Schneier on Security
A blog covering security and security technology.
« Risks of Networked Systems |
| Another WWII Message Decoded »
May 3, 2013
The Public/Private Surveillance Partnership
Our government collects a lot of information about us. Tax records, legal records, license records, records of government services received-- it's all in databases that are increasingly linked and correlated. Still, there's a lot of personal information the government can't collect. Either they're prohibited by law from asking without probable cause and a judicial order, or they simply have no cost-effective way to collect it. But the government has figured out how to get around the laws, and collect personal data that has been historically denied to them: ask corporate America for it.
It's no secret that we're monitored continuously on the Internet. Some of the company names you know, such as Google and Facebook. Others hide in the background as you move about the Internet. There are browser plugins that show you who is tracking you. One Atlantic editor found 105 companies tracking him during one 36-hour period. Add data from your cell phone (who you talk to, your location), your credit cards (what you buy, from whom you buy it), and the dozens of other times you interact with a computer daily, we live in a surveillance state beyond the dreams of Orwell.
It's all corporate data, compiled and correlated, bought and sold. And increasingly, the government is doing the buying. Some of this is collected using National Security Letters (NSLs). These give the government the ability to demand an enormous amount of personal data about people for very speculative reasons, with neither probable cause nor judicial oversight. Data on these secretive orders is obviously scant, but we know that the FBI has issued hundreds of thousands of them in the past decade -- for reasons that go far beyond terrorism.
NSLs aren't the only way the government can get at corporate data. Sometimes they simply purchase it, just as any other company might. Sometimes they can get it for free, from corporations that want to stay on the government's good side.
CISPA, a bill currently wending its way through Congress, codifies this sort of practice even further. If signed into law, CISPA will allow the government to collect all sorts of personal data from corporations, without any oversight at all, and will protect corporations from lawsuits based on their handing over that data. Without hyperbole, it's been called the death of the 4th Amendment. Right now, it's mainly the FBI and the NSA who are getting this data, but -- all sorts of government agencies have administrative subpoena power.
Data on this scale has all sorts of applications. From finding tax cheaters by comparing data brokers' estimates of income and net worth with what's reported on tax returns, to compiling a list of gun owners from Web browsing habits, instant messaging conversations, and locations -- did you have your iPhone turned on when you visited a gun store? -- the possibilities are endless.
Government photograph databases form the basis of any police facial recognition system. They're not very good today, but they'll only get better. But the government no longer needs to collect photographs. Experiments demonstrate that the Facebook database of tagged photographs is surprisingly effective at identifying people. As more places follow Disney's lead in fingerprinting people at its theme parks, the government will be able to use that to identify people as well.
In a few years, the whole notion of a government-issued ID will seem quaint. Among facial recognition, the unique signature from your smart phone, the RFID chips in your clothing and other items you own, and whatever new technologies that will broadcast your identity, no one will have to ask to see ID. When you walk into a store, they'll already know who you are. When you interact with a policeman, she'll already have your personal information displayed on her Internet-enabled glasses.
Soon, governments won't have to bother collecting personal data. We're willingly giving it to a vast network of for-profit data collectors, and they're more than happy to pass it on to the government without our knowledge or consent.
This essay previously appeared on TheAtlantic.com.
EDITED TO ADD: This essay has been translated into French.
Posted on May 3, 2013 at 6:15 AM
• 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I have always found the NRA's fear of a government gun registry amusing. Their membership list is the very thing they fear. Just in case their database is hack proof against everyone--from script kiddie to NSA, they send it through the US Postal system's mail scanners on a fairly regular basis...
As for the ad-tracking networks, I started routinely installing Adblock with the EasyPrivacy filter list.
Haven't had a single customer/friend complain about getting rid of the annoying ads and they get reduced tracking as a bonus.
If you're using Firefox, have Collusion running for a couple days, then reset the graph and try again with Adblock and Easyprivacy. Quite a nice difference.
So Bruce, do you have a advice to give us so that we can do something about it or is this just you tolling the bell of doom and telling us that hope has been lost? Your essay seems pretty damning and depressing.
You don't need to own a gun to join the NRA and likewise you don't need to join the NRA if you own a gun. Their mailing list does necessarily correspond to a list of gun owners.
"did you have your iPhone turned on when you visited a gun store"
You can't turn off your iPhone from tracking.
