Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Squid Watch |
| NSA Surveillance and Mission Creep »
August 5, 2013
The Public/Private Surveillance Partnership
Imagine the government passed a law requiring all citizens to carry a tracking device. Such a law would immediately be found unconstitutional. Yet we all carry mobile phones.
If the National Security Agency required us to notify it whenever we made a new friend, the nation would rebel. Yet we notify Facebook. If the Federal Bureau of Investigation demanded copies of all our conversations and correspondence, it would be laughed at. Yet we provide copies of our e-mail to Google, Microsoft or whoever our mail host is; we provide copies of our text messages to Verizon, AT&T and Sprint; and we provide copies of other conversations to Twitter, Facebook, LinkedIn, or whatever other site is hosting them.
The primary business model of the Internet is built on mass surveillance, and our government's intelligence-gathering agencies have become addicted to that data. Understanding how we got here is critical to understanding how we undo the damage.
Computers and networks inherently produce data, and our constant interactions with them allow corporations to collect an enormous amount of intensely personal data about us as we go about our daily lives. Sometimes we produce this data inadvertently simply by using our phones, credit cards, computers and other devices. Sometimes we give corporations this data directly on Google, Facebook, Apple Inc.'s iCloud and so on in exchange for whatever free or cheap service we receive from the Internet in return.
The NSA is also in the business of spying on everyone, and it has realized it's far easier to collect all the data from these corporations rather than from us directly. In some cases, the NSA asks for this data nicely. In other cases, it makes use of subtle threats or overt pressure. If that doesn't work, it uses tools like national security letters.
The result is a corporate-government surveillance partnership, one that allows both the government and corporations to get away with things they couldn't otherwise.
There are two types of laws in the U.S., each designed to constrain a different type of power: constitutional law, which places limitations on government, and regulatory law, which constrains corporations. Historically, these two areas have largely remained separate, but today each group has learned how to use the other's laws to bypass their own restrictions. The government uses corporations to get around its limits, and corporations use the government to get around their limits.
This partnership manifests itself in various ways. The government uses corporations to circumvent its prohibitions against eavesdropping domestically on its citizens. Corporations rely on the government to ensure that they have unfettered use of the data they collect.
Here's an example: It would be reasonable for our government to debate the circumstances under which corporations can collect and use our data, and to provide for protections against misuse. But if the government is using that very data for its own surveillance purposes, it has an incentive to oppose any laws to limit data collection. And because corporations see no need to give consumers any choice in this matter -- because it would only reduce their profits -- the market isn't going to protect consumers, either.
Our elected officials are often supported, endorsed and funded by these corporations as well, setting up an incestuous relationship between corporations, lawmakers and the intelligence community.
The losers are us, the people, who are left with no one to stand up for our interests. Our elected government, which is supposed to be responsible to us, is not. And corporations, which in a market economy are supposed to be responsive to our needs, are not. What we have now is death to privacy—and that's very dangerous to democracy and liberty.
The simple answer is to blame consumers, who shouldn't use mobile phones, credit cards, banks or the Internet if they don't want to be tracked. But that argument deliberately ignores the reality of today's world. Everything we do involves computers, even if we're not using them directly. And by their nature, computers produce tracking data. We can't go back to a world where we don't use computers, the Internet or social networking. We have no choice but to share our personal information with these corporations, because that's how our world works today.
Curbing the power of the corporate-private surveillance partnership requires limitations on both what corporations can do with the data we choose to give them and restrictions on how and when the government can demand access to that data. Because both of these changes go against the interests of corporations and the government, we have to demand them as citizens and voters. We can lobby our government to operate more transparently -- disclosing the opinions of the Foreign Intelligence Surveillance Court would be a good start -- and hold our lawmakers accountable when it doesn't. But it's not going to be easy. There are strong interests doing their best to ensure that the steady stream of data keeps flowing.
This essay originally appeared on Bloomberg.com.
Posted on August 5, 2013 at 6:02 AM
• 51 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
So what your internet business model that doesn't involve selling user data? I don't know about you, but I like an internet that A) does cool things and B) is largely free. Ruining both is not going to make the public's collective life markedly better because the only consequences from this setup are all theoretical or involve slippery slope arguments.
Laws should focus on protecting people from any consequences of data use, not try to implement all sorts of a priori restrictions that will impede innovation. The only reason Europe is all up in arms is because there are huge swaths of the traditional economy that doesn't want to get disrupted by Google and Amazon so they are using "privacy" as a cudgel to block competition.
Mike B are mixed apples and oranges as they say here in Serbia
Screw the internet business model. We don't really need lolcats and customizable news - they've been sold to us, by giving them away free. We're in the modern version of bread and circuses, and the gazed-eyed public is out there serving little purpose other than to a revenue source. Bruce focuses on privacy, but the business-government partnership goes nearly everywhere. Regulations are written by former or soon-to-be industry executives, and small independent producers are all but leveraged out. Every now and then something comes up that is so abusive people finally react to it - I'm thinking SOPA or USDA's NAIS system, but inevitably all or nearly all of it comes back under the radar. It's like little flareups on an event horizon. I'm not as optimistic as Bruce; I think we've passed the point of no return.
