Data and Goliath: Bruce Schneier on the Hidden Battles to Collect Your Data and Control Your World
Leading security and privacy researcher Bruce Schneier talks about about the golden age of surveillance and his new book, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.” The book chronicles how governments and corporation have built an unprecedented surveillance state. While the leaks of Edward Snowden have shed light on the National Security Agency’s surveillance practices, less attention has been paid to other forms of everyday surveillance—license plate readers, facial recognition software, GPS tracking, cellphone metadata and data mining.
JUAN GONZÁLEZ: We turn now to look at what our next guest calls the “golden age of surveillance.” The leading security and privacy researcher Bruce Schneier is out with a new book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. The book chronicles how governments and corporations have build an unprecedented surveillance state. While the leaks of Edward Snowden have shed light on the National Security Agency’s surveillance practices, less attention has been paid to other forms of everyday surveillance—license plate readers, facial recognition software, GPS tracking, cellphone metadata and data mining.
AMY GOODMAN: Just this week, The Intercept revealed CIA researchers have been working for nearly a decade to crack the security of Apple’s iPhones and iPads. Documents from Edward Snowden show the researchers claim to have created a modified version of Apple software development tool Xcode, allowing them to sneak surveillance backdoors into apps and programs.
Well, Bruce Schneier, author of Data and Goliath, joins us now from Minneapolis.
Bruce, it’s great to have you back with Democracy Now! Can you start off by talking about this latest revelation having to do with Apple iPhones and iPads?
BRUCE SCHNEIER: It’s not really new. We know that the NSA, now the CIA, have been working to find backdoors in the computers we use every day, in Windows, in Macintosh. This isn’t the first backdoor we’ve seen in iOS and iPhones. This looks pretty sophisticated, but this is pretty much what we should expect from the United States and other countries and criminal organizations, as well. There’s a lot of people trying to get backdoors into the devices we use.
JUAN GONZÁLEZ: What about this problem, in terms especially of commercial or corporate surveillance, that the public are willingly giving up their data in exchange for some kind of reduced price or more efficiency in their ability to communicate, this apparent willingness on our part to give away this trove of information about ourselves?
BRUCE SCHNEIER: I mean, we give it away all the time, right? Our cellphones know exactly where we are at all times; otherwise, they can’t work. And think of Facebook or email or paying with credit cards, or anything we do that generates data, we give to third parties. I mean, we do it willingly. I’m not sure we do it with full knowledge. You know, we don’t pick up our phones and say, “This is my tracking device. I’m going to carry it in my pocket.” We just do that because that’s how the systems work. So when people are asked, do they value privacy, they say, yes, uniformly. And I think people really don’t think fully about what they’re giving up when they go onto Facebook or use Gmail or do any of these services where data is collected.
AMY GOODMAN: You write that “The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we’re offered.” Explain.
BRUCE SCHNEIER: Well, this is what we see. Companies are using surveillance for persuasion, for advertising. And it’s sliced very finely personally. The ads you see aren’t going to be the ads someone else sees, based on your interests, but also based on what the companies believe is your income level, how good a customer you are. You’re going to see different search results than somebody else. So, depending on your political persuasion, you’ll see different advertisements. You’ll see different offers. So you might get a different credit card offer than someone else. And that might be based on your income, on proxies for your minority status. We see a lot of this very personalized advertising designed to influence you and you alone.
JUAN GONZÁLEZ: And how do you respond to those, especially in government, who say that this surveillance is needed to be able to combat modern crimes, terrorism? For instance, all of Lower Manhattan right now is—basically, there are surveillance cameras that capture every single license plate coming into Lower Manhattan for the New York Police Department.
BRUCE SCHNEIER: There are license plate scanners all over the country. It’s surprising how much of that is captured, not just in New York. But there are companies collecting license plates, looking for cars for repossession, sharing it with the government, with Homeland Security. You know, we hear a lot about this is necessary for security. All the evidence shows it’s not. I mean, there isn’t a huge crime wave of unsolved crimes because of no surveillance. And there aren’t a lot of crimes being solved by this surveillance. Crimes are solved by following the leads. That’s how terrorism plots are foiled. Whenever we ask the government, ask the police or the NSA to show how this surveillance is necessary, they can never come up with good examples. Occasionally they come up with examples that don’t pass scrutiny. But this really does seem to be we’re collecting it because we can, not because we need to.
