Schneier on Security
A blog covering security and security technology.
« Security Risks of Too Much Security |
| DDOS as Civil Disobedience »
May 21, 2013
Surveillance and the Internet of Things
The Internet has turned into a massive surveillance tool. We're constantly monitored on the Internet by hundreds of companies -- both familiar and unfamiliar. Everything we do there is recorded, collected, and collated -- sometimes by corporations wanting to sell us stuff and sometimes by governments wanting to keep an eye on us.
Ephemeral conversation is over. Wholesale surveillance is the norm. Maintaining privacy from these powerful entities is basically impossible, and any illusion of privacy we maintain is based either on ignorance or on our unwillingness to accept what's really going on.
It's about to get worse, though. Companies such as Google may know more about your personal interests than your spouse, but so far it's been limited by the fact that these companies only see computer data. And even though your computer habits are increasingly being linked to your offline behavior, it's still only behavior that involves computers.
The Internet of Things refers to a world where much more than our computers and cell phones is Internet-enabled. Soon there will be Internet-connected modules on our cars and home appliances. Internet-enabled medical devices will collect real-time health data about us. There'll be Internet-connected tags on our clothing. In its extreme, everything can be connected to the Internet. It's really just a matter of time, as these self-powered wireless-enabled computers become smaller and cheaper.
Lots has been written about the "Internet of Things" and how it will change society for the better. It's true that it will make a lot of wonderful things possible, but the "Internet of Things" will also allow for an even greater amount of surveillance than there is today. The Internet of Things gives the governments and corporations that follow our every move something they don't yet have: eyes and ears.
Soon everything we do, both online and offline, will be recorded and stored forever. The only question remaining is who will have access to all of this information, and under what rules.
We're seeing an initial glimmer of this from how location sensors on your mobile phone are being used to track you. Of course your cell provider needs to know where you are; it can't route your phone calls to your phone otherwise. But most of us broadcast our location information to many other companies whose apps we've installed on our phone. Google Maps certainly, but also a surprising number of app vendors who collect that information. It can be used to determine where you live, where you work, and who you spend time with.
Another early adopter was Nike, whose Nike+ shoes communicate with your iPod or iPhone and track your exercising. More generally, medical devices are starting to be Internet-enabled, collecting and reporting a variety of health data. Wiring appliances to the Internet is one of the pillars of the smart electric grid. Yes, there are huge potential savings associated with the smart grid, but it will also allow power companies - and anyone they decide to sell the data to -- to monitor how people move about their house and how they spend their time.
Drones are another "thing" moving onto the Internet. As their price continues to drop and their capabilities increase, they will become a very powerful surveillance tool. Their cameras are powerful enough to see faces clearly, and there are enough tagged photographs on the Internet to identify many of us. We're not yet up to a real-time Google Earth equivalent, but it's not more than a few years away. And drones are just a specific application of CCTV cameras, which have been monitoring us for years, and will increasingly be networked.
Google's Internet-enabled glasses -- Google Glass -- are another major step down this path of surveillance. Their ability to record both audio and video will bring ubiquitous surveillance to the next level. Once they're common, you might never know when you're being recorded in both audio and video. You might as well assume that everything you do and say will be recorded and saved forever.
In the near term, at least, the sheer volume of data will limit the sorts of conclusions that can be drawn. The invasiveness of these technologies depends on asking the right questions. For example, if a private investigator is watching you in the physical world, she or he might observe odd behavior and investigate further based on that. Such serendipitous observations are harder to achieve when you're filtering databases based on pre-programmed queries. In other words, it's easier to ask questions about what you purchased and where you were than to ask what you did with your purchases and why you went where you did. These analytical limitations also mean that companies like Google and Facebook will benefit more from the Internet of Things than individuals -- not only because they have access to more data, but also because they have more sophisticated query technology. And as technology continues to improve, the ability to automatically analyze this massive data stream will improve.