"Did you have your iPhone on your person when you visited the gun store?"
If you can't turn it off you can at least leave it behind.
The main defense is government incompetence and inter-agency infighting.
If this is the same government that after 50years of close study, 1000 of agents and intelligence officers, $Bn in spy satelites and electronic eavesdropping - didn't notice the fall of the USSR until it appeared on CNN - then we are probably safe
But now they hire private contractors to get this information for them. A great deal of them whom aren't incompetent and have absolutely no scruples when it comes to selling your information.
I echo Someone's question, what now? This sort of surveillance is obvious to anyone paying attention, but the solution is not so obvious. (I'm sure there'll be someone saying lobby politicians, or elected the right politicians, or become a politician, I'm not convinced ordinary folk can do much with any of those options.)
"No sovereign ever lived in former ages so absolute or so powerful as to undertake to administer by his own agency, and without the assistance of intermediate powers, all the parts of a great empire...
When the Roman emperors were at the height of their power... They frequently abused that power arbitrarily to deprive their subjects of property or of life; their tyranny was extremely onerous to the few, but it did not reach the many; it was confined to some few main objects and neglected the rest; it was violent, but its range was limited.
It would seem that if despotism were to be established among the democratic nations of our days, it might assume a different character; it would be more extensive and more mild; it would degrade men without tormenting them...
I think, then, that the species of oppression by which democratic nations are menaced is unlike anything that ever before existed in the world...
For their happiness such a government willingly labors, but it chooses to be the sole agent and the only arbiter of that happiness; it provides for their security, foresees and supplies their necessities, facilitates their pleasures, manages their principal concerns, directs their industry, regulates the descent of property, and subdivides their inheritances: what remains, but to spare them all the care of thinking and all the trouble of living?
Such a power does not destroy, but it prevents existence; it does not tyrannize, but it compresses, enervates, extinguishes, and stupefies a people, till each nation is reduced to nothing better than a flock of timid and industrious animals, of which the government is the shepherd....
Every man allows himself to be put in leading-strings, because he sees that it is not a person or a class of persons, but the people at large who hold the end of his chain."
Alexis de Tocqueville
"...because I think a general Government necessary for us, and there is no form of Government but what may be a blessing to the people if well administered, and believe farther that this is likely to be well administered for a course of years, and can only end in Despotism, as other forms have done before it, when the people shall become so corrupted as to need despotic Government, being incapable of any other."
Benjamin Franklin's Last Speech
I hate to be the devil's advocate here, I agree the situation is concerning, but I do believe it is important to ask, "What is the actual impact here".
How is surveillance hurting people. How can it hurt people. Yes, we have a right to privacy, and it does appear that privacy is being invaded on a massive scale. But, how does this effect people in a negative way.
One paper I have seen is how the threat of secret surveillance can tamper what people say. It can spread a blanket of fear on people.
People can get a sort of stockholm's syndrome, where they just go along to get along.
This increases the power of anyone in power, where they do not deserve it. I think that wheel is going to spin out of control, but has it really, already?
Is there a trend of innocuous political targets in this surveillance? Is there evidence that this surveillance data is being sold, or being used to help politician's careers?
Are ordinary, concerned people being surveilled, while extremist neo-nazi groups are being ignored?
Is business data being traded to competitors?
Are people being extorted? Is the data used in targeted leaks to manipulate the system of democracy?
Are there politicians or law enforcement agents or intel agents using this data for personal gain?
@Michael, Someone 'problem, but no solution'
People depend on free web services, and that is part of how these companies have people pay for them.
There are regulatory agencies, there is potential promise for rival politicians, there are always leaks motivated by rivals, enemies, concerned citizens.
I think the call to avoid fear, and the call to rightly consider threats is very important. That happens by sensible analysts like Bruce and by comedians mocking over reactions.
Otherwise, sounds like the wheels are out of control and the value of the power this surveillance gives far outweighs the capacity for the system to handle it.
True enough. But it's close enough for government work. They'll consider the errors acceptable noise.
"So Bruce, do you have a advice to give us so that we can do something about it or is this just you tolling the bell of doom and telling us that hope has been lost? Your essay seems pretty damning and depressing."
Use Tor www.torproject.org
Use encryption www.gnupg.org
Use Live-USB OS
Any privacy scheme can be broken. Yours will too. Have a good plan in place for when your data is breached.