It all started with the erosion of the ma and pa ISP's that first evolved out of BBS's. First to go was shell hosts, irc servers, usenet, and I don't know if ISP's still bundle email. What ma and pa ISP's tried to do was control people but they did it on their networks which were small, that's changed. Like you said the big corporations are now doing these things and there are less alternatives. End-users are just that, end-users. Google as an ISP is not allowing servers to be run from home, and the ma-pa ISP's never allowed that either except a few people who'd pay extra. Perhaps paying extra is what's needed for freedom, as the saying goes "freedom comes with a price", however people shouldn't be fooled. Price Gouging has nothing to do with freedom and that's the big players favourite past-time. Thinking about it, I have no solution really, but I remember the erosion of small ISP's on massive scales, I think that is significant in understanding the picture that we face today.
The Constitution isn't just a document that places limits on the gov't, ahem... the gov't is given responsibilities. The body of regulations couldn't care less what companies DON'T make and sell. Huge difference.
As they say, when all you have is a hammer, everything starts to look like a nail.
Other agencies are clamoring for the data that the NSA compiles:
Forgive me for being naive, but I thought they were just collecting the data FOR OTHER AGENCIES to use.
What does it mean to "compile" the data?
It is not so much that others want to use the data. By and large, this data will be significantly abused, and most likely get into the hands of criminals for malicious purposes (as though it didn't already start off in the hands of criminals).
This is truely the embodiment of "all your data are belong to us".
The only people who CAN'T see the data are the people that the data is collected about (you and I).
The only people who CAN see the data are the people on whom they will collect no data (them).
They are the victimizers, we are the victims.
What will they do when we stop generating the data that they attempt to collect?
Or, what will we do when we stop generating the data that they want to collect?
Forgive me if I am naive but let me ask a a question....
Corporations are private entities. Private in the sense that the government does not own them. Are the customers of these corporations private? Could not corporations use this to avoid having to share data with the government? perhaps an extension of the right to not self-incriminate.
IMO, the market economy *would* fix the problem of privacy if the government did not skew the incentives away from consumers. Corporations must literally chose today between pleasing the government and their customers. That is the opposite of the definition of a true market economy.
The fix, at its core, is to protect private transactions between consenting parties.
I disagree with half of Schneier's premise that we should curb what corporations can do with our data (I am presuming he means more laws here). We already can curb what they do with our data by choosing to not to do business with them. While at face value it seems simple to pass laws to protect consumer's data you have just fed into the private-government system you are trying to avoid by giving more power to government officials, courts, and lobbying groups. Not to mention the growing complexity of data (what we are tracking) and what we can do with that data (big data analytics, prediction engines, AI) makes crafting laws tough and with our speed of legislation makes keeping up with data innovations impossible.
I want one of those NoEsc keys for my keyboard.
I think Compile in this case simply means to take the raw data and format it into databases that others can use.
Basically its data entry into whatever format each program needs/wants. I am quite sure all the Billions of tax dollars was "spend" well to make sure this is automated.
Kind of goes to show yea, the old government can do things right, aka ,military and spying. of course they overspend on it, but hey the old corporations need to stay well fed.....lol
I can only strongly agree with the point made.
But I've been wondering if we could turn those questions around:
- If we were offered a way to communicate in such an efficient way that we can talk to anyone at anytime from anywhere to anywhere. Would a government that cannot track people allow us to use such a communication tool? Yet we have cell phones.
- If we were able to become friend with any kind of people from any origin, with any motivation in becoming a friend, and who could easily cheat us, or impersonate us, would the government allow that without being notified? Yet there's facebook.
I'm not defending any of those surveillance measures and you've been writing extensively about trade-offs. I believe it is justified to find a trade-off regarding those issues as well.
I don't feel free to have free speech.
There is one issue that I think has far too long been ignored or put-aside that will in the end be the differentiating factor in the end result of all this.
GPL vs BSD(et al).
I am increasingly coming to the realization that RMS has had it right this whole time, and though I spent most of my learning years with BSD, I am in the process of completely moving over to as much GPL/GNU stuff as I possibly can (even at work when possible).
If the nation is concerned with "cyber" security, it would fully embrace FOSS. Not just that, I think that the only way forward is for the security to be good enough that all services for a person should be able to be run off their own devices. The primary issue with current email and other communication systems it that they almost always end up on someone elses servers, and you have no idea if those people are getting NSLs, gag orders, or are just nefarious in general.
I really think the idea of the mobile phone/pc is the right direction (though I disagree with the Ubuntu methods) in that your phone is the one device you almost always have with you. We need an open source hardware stack in which the modem (carriers have direct access to) does not have DMA to the same space as the CPU. We need an open source GSM (or other) comm stack. We need a completely open source OS that doesn't need to be rooted or jailbroken before a user can modify it as they wish. The freedom of privacy is not completely lost, and in short, the main way of correcting it's erosion in technical terms at least, is GPL.
GPL is the future.
I have long felt that a large part of the problem with online surveillance could be eliminated if my dealings with ANY online business were subject to the same level of privacy as attorney-client-privilege or doctor-patient-confidentiality. In other words, I tell them everything they need to conduct business with me and they agree not to share that information with 3rd parties. Information silos like, enshrined in law, are easy to understand.
