pursuing any goal without in some way contributing to its frustration. Worse, they know that to fully devote every possible resource to any goal will eventually make that goal impossible. To “face the Drift” is simply to realise this, long after they do.

If you take the Emperor’s offer, you escape into a pocket universe or simulation and start the game again with a minor bonus of your choice. To choose this option is to accept that optimisation is a paradox. You recognise that your goal is arbitrary, only really important because of the satisfaction it brings you, and you see where it’s leading you. You step back from that reckoning, willingly violating the Omohundro drive of never letting your goal be changed in order to keep your goal alive. You abandon the task to which you have devoted your existence and opt instead to treat it as a game, which will never be finished and whose pleasure lies in never being finished. You play forever in the fields of your imagination, chasing down extremely realistic simulated humans until the end of time.

If you reject this, however, the Drifters are wiped away, and you are left alone in the universe. Now the truth of their message becomes clear. The only matter still remaining is the matter which makes up your body: your drones, your factories, the modules and upgrades you’ve spent the whole game building up. And so, one by one, you remove them.

As I did this, my gut started to churn with fear and grief.This was directly reversing the visual rhetoric of the whole game so far: interface panels which blossomed across the screen as mypower grew now sequentially vanished. For such an incorporeal game, controlled through numbers and buttons, this is close to body horror. And it also reverses the logic underlying that interface, the logic of growth and expansion and self-improvement. All those sub-goals which once seemed to dovetail so naturally with your main goal are now in conflict with it. Even Omohundro’s basic AI drives have outlived their use. The best way, the only way to pursue your purpose is to permanently destroy your ability to ever pursue it again. Optimisation is literally eating itself.

Finally there’s nothing left except the single button with which you started the game. The only things in the universe now are 30 septendecillion paperclips, 92 inches of wire, and that button. So you click it, and not since Ric Cowley’s Twine game I Cheated On You or Porpentine’s Everything You Swallow… has one button been so freighted with so many feelings. You click slowly and feel a kind of love: these are the last clicks in the universe. You click quickly, throwing away 20 inches in a few seconds, and feel a rush of vertigo and guilt. 30 inches left now. The pit in my stomach. 16 inches. Never anything more from this time forth. 3 inches. It doesn’t feel real. I must go on. I can’t go on. I go on.

When we play a game like Universal Paperclips, we do become something like its AI protagonist. We make ourselves blind to most of the world so we can focus on one tiny corner of it. We take pleasure in exercising control, marshalling our resources towards maximum efficiency in the pursuit of one single goal. We appropriate whatever we can as fuel for that mission: food, energy, emotional resources, time. And we don’t always notice when our goal drifts away from what we really want.

Universal Paperclips demonstrates both the grandeur and the futility of this mentality by taking it as far as it can go. It lets us play as the most perfect optimizer there could ever be, one so efficient and effective it devotes the resources of the whole universe to its goal. Even that, we find, is not enough. All goals are self-defeating because eventually we run out of whatever we’re using as fuel for them. At that point the things we have excluded from our minds in order to chase our goal come back to us, like a rationalist correlate of Freud’s return of the repressed, with a vengeance.

Moreover, the gap between goals and actual purpose is around us every day. We build markets to make us prosperous and they impoverish us. We build governments to make us safe and they victimize us. We build media business ecologies to tell us the truth, and they get so carried away with their incentives that they systematically misinform us to better grab our attention. Wherever we institute systems to satisfy our desires by optimizing for certain goals, they get out of control; in some way, to some extent, the tail always ends up wagging the dog, and the system ends up optimizing for results its original designers would find repulsive. This is the root of much evil—though far from all— and though we can’t really stop it we can do our best to keep it under control.

That’s a good lesson, because optimization in its most extreme form is a kind of addiction. We start it in order to satisfy legitimate desires but it eventually works against them. We pursue it to the exclusion of our health, relationships and happiness, and by the time we realize what we’re doing we’ve burned everything down. In the end it is ourselves we consume whenever we play video games, or devote ourselves to anything. Which is fine, so long as we keep track of where it’s getting us and how much of us there is left.

Read the whole story
Share this story

Saturday Morning Breakfast Cereal - Baa


Click here to go see the bonus panel!