In the longer term, the Internet of Things means ubiquitous surveillance. If an object "knows" you have purchased it, and communicates via either Wi-Fi or the mobile network, then whoever or whatever it is communicating with will know where you are. Your car will know who is in it, who is driving, and what traffic laws that driver is following or ignoring. No need to show ID; your identity will already be known. Store clerks could know your name, address, and income level as soon as you walk through the door. Billboards will tailor ads to you, and record how you respond to them. Fast food restaurants will know what you usually order, and exactly how to entice you to order more. Lots of companies will know whom you spend your days -- and nights -- with. Facebook will know about any new relationship status before you bother to change it on your profile. And all of this information will all be saved, correlated, and studied. Even now, it feels a lot like science fiction.
Will you know any of this? Will your friends? It depends. Lots of these devices have, and will have, privacy settings. But these settings are remarkable not in how much privacy they afford, but in how much they deny. Access will likely be similar to your browsing habits, your files stored on Dropbox, your searches on Google, and your text messages from your phone. All of your data is saved by those companies -- and many others -- correlated, and then bought and sold without your knowledge or consent. You'd think that your privacy settings would keep random strangers from learning everything about you, but it only keeps random strangers who don't pay for the privilege -- or don't work for the government and have the ability to demand the data. Power is what matters here: you'll be able to keep the powerless from invading your privacy, but you'll have no ability to prevent the powerful from doing it again and again.
This essay originally appeared on the Guardian.
EDITED TO ADD (6/14): Another article on the subject.
Posted on May 21, 2013 at 6:15 AM
• 55 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Accountability and transparency are the name of the game. If I can see everything about everybody else, that they can see about me, then all of this is self-neutralizing. However, those "in power" (or think they are) will say you can't see that data about them. Therefore, they have something to hide (don't we all?) When they claim rights for themselves that they won't give to us, the game becomes what we are seeing today. It is called oppression. That is the purpose. Those holding the data, even about the people in power, will use that data about those people in power to control, intimidate, and oppress.
Bruce, it is getting depressing to read your posts. You don't prescribe any kind of resolution such as calling your congressperson.
There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information! - Cosmos, Sneakers, 1992
"It is the common fate of the indolent to see their rights become a prey to the active. The condition upon which God hath given liberty to man is eternal vigilance."
John Philpot Curran
It is not the technology that encroaches on our freedom. It is simply the fate of the indolent to lose their rights.
The whole PATRIOT act and TSA disasters are simply the result of people not caring about what happens (to other other people).
It is also a matter of priorities. It seems that the people of the USA care more about preventing others to marry whom they want than about preserving their personal freedom.
Only readers in the US have congresscritters, so specific remedies will vary from country to country. This is a worldwide issue - but before you can work on solutions, you need to understand the problem. And that's what Bruce is addressing.
As to solutions, maybe the US should get some data protection - Europe has made a start in this area, so personally identifiable information is no longer a wholly unregulated asset of the company which collects it.
But government surveillance and data collection in Europe is comparatively unconstrained - we need to think through the implications of this, and consider how security may be addressed while safeguarding people's rights and privacy (remember this is not an either-or).
And the long memory of the Internet and Computers may also prove to be a problem.
But kashmarek makes a good point - maybe there needs to be well defined openness about what government (and corporations) are doing, and what the people who exercise the power are up to. There is usually a register of legislators' interests, and diaries of some government ministers are open. Some countries' tax receipts are also open to public inspection. Maybe surveillance needs to be balanced with openness?
> but so far it's been limited by the fact that these companies only see computer data.
Hmm... I think you may be underestimating the threat of this alone. You are considering actions, but things like search behavior get to thoughts; Google is monitoring our brains, not just our keyboards.
> Of course your cell provider needs to know where you are; it can't route your phone calls to your phone otherwise.
Mobile networks only need to know very roughly where you are and do an adequate job (barring govt surveillance) protecting this.