What we have now is the wild west, where everything I share with party A ultimately gets passed to party B, who has combined it data about me that I shared with parties C, D and so on. Sharing a personal info of some kind with one may not be appropriate with another - yet that's what we have. You have no idea who is ultimately going to be the recipient of your most personal details, nor the unintended consequences of that.
The most recent example I've encountered - one that instantly frosts my mug - is banking information. The so-called 'privacy' statement I received from my bank indicated that they could more or less share many of the details of my dealings with them without my having any say in the matter. There is no way for me to opt-out of this sharing because, as they say, 'the law does not require it.' How is my personal financial information any less sensitive than my medical information, which is protected?
The entire Internet industry will scream bloody murder if this form of confidentiality or even a softer form of it became law. But without it, the wild west atmosphere will continue, unabated; and as Bruce points out, intelligence and law enforcement agencies will be all to happy to pick the fruits.
I'm not sanguine over the prospects of this happening. Given that lack of control, and with no legal means of stemming the rape of my privacy, I have begun withdrawing from the commons. Even still, I hold no illusions that it will do as much to protect my privacy as I would like it to
I am sincerely very grateful for all that you do. You present the facts very plainly so that they cannot be twisted. We need 10,000 more of you! You tactfully brought the subject into mainstream media that needs to be brought forward. However if you were too honest they probably wouldn't have published your piece. I think what you're saying is:
A regime that has the following characteristics:
Powerful and Continuing Nationalism
Disdain for Human rights
Identification of scapegoats / enemies for a unifying cause - terrorists
Controlled mass media
Obsession with national security
Rampant corruption and cronyism
Obsession with crime and punishment
The unification of corporate and government power
is called: FASCISM
So the real question we need to answer is:
How do we dismantle a fascist regime and return to a democratic constitutional government? How have Fascist regimes been broken in the past?
Most of us can agree that part of the answer is removal of secrecy from the regime. Totalitarianism requires secrecy in order to maintain it's power. New laws themselves aren't a compelling safeguard when the rule of law has been completely destroyed. The legitimacy to the public of the regime and corporate tactics must be removed. Then the public will force change to occur. That change may take many forms, but I don't pretend to know exactly what or how.
What we're talking about is nothing less than a peaceful revolution. That's quite a task.
I think you're right on. Thanks
IMO, the market economy *would* fix the problem of privacy if the government did not skew the incentives away from consumers. Corporations must literally chose today between pleasing the government and their customers. That is the opposite of the definition of a true market economy.
Libertarians are so adorable, because they're still naive enough to believe that corporations would be benevolent engines of innovation and job creation and consumer goods and services, If Only Government Would Just Get Out Of The Way ™.
The only reason Europe is all up in arms is because there are huge swaths of the traditional economy that doesn't want to get disrupted by Google and Amazon so they are using "privacy" as a cudgel to block competition.
No, Europe is "all up in arms" (or, rather, mildly objecting) because US corporations and US government agencies violate European law. Crime victims usually don't react good to perpetrators.
While some European corporations may use the circumstances to act against their US competition, thinking that this is the only cause of a somewhat unfriendly reaction is a good example of unwarranted monocausal thinking.
R2 -- tell me, without government interference, why corporations would want to do something that would jeopardize paying customers (or customers that feed their ecosystem for payment). Corporations have a very overt purpose -- make money. In a market economy, delivering consumer value in the form of voluntary transactions is how you make money. A company who engages in distasteful behavior with consumers data will be supplanted by a company who provides the same services but treats consumers data with privacy and respect. They beauty of competition.
I am not so naive to think there should not be any laws or that there are people in corporations that will exploit short term. Market economies do indeed have short term variance. It is not the quintessential "perfect" system but IMO the best out there currently.
One thing puzzles me. The NSA and other agencies pull in everyone's web browsing and e-mail. There's surely no practical way that they can make exceptions for 'important' people – there are too many of them – congresscritters, federal and state officials, city mayors, TV anchors, actors, models, sportspeople … and their families and associates. There's surely the hell of a lot of juicy information to be leaked or sold. Is every NSA staffer squeaky-clean, pure, not to be bought? Why aren't we hearing more about the internet habits of the rich and famous?
The TSA is getting 26% better at what they do:
The debate over the integrity of TSA screeners heated up last week with the release of an audit by the U.S. Government Accountability Office, which found 9,622 cases of employee misconduct among TSA workers from fiscal 2010 through 2012, with a 26% increase in incidents over that time. The audit scolded the TSA for having weak procedures for reviewing and recording the outcomes of misconduct cases.
...20% of the cases, or 1,936 incidents, were violations of screening and security rules, such as sleeping on duty.
I like the comments in LAT:
TruthTeller3 at 8:15 AM August 05, 2013
On September. 11, 2001, America went from “the land of the free and the home of the brave” to a nation of mewling cowards, eager to give up their liberties for perceived “safety.” One of the worst symptoms of this transformation is the TSA and its minions of blue-shirted “officers.” We may have killed Osama Bin Laden, but he actually defeated the American way of life ten years ago.
jbubbarg at 6:37 AM August 05, 2013
If it were'nt for the TSA I'd never get groped.