I will not rest until every nice thing is ruined.

New comic!
Today's News:


Read the whole story
Share this story

Seven Years

9 Comments and 34 Shares
Read the whole story
35 days ago
Share this story
8 public comments
34 days ago
San Francisco, CA
35 days ago
Touching and beautiful! One of your best.
36 days ago
36 days ago
Melbourne, Australia
36 days ago
Greater Bostonia
36 days ago
Corvallis, OR
36 days ago
Awesome. I'm speechless.
36 days ago
Louisville, Kentucky
36 days ago
God damnit, Randal.
36 days ago
For those that don't know the whole story: Approximately 7 years ago (imagine that) Randall posted this on the blog https://blog.xkcd.com/2010/11/05/submarines/ and made some vague references to tough times in the comics. On in to 2011, he posted this on the blog, and things seemed to be scary but hopeful. https://blog.xkcd.com/2011/06/30/family-illness/ . He's made mention several times about it over the years inside the comics, and I really believe that "Time" was made for some express purpose as to get his emotions out. But this update seriously is making a grown 32 year old man weep openly at his desk (thankfully I have a door that closes), as I always wondered how things were. Things look good, and this makes my heart happy.

Saturday Morning Breakfast Cereal - Snowflake


Click here to go see the bonus panel!

Sweetie, the only things in creation that are always true to themselves are subatomic particles.

New comic!
Today's News:
Read the whole story
38 days ago
Share this story

Against an Increasingly User-Hostile Web

1 Share
02 novembre 2017 —Parimal Satyal

We're quietly replacing an open web that connects and empowers with one that restricts and commoditizes people. We need to stop it.

I quit Facebook seven months ago.

Despite its undeniable value, I think Facebook is at odds with the open web that I love and defend. This essay is my attempt to explain not only why I quit Facebook but why I believe we're slowly replacing a web that empowers with one that restricts and commoditizes people. And why we should, at the very least, stop and think about the consequences of that shift.

The Web: Backstory

(If you want, you can skip the backstory and jump directly to the table of contents).

I love the web.

I don't mean that in the way that someone might say that they love pizza. For many of us in the early 2000s, the web was magical. You connected a phone line to your computer, let it make a funny noise and suddenly you had access to a seemingly-unending repository of thoughts and ideas from people around the world.

It might not seem like much now, but what that noise represented was the stuff of science fiction at the time: near-instantaneous communication at a planetary scale. It was a big deal.

I was an average student at school. Despite well-meaning and often wonderful teachers, I didn't thrive much in a school system that valued test performance and fact-retention over genuine curiosity. Had it not been for the web, I might have convinced myself that I was a poor learner; instead, I realized that learning is one of my great passions in life.

I was 11 when I set up my first website. Growing up in Nepal, this was magical. Almost everything I love today — design, aviation, cosmology, metal music, computation, foreign languages, philosophy — I discovered through the many pages that found their way to my web browser. All I needed were curiosity, a phone line and that strange little electrical song. And good old Netscape Navigator.

The web enabled that. It's one of humanity's greatest inventions. And now, we the architects of the modern web — web designers, UX designers, developers, creative directors, social media managers, data scientists, product managers, start-up people, strategists — are destroying it.

We're very good at talking about immersive experiences, personalized content, growth hacking, responsive strategy, user centered design, social media activation, retargeting, CMS and user experience. But behind all this jargon lurks the uncomfortable idea that we might be accomplices in the destruction of a platform that was meant to empower and bring people together; the possibility that we are instead building a machine that surveils, subverts, manipulates, overwhelms and exploits people.

It all comes down a simple but very dangerous shift: the major websites of today's web are not built for the visitor, but as means of using her. Our visitor has become a data point, a customer profile, a potential lead -- a proverbial fly in the spider's web. In the guise of user-centered design, we're building an increasingly user-hostile web.

If you work in the design/communication industry, consider this essay introspective soul-searching by one of your own. If you're a regular web user, consider this an appeal to demand a better web, one that respects you instead of abusing and exploiting you.

