Nearly 70 years after the fact, the British Secret Intelligence Service (SIS, or MI6 in James Bond movie jargon), released details of the agency’s creation of the world’s first programable digital electronic computer, Colossus.  Known since 1974 has been the story of British success decrypting German WW II signals intelligence encrypted using four and five rotor Enigma machines.  The German high command, however, used more complex 12-rotor Lorenz technology.  Britain’s cracking of that code remained top secret until recently.[1]

The Lorenz SZ cipher attachments implemented a Vernam stream cipher, using a complex array of twelve wheels that delivered what should have been a cryptographically secure pseudorandom number as a key stream.  The key stream was combined with the plaintext to produce the ciphertext at the transmitting end using the exclusive or (XOR) function.  At the receiving end, an identically configured machine produced the same key stream which was combined with the ciphertext to produce the plaintext, i.e., the system implemented a symmetric-key algorithm.[2]

The total possible number of coded patterns was two to the power of 501.  That fact made it physically impossible for humans to decrypt the volume of messages that the German high command was sending and receiving.   By building Colossus, the British solved that problem only weeks before the D-Day invasion of Europe.  Reading German Lorenz signals intelligence told the Allies all they needed to know to finish the war in 11 months rather than 2-3 years.

The relevance of Colossus today is this: even at the dawn of the digital age, humans were no match for programmable machines’ computational power, which is why humans invented computers.   It took the concentrated resources of whole nations to create digital machines.  The U.S. Navy’s ENIAC computer debuted in Philadelphia just after the war ended.

Intervening decades have extended that power into every nook and cranny of human experience—for good and for ill.  What was once attainable only by marshaling the intellectual, engineering and financial wealth of nations is now available as a $300 wristwatch.

The discomfiting corollary is that the forces that now control $300 wristwatches thereby control our lives to a degree most of us do not recognize or care to admit.  When that power is exercised inappropriately, we as individuals are at its mercy.  This is the phenomenon academic observers have named surveillance capitalism.[3] 

Today as in 1944, government action is the only realistic countermeasure to abuse of power on the scale now held by corporate tech titans.  Cue the Consumer Financial Protection Bureau, an agency in search of its mission since Congress created it in response to the banking crisis of 2008. 

In late October, CFPB issued orders demanding non-bank operators of payment systems turn over information about their systems.  Targeted were Amazon, Apple, Facebook, Google, PayPal and Square.  The agency said it also will study the practices of Chinese payment systems Alipay and WeChatPay.  CFPB’s stated areas of inquiry are consumer behavior targeting, coercion of merchants to participate in payment networks, and deficient compliance with consumer protection requirements.

Last month, CFPB shut down lending operations of LendUp, a company that claimed to serve “the emerging middle class” by making payday and other short-term loans.  Investors in LendUp included A-List venture capitalists such as Andreessen Horwitz, Kleiner Perkins, Google Ventures, PayPal and QED Investors.  LendUp’s brief corporate history included violations of the Military Lending Act, which prohibits charging armed services personnel more than 36% APR on loans, and documented deception of consumers about the benefits of repeated borrowing from LendUp.

CFPB is also reviewing “buy-now-pay-later” retail loans offered by companies with catchy names like Affim, PerPay, Splitit and Klarna.  Sold to consumers as alternatives to credit card debt, the BNPL product looks to all outward appearances as if it is the latest gimmick to induce consumers to spend themselves into insolvency. 

CFPB’s focus on fintech companies is where the agency’s energy should be centered.  These companies are geared to gin up business regardless of the consequences to their customers and have none of the regulatory constraints or risk averse culture of conventional banks.

Surveillance capitalism will not be the death of human agency as critics like Professor Zuboff suggest.  It is, however, a force that must be moderated in the same way the Interstate Commerce Commission brought railroads to heel in the early 20th Century.  Government can and must be a force for good.  Thoughtful exercise of those powers by public-minded individuals is an abiding strength of the American republic.  May it always be thus.

[1] Price, David A.  Geniuses at War: Bletchley Park, Colossus, and the Dawn of the Digital Age, New York: Random House (2021).

[2] https://en.wikipedia.org/wiki/Cryptanalysis_of_the_Lorenz_cipher.

[3] See, e.g., Zuboff, Soshana.  The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, New York: Public Affairs (2019).