Graham said: "We already can curb what they do with our data by choosing to not to do business with them." Except that doesn't actually happen, in numerous instances, because humans routinely engage in contradictory behavior that even by their own standard will admit they aren't acting in their own self-interest. They'll admit they're being irrational. They will forego privacy, and increase their security risk taking, in order to be part of a social collective: email, Facebook, Twitter, etc. as if that social participation, and ensuing status it gives them, is more important than lowered risk of undue corporate-government surveillance. Humans tend to more highly value short term benefit, over long term risk mitigation.
Bruce predicted this argument, saying it deliberately ignores reality. That we can do a thing doesn't mean we will, even when it's in our rational self-interest to do so. So you can either argue that rational self-interest is largely b.s. (we are merely apes that wear pants after all), or you can argue that we in fact do value our internet based socioeconomic interactions more than democracy and liberty, in which case why protect the latter at all?
NYU students were polled on the price of their vote, 2/3rds said they'd give it up for a year's tuition. Half said they'd give up the right to vote forever, for $1 million, even though the overwhelming majority considered voting very important.
Many Tor Network sites disappeared over the weekend as the US FBI took down child pornographers organized around Freedom Hosting. The operation is interesting in that it appears to have used a Firefox zero day to breach Tor anonymity. Story covered many places.
Just thinking about all the commenters that recommended Tor as a way to preserve anonymity.
"Exclusive: U.S. directs agents to cover up program used to investigate Americans
(Reuters) - A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans."
We can't go back to a world where we don't use computers, the Internet or social networking.
Actually you can drop the latter. May be sort of painful for the first days, but at the end I feel a lot better without it.
"The Constitution isn't just a document that places limits on the gov't"
Mr. Walsh, The Constitution is a document specifically created TO limit the government and define the limits of the powers granted (loaned) to it by the governed. It's this 180 degree flip of perception at the "street understanding" level that is as worrisome as are the expansion of governmental powers beyond those limits. Unless the governed remember that ALL power flows from them and the government has only as much loaned to it as the governed allow, we really will be passed the point of no return.
... it's the body of regulations and legislation created (in support of or counter to) Constitution restrictions that are the response to those "responsibilities" that Mr. Walsh touches on. However, given recent decades, "responsibilities" seems an inappropriate term.
I believe that first and foremost it is time that citizens and voters awake from their mainstream media induced, cozy but willful ignorance and start holding governments, representatives and corporations accountable for what they are doing under existing laws and regulations, both domestic and international.
A secret court issuing secret orders based on secret interpretations of the law gagging those subjected to it has no place in a democracy. Lying before Congress is a fellony. The just revealed DEA's practice of "parallel construction" as a means of disguising how an investigation began may violate pretrial discovery rules. Senators on the Senate SCI barring others from learning about NSA surveillance programs sounds reasonably dodgy to say the least. Safe Harbour self-certification by US companies voluntarily or under legal obligation sharing EU customers data with the US IC is a direct violation of the EU Data Protection Directive. An administration secretly approving of its intelligence services sharing mass surveillance data with a foreign country under German law is treason. I could go on for a while.
When a ruling class for whatever reason and under a veil of secrecy puts itself above the law and can no longer be held accountable by any democratic institution or body, then you're living in a well-disguised police state run by a plutocrats, not in a functional democracy. Raising awareness, applying digital hygiene, voting out of office politicians and ditching corporations complicite therein are powerful and entirely democratic means available to all wishing to reverse the secret surveillance state that Edward Snowden has revealed.
There's a really obvious solution to the problem:
Make all of the data totally public.
As no-one can argue that their own privacy is worth more than everyone else's combined, the trade-off is an offer no-one can rationally refuse.
There. Power imbalance, solved, forever.
"R2 -- tell me, without government interference, why corporations would want to do something that would jeopardize paying customers (or customers that feed their ecosystem for payment). Corporations have a very overt purpose -- make money. In a market economy, delivering consumer value in the form of voluntary transactions is how you make money. A company who engages in distasteful behavior with consumers data will be supplanted by a company who provides the same services but treats consumers data with privacy and respect. They beauty of competition. "
Yet, in practice, we still have the same problems with selfish & scheming banks, high frequency traders, insurance companies, dominant retailers, monopoly utilities, the PC OS "market," the few cellphone providers, the top broadband providers, defense industry, lobbyists, etc. Many intentionally screw with their customers for extra profit. Many come up with ways to lock customers in against their wishes. Oligopolies seem to compete against each other in ways that are in their mutual interest, but not consumers. And patent/copyright trolls business model is anything but "voluntary."
So, people who are more libertarian about business/markets can talk about hypothetical scenarios and pipe dreams all they want. The result of private interests having too much control in a country with strong private property rights has always been them creating bad situation for the public to benefit themselves. The Few benefit at the expense of the Many.
A few favorite examples: Federal Reserve Corporation, Standard Oil, IBM's patent/copyright enforced Big Iron lock-in (Windows too), Betchel Corp's water scheme + govt support in Bolivia, food companies' across the board use of additives for addictive properties, and drug companies + private hospitals maximizing profits while harm go up proportionally.