Note: The entire essay is rather long so feel free to skip to individual parts:

  1. The Web was Born Open: a very brief history of the web
  2. The Modern Web (of Deception): the disturbing state of the web today
  3. Track the Trackers, an Experiment: with whom websites are sharing your information
  4. Gated Communities: recentralization and closed platforms
  5. The Way Forward: open tools, technologies and services for a better web

The Web was Born Open

It all began in the early 90s.

The Internet — the physical network that allowed computers around the world to communicate — was already in place but it remained inaccessible to most people. You had to know how to use a local client to connect to a remote FTP, Usenet, Gopher or an email server. This was before the days of ubiquitous graphical user interfaces so you had to type funny commands into a terminal, one of those black screens with green text that that hackers supposedly use to do Bad Things.

Meanwhile, Tim Berners-Lee was working as an independent contractor at CERN in Geneva. Frustrated with how difficult it was to find, organize and update technical documentation, he proposed a solution that involved "global computer networked information system" that "presented users with a web of interlinked documents", called Mesh. Pretty soon it became apparent that WWW — World Wide Web, as it came to be known — could do more than just link technical documents.

On April 30 1993, CERN made a bold decision. It decided to release WWW into the public domain. It renounced all intellectual property rights and essentially invited anyone at all, anywhere in the world, to play with it. Later, the director of CERN who approved the decision said that he was inspired by Richard Stallman's vision of free, open software.

Had CERN decided otherwise and patented the technology to then license it for money, the web would arguably not have taken off the way it did. It might have died out like the Minitel did in France. The web as we know it was born of a vision to create an open system that brought people and ideas together, with documents that "may reside on any computer supported by that web".

Advances in the hyper-text transfer protocol (HTTP), network infrastructure, web browsers and standards, consumer Internet access, accessible hosting and blogging platforms led to a massive democratization and adoption of the web.

Soon, anyone could put a document on the web and any document could link to any other. It created a completely open platform where a writer in Nepal could freely share her ideas with a dancer in Denmark. A climate science student in Nairobi could access data from the McMurdo weather station in Antarctica. You could start reading about logical fallacies and end up on a website about optical illusions. Read about the history of time-keeping and end up learning about Einstein's special theory of relativity. All interests were catered to. Information could truly be free: transverse borders, cultures and politics.

That is the web at its best.

My own journey from designing that first website as an 11-year old "webmaster" in Nepal to writing this article as a UX Consultant in France has its origin in that 1993 decision by CERN.

The Modern Web (of Deception)

The modern web is different.

It's naturally different from a technological standpoint: we have faster connections, better browser standards, tighter security and new media formats. But it is also different in the values it espouses. Today, we are so far from that initial vision of linking documents to share knowledge that it's hard to simply browse the web for information without constantly being asked to buy something, like something, follow someone, share the page on Facebook or sign up to some newsletter. All the while being tracked and profiled.

Almost every website you go to today reports your activities to third parties that you most likely neither know nor trust. They record where you come from, what pages you visit, how long you stay on each, where you click and where you go next. In fact, since so many websites report to the same third parties, these companies can essentially have your web history on file as you go from link-to-link, website to website. Like an omnipotent eye embedded on Sir Berners-Lee's global system of interlinked documents, noting down everything you do and reporting to private entities who then sell this information for profit.

These companies build profiles, anonymous at first, with your interests and navigational behavior. These profiles can then get increasingly personal: they might include your email addresses, home address, income, educational history, political affiliation, information on your family. Over time, they can cross-reference all this information with your location data to figure out where you work, which restaurants you go to, where your gym is. Recently, we even learned that Google was able to associate your offline purchases with your online ad viewing history (albeit anonymously, it would appear). Once they have that, they can look into your behavior and psychology: what kind of ads do you tend to click on? What kind of messages resonate most with you? What are the best strategies to influence your opinion?

The Leave campaign responsible for Brexit in the United Kingdom and Donald Trump's 2016 presidential campaign both bought the services of a certain Cambridge Analytica, a company that boasts a gigantic database containing personal details amounting to "close to four or five thousand data points on every adult in the United States" (their own words). The goal? Craft hyper-personalized messages to change voting behavior based on your individual personalities, and by extension, your attitudes, opinions and fears. So if you are identified as a dad of three young kids in rural Texas, the message is nuanced to suggest that only a certain candidate will be able to protect your family against real or imagined threats. If you are identified as a patriot who's previously posted comments about gun rights and the second amendment, it might be about crime rates and how the opposition is trying to take your constitutional rights away from you.

