Dedication To Jonathan, for being mine. To Gerome, Novi, & Leo, for being all your own. Epigraph Where, after all, do universal human rights begin? In small places, close to home—so close and so small that they cannot be seen on any maps of the world . . . Unless these rights have meaning there, they have little meaning anywhere. Without concerned citizen action to uphold them close to home, we shall look in vain for progress in the larger world. —ELEANOR ROOSEVELT, former first lady of the United States We don’t completely blame Facebook. The germs are ours, but Facebook is the wind, you know? —HARINDRA DISSANAYAKE, Sri Lankan presidential adviser Contents Cover Title Page Dedication Epigraph Introduction One: Rise of the Citizen-User Two: Net States IRL Three: Privacy Allies and Adversaries Four: Information-Age Warfighters Five: A Great Wall of Watchers Six: The All-Knowing Internet of Things Seven: The Mind, Immersed Eight: A Declaration of Citizen-User Rights Conclusion: The Net State Pattern Acknowledgments Appendix Notes About the Author Copyright About the Publisher Introduction O n January 9, 2007, 45,000 software developers, computer engineers, and everyday tech enthusiasts gathered in Silicon Valley’s go-to conference spot, San Francisco’s Moscone Center, a three-story, glass-enclosed conference space that shared a block with the Yerba Buena Ice Skating and Bowling Center and the Dosa Brothers Indian restaurant. The occasion: the 22nd annual Macworld Expo. The highlight: bearing witness to their patron saint, Apple visionary Steve Jobs.1 Wearing his signature uniform—black turtleneck, wire-frame glasses, white sneakers, and blue jeans—Jobs took to the stage. A giant backlit Apple logo loomed on a wall-size screen behind him. Twenty-two minutes into a speech sprinkled with updates about various Apple products, Jobs stopped. A moment of silence passed. “This is a day I’ve been looking forward to for the past two and a half years,” he announced.2 Scattered applause peppered the room, but Jobs waved it away. With something like defiance, he declared, “The most advanced phones are called ‘smartphones,’ so they say.” The audience burst into laughter. In 2007, when most people still carried flip phones and PDAs, the very notion of such a thing seemed absurd. Jobs went on to blast then-current “smartphones”—BlackBerries and Nokias, namely—as being difficult to navigate, even for basic functions. “What we want to do is make a product that’s way smarter than any cell phone and that’s easy to use. This is what iPhone is.” The iPhone launch is worth cherishing. It may very well have been our last mass-magical tech moment, a time when the entire world got truly excited over a technological breakthrough. This was a time before tech got scary. It was almost four years before WikiLeaks released 251,287 diplomatic cables to the press, which contributed to the bloody and largely unsuccessful Arab Spring and drove home the terrible power and scale of leaks now possible in the digital age.3 It was six years before Edward Snowden’s revelations shattered public trust in the US government by unveiling the National Security Agency (NSA) mass covert data collection program that sought info on American citizens. It was almost a decade before the Russian military’s Information Research Agency infiltrated the 2016 US presidential election through misinformation warfare, peeling away the belief that our social networks consisted of our friends, or at the very least, our compatriots. And it was eleven years before Facebook was outed for giving political consulting firm Cambridge Analytica access to 87 million users’ data, finally tipping the world’s wide-scale disillusionment with the tech industry into outright anger.4 In 2007, we still loved our tech and its keepers. The proof is in the purchases. Half a million people bought iPhones the first weekend they were available.5 Buyers lined up around the US—for days, in some places. “I feel wonderful. It’s exhilarating,” reported 51-year-old engineer David Jackson as he finally held an iPhone in his hands, having waited in line more than 24 hours for the moment. “Man, that was cool. I was shaking at the counter. I couldn’t even sign my name.”6 With the iPhone, Apple gave us what seemed like one of the greatest godsends of the digital era: a keyboardless, full-color, internet-enabled, do- everything device—one that was pretty and sleek and fit in your pocket, to boot. We may not have recognized it at the time, but Apple did more with the iPhone than create a next-generation personal computer. They created the first wearable computer: a device that you could keep on your body, in your pocket, at all times. In 2019, this was a reality for roughly 2 billion smartphone users, whether they carried an iPhone or its chief competitor, an Android (Google) phone.7 The smartphone didn’t just make life easier; it didn’t just make us, as Apple’s ’90s-era slogan urged, “think different.” It made life different. ALMOST EXACTLY 10 YEARS AFTER JOBS INTRODUCED THE IPHONE TO the world, another tech luminary addressed a similarly massive audience at the Moscone Center—for quite different reasons. On Valentine’s Day 2017, Brad Smith—the affable, sandy-haired president of Microsoft—took the stage at the annual RSA Conference, the tech industry’s premier security conference. “Cyberspace,” he declared, “is the new battlefield.”8 “The world of potential war,” he warned, “has migrated from land to sea to air and now cyberspace. As a global technology sector, we need to pledge that we will protect customers.” He paused. “We will focus on defense.” Let’s take a moment to digest this. The president of Microsoft —Microsoft, the company whose products are virtually synonymous with corporate cubicle culture—announced to 40,000 of the tech industry’s frontline programmers that they were, for all intents and purposes, at war. “Because when it comes to attacks in cyberspace, we not only are the plane of battle, we are the world’s first responders.” He continued, “Instead of nation-state attacks being met by responses from other nation-states, they are being met by us.” Let’s see that again: “They are being met by us.” Who is “us”? Smith was talking about something new—some higher-order embodiment of digital power. These new entities are tech companies’ next stage of evolution, a giant technological leap from Jobs’s iPhone. These tech entities are no longer simply making spreadsheet