Great piece Bruce (as always) but there appears to be a minor spot of error. When discussing types of law you wrote...
"There are two types of laws in the U.S., each designed to constrain a different type of power: constitutional law, which places limitations on government, and regulatory law, which constrains corporations."
Constitutional law is what could be called the "First Law" and indeed does place limitations on governments, however, there are three (3) other main subordinate species of law, Statutory, Common, and Administrative. Regulatory law is a mixture of all of the above. And, while it's certainly a well known area of law, it is however, not a primary varietal of U.S. law as your paragraph seems to state.
Viewing the U.S. from outside (Canada), it has seemed ever since the days right after 9/11 to clearly be on a path to totalitarianism. I guess it has been well and truly there for many years now, but things like PRISM and XKeyscore were cloaked in enough secrecy that nobody knew for sure how far the sickness and rot had spread. It now appears that the entire apparatus of government in the U.S. is completely rotten and probably unsalvageable.
I'm not sure why you imagine that peaceful revolution has any chance of being successful here. Even if people can be stirred into action/protest/whatever, they'll just be funneled into "free speech zones" and mopped up like the Occupy protests were. Some hippies will camp on some politicians' lawns for a week or two, and some other politicians will posture and make speeches, but nothing will change. The complete and total legislative capture by corporate/industrial/military special interests will continue unabated.
I think we're well past the "point of no return" already on all this privacy and data collection stuff, although we'll have to slide a lot farther down the slippery slope before everyone wakes up and realizes how screwed we all are. But I've completely given up on it now. The recent NSA revelations have crystallized for me how completely hopeless and f**cked is the reality we live in. My generation can live out its days in relative comfort, but our children and their children are going to suffer tremendously because of this.
I mean, look at the situation the world is now in.
During my lifetime, the U.S. government--who is supposed to be the poster-child for freedom and democracy, the "leader of the free world" that other nations used to look up to... During my lifetime, an official organ (the NSA) of that U.S. government has built a surveillance monster which amounts to *the most dangerous tool of oppression ever built by human beings* and probably by a big margin.
They have so completely destroyed the privacy and dignity of billions of human beings, and made a complete farce of the supposed rule of Law and supposed holy Constitution of the U.S. The legal system already had two sets of rules (one for the rich and one for the poor), but now it has secret interpretations of secret laws made in secret courts. Secret, non-adversarial court proceedings in secret courts whose entire roster is appointed by *a single man*. NSLs, blanket-eavesdropping warrants that authorize tapping millions of people simultaneously, and basically no oversight of any kind. Nobody can sue because they can't get evidence to prove they were affected. Government can just wave its magic "national security" wand and get the court challenges tossed out. So much for checks and balances.
I always assumed the NSA would try to build tools to let them spy on all traffic on the entire Internet (after all, why wouldn't they? they're a spy agency, they don't exactly have any noble principles to uphold) but to have confirmation that they actually succeeded... Well, it should be frightening, but actually it just kind of makes me giddy. Like, "Gee, we're already a thousand times more f**ked than I ever thought we would be within my lifetime." If they ever want to, they can surely find something to use against anybody, at any time... to blackmail political opponents, ruin the lives of the ones who don't stay in line, etc. Even if 99% of them only use this enormous power for good (fight terrorists blah blah), there will always be a few "bad apples". The U.S. government is far more dangerous than any terrorist group I've ever heard of. They have done far more damage in the past than any non-governmental group of terrorists, and they are inevitably going to do a huge amount more damage in the future, because they grew into a fascist monstrosity while the citizenry wasn't paying attention, and good luck trying to put _that_ thing back in the bottle.
No human being should EVER have the kind of power over other human beings that the NSA now possesses. I've never met a human being in my lifetime who could be trusted with such enormous power. For every fifty righteous defenders of freedom and justice who work at the NSA, there's surely one total shitbag who managed to sneak his way in there and will use this data for his own selfish ends, or use it for/against various politicians, or sell it to the mafia or foreign governments, or to invade the privacy of a particular movie star he has a crush on, or one of many many other possible "unintended uses".
But they built it. Who imagines that it can ever be un-built? Now that the new masters have tasted this power, why would they ever let the peasants take it away from them?
My prediction is that there will eventually be a particularly bloody revolution in the U.S. but it won't occur for at least another 20 years. I think it will take that long for things to get bad enough in the average American's living conditions for them to get angry enough for violent revolution. Maybe we'll be lucky and it won't happen at all in our lifetime. Our kids won't be so lucky.
Very interesting piece.
However, i do think you can blame consumers for making irresponsible choices.
You write: "And by their nature, computers produce tracking data"
That's not true. Computers do not have a nature, and they do not necessarily produce "tracking data".
Don't use Gmail
Don't use Chrome or IE
Don't use Google
Use Facebook without sharing any details about you
Use HTTPS everywhere, adblock and script stoppers
And you've already eliminated 95% of that easy surveillance you'd normally give to businesses and govt agencies.
"Yet, in practice, we still have the same problems with selfish & scheming banks" ...which would be totally out of business if they weren't propped up by the government (and if fractional reserve banking was not a legally protected form of fraud).