@AtomBoy "Are ordinary, concerned people being surveilled, while extremist neo-nazi groups are being ignored?"
Yep. When given spying powers, UK councils were keen to spy on ordinary citizens as to whether they really were due given benefits. There's a whole list of similar events, and terrifying screwups where the wrong data was passed and someone innocent got harassed or arrested, in a variety of news articles. Here's one http://www.theregister.co.uk/2012/07/16/...
You ask what the actual impact is. Beyond the above that has news survivor bias, we can't know that. How do you measure loss of privacy or identity theft until you know it's happened? How do you even establish that some drone in some office somewhere has ordered a snoop of your entire personal life? If you apply for a job and don't get it, will they actually say 'we didn't like what you'd written on Facebook two years ago'? If your life is stolen, how will you know what pieces of data they gathered and from where?
All the surveillance that Bruce is writing about is one-way. We the citizens are observed & catalogued, increasingly by machines that don't tire of looking through vast quantities of data. Try finding out which companies purchased your personal data, or even a given government. Look at what happened with Wikileaks when someone tried to force the US government to be transparent in its actions. No, then it's all about corporate/national security and the gates are barred.
It's not a matter just of surveillance and data mining. It's who is allowed to look at what & why. Most people given power will use it. They won't ask 'should I do this?'. We have already had anti-terrorism legislation abused to silence political protesters, and anti-terrorism surveillance laws used to spy on ordinary citizens for whether they were close enough to a given school they wanted their children to go to. It's clear that abuse of data has happened and will again.
Re: Disney and Fingerprints. It's been a long time since I've been to Disney World but at that time they were using a form of hand-geometry scanner that only used two fingers. The picture in the EPIC article is of a hand-geometry system. These don't do fingerprints, just the back of your hand to derive data from finger sizes and such. You don't even have to place your palm on the machine, as most people do. I didn't want to catch other people's colds where I worked, where they used full hand-geometry scanners, so I always kept my hand up about an inch and it still matched - no way to get fingerprints that way. I may have done this at Disney World as well.
Re: NRA Membership. I believe that the NRA inflates its membership numbers. Many years ago they sent me a membership card completely out of the blue (I have no guns and had never contacted them or any related companies). It wasn't an application either, it said I was a member of the NRA. I had no interest in that and tossed it.
And don't forget the latest and greatest tool - the Census Bureau. That's right, what used to be a Consitutional imperative - to conduct a census every ten years - has now become a gargantuan system the gov't uses to demand information from companies. "YOU HAVE BEEN CHOSEN..." the letter begins. "YOU ARE REQUIRED BY LAW TO RESPOND."
The lack of transparency and accountability by "big data" brokers is alarming. This type of behaviour can easily lead to situations involving inaccurate information and inappropriate usage that are very difficult if not impossible to correct. We are quickly becoming a society where your job application can be denied because your name accidentally ended up on a disability support mailing list after you searched for the wrong thing on a health site. Not only is determination wrong (due to inaccurate information), it is also illegal (due to using protected information in the hiring decision). What can we do as a society to protect ourselves from these threats?
@Someone "do you have a advice to give us so that we can do something about it..."
My two cents would be that short of staying under the radar, which these days is pretty hard to maintain for long periods, what we need is appropriate legislation that curtails & controls use of data & perhaps more importantly combination of data.
We can't stop the all seeing eyes now. There's too much money & too much power involved in gathering data, and too much of the data by itself is innocuous.
What we need is when, not if, that data turns up in court or some equivalent that we're able to say 'Ok, just where did you get this from? Was that legal? Is this an appropriate use of data from that form of data gathering? Did you combine multiple pieces of data each of which might be allowed to be gathered on its own, but not together?'.
I don't believe for a second this will happen of course.
A little background first...
My current business enterprise, an electronics R&D laboratory, develops prototypes and applications across a plethora of markets. One area we focus on is network and information security. We are seeing a disturbing trend. Just as the wars in the Middle East was ginned up, the same is occurring in InfoSEC environment. Big mil contractors are lining up to build the great firewall of the United States. But, it gets worse, very bad indeed. Not Orwell's dystopia, Bradbury's 451.
"How is surveillance hurting people. How can it hurt people. Yes, we have a right to privacy, and it does appear that privacy is being invaded on a massive scale. But, how does this effect people in a negative way. "
How would unreasonable search and seizer hurt people? Your argument is like saying, "What do you have to worry about if you haven't done anything wrong?"