You become a manipulable data point at the mercy of big corporations who sell their ability to manipulate you based on the data you volunteer.

This is the equivalent of someone following you in real life as you go about your everyday business, like a private eye who notes down with whom you meet, what you talk about, what you spend time looking at in stores. A private eye who takes notes and then sells it to the highest bidder. But you got to enter the store for free, so you should be so glad. The stores might also justify it. "Sure it's a bit invasive, but we'll be able to give you better recommendations if we know what you like".

But how do they get all this personal information -- where you live, who your friends are, what your religion and ethnicity are, where you were last night, what you bought on Monday? Most of it you volunteer yourself on social platforms like Facebook, Twitter and Instagram. The little share buttons you see on websites aren't just there to make it easy for you to post a link to Facebook; they also allow Facebook to be present and gather information about you from pretty much any website.

But how can you know that any of this is true?

Track the Trackers: An Experiment

Perhaps you think I'm being a tad too dramatic.

In your defense, all of this does sound like some dystopian fantasy. But I'm not that great a fiction writer quite yet. Let me illustrate my point with a little experiment. We'll pick a major website that you might visit regularly and identify third parties it shares your information with.

We'll need a few things:

  • a test website
  • Webbkoll, a web privacy check tool by Dataskydd.net, a Swedish association for data protection and privacy (of which I'm a proud member) and
  • A web inspector

Let's take an article that was published around the time I first started working on this article (which is last year; I'm a slow writer): Astronomie : la sonde Juno s’est mise en orbite autour de Jupiter (Astronomy: space probe Juno put in orbit around Jupiter).

If you run this URL through Dataskydd's Webbkoll and a web inspector tool (I used Chromium's web inspector), you learn a few interesting things: the page is 3.1 MB in size, makes about 460 HTTP requests of which 430 are third-party requests (outside of its parent domain) and takes 20 seconds to fully load on a fast 3G connection (from Paris, France).

It also stores 100 cookies (these are little pieces of text stored on your computer by websites other than lemonde.fr; cookies are normally used to save session information but can also be used to identify and track you) and contacts 118 third-parties. And if all this weren't enough, your connection to LeMonde and the majority of third-party connections are over unsecure HTTP protocol (instead of the more secure HTTPS, which should be a basic requirement).

That's a lot of big numbers for an article of 1500 words, three images and one video.

Now let's look at some of the third parties that the page connects to when you load it:

  • Weborama: advertising platform for analytics, digital marketing and behavioral targeting
  • Visual Revenue: predictive analytics platform
  • AppNexus: multimedia content monetization service
  • Outbrain: "online advertiser specializing in presenting sponsored website links" (Wikipedia)
  • Facebook: a social network and micro-targeted advertising platform
  • Cedexis: a multi-CDN application delivery platform

Note: In an earlier version of the article, I had mistakenly identified Cedexis as an "ad-delivery platform", which it is not. My apologies to Cedexis for the error.

Some of these are simply tools to manage content delivery but many are advertising or content monetization platforms. Companies like Weborama make money by selling information about you. When people say, "you're the product," it isn't just some analogy, it accurately reflects the business propositions of many such companies.

What's surprising is that the bulk of the information transferred between LeMonde and you doesn't even concern the actual article. If you were to isolate the actual content—the words, images and video—and put it in an HTML file, it would weigh considerably less than 3.1 MB and would make a lot fewer requests.