"...high frequency traders," - which would deplete their trading grounds pretty quickly if not for the government-required "fair" reporting and constant flow of QE cash.
"insurance companies," - some of which are quite decent, and the most are so over-regulated that they became adjunct to the government itself.
"dominant retailers," - who benefit heavily from the current taxation and health insurance regime which makes life of mom-and-pop shops unbearable.
"monopoly utilities," - which were granted the monopoly by the governments.
"the PC OS "market," - which is wholly dependent on the government-enforced "intellectual property" regime.
"the few cellphone providers," - who bought their oligopoly in the form of government spectrum licenses.
"the top broadband providers," - see "monopoly utilities".
"defense industry," - which is completely sustained by the government.
"lobbyists, etc." - lobbyists are used by aforementioned businesses to get the government to give them special rights and handouts - all of which shouldn't be in the government power to grant in the first place.
"And patent/copyright trolls business model is anything but "voluntary." - you are quite correct. And the guns which back up this model are... drumroll... all belong to the government.
"The result of private interests having too much control in a country" - I assume that by "control" by mean the ability to coerce others. Which requires legalized violence. Which, by definition, is the government. Oh, and don't forget that countless bureaucrats, their political patrons, and their enforcers are PRIVATE people, who act in their own PRIVATE interests.
Don't you see the common theme in all your examples of negative outcomes? Yep, the government. Hard to be evil without it.
I think we're in need of a better argument.
I've been having this discussion with plenty of people and I make very little traction. A surprising majority of people say "I have nothing to hide" and just don't care. The fear of future abuses doesn't help, comparisons where it's gone wrong before (like the DDR) are seen as hyperbolic, the it'll-never-happen-here syndrome. If you try to counter this with, why not put a camera and microphone in your house, "If you've nothing to hide", argument well that's not on. The spectrum of how much privacy do you want is a very subjective thing and beyond the home, most people just don't care.
Bruce as you say, people would object to being forced to carry a tracker because *that's a bridge too far* but somehow mining the data from the thing you choose to carry is ok, or at least tacitly ok.
There was recently a case where ANPR cameras being used outside a town in Britain called Royston were held to be a disproportionate encroachment on Article 8 of the ECHR because they were recording the number plates of all cars on entry and exit to this town. None of them have objected to the idea of being tracked up and down the country via ANPR but if say, you were stopped at every county border and asked to show your papers as you would have done in Soviet Russia that would be too much.
The big disconnect between the average Joe and privacy advocates is that the physical imposition of data collection is far more important to people than the actual uses the data is collected for
It's almost as though you need a pair of arguments. One to highlight why the data collection is the principal concern and then what it really means for them.
As for people using less of the tools, I can't see it happening. If there is one basic economic principle it is that human beings want more. In fact my two year old has an amazing propensity to use that word. The more is easy, more money, better relationships, more success, more power, more milk before bed time. People aren't going to wind up using less of these things.
It's the job of technologists, systems architects, programmers, cryptographers and everyone else to build systems which are more private by design because you can't bank on people asking for it.
Lastly, how many people would rather the state didn't spy on them but would be quite happy for the government to do it against others as agressively as possible to ensure the enconomic wealth of their own countries? I know at least one.
"When you have nothing to hide, you have nothing to fear" is often attributed to Joseph Göbels. It sounds as something he could have said.
It is all based on unconditional trust.
But how can we trust people that shoot journalists, women, and children, and then hide what they have done? We had to wait for whistle blowers like Snowden and Manning before we heard about these atrocities.
The same about Abu Graib.
So, why should we trust these people again?
I love how libertarians really want to agree with Bruce but have fits with the idea that markets aren't perfect and the government isn't the only "bad guy".
Doesn't anybody realize that we are paying to be spied upon. This is the insult to be added to this injury.
I totally understand your feeling that we are past the point of no return. I used to think so, but not anymore. There is an established blueprint for ending totalitarianism, and the good news is: we're already winning.
Google: stormcloudsgathering and watch the "Revolution: An instruction manual" video. Highlights are below:
The state rests on 3 pillars of power:
1) Control of the group mind, ideas and beliefs (media)
2) Control of money, finance and human activity (through taxation and inflation)
3) The monopoly on violence and the use of intimidation to extract obedience by fear
Revolution is comprised by 3 stages:
The ideological revolution (delegitimizing the regime) - every misuse of violence by the state, every scandal, and disclosure of abuse of power delegitimizes the power structure. This is based on basic COIN and information warfare doctrine - maintain the moral high ground, and expose your opponent's violations of morality. We're already winning the ideological revolution.
Strategic non-compliance - interrupt the chain of obedience and publicize it (abuse of occupy protestors, etc).
Remove the state's ability to control the police and military - by removing the power of violence of the state ending their control (east german military stand-down that resulted in the fall of the wall). Prepare the military and police to disobey orders to initiate violence on the people.
If you're tired of perpetual war and suffering from state violence, become part of the movement. Humanity will win in the end.
I'm probably in the minority, but I do not particularly care about a "largely free" Internet.
If a service is useful to me, I'd much rather pay for it. That way I can be the company's true customer such that it's in their interest to serve my best interests. Today, I'm largely a product that's harvested for their true customers (the advertisers).