OTOH, all sorts of tools you install have problems. Why does your streaming music service need constant, high-precision location data on you?
This is started to dwell into the Helios/merge ending of Deus Ex, only instead of having an AI manage all the data to determine what is best for society, companies and government use it to sell is more crap or keep tabs on us.
I'll take the AI, if that's an option. But all the surveillance is inevitable. Unless you want to choose one of the other Deus Ex endings.
"Bruce, it is getting depressing to read your posts."
I'll say, it sure is.
"You don't prescribe any kind of resolution such as calling your congressperson."
OTOH, I have a distinct feeling this wouldn't change much.
Generate noise. Generate erroneous data. Remember Marlinspike's "Google Sharing" extension for Firefox? Stuff like that, LOTS more! A good opportunity to be creative, yet such concepts are scarcely considered. Security through absurdity.
Rewriting History is another (unaddressed) concern: when one is the only having access to people's history, there's no way to contradict creative accounting.
A solution would be provably-safe security as then all editing could be stamped and archived.
But we are not living in a world consumed by the burning desire of playing fair games, hence the success of provably-unsafe security.
I agree with Muffin. Congressmen & women don't have the power, this animal has left the cage and is unstoppable. Already laws are lacking and even if they were up to date, our habits can be sold overseas to safe havens in other nations and entities (friend AND foe). I guess the leaders of these businesses/institutions don't mind THEIR habits being recorded and sold?
Resistence is futile.
Indeed, the more erroneous data and noise that there is, the less the other data is worth. For instance, do we really always need unique names?
Also, and very ironically, our off the shelf corporate web filter blocks gogglesharing as it is an anonymising service.
Bruce, I think it's time you revisited your past comments on Brin's transparent society.
I know from wikipedia that you replied to it in the 1990s, but I think it deserves a call out even if you disagree with its take on powerful vs. powerless.
Well, the genie is out of the bottle and cannot be put back in. Abuses are inevitable (and are probably already happening).
Regulation may limit commercial exploitation but will do little to limit criminal abuse, and will do nothing whatsoever to limit government sanctioned abuse.
At the moment, it all seems a bit abstract, because we are waiting for the first scandal to hit, but we could at least try to imagine the kinds of abuses that could or might occur.
It is tempting to point to the breadth and scale of location tracking as the nexus of the "fright factor", but actually, it is at the other end of the spectrum that the menace lies.
I could see probably legitimate (but morally dubious) moves by advertisers to target very small groups of individuals using "Hyperlocal" targeting. For example, you could identify individuals associated with particular workplaces (government agencies that you wish to influence, for example), and use the location data to specifically target those employees, their spouses and friends with advertising and other selected media, attempting to catch all of the people who might influence thinking in that agency in a media "bubble" under the control of the media buyer.
The audience involved in such a strategy, and consequently the amount of money required to pursue it, would be very small: trivial even, (as little as a few hundreds of dollars, probably), so I would be surprised if the more "enterprising" lobbyists and special interests were not already investigating such tactics.
We're not yet up to a real-time Google Earth equivalent, but it's not more than a few years away.
Even then, the Earth is a BIG place. A whole lot of it is no realtime interest - Alaskan tundra, Mojave Desert, etc. Another large part of may be of interest, but the interest so thinly scattered that it will be to hard to separate the meaningless from the relevant - think any rural area.
So maybe the best defense is to move out of the cities.
I've wondered about generating noise.
I could see a browser plugin that, when the browser was idle, would hit a random URL every few seconds. It could obtain URLs from a subscription list like the adblocker uses.
Call it flares or chaff!
I would value any thoughts on this suggestion:
Bruce likened data pollution to the air pollution of the Industrial Revolution.
We don't need to solve the pollution problem now, but we do need to ensure it is clearly visible.