software and calendar apps and gadgets. They are battlefields. They are weapons. And, most important, in this speech Smith declared that these new entities should be—must be—a force for good. The problem here is that no one knows what to call these new things. As I first introduced in a 2017 WIRED article, I propose that we call them “net states.”9 Why not just keep calling them “the tech industry”? The short answer is that the tech industry is no monolith, with all its companies pursuing the same goals with the same business practices. As hard as it may be to think of the world’s newest industry as traditional in any way, a handful of “traditional” companies have undergone a metamorphosis. And, in the same way we don’t keep calling butterflies “caterpillars” once they’ve transformed, these particular companies— Amazon, Apple, Facebook, Google, Microsoft, and Tesla, specifically— have morphed into something altogether different from “the tech industry.” They no longer only make products and offer services. They’re reaching beyond their core technologies to assert themselves in our physical world. They’re inserting digital services into our lived environments in ways both unseen and, at times, unknown to us. And, most important, they’re exerting formidable influence over the way our world works on individual, societal, and geopolitical levels. These tech companies are unlike anything we’ve encountered before. Net states vary in size and structure but generally exhibit four key qualities: They enjoy an international reach. Their core work is based in technology. Their pursuits are influenced, to a meaningful degree, by beliefs, not just a bottom line. And, perhaps most significant, they’re actively working to expand into areas formerly the domain of governments, areas that fall outside their primary products and services—areas they pursue at times separate from and even above the law. Simply put, net states are not just out to make widgets or get people hooked on a single product. (This is why Tesla and its world-building businesses are included in the book and Twitter, with its single, stand-alone platform, is not.) Net states are out to change the world—not just in theory, but in defense, diplomacy, public infrastructure, and citizen services. Net states are tech entities that act like countries. By acting like countries, net states alter our experiences as citizens. And they alter countries’ experiences as geopolitical powers. Two examples—Silk Road and Project Maven—show this in action. “IT IS WITH A HEAVY HEART THAT I COME BEFORE YOU TODAY,” WROTE a user, code-named Libertas, in his farewell letter.10 “A heart filled with sadness for the infringements of our freedoms by government oppressors.” He wrote, “Silk Road has fallen.” Libertas was the Roman embodiment of freedom; the inspiration for the Statue of Liberty. It was also the pseudonym Gary Davis used on Silk Road —not the historic trading route in Central Asia; the illegal marketplace on the dark web that freely sold everything from drugs to hacking-for-hire services to humans from its launch in January 2011 to October 2013, when the FBI shut it down.11 Davis worked as a low-level site administrator for Silk Road—the Mafia equivalent of a bookie. Admin though he was, Davis hardly looked like a stereotypical hacker, showing up at his trial sporting a trim suit, well- groomed chinstrap beard, and seemingly well-rehearsed thousand-yard stare.12 While Davis was a minor figure in the Silk Road case, Silk Road itself was a major problem that had dogged the FBI for years. It thrived, selling illegal wares in plain view of the authorities to its consumers, who spent more than $1.2 billion in its two-plus years of operation.13 Yet with all transactions encrypted via Bitcoin, the authorities couldn’t figure out who was running it. When the FBI finally cracked the case, they scooped up everyone they could find associated with the site, including lowly admins like Davis. On December 19, 2013, at 8 p.m., at the behest of the FBI, Irish authorities swooped into Davis’s hometown of Wicklow, a sleepy seaside town about an hour southwest of Dublin.14 Finally, after two long years of failed attempts to shut down the site, it looked as if the Silk Road case was under control: the FBI had found their suspects, and it was only a matter of time before they gathered the material evidence needed to put them away. Then the investigation hit a brick wall. While Davis used an encrypted browser called TOR for his Silk Road–related work, he preferred Microsoft for his personal emails, which meant that Microsoft, whether they were aware of it or not, had been safeguarding content for an international drug trafficker. As a matter of routine, the FBI got its subpoena for the emails and handed it over to Microsoft. But then, something unusual happened: Microsoft stalled. Because while Microsoft now knew they harbored content belonging to a probable felon, technically they were allowed to: since Congress had passed the Communications Decency Act in 1996, tech companies couldn’t be held legally responsible for the content on their platforms.15 The issue for Microsoft wasn’t the particular user the FBI was after, or even the potentially incriminating content of his emails. The problem was that the emails weren’t stored in United States territory. They were on a server in Dublin, Ireland. And whether an American subpoena had jurisdiction over data physically housed on machines in another country simply wasn’t clear. So while Microsoft handed over the Davis emails physically stored in the United States, they declined to turn over the ones housed in Ireland. In sum, Microsoft, an American-based tech firm owned and operated by American citizens, refused to comply with the American government’s subpoena. And amazingly enough, they weren’t breaking any laws, because none existed at the time that made clear what the appropriate course of action should be. In 2013, the US Department of Justice sued Microsoft to retrieve the Dublin-stashed emails.16 That case turned into a fiasco. What might have been a simple paper chase became a many-year legal crusade. Because for Microsoft, it was never about Davis, or even the content of his emails. This was the case that would set precedent for the US government’s jurisdiction over global digital communications for years to come. As of this writing in 2019, the case is still making its way through appeals courts.