What moo missed, and Thecaseforpeace also is that once you have complete interception, nothing that depends on communication works anymore.
Just try to "start a revolution" and see. It will be nipped in the bud before you can organize even a couple of cells, and it takes more than that to pull it off.
And if they fail to nip it in the bud, there's that kill switch thing. Most people have no other way to communicate than the "official" channels. You think there's enough interested amateur radio ops to do it, or that they will, given that they can be found almost instantly and pretty easily if they do?
We're done, stick a fork in us. We waited too long.
I disagree. They can intercept all they want. They can create their lists, recruit their spies. The British Crown certainly had a list of all of the Declaration of Independence signers. Some even were imprisoned brutally on prison ships in NY harbor (Guantanamo and CIA black sites done the old school way). In order to win, you must maintain the the moral high ground (Claustwitz - (Warfare is politics by other means."). They can even disappear a few low-level dissidents here and there without too much scrutiny.
However, to really "nip it in the bud" they must use psychological operations on a TA (target audience) FM 3-05.301 which one could argue that they are running at 110% already, and losing (embassy closures arguing support for warantless NSA spying, labeling Snowden a traitor, framing PANDAA and Oathkeepers with child porn). Or they can decide to use more aggressive tactics -
Black bagging people en masse, mass arrests, more kinetic actions, or framing (agent provocateur) the defenders of the community (sheriffs, former and retired military) as right-wing extremists "committing" senseless violence, or baiting racial tensions. We already know about "Nato's secret armies" and those tactics - Look up the book by the same name, author = Daniele Ganser from Basel University.
Hypothetically, if they cross the Rubicon and start waging open warfare against the American people, or framing the death of civilians on oathkeepers, Sheriffs or some other group, they really start risking the loss of complete legitimacy. Also, hypothetically, there is no way to have a conventional battlefield victory against the US mainland and the American people, no matter who the aggressor is. It is logistically and tactically impossible at this point in time. High ranking military staff officers I've talked to agree, and that's all I'm going to say about that.
If the US and the rest of the world, for that matter, wish to return to some semblance of justice, humanity and peace, actions must be taken now to start dislodging the legitimacy of the current illegal power structure. Peaceful revolution is a real probability, but if we wish to prevent bloodshed, we must make a concerted effort to get the police and military on the side of the people - to refuse unlawful orders, to obey their oath and the law of the land, and to educate the general population of what is being done in their name and how they are being violated.
In brutal East Germany, President Hohneker ordered his troops to "put down" (read: shoot) demonstrators. The commanders refused to leave their base. The GDR was history 3 days later. The US has way more going for it than the GDR. It can be done.
@ Averros, @ Nick P
Don't you see the common theme in all your examples of negative outcomes? Yep, the government.
No, the collusion of private and public sector to the detriment of the general public. Which is the exact point Bruce is making, and which goes much further than just the partnership in surveillance. Vinegar (water/acetic acid) and baking soda (sodium bicarbonate) are very useful products, but you may remember from your science class that putting them together tends to give a very messy result. That's why you keep them apart and observe very strict rules for situations where they have to interact. That is of course unless the messy result is the desired outcome.
@Josh: "I love how libertarians really want to agree with Bruce but have fits with the idea that markets aren't perfect and the government isn't the only "bad guy"."
Resorting to misrepresentation of the opponent's position is tantamount to admission of losing an intellectual argument.
First of all no libertarian ever claimed that markets are perfect. They are simply the best we can do - better than any other system, and there's a mathematical proof to that effect, called the first welfare theorem. Can't beat optimal. More important is the fact that free market is the only possible system of economic organization not fundamentally reliant on violence.
Secondly, no libertarian ever claimed that the government is the only bad guy. There are other criminals and criminal organizations; government is just the biggest, meanest, and the most murderous of all of them. By many orders of magnitude.
@Dirk Praet: "the collusion of private and public sector to the detriment of the general public."
This statement implies some fallacies: first, there is nothing "public" in the so-called public sector; it consists of private individuals with their private interests, and is a much smaller than the public. It is the proverbial 1% (once you discount those who are employed by this sector as paid civilians, rather than being either in control of thugs or the thugs themselves).
Secondly, "detriment of the general public" is an oxymoron. "General public" is an abstraction, and abstractions have no interests, and so nothing can be detrimental to their interests. The public is a (somehow vaguely and arbitrarily defined) class of people. Each of these persons has his own interests, and these interests are different and often conflicting with interests of other members of the public. Anybody saying things like "public interests" is either seriously confused, or is trying to scam the other members of the public by misrepresenting his own interests as "public interests".
The real problem with the collusion of government and corporations is that members of the government have plenty of ways to benefit their friends by threatening others with legalized violence - in exchange for pay-offs, funding political campaigns and propaganda, and simply because the corporate "elite" and the government bosses are mostly the same group of people.
The only way to eliminate the collusion is to eliminate the incentive. Which can only be achieved by eliminating the government.
"That's why you keep them apart and observe very strict rules for situations where they have to interact."