We accept that we cannot feasibly prevent large numbers of bodies from surveilling us (its hard to be *secret*)
We can however limit the harm done to us by this data release by forcing companies / bodies to make publically available the data they hold if they are able to uniquely map that data to a individual (whether they can name that individual or not)
a cottage industry will spring up telling us who is watching us where and why
All of these devices may or may not be talking to you; but they will surely be talking to each other about you.
"On the Internet nobody used to know you are a dog"
@Someone: "Bruce, it is getting depressing to read your posts. You don't prescribe any kind of resolution such as calling your congressperson."
Reminds me of something the late, great Douglas Adams once wrote...
Barman: Shouldn't we lie down, or put a paper bag over our heads, or something?
Ford: If you like.
Barman: Will it help?
Ford: Not at all. See you.
You know Bruce is right. This is why you are reading this blog.
But the immense majority of people fall into one of these two categories: (1) I don't have anything to hide (until you do) (2) I like the convenience I have (until it becomes convenience to someone else).
An example: high-strength email encryption has been available for at least a decade, yet no one uses it. People who'd start using it today feel that it might make them looks suspicious.
Like the frogs in the fable, we like our bath warm, and probably won't manage to jump out of the pot in time.
Generate noise. Generate erroneous data. Remember Marlinspike's "Google Sharing" extension for Firefox? Stuff like that, LOTS more!
Sorry most current research shows that you cann't realy hide a signal in noise for a number of reasons.
Thus the only way to avoide Internet surveillance currently is "Don't Play".
Further it would not take a change in the law in most juresdictions to make you legaly liable for the "noise" and in the US we are well aware you can be offered thirty years or fifty years in jail for having what others consider excessive network traffic and those deciding are some commercial organisation via it's terms of service.
@ William Payne,
Well, the genie is out of the bottle and cannot be put back in. Abuses are inevitable (and are probably already happening).
Whilst "abuses are inevitable" history tells us that the genie can most certainly "be put back in" the bottle.
We have seen this with England's Kings John and Charles. John upset the Barons and they forced him to relinquish some of his absolute power from his supposed divine right. Likewise Charles who would not ceed his absolute power by his supposed divine right found that trying to ignore the inevitable resulted in his lossing his head.
The thing is what you and I might call "abuse" is others excercising what they think is their supposed "divine right". Society eventually will not tollerate the worsening abuse and takes power away one way or another and that is when those supposadly holding "divine right" find there is a reality that disagrees with their dilusions.
In the US the current president has shown only three strengths, the first is to make empty promises to the electorate , the second to do the biding of his moneied sponsers and the third be a control freak in all aspects. None of these are atributes that sits well with good governance.
But you need to ask why this is, in part it is that there are now two distinct societies within the US, that of the ordinary electors the second is that of the plutocrats who either buy up or out spend political candidates, thus making the electoral system broken and biased by the abuse of a free hand with a dollar.
It is not a matter of making minor changes such as more transparency but of root and branch surgery of the system. Which as the plutocrats will stop you getting such a candidate into power can only occur by preasure from outside the system. As history repeatedly tells us Empires wither from within untill the Barbarians break down the gates where one of two things happen. Firstly either the Barbarians compleatly destroy the old by killing and enslaving, secondly the Barbarians integrate. In either case the cycle repeats.
All this willy-nilly exposure of every detail about me makes we want to drop Off The Grid and go deep underground.
"Bruce, it is getting depressing to read your posts. You don't prescribe any kind of resolution"
Why read the posts then?
Bruce is a consistent voice of awareness. That is more then enough.
I see a number of posters go, "Why doesn't anyone do anything? You can do something, do it?"
I wonder at these.
On abuses of surveillance, that is ultimately up to the authorities to hunt down anyone who is abusing these things.
If public awareness is continually kept up, then public condemnation is readily available for when exposure of secret sins are made public.
Hoover voiced repeatedly at the end of his life that he was scared of getting caught. He was right to be.