It doesn't just "hurt" people, it hurts the integrity of a still somewhat free and liberated society. People get used to Big Brother walking over them until it doesn't hurt anymore.
I suppose the difference in "hurt" that one experiences is dependent upon the degree to which he doesn't feel he should be obligated as a free man to lick another's boot.
Of course it is where things are going given the current trajectory. The argument (had in the smokey back rooms of course) will go something like this: "Pre-crime is not enough! People can still self-radicalize through the internet... so we need to control the flow."
The problem is that tech people have always thought it would be easy to one-up the system through novel technological advancements like encryption/anon, etc. They happen to be wrong this time imo (cue the internet interprets censorship as damage and routes around it argument). The powerstructure is using technological innovation to accelerate it's power while holding everyone else (domestically and internationally) down. Hell, that's the entire global power strategy for the post-american world. The only way the empire maintains it's dominance with equalizing technological power is by using legal and physical force to hold everyone else down.
I have some concern about this:
"When you interact with a policeman, she'll already have your personal information displayed on her Internet-enabled glasses."
I have often thought that as well. However, despite "knowing" everything about you, they will arrest you on the spot, cuff you, and haul you away if you don't provide them ALL the information they already "know" about you. The charge is likely to be interferring with a police officer performing their duties, or at least failure to cooperate with a police officer. Even if all of the information they "know" about you is good, withholding any of it from them is considered bad, you have something to hide, and will be considered uncooperative or under arrest. Their knowledge about you is not to know what they are dealing with but to intimidate and control you, which is to make you happy if you cooperate or unhappy if you don't. Only the data of "certain" will come through the filter as marked "untouchable" and those persons will be left alone.
Sound far fetched. About as far fetched as thinking that all of this collected data will be used for your good.
...only the data of "certain people"...
Tor is fine for anonymity...if you decide to forgo much scripting and all flash and java on the web. It makes for a slow, bastardized experience. Sure, it's useful at times, but it's not a solution to the problem at hand.
The solution is the problem! The problem with "big data" is that it completely relies on the quality of input data. Capture verbose garbage, or Flood the system with garbage, and the analyst has a whole raft of problems. It's a basic signal/noise problem, amplified by the bias of the analyst. The more data you collect, the more dumb you become (at a point).
Hypothetically, one could inject garbage data likely to be labeled "positive", or inject "dirty" data on unfriendlies to crash the data set.
Profiling human beings is infinitely more difficult than analyzing an IP header, or packet stream, then further complicated by its subjectiveness.
I think Taleb said in fooled by randomness: "the more data you have, the less you know." Or something like it. Stop thinking of this as a technical problem, and start thinking of it as a human problem, read: Khaneman, Taleb, etc.
> "How would unreasonable search and >seizer hurt people? Your argument is like >saying, 'What do you have to worry about if you haven't done anything wrong?'"
But, it really is that argument. This is the same argument used for why cops, in general, do not make anyone nervous if we are not engaged in any major, persistent crimes.
Ordinary citizens not breaking any major crimes on a persistent basis really have no reason to fear cops. There are extreme exceptional conditions to this rule. But, those are extreme exceptional conditions, so it would be fear based thinking to consider them normal.
I think people can rightly urge that we do not over react on terrorist attacks, because more people die everyday in car crashes by far.
But, should the reverse standard be taken, that we should over react to extreme exceptions of police abuse: such as the NASA spy who wasn't, or the girl in Florida expelled permanently from school for an obvious science experiment gone wrong? Or maybe the initial suspect in the ricin investigation?
While those are scary situations of police prosecution on the fear of terrorism or espionage gone wrong, they are extremely exceptional. There are no crackdowns going down on anyone with non-mainstream beliefs.
This *may* happen in the future, but there is simply no compelling evidence that it is happening now.
If it does happen in the future it is because of fear based decision making, isn't it?
Where extreme, exceptional conditions are elevated from being three in four hundred million to being one in five?
You do not know how it is being used. Maybe you have been passed over for a job or promotion "because of something you said on facebook two years ago". But, do you really want to work for an employer that is that dense to judge you on an off the cuff comment made on facebook two years ago? Someone who is either a complete hypocrite, or whose standard is so narrow they never let themselves anything - ever - which could be irresponsibly misconstrued?
