Essays in the Category "Privacy and Surveillance"
Page 1 of 16
CFPB’s Proposed Data Rules Would Improve Security, Privacy and Competition
By giving the public greater control over their banking data, the Consumer Financial Protection Bureau's proposal would deal a blow to data brokers.
In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermining the data broker economy and increasing customer choice and competition. Beyond these economic effects, the rules have important data security benefits.
The CFPB’s rules align with a key security idea: the decoupling principle. By separating which companies see what parts of our data, and in what contexts, we can gain control over data about ourselves (improving privacy) and harden cloud infrastructure against hacks (improving security). Officials at the CFPB have described the new rules as an attempt to accelerate a shift toward “open banking,” and after an initial comment period on the new rules closed late last year, Rohit Chopra, the CFPB’s director, …
The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.
Spying has always been limited by the need for human labor. AI is going to change that.
Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.
Before the internet, putting someone under surveillance was expensive and time-consuming. You had to manually follow someone around, noting where they went, whom they talked to, what they purchased, what they did, and what they read. That world is forever gone. Our phones track our locations. Credit cards track our purchases. Apps track whom we talk to, and e-readers know what we read. Computers collect data about what we’re doing on them, and as both storage and processing have become cheaper, that data is increasingly saved and used. What was manual and individual has become bulk and mass. Surveillance has …
Snowden Ten Years Later
In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well.
I wrote the essay below in September 2013. The New Yorker agreed to publish it, but The Guardian asked me not to. It was scared of UK law enforcement and worried that this essay would reflect badly on it. And given that the UK police would raid its offices in July 2014, it had legitimate cause to be worried.
Now, ten years later, I offer this as a time capsule of what those early months of Snowden were like…
Why the U.S. Should Not Ban TikTok
The ban would hurt Americans—and there are better ways to protect their data.
Congress is currently debating bills that would ban TikTok in the United States. We are here as technologists to tell you that this is a terrible idea and the side effects would be intolerable. Details matter. There are several ways Congress might ban TikTok, each with different efficacies and side effects. In the end, all the effective ones would destroy the free internet as we know it.
There’s no doubt that TikTok and ByteDance, the company that owns it, are shady. They, like most large corporations in China, operate at the pleasure of the Chinese government. They collect extreme levels of information about users. But they’re not alone: Many apps you use do the same, including Facebook and Instagram, along with seemingly innocuous apps that have no need for the data. Your data is bought and sold by data brokers you’ve never heard of who have few scruples about where the data ends up. They have digital dossiers on most people in the United States…
Letter to the US Senate Judiciary Committee on App Stores
View or Download in PDF Format
The Honorable Dick Durbin
Chair
Committee on Judiciary
711 Hart Senate Office Building
Washington, D.C. 20510
The Honorable Amy Klobuchar
Chair
Subcommittee on Competition Policy,
Antitrust, and Consumer Rights
425 Dirksen Senate Office Building
Washington, D.C. 20510
The Honorable Chuck Grassley
Ranking Member
Committee on Judiciary
135 Hart Senate Office Building
Washington, D.C. 20510
The Honorable Mike Lee
Ranking Member
Subcommittee on Competition Policy,
Antitrust, and Consumer Rights
361A Russell Senate Office Building…
The Public Good Requires Private Data
This essay appeared as part of a round table on “How the Coronavirus Pandemic Will Permanently Expand Government Powers.”
There’s been a fundamental battle in Western societies about the use of personal data, one that pits the individual’s right to privacy against the value of that data to all of us collectively. Until now, most of that discussion has focused on surveillance capitalism. For example, Google Maps shows us real-time traffic, but it does so by collecting location data from everyone using the service.
COVID-19 adds a new urgency to the debate and brings in new actors such as public health authorities and the medical sector. It’s not just about smartphone apps tracing contacts with infected people that are currently being rolled out by corporations and governments around the world. The medical community will seize the pandemic to boost its case for accessing detailed health data to perform all sorts of research studies. Public health authorities will push for more surveillance in order to get early warning of future pandemics. It’s the same trade-off. Individually, the data is very intimate. But collectively, it has enormous value to us all…
We’re Banning Facial Recognition. We’re Missing the Point.
The whole point of modern surveillance is to treat people differently, and facial recognition technologies are only a small part of that.
Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban may follow). In December, San Diego suspended a facial recognition program in advance of a new statewide law, which declared it illegal, coming into effect. Forty major music festivals pledged not to use the technology, and activists are calling for a nationwide ban. Many Democratic presidential candidates …
The Real Threat from China Isn't "Spy Trains"
The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world’s largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States.
Part of the reasoning behind this legislation is economic, and stems from worries about Chinese industries undercutting the competition and dominating key global industries. But another part involves fears about national security. News articles talk about “spy trains,” and the possibility that the train cars might surreptitiously monitor their passengers’ faces, movements, conversations or phone calls…
The Myth of Consumer Security
The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.
In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: “After all, we are not talking about protecting the nation’s nuclear launch codes. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications.”…
Attorney General William Barr on Encryption Policy
This morning, Attorney General William Barr gave a major speech on encryption policy—what is commonly known as “going dark.” Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.
Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access. But, in the world of cybersecurity, we do not deal in absolute guarantees but in relative risks. All systems fall short of optimality and have some residual risk of vulnerability—a point which the tech community acknowledges when they propose that law enforcement can satisfy its requirements by exploiting vulnerabilities in their products. The real question is whether the residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product. The Department does not believe this can be demonstrated…
Sidebar photo of Bruce Schneier by Joe MacInnis.