The big knife wound recently to privacy and freedom was actually made by a liberal President's DoJ. As many have pointed out Obama has gone far beyond what Nixon did in investigating leaks.
Nixon, though, never figured out who was spying on his NSC sessions and posting that to the newspapers. He had far bigger fish to fry, and couldn't.
Sometimes such fissures are signs of things to come.
It was with Nixon, and the whole FBI and CIA at the time.
The beauty is that reality often differs from the ideas of people. Data sets are not reality and thus as much as these kind of ideas are pushed, the more reality sets in and starts to mix things up.
I think we will see a huge drive in the maker movement and open source. We will see people moving towards re-learning how to do things by hand again.
in related event, I read somewhere that Mobily or something close to that, a telecom company in Saudi Arabia is crowd sourcing hackers to help it break or bypass SSL/TLS so it can eavesdrop on mails and tweets to thwart terrorism. they claim the regulators demand it.
I am a little skeptical that "everything ... will be stored forever." There are slightly more than 300 million people in the US, and even with good codecs, storing video of every minute of say, 15 hours a day would approach 100GB per person, hardly practical to store. I think it's far more likely to mined and discarded at a fairly fast pace, daily or even hourly, to be realistic, with only hits being compressed and stored. Unless those zettabytes are cheaper than I think?
You have: ((100 $) / (4 TB)) * (1000 GB / TB) * (100 GB) * 365 * 300000000 / ( 1 G$)
So the disk cost to store 100 GB of data
per person per day for a year would be
$274 billion. Call it say $500 billion
for the other storage overhead.
Storage is not the problem, collection is.
@qka: Living in a city might be a better defense, depending on what precisely you're worried about. It's a question of whether it's better to hide a needle in a well-searched haystack or an unsuspicious spot on the floor.
In terms of protecting yourself from de-anonymized data, you're usually better off in the city. If you're the only 45-year-old male in your zip code, any record with your age, sex, and zip code isn't anonymous. If you have the only blue truck in your county, you can be tracked by satellite or amateur drone.
Anywhere you buy stuff in person these days has a surveillance camera, but in a city you have dozens of shops to choose from-- making it harder to find the camera that took your picture. Or you could make your purchases online-- but in a rural area there may be fewer people per shared IP address.
And of course there are the people. In a small town, nobody buys birth control anonymously. Indeed, many people find more freedom in the highly-regulated city than in a judgmental countryside with weaker laws.
The "everything" we're recording whether we want to or not should be open to everyone who cares to go see it, not only the powerful.
Because my life's data is worth nothing compared with the value of possessing the ability to see everyone else's.
I'll welcome the transparent society when transparency is a free service as a matter of course.
Your comments reflect something that I have been saying for quite some time with regards to the NSA data center in Utah. Eventually, the technology to carry out their task has got to become bigger, better, faster, cheaper, and continouusly usable (they have already run into a cost problem because that state is requiring them to pay taxes on the power they use and that modest amount is disrupting their mission?). The IRS is embedded into old technology such that they can't keep up with taxpayer records any longer. The NSA data center will crumble due to the same problem. Collect all the known data and analyze it. That is, until a technology shift occurs. When the shi(f)t happens, there won't be time or money to convert the old data to the new technology for analysis so it will go unused, and the demand for new data to be collected will eventually overrun the new technology and the cycle will repeat.
Also, it will be too cumbersome to collect all data, so they will only collect the "bad" data about you, which reduces the problem of space, time, cost and usability for their purposes. Sometimes, only a small amount of bad information is all one needs to achieve intimidation.
An inch. It's small and it's fragile and it's the only thing in the world worth having. We must never lose it, or sell it, or give it away. We must never let them take it from us.
I read Bruce's posts because he has typically been a voice of reason and level-headedness for quite some time. His recent posts are just getting more and more doomsday-ish and is a departure from what he typically posts.
While I agree with these concerns, I always feel obliged to point out that use of the internet is not mandatory.