The register article you linked to said that *two* people were wrongly detained. From that extremely small number, there was a major political and media backlash.
How many people are wrongly detained during murder investigations? How many false suspects must be questioned there?
I think people should be wary. I agree that people have a strong tendency to abuse power. There must be checks and balances.
But without evidence that there are no substantial checks and balances, how can anyone argue that the system is completely corrupt?
I think you would have to extrapolate from extremely rare conditions to do this, at this time. And this is the exact sort of thinking we are concerned about the policing agencies of doing. And the public.
Maybe the public should extrapolate those extremely rare circumstances vastly. But, then, if that is the case, maybe the policing agencies should also do the same with terrorism.
"Hypothetically, one could inject garbage data likely to be labeled "positive", or inject "dirty" data on unfriendlies to crash the data set.
Profiling human beings is infinitely more difficult than analyzing an IP header, or packet stream, then further complicated by its subjectiveness."
I would agree, but this is not even hypothetical. When people are talking about secret surveillance they are talking about intelligence agencies and divisions.
These same agencies and divisions - any any country where they are mature - react in exactly this way when they either capture an agent and turn them, replace them, or discover they are themselves under surveillance.
So, this approach works perfectly and is well documented in the annals of open source intelligence.
Further, false positives are extremely detrimental to these organizations. They provide extraordinary judicial, political, and public backlash.
But, if someone intentional creates false positives just to try and mess with such agencies, they could have a hard time explaining what they were doing.
"I was just joking".
> When you interact with a policeman, she'll already have your personal information
Or policewoman :)
@ Gender Police,
That's why in the UK we are encoraged to call them the nice gender nutral "Officer".
On another more apocraphal note, there is the story of a Chief Police Officer on being pressed by an irritating Journalist with a "sexist agender" in some irritation came out with the line,
"As far as I'm concerned the only difference between a police man and woman is six inches!"
(Police woman at the time had a minimum hight requirment half a foot less than that for their male colleagues)
Well, I’m mostly a political blogger, so my comment will have a bit of a different tone than others that typically appear here. This is a short repost from one of my blogs.
The info-equity movement opposes the rise of what is fast becoming a new total surveillance state. A mass observation culture, where an elite ruling patrician observer class oversees a submissive subordinate observee class. The wealthy info-elite will be entertained by the spectacle of our misery. The relationship will be non-reciprocal with total info-inequity. All information about the wealthy info-elite and their deputies will be classified Top Secret, so the info-pleb observees will never be allowed to know what the elites are doing and enjoying.
one solution is to pollute our personal data.
we need an app that will click on ads randomly and visit random sites for us and that will send GPS data that will make us look like we are in several places at the same time or following a fake route. whomever is collecting the data won't know what's true and what is not.
tor is absolutely not 'safe'. researchers have found enormous holes, not to mention the standard tor setup is more-or-less completely insecure since you have to practice safety around exit relays and this is much more difficult than getting use to a web without scripting.
gpg is the same - it's encrypted, but not if you have a fast enough computer.
i think the point of @999999 was absolutely correct - concerns about privacy on the internet are completely hopeless, consider yourself thoroughly breached at all times - to a networked computer, everything is data and just like how deleting something from your hard drive is a lot harder than most people realize, once anything is in bits it can stay in that form.
tor / gpg is good not great for sensitive information.
livecd on a box with no internet connection is close to safe, but definitely not full proof.
privacy advocates should be worried about simple things likes CSRF and packet sniffing employed in social situations among peers as well as data-collection among the elite. focusing on just this one aspect ignores common technical issues. with a broader focus, we can know the answer to better privacy is better practice and understanding - computers are not magic
- every click has a transaction cost
- companies don't give anything away for free
(why should people, with their data?)
I strongly believe in our Constitution and Bill of Rights, including our Fourth Amendment privacy protections, but for me personally there's another civil rights concern at play. Say for example the mob accuses me of child molestation or some other heinous crime. Eye-witnesses come out of the woodwork to prove it is so, jurors are subtly threatened, and judges are paid off. I'd just rather be video-recorded in a public place when I'm with people I don't know I can trust. That way it's more difficult for the mob to trump up false accusations against me.