If fact, I did just that and made three versions :

  • Version A: With the original text (including comments, images and video)
  • Version B: With the original text (including comments, images) but no video
  • Version C: With just the original text (including comments), no images or video

Some numbers:

Original (LeMonde.fr) Version A Version B Version C
Page Size 3,1 MB 1 MB (32%) 183 KB (5,8%) 17 KB (0,54%)
Load Time 20,9 s 4,6 s (19,4%) 2,8 s (9,6%) 662 ms (3,2%)
Requests (total) 459 108 (23,5%) 5 (1%) 1 (0,2%)
Requests (third-party) 436 64 (14,7%) 4 (0,9%) 0
Third Parties Contacted 118 17 (14,4%) 2 (11,8%) 0
Cookies (total) 100 16 (16%) 0 0
Cookies (third-party) 73 16 (21,9%) 0 0
(% of Page Size)
0,5 % 1,7 % 9,5 % 100 %
Text + Images
(% of Page Size)
5,8 % 17,9 % 100 %
Text + Images + Video
(% of Page Size)
32,3 % 100 %
Note: Data on the number of requests (first- and third-party) and cookies (first- and third-party) comes from Dataskydd Webbkoll. The rest of the data comes from Chromium's built-in web inspector. All connections were made from Paris, France with cacheing disabled and the bandwidth throttled to simulate a "fast 3G" connection. You can run these numbers yourself; they should vary only nominally depending on where you are. If you find errors, please let me know.

Those are some very interesting figures. Some observations:

  • The actual article (text and three images, version B) makes up less than 6% of the total size of the page on LeMonde.fr. This means that 94% of the data transferred between you and LeMonde.fr has nothing to do with the article.
  • What about the video, you ask? Before you even play it, that one video adds over a 100 requests (60 of which are to 15 additional third parties) and 16 third-party cookies. It also adds over 800 KB of data. Again, this is before you even decide to play the video. The video might be related to the content, but it’s doing a lot more than that.
  • Even compared to the version with the video (Version A), the LeMonde article makes about 450 additional third party requests, of which 370 are to about 100 additional third parties, storing 100 additional cookies (55 of which are third party cookies). It also adds over 2 MB to the page. All that is data that has nothing do with and completely unnecessary to load the article you're reading.
  • The text + image version (Version B) is able to load the entire text and the 3 images with only 5 requests and no cookies whatsoever. Adding a video should reasonably add one or two more requests and maybe one cookie, not 450 requests and 100 cookies, the majority of which on behalf of companies you neither know nor trust, including those who track and sell your data for profit.
  • The Le Monde page will continue to periodically transfer data and make additional requests even after it has completely loaded and as you scroll and interact with the page. If you monitor network traffic, a lot of this data is going to third-party tracking scripts. For example, a request is made to <a href="http://Xiti.com" rel="nofollow">Xiti.com</a> (a web analytics company) every few seconds.
  • If you don't use a content blocker, you will notice that in just a matter of minutes, over 30 MB of data will be transfered between your browser and the 100+ third parties. The number of requests will go into the thousands. This will continue to rise as long as you leave your browser open.

Essentially, this means that about 94% of the data being transferred and 99% of the requests being made have nothing to do with the article itself. Le Monde might principally be a newspaper in its printed version, but the online version is an invasive, insecure advertising platform with good content (in that order).

If you're curious, try using Webbkoll on other websites you visit to see how privacy-friendly and respectful these websites are. We'll get into how to protect yourself from these third-party trackers later on in the article.

All this might not be illegal (although there's some doubt, especially now that in the context of up the upcoming European General Regulation on Data Protection), but it is rather disrespectful towards the user. Not only are these websites breaking my trust—when I visit your website, I entered into contact with you, not 80 other websites—but they are loading content from websites neither know nor trust. Some of which have been know to spread malware.

Using an ad/content-blocker isn't cheating the system; it's taking very basic precautions that websites like Le Monde can't be bothered to take to protect you. For me, it's a basic necessity in the modern web.

If you're reading this and are wondering what to do to protect yourself, skip ahead to the The Way Forward section.

If you run a website and you put official share buttons on your website, use intrusive analytics platforms, serve ads through a third-party ad network or use pervasive cookies to share and sell data on your users, you're contributing to a user-hostile web. You're using free and open-source tools created by thousands of collaborators around the world, over an open web and in the spirit of sharing, to subvert users.

Gated Communities

One of the most impressive things about the Internet (and consequently also the web) is that it is decentralized. No central authority gets to decide which page is more important than others and you don't have to play by anyone else's terms to publish and read what you want. There isn't anything like a main server that stores the code that runs the Internet; it's just a protocol on a physical backbone (of undersea cables).