Very true Mr. Schneier. The escape would probably be open source, open source security ninjas and tor-like networks.
Currently, reasonable definition video/audio of every square inch of earth is somewhat expensive to record and store. A decade from now; not so much.
After all, it wasn't too long ago reasonable definition audio files of all hitsongs were too complicated to store and stream.
The only upside I can see, is that a decade after the "powerful" can see everything everyone does; even the powerless can do so. And, even more important, a few decades after the powerful can have anyone they want, anywhere on earth, assassinated at will; the powerless will be fairly well equipped to return the favor.
The most important thing is symmetry. Noone spying on and killing anyone might be some kind of ideal; but everyone spying on and killing everyone, is better than someone spying on and killing everyone else. Internalizing that is very important. Which is why the powerful will do all in their power to indoctrinate their underlings to erroneously believe otherwise.
All this willy-nilly exposure of every detail about me makes we want to drop Off The Grid and go deep underground.
Don't forget to lose your Nike+'s when you do 8-)
I agree with Bruce that things are not looking good and that an Orwellian surveillance state is upon us in which privacy and anonimity for all practical purposes are dead. What we can do however is try to contain the personal damage as much as possible by learning about the ways were being tracked and adopting various degrees of digital hygiene. Just a few things that come to mind:
- Some operating systems are less insecure than others. Learn how to use them and the security/privacy/anonimity features that come with them. Think of it as that anti-skid course you took after getting your drivers license.
- Some applications are less insecure than others. Toss anything that is known or suspected to contain backdoors (e.g. Skype). Usually, there are plenty of alternatives anyway.
- Some browsers do a better job at protecting your online privacy than others, especially when used with extensions created for that exact purpose.
- Some search engines leak less information about your online activities than others do.
- In many countries, it is not illegal to encrypt your email communications. It is also not hard to set up.
- Encrypt your hard disk(s) while you're at it.
- Do the same for data you're holding in cloud services.
- Use an anonimising service such as Tor. They provide easy-to-use bundles for lots of platforms.
- Use VPN's like the free ones found at http://www.vpngate.net/en/
- Ditch Facebook. Unless you're a 12-year old, you don't need it anyway. Explore the possibilities of darknets to keep in touch with intelligent friends instead.
- There is no reason for your household appliances to be connected to the internet all the time. Put them in a different subnet of your home network.
- Turn off location services on laptops, tablets and other handheld devices whenever possible.
- Do you really need that fancy, expensive smartphone you are only using to make calls with, text friends and take pictures?
- Avoid the company of glassholes.
- There is no RFID-tag your microwave can't fry.
- Be suspicious of any and all free services. They usually take more than they give.
The list is endless. Will it protect you from Big Brother ? Not a chance, but at least you've given him a run for his money awaiting the inevitable day that the masses will turn against him. All of this has happened before and it will happen again.
This article reminds me of (2 words)
The scary thing about "things" is it does what it is programmed to do.
And we know the state of programming and software development.
Historians will write of this time: "there was a brief hiatus, between the decline of religion and the rise of this internet of things, where an individual didn't worry about having their every move silently observed by some unknowable entity".
One area of this not so far discussed arises from Bruce's comment,
If an object "knows" you have purchased it, and communicates via either Wi- Fi or the mobile network...
What effect this will have on crime, and conversly and perhaps more importantly the effect crime will have.
From a political point of view the argument will be much as it is on any "War on ..." and I suspect the results to be the same.
People forget just how powerful crime is, in general it beats corporations and governments hands down. And any initiatives against it usually have limited initial success and then fail and becomes another burden on the tax payer (CCTV being a prime example).
This is because unlike non-criminals, the criminals are in effect continuously fighting to exist and thus have developed ways to out wit not just technology but those minds behind it that control it and develop it.
The criminals survive because although a new technology indiscriminatly catches any criminal initialy, fairly quickly the smarter criminals develop a mitigating stratagy which then gets spread just as quickly around the criminal fraternity. Those that then get caught are those new to crime or to set in their ways or to stupid to change.