@alfredo - when we think at countermeasures like polluting our personal data, one should consider the bad guys can do the same. as an Eastern European, I found myself splitted between TheBigBadState and TheNiceEnvironment of our personal freedom. the main question seems to be who is willing to abide to the rules and who is just faking.
a little lol here. i'm 28 and my whole life i've been under surveillance - my mom wire tapped the landline, my college roommate used wireshark to capture all my internet data, every employer i have had (i do contract work) has used various trojans, vnc clients, keyloggers, and even voice and video recording software on my own personal computer. and of course, in regular interactions with people, surveillance tools like nanny cams and gps trackers are essentially the primary mode strangers interact.
it's an intricate part of modernity is what i am saying. it's true that most people like this author bring their own bias into it and look for breaches of privacy that accord with some ideological point of view, however you seem to be doing that as well. the mob uses these tools to trump up false accusations just as much or more than one could ever use them to be 'safe'. if you're coming from a comfortable environment where you've never seen the absurd end of the legal system then i can see how it would be easy to have that comfort, but it is false. the mob will use any half-heard whisper to accuse you of anything that is in their own heads - the schaudenfraude people experience with celebrities is the same exact thing - give them some sort of technological tool which they can then cling to as some sort of 'objective' or 'omniscient' or 'unbiased' 'version of gossip' and you're only validating peoples worst instincts.
1) as if people don't do bad things in front of a camera
2) as if some third party could tell just from looking at an image of a person if that person was a criminal just from the 'signs' of that person (if they were not engaged in a criminal act in that video)
3) as if most people are heinous child molestors, and not just petty fools. i'm much more worried about the day-to-day people i interact with then some evil villain. when people see villains all around them, its usually because they are acting villanous. it is the day-to-day people that have the power to ruin your life every day- taxes are paid to law enforcement to deal with criminals. money and these concerns are surely more important to people than fears of the crazy and evil people, even if it seems more banal.
This is the same argument used for why cops, in general, do not make anyone nervous if we are not engaged in any major, persistent crimes.
I believe you are genuinely trying to understand why the ghost of a full surveillance society is scaring the living daylights out of so many people, but lack the historical and philosophical background to see the bigger picture.
Above statement is a common phalacy that has been used through the ages to submit "good citizens" into obedience to their ruling classes. Now imagine being a jew under Hitler, a homosexual under sharia law, a christian in 1st century Rome or - closer to our own timeline - a nurse attending to wounded protesters in Bahrain. No major or persistent crimes I can see, but capital offenses in their own context, giving the "offenders" plenty of reason to be very afraid of the police. Not in the US, I may hear you say, but think again: how many careers and lives were destroyed during the McCarthy witch hunt on communists, and what to say about the 100.000 completely innocent Japanese Americans who were sent to "war relocation camps" following the attack on Pearl Harbor ?
Let's continue talking crime. In his book "Three Felonies a Day", US criminal defense and civil liberties litigator Harvey Silverglate describes how ordinary, law-abiding citizens have found themselves the targets of federal prosecutions, despite sensibly believing that they did nothing wrong, broke no laws, and harmed not a single person. In essence, he is stating that the average citizen - knowingly or unknowingly - commits about 3 felonies a day, and that even the most intelligent and informed citizen (including lawyers and judges) cannot predict with any reasonable assurance whether or when a wide range of seemingly ordinary activities might be regarded as felonies. Examples a plenty ( http://www.threefeloniesaday.com/Youtoo/tabid/86/... ), and you may recall the recent case of internet activist Aaron Swartz who was haunted into suicide by overzealous prosecutors.
Everyone can do the exercise for himself. Only yesterday I committed at least 2 felonies and 3 misdemeanors that I am actually aware of. And without hurting or otherwise damaging anyone in any way whatsoever. Unless you're the most boring person in the world, chances are that you've done the same.
Downloaded that new Game of Thrones episode from the Pirate Bay and which unwittingly you are now seeding in the background ? You're in violation of the Digital Millennium Copyright Act. Thinking about poisoning the way you're being tracked on-line ? Bad idea. The federal Computer Fraud and Abuse Act outlaws anyone from sending information, with the intent to cause damage, to a protected computer. The law’s definition of damage includes “impairment to integrity” of a system or data, which for this purpose can be used against you. Assuming you're safe because you're not a US citizen ? The DoJ vehemently disagrees. So may your own judicial system.