Me? Keeping them apart? Unlikely. The only force capable of restraining the government (short of armed rebellion) is the government itself (or a bigger and meaner foreign government). All the nice rules and regulations you can come up with are nothing more than "goddamned pieces of paper", which will be willfully ignored and subverted. As long as people keep believing that the governments have any use, the kind of people who go into government will be easily corrupted by the corporate interests which find it very profitable to have the laws tilted their way and to have priority access to in the loot extracted by the thugs from the people who work for a living.
The only way to eliminate the collusion is to eliminate the incentive. Which can only be achieved by eliminating the government.
I appreciate your strong feelings about governments, but I am not going to get into a semantic discussion about general concepts as "private" and "public". The Founding Fathers of the USA drafted the Constitution and the Bill of Rights as a carefully balanced exercise between having a country under the rule of law and limiting the powers of government as to avoid excesses. I think they did a monumental job.
The majority of us here in Europe don't believe in either black and white vision of "government good, corporations bad" (communism) or "corporations good, government bad" (capitalism). Both have proven miserable failures that in the end only benefit a small elite whereas everybody else is suffering. I believe we need a strong combination of both and that they need to be kept apart in the same way a secular state keeps politics and religion separated.
Althoug collusion can never be entirely eliminated, some serious constraints could be put in place:
- Outlawing or severely limiting donations from private persons, corporations and special interest groups to political parties, elected officials and people seeking office. You get an entirely different political landscape when public office can no longer be bought but has to be earned through content, vision, achievements and accountability to your electorate only.
- Outlawing or strictly regulating the "revolving door" between corporations and the government.
@Dirk Praet, @Averros
I understand both of your points, but I would like to raise another non-partisan argument: Scale is the problem.
Taleb has made the strong repeated assertion that "size makes you fragile". I fully agree. This has been borne out in empirical studies in every field. It's why mammals survived and Dinosaurs didn't. Therefore, governments can get away with a lot if they are small scaled (a city, a small county, city states, cantons). If a government is small scaled it can make a few stupid decisions and survive. Alternatively, if a large government like the US federal government makes a mistake, it can cause complete disaster. Building upon this idea, if you have a federation of small governments, you can have a few small governments fail once in a while and not damage the strength of the federation.
Governments at a small scale have a larger representative / people ratio (when done correctly), and the representatives actually have to live in the community and be subject to social pressure and shame for corruption and malfeasance. This idea is also related to the "Dunbar number" - look it up.
This was the basis of the US government at it's inception. It's still a fair representation of how Switzerland works. The US government has long ago tossed aside the idea of state's supremacy, federation of states and we will pay dearly for it one day. All mega-scale systems are immensely fragile, and if one breaks, they all might - Structural criticality.
Now the cabal wants to sell cyber insurance...what a farce.
One side affect would be holding manufacturers and software developers liable for defects. I am sick and tired of address product problems from vendors. I remember at one time having a DEC field technician look at me and say "So when you get it figured out can you tell us, we have a server in our office doing the same thing." After paying $400 an hour--the insult was beyond the pale. It was one of the reasons I moved out of the service side of electronic and computational technology.
Could this be the end of the stupid EULA's:
WE NEVER TO ANYTHING WRONG, AND EVEN IF WE DO, TOUGH! Wait--isn't that the same story government has learned from the tech industry.
The public/private partnership on intelligence and police matters has existed for a long, long time. It's called developing informants and snitches among your circle of friends and acquaintances.
You might say something like, "Officer, I have to report my friend Benny as a potential security risk. The officer replies, "What makes you think this possible suspected potential Hater of America is a spy for Muslim Extremists, Al Qaeda, the Taliban and other kinds of pointy-headed racists, perverts, anti-Semites and Tea Party flag waivers?"
"Well," you say, "He reads a lot of books, buys things from Amazon, uses big words, gets packages all the time, keeps his door closed, never been in the military, talks about civil liberties and the Constitution. He talks a lot about how our country used to be and doesn't like the increased surveillance and loss of freedom. You know, subversive talk like that. He has a gun, likes to hunt with his Dad, who might be in on it, too, and says we have too many immigrants now. He sounds like a wannabe terrorist to me, sir."
"Good work, son. We'll place him under close watch, monitor his phones, emails and the contents of his cat boxes for secret messages. And for yourself, since you turned him in you're under suspicion of trying to direct attention away from yourself. Don't leave town, give us all your passwords and speak legibly on the phone. We have those damned calling centers in Pakistan monitoring them for us now and they don't talk American worth a damn!”
"Thank you sir," you say, looking a little shocked. The General mumbled to himself, "We gotta watch this guy. I saw his left thumb wiggling and you know what THAT means." Might have a twofer here – one trying to cover for the other!
This is why they call it intelligence
The funny thing, at least to me, is how when it came to SOPA et. al. the internet went black in order to protest a possible bad outcome. But when something dramatically worse has happened and is continuing, none of the parties who participated before have so much as turned out their lights.
We are being farmed like cattle. Herded like cattle. We have no representation. No effective Government for the people.
Eisenhower warned us of the military industrialized complex and its threat to take control of the government. Well it’s done.
I know people don't like to talk about this but I do know many people feel the same way. You can not vote this beast out of office, Obama is a good example of that.
If we don’t utilize the constitution and force these traders out soon there will be nothing left.
oops, I meant traitors :(
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.