What the general citizen usually does not realise is that criminal activity has side effects that are benificial to society and the more oppressive a state generaly the more benifit society gets.
One such is the case of anonymity, criminals are most successfull when they are unknown to the authorities so the more successfull criminals have developed anonymity to a high degree.
Another is in removing identity from objects and substituting another so that goods can be more profitably resold etc. One side effect of this has been the modification of "security documents" so that for instance a stolen passport can be reused by another person.
Although the criminal fraternity have their "trade secrets" these generaly leak back into society one way or another.
Thus you will see stolen items get modified so they are nolonger tracable to their original owner and as we currently see with high end mobile phones and cars the criminals will find the way to beat the security features in anything of resalable value. Even what many would consider not worth bothering with such as low value clothes are even today being stolen, their security and other identifing tags removed and in some cases replaced.
Which brings us onto the highly profitable areas of "status product counterfeiting", "grey markets", etc. Just about any market with an artificialy maintained high profit by the IP holders will see either counterfeiting or grey markets. That is "a need arises and a secondary market forms to satisfy that need", it is almost certain that anonymity will become a major need by society we already see it with cheating spouses, teenagers and many others.
Thus it's highly likely that the criminal fraternity will as they currently do step up to the plate...
I suspect Governments will try to stop this but as with drugs I give them less chance of succeding than they currently do or more picturesquely, "They've less chance of succeding than a snowball has of surviving in hell".
What I find disturbing is that it is mostly people over 40 who recognize this problem and openly talk about it. 20-somethings live in a bliss of ignorance. They have already adapted to the new world order and see nothing wrong with their lives being broadcasted in real time.
Those few who do speak up on the matter are often marginalized and presented as odd social elements (Occupy movement comes to mind).
The prospects are grim. As Bruce noted, this emerging mass surveillance is advantageous to both private sector and government. We're alone on this.
What is our vision for the future that we want?
(Casting a vision in terms of what we don't want is not as compelling.)
Lets spend more time contemplating that.
@Someone "I read Bruce's posts because he has typically been a voice of reason and level-headedness for
quite some time. His recent posts are just getting more and more doomsday-ish and is a departure from what
he typically posts."
These are hot topics for technical news. There are real invasions of privacy happening and we are starting to see "the internet" get truly pooled into "duopolies" and monopolies. Bruce is a level headed person, and he is reporting on very disturbing developments.
It is very true, on one hand, we have massive companies which have been created around the internet who, for much of their product offering, do not actually sell anything to their users. Truly massive and really very new companies who rely on advertising to reach their audience and clicks. A large portion of this advertising market asks for the obtaining of audience data.
This trend is increasing. And advertisers, for whatever reason, have enabled side pool markets
Then there is the US and China, both engaged in a lot of unusual surveillance moves. Local cops are wanting drones, I read last week. The liberal Obama's DoJ has been pursuing some really crazy surveillance moves against journalists for leaks. Nixon never went that far and his leaks came from secret NSC meetings. Under his watch the FBI was broken into and key records stolen and released to the public. He was behind Water Gate, and he didn't do these things. There is a lot of talk about the NSA surveilling all Americans.
This talk is not on some kooky left or right wing forum, but in the mainstream technical press on a regular basis.
Then, there is China, hacking everything that moves. Nation states doing that is scary. There are a lot of ramifications to that which people must have in the back of their heads. They are getting away with mass surveillance. Why can't the US? Why can't Russia? Hoover's name is on the main FBI building, maybe his extraordinary campaign of surveillance and blackmail is something worth returning to? Maybe the Gestapo and KGB were not so bad, authorities might think.
And there is genuinely crazy terrorism - and spree killings. Not that terrorism is new, though it did die down post-70s. Now the terrorism is not from some far fringe left or some small private interest group, but it is nation based. Pakistan has the bomb.