We all - and on a daily basis - do or witness stuff that either borders on illegal, is illegal but that we are not aware of, or that we simply don't want to be in the open. What you and your partner do in the bedroom is hardly a secret or illegal, but do you really want your neighbour, a corporation or government agency snooping in on it ? Got tagged on a Facebook picture posted by one of your idiot friends who saw fit to upload images of the gang doing blow off a stripper's belly at your stag party ? If someone doesn't like your face, you may forget about that new job and security clearance. Maybe even about the visa for that exotic country you we're planning to take your wife on a honeymoon to. Or how would you feel about me submitting a FOIA request for the phone records the NSA has been keeping on you? You have nothing to hide, no ?
Herein lies the danger of ubiquitous surveillance and big data correlating it all. It is setting the stage for 1984, reducing people to characters in the Truman Show who can only go about their lives constantly mirandizing themselves that anything they say or do can and will be used against them by a small elite that itself is hiding behind secrecy and "national security". The outcome is Fritz Lang's Metropolis.
Not convinced ? Try talking to older immigrants from the former Soviet Union, East Germany or Romania. Ask them about the Stasi or Securitate. Watch them turn green. And these agencies didn't even have a faction of what technology allows for today.
One would expect lawgivers around the world to be very preoccupied with initiatives to curb the potential threats to democratic society mass surveillance is posing. Unfortunately, the opposite seems to be true, with CISPA and scores of similar bills in other countries being living proof thereof. In 2010, Mark Zuckerberg declared privacy dead. Only recently, the honourable Michael Bloomberg, mayor of New York, and in the wake of the Boston bombings, called for a re-interpretation of the US Constitution. In doing so, he questioned the combined wisdom of the Founding Fathers, arguably some of the sharpest political minds western history has seen in the last four centuries. That's not just hubris, that's a sign on the wall that there is something seriously rotten in the state of Denmark.
Tor is fine if you understand that it doesn't provide end-to-end security or privacy. It is strictly for anonymity and it is limited in that sense. Depending on who you are trying to hide from, you may need to take extra steps.
I first became aware of facial recognition software in the late 1980s, via a thread on comp.risks. At the time the Fed was talking about rolling out test systems in Federal buildings, airports, and bus stations.
Rolling on to the 21st century, a few years ago a friend of mind sent me a link to a page on al-Jazeera. On the page was a picture of... me.
I'd already encountered the eerie experience of someone who was near-enough my twin; the first time, it was a guy with the same name, born in the same city, in the same month and year.
Being a twin to a disc jockey two thousand miles away was strange enough - and for a while, some peculiar recurring events with credit reporting led me to believe various credit agencies had the two of us confused despite the different middle name - but my second twin (one month younger, born in Libya) is the leader of a major terrorist organization.
There are fewer individual faces than people, but the roll of the genetic dice managed to make the Libyan my twin anyway; the bulk of my ancestors are Irish and Georgia Cherokee.
I don't go to airports, but I occasionally have business at the local Federal building. And back in the early 1990s, my name was among those added to a "suspected terrorist" list when my state of residence was trying to fluff up a list to get some Federal grant money.
Sooner or later, I expect I'll have a nasty encounter with Homeland Security...
Political parties are already free to use this information and they do, extensively. They have begun to do very careful micro targeting in their get out the vote efforts. So our elections may already be determined using this information. I'd be surprised of they haven't already started using this for opposition research(pouring through all the information they can buy about the opposing candidate).
> Sometimes they can get it for free, from corporations that want to stay on the government's good side.
I think *that* is a big problem, what do those corporations do that needs "government's protection" so much more than "government's money"?
In which way the government is paying back? By not sending the tax man, by voting laws with loopholes, by not applying the law for those corporations, by misplacing or delaying court cases?
@alfredo: one solution is to pollute our personal data.
I am under surveillance 24/7. I don't know why. I haven't broken any laws. I have had money taken out of my accts and the comptroller of currency does nothing. I have been blacklisted, and harrassed 24/7. I can't even rent an apartment here in Texas or Ohio. I use to work but now I am disabled due to work related injuries. I can't even get proper medical care. Wherever I go these people follow me and harrass me. US citizens can't get any help here in Texas but if you are a illegal you can break laws, get help with food, housing, finance, education, furniture, cars. Mexico has taken Texas back. I am so tired of this. I can't get any help anywhere. If you have any ideas of what I can do without dying to escape this hell please inform me.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.