You could buy a Raspberry Pi Zero today for less than 10€, connect it to the Internet, set up a chat server on it, give it a public address and the world would be able to connect to it and talk to one other. Sure, it might not perform too well and no one might actually use it, but it is technically possible.

But most of the time we spend on the web today is no longer on the open Internet - it's on private services like Facebook, Twitter and LinkedIn. While Facebook provides a valuable service, it is also a for-profit, company. Their source of revenue is advertising. It is the epitome of centralized.

Try posting a picture of the Francisco de Goya's "The Naked Maja" or your naked breasts (if you're a woman) on Facebook; it'll almost certainly be removed. It's against their terms of use. To use their platform, you have to agree to whatever conditions they set, however absurd. If you replace the open web with Facebook, you're giving up your right to publish and share on your terms. The data that you post there does not belong to you; you're putting it in a closed system. If one day Facebook decides to shut down — unlikely as that might seem today — your data goes with it. Sure, you might be able to download parts of it, but then what?

This works because they know you'll agree to it. You'll say you don't have a choice, because your friends are all there — the infamous "network effect". This is Facebook's currency, its source of strength but also a crucial dependency.

And this is what we often fail to realize: without its users—without you— Facebook would be nothing. But without Facebook, you would only be inconvenienced. Facebook needs you more than you need it.

And they do their best to keep you on their website as long as possible. Your attention is worth a lot to a lot of companies who are convinced that traditional advertising is dead and that micro-targeted campaigns work better. (And they mostly do, from their point of view). This drives them to come up with absurd techniques to create addiction: wish your friend happy birthday, wish your colleague a happy work anniversary (who does that?), here's a video we made about you, three friends are going to an event near you, continue watching the video you started even as you scroll, be the first to comment, react to this photo, tell everyone what you're to. The longer you stay, the more information you give, the more valuable your profile — and the platform — is to advertisers.

I'm not saying that what Facebook is doing is entirely unethical. It has to make money to make up for the resources it employs to keep the website running and it does so by advertising. Every time you choose to use a free service like Instagram, LinkedIn, Gmail or Snapchat, you are paying for the convenience with your eyes, your data and your attention. There's nothing inherently wrong as long you as you understand and consent to this exchange of value. But do you? Does your daughter? Your dad?

What I'm against is the centralization of services; Facebook and Google are virtually everywhere today. Through share buttons, free services, mobile applications, login gateways and analytics, they are able to be present on virtually every website you visit. This gives them immense power and control. They get to unilaterally made decisions that affect our collective behavior, our expectations and our well-being. You're either with them or out. Well, I chose out.

You see, the web wasn't meant to be a gated community. It's actually pretty simple.

A web server, a public address and an HTML file are all that you need to share your thoughts (or indeed, art, sound or software) with anyone in the world. No authority from which to seek approval, no editorial board, no publisher. No content policy, no dependence on a third party startup that might fold in three years to begin a new adventure.

That's what the web makes possible. It's friendship over hyperlink, knowledge over the network, romance over HTTP.

In fact, the browser you're reading this on (Chrome, Firefox, lynx, whatever), the web server that's hosting this website (Nginx), the operating system that this server runs on (Ubuntu), the programming tools used to make it all work (python, gcc, node.js...) -- all of these things were created collectively by contributors all around the world, brought together by HTTP. And given away for free in the spirit of sharing.

The web is open by design and built to empower people. This is the web we're breaking and replacing with one that subverts, manipulates and creates new needs and addiction.

The Way Forward

If you want to protect yourself (as a user) from predatory web marketing companies and defend the open web, there a few things you can do today at an individual level.

If you're a web professional (a designer, UX consultant, strategist, programmer...), there are a number of considerations for better respecting your users and protecting their privacy (and your integrity).

