Schneier: Internet Has Delivered a "Golden Age of Surveillance"
"Information is power," has been true for so long that it has become a cliché.
But the Internet has increased the power to collect, store and analyze information by such an order of magnitude that we are now in what Bruce Schneier called "the golden age of surveillance," in his keynote address Wednesday morning at SOURCE Boston.
That would be golden for those doing the surveillance, not the subjects of it.
Schneier, author, security guru, blogger and CTO of Co3 Systems, said the expectation that the Internet would mainly empower the powerless—grassroots groups, hackers, minorities and other relatively fringe groups—did come true for a number of years. But governments around the world have now caught up, he said. And they are better prepared to use power than small, disparate groups.
"Technology magnifies power, but adoption rates are fundamentally different," he said. "The small and powerless are more nimble and quicker to adopt it. But, a decade later when the already powerful institutions discover it, they can make use of power more effectively."
He noted that social networking had helped make the Arab Spring possible, but more recently, in Syria, "the protesters used Facebook to organize, and then government used it to arrest them."
Data, the inevitable byproduct of computers, is nothing new. "But, as more of our human interactions become mediated by computers, that creates a fundamental change," he said. "I had an IM conversation this morning on the way over here, and it produced data—both the conversation and the metadata about it."
Enabling that fundamental change, he said, is that endless amounts of data are now, "increasingly stored and searchable," which means, "a lot that was thrown away, now can be saved. We're reaching the point where we're saving everything."
An example is his own email. "Starting in '06, searching it became cheaper than sorting it," he said. "And we're now there with all data, which is fundamentally surveillance data."
Reassurances from government officials that they are just collecting metadata, rather than listening to phone conversations or reading emails in real time, are a diversion, he said. "Metadata is far more intimate than our conversations. It shows where we go, our interests, our relationships—it shows who we are," he said.
And, he added, it allows ubiquitous surveillance. "We'd never consent to the government telling us to carry a device that would let them track us 24/7, but we all carry cellphones," he said. "We'd never agree to government saying we have to tell them when we make a new friend, but we tell Facebook."
Schneier said he does not have a Google or Facebook account, but knows there is enough information about him online that, "if I sign up for Facebook, they will provide a reasonably accurate list of my friends."
Collection of data itself is not necessarily sinister, he said. In some cases, when commercial entities like Amazon pitch products to him based on what he has already bought, "I like it."
But the reality is that Internet users pay for "free" and convenient services with their data. "We are tenant farming for companies like Google," he said. "We are on their land producing data. It's all very seamless, but in exchange, you have to trust them with everything. Our email, contacts, etc. are no longer just on our computers—they're on servers."
And that means, even after IMs disappear from his phone, "Apple has them forever."
It also means there are much more repressive uses of that data. "Government can tell if you attended a protest," through cellphone geolocation, he said. "You can map people as they move around city. You can track people moving together who turn off their geolocation, and then turn on later. They can even tell if one phone is turned off permanently, but then another one is turned on in similar location and used similarly."
It makes mass surveillance much cheaper and easier. While it would take five FBI agents to conduct human surveillance of a single car, technology enables the tracking of thousands of cars at far less expense. "Instead of, follow that car,' it's follow every car,'" he said.
All this, he said, points to the tension between the value of data and the privacy implications. "There is value in me telling Google where I am, because we get better traffic information," he said. "If you give the NSA all your data, they'll keep you safe from the bad guys. There is enormous social value in putting medical information in a database and letting researchers study it. But it's very personal information.
"And anonymization of data is surprisingly difficult—it's really, really hard," he said.
One of the ways to achieve a balance between those competing interests, he said, is to demand, "more data privacy for individuals and more transparency from organizations that collect our data. We know when we give government power over us we need some way to know it's being used responsibly."
That, he said, "is the issue by which we will be judged when our grandkids read about the early days of the Internet. We are amazed today that our ancestors ignored pollution at the start of the industrial age.
"They will ask if we realized the toxins and poisons in data collection. That is way bigger than what is happening with the NSA."