Personally, I think all of these developments are "meh". Little things. But it is more interesting then who won a football game, or what crazy thing some drunken starlet did, I give it that.
Don't forget to mention that data aggregation and extrapolation matters. Knowing all data that's recorded about you does not matter much. Knowing all data that's recorded about some other person does not yield much information. But mining data collected from millions of users makes a difference.
Fast food restaurants will know how to entice you to order more not because they know you specifically, but because they know that some strategies are more likely to work than others with people in the peer group that you've been lumped with.
Banks will give out loans not because they trust you specifically, but because their databases indicate that, based on the neighborhood you live in and the car you drive, you are more likely to repay your loan.
And don't bother trying to go off-grid, because companies will become very suspicious when they do not have enough data about you, and simply refuse to deal with you. Why should they, when they can focus their attention on more predictable and profitable customers.
In an alternate universe, where observations can be guarded via a privacy management system embedded inside an implant Esosense:
Our small tech R&D company is being hobbled by these developments. We are in the process of making accommodated policies and procedures tharmt are typically exercised by much larger companies. This is negatively impacting our competitive position and incurring an increased level of activity we had not planned on ten months ago. We are wondering if our small company will survive these developments.
As usual, Sci-Fi has covered this issue already. Look for the "Larsen Localizers" in Vernor Vinge's A Fire Upon the Deep. Ubiquitous security invariably leads to the downfall of society.
Greg Bear also examines this briefly in Moving Mars. A couple of characters are shown to be "Vernoring", a reference to Vinge and occluding one's identity in public. Vinge's early work, True Names, is all about masking your on-line identity from the government.
As the old curse goes, interesting times indeed...
I feel that computer software is becoming more and more politics *and* economy. The way Google/Apple/Amazon/Steam works somewhat dictates our moral and economical decision. I remember Larry Lessig kinda predicted this in his book "Code" and warned that we'd need a policy discussion about our future law of nature, but sadly I see it's still missing in the public discourse today.
Someone mentioned to generate noise, someone says that it is not always useful to hide real events into noise, so I would use more techniques, like exchange of data (e.g. TOR, Onion routing etc.) with others, randomly, all over the world...and hopefully this will not lead to fake arrests when some bad data is travelling through my system.
You guys lamenting how hard it will be to "store everything" are missing the point. How much data would it take to store GPS location information for each person in the U.S., every 5 or 15 minutes? Certainly less than 1TB per day even if uncompressed.
Plus the useful parts of the headers on every e-mail you send and receive.
Plus notes about any snail-mail processed from or to your address.
Plus the pen register of who you phoned/received phone calls from.
Plus the list of URLs you visit and terms you type into a search engine.
They can store the bare minimum about everybody, and only collect more voluminous information about the <1% who scare them the most (i.e. people who have already been identified as having something to do with someone who has been identified as bad). You'll never know if you're on one of the 'bad people' lists or not at any given time, and which types of extra info they are collecting/storing about you. Anyone sufficiently paranoid would assume they have been doing most of this for at least 10 years now; the Utah data center is just evidence of them working to do it bigger and better.
Even if it bothers me to have government agencies collecting and storing this amount of info about everyone, Bruce is right--there's no way to put that genie back in the bottle. Commercial entities already have incentive to collect far more info than the government, and to aggressively combine and aggregate it so they can build better profiles for advertising or marketing products to the population. If the info exists, people in power will find ways to get their hands on it, either to use it for good or for their own selfish ends. There's basically nothing we can do anymore to stop this avalanche. At best, we can try to be hyper-aware of everything we do and avoid leaving 'dangerous' trails behind us. Twenty years from now, I think self-censorship will be the key to living your life undisturbed by the powers that be. Its already quite dangerous to voice certain opinions; this trend will only get worse.
So...we're just fucked? I guess I already know the answer. It's just not what I want to hear.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..