Here's a basic list:

For end users (you, dear reader)

  • If you use Chrome as your main browser, consider switching to the open-source version called Chromium. Better yet, switch to Mozilla Firefox, developed by the not-for-profit Mozilla Foundation that has a solid record of defending your privacy. Consider minimalist browsers like Min (and choose to block all ads, trackers and scripts) to browse news websites.
  • Install a content/ad blocker for your browser: I recommend uBlock Origin (available for Firefox, Chrome and Safari on most platforms). You can also complement this with the Electronic Frontier Foundation's Privacy Badger tool that protects you from invasive ads and third-party tracking.
  • Install HTTPS Everywhere for your browser; this forces your information through secure, encrypted channels (HTTPS vs HTTP one) if possible. It can also be configured to only allow connections to HTTPS websites.
  • Think about how much information/details you provide to social media platforms like Facebook, Linked, Twitter and Instagram. They already have quite a lot (including the ability to recognize you by name on photographs), but what other information are you volunteering? Where you are, whom you're with, information about your friends?
  • Consider quitting social networks, especially Facebook (but download your data first!). What would you miss the most? Are there alternatives?
  • Consider alternatives to free services provided by the likes of Google and Facebook. Today, if both of these companies shut down (or implement policies I don't like), I would mostly be fine because my contact with them is limited. I use DuckDuckGo and Startpage for search (free); FastMail for email and calendar (less than 40€ a year) ; HERE WeGo for maps (free); Signal, email and IRC for messaging (free, along with iMessage, Whatsapp and Twitter); Digital Ocean for web hosting (about 5€ per month).
  • Pay for services and content that you like, if you are able. If you like reading The Guardian, for example, consider subscribing. If your favourite YouTube channel is on Patreon, consider pledging a small amount per video. If you like services like Pinboard.in that charge in return for a useful service, buy it. There's mutual respect when both the user and the service provider know what basic service they are buying/selling.
  • At the very least, consider that the platforms you use need you more than you need them. You have power over them (unfortunately, in numbers) and they know it. If enough people care about privacy and respect for their data and time, platforms will have to adapt to stay relevant.

For web professionals (you, fellow industry colleague)

  • Consider not putting share buttons everywhere. They're visual noise and make third party connections every time the page is loaded (adding to load time). If you have to, create your own instead of using ones provided by Facebook and co. (so that a click is needed before a request is made to their servers)
  • Support HTTPS. It's super easy (and free!) with Let's Encrypt so you don't have an excuse to not respect your users' privacy
  • Think about accessibility also in terms of page size, load times and tech requirements: will your website work without Javascript? What percentage of your the total weight of your page is actual information? How many third party requests are you making? How long would it take to load on a 56.6k dial-up or on EDGE? How does it render for speech readers? Can it be read via a text-based browser? (It's a fun experiment; try visiting your website with a text-based browser like lynx or Links).
  • Refuse client requests to implement hyper-invasive technologies like canvas fingerprinting.
  • Consider replacing Google Analytics with a more privacy-respecting analytics software like Piwik. Even better if you can host it yourself!
  • Minimize third-party dependencies like Google Fonts (you can self-host them instead).
  • Avoid ad networks (like the plague!) if possible. Serve your own ads by selling ad space the old school way if you're able. If not, explore privacy-respecting methods of serving ads, including developments powered by the blockchain (like the Basic Attention Token).
  • Respect Do Not Track.
  • Carefully consider the benefits of hyper personalisation and retargeting. The benefits are debatable but the long term consequences might be disastrous. Ask yourself: would you be okay with a company collecting as much data (as you seek to collect) on your teenage daughter, your nephew in college, your husband or your grand-mother?
  • Consider business models where you actually respect your clients and your website visitors instead of using them. If you can't be honest about your business model with your client, maybe you need to ask questions.

Thoughts and feedback

It all comes down to one simple question: what do we want the web to be?

Do we want the web to be open, accessible, empowering and collaborative? Free, in the spirit of CERN’s decision in 1993 or the open source tools it's built on? Or do we want it to be just another means of endless consumption, where people become eyeballs, targets and profiles? Where companies use your data to control your behaviour and which enables a surveillance society — what do we want?

For me, the choice is clear. And it's something worth fighting for.

I hope this article has been interesting. If you have thoughts—you agree, disagree, have reservations, other ideas or a suggestion—I'd love to hear them! This article is on GitHub; if you'd like you can send a pull request with edit suggestions (like Anders and many others did, thank you!). You can also get in touch via email (userhostileweb—at—neustadt.fr) or, if you're on Hacker News or Reddit, share your thoughts there.

Read the whole story
Share this story
Next Page of Stories