AMY GOODMAN: Can you compare government surveillance with corporate surveillance?
BRUCE SCHNEIER: You know, they’re very similar. And I look at it as a partnership, the public-private surveillance partnership. One is caused by fear, right? We fear criminals, we fear terrorists. That’s government surveillance. The other, as you said, it’s convenience. We like the iPhone. We like this free services we get. They both collect data, very intimate data—where we live, where we work, what we’re interested in, what we’re saying, who we’re speaking to, who we’re intimate with. And they share it back and forth. Data that’s illegal for the government to collect, they purchase from corporations. Corporations purchase data from the government. It goes into databases in the United States. It’s bought and sold. And profiles are generated. And those profiles are used, in both cases, to pigeonhole us, to make decisions about us, maybe whether we can get a mortgage, maybe whether we can board an airplane, maybe what sort of credit card offer we see. They’re all used to judge us. And in all cases, we don’t have the ability to look at the data, to correct the data, to see why we’re being judged and how we’re being judged. We’re being judged in secret.
JUAN GONZÁLEZ:Well, last month at a New America Foundation event on cybersecurity, you questioned NSA Director Mike Rogers on the security of U.S. encryption programs. Let’s go to that clip.
BRUCE SCHNEIER:My question is also about encryption. It’s a perception and a reality question. We’re now living in a world where everybody attacks everybody else’s systems. We attack—we attack systems. China attacks systems. And I’m having trouble with companies not wanting to use U.S. encryption because of the fear that NSA, FBI, different types of legal—legal and surreptitious access is making us less likely to use those products. What can we do, what can the intelligence community do, to convince people that U.S. products are secure, that you’re not stealing every single key that you can?
MICHAEL ROGERS: Right, right. So, first of all, we don’t. Number two, my point would be, that’s the benefit, to me, of that legal framework approach, that, hey, look, we have specific measures of control that are put in place to forestall that ability. Because I think it’s a very valid concern to say, “Hey, look, are we losing U.S. market segment here?” You know, what’s the economic impact of this? I certainly acknowledge that it’s a valid concern. I just think, between the combination of technology, legality and policy, we can get to a better place than we are now, realizing that we are not in a great place right now.
JUAN GONZÁLEZ: What about that response of the NSA director, Mike Rogers?
BRUCE SCHNEIER: Yeah, I think he’s being disingenuous, that he’s saying that some rule of law will convince people the NSA isn’t collecting data. But the rule of law says, outside U.S. borders, it’s a free-for-all. He can collect anything he wants. He’s gone into the links between Google data centers and scarfed up everything. And the problem we have is that foreign companies, foreign buyers, aren’t trusting U.S. products because of the backdoors he is putting in them. And my question was: How can we fix that? And his answer didn’t answer that. Rule of law, you know, doesn’t give people from other countries assurance that we’re not spying on their stuff.
JUAN GONZÁLEZ: I wanted to ask you about one of the startling analogies you make near the end of your book between what’s happening in this information age and the early Industrial Revolution. You made an analogy with climate change. You wrote, “Data is the pollution problem of the information age, and protecting privacy is the environmental challenge. Almost all computers produce personal information. It stays around, festering. How we deal with it—how we contain it and how we dispose of it—is central to the health of our information economy.” You go on to say, “Just as we look back today at the early decades of the industrial age and wonder how our ancestors could have ignored pollution in their rush to build an industrial world, our grandchildren will look back at us during these early decades of the information age and judge us on how we addressed the challenge of data collection and misuse.” Could you expand on that?
BRUCE SCHNEIER: Yeah, I think it’s an important analogy. We’re sitting here discussing the data we produce, the data our computers produce, what happens to it, who has access to it, how we recycle it, how we dispose of it. These are really important problems, and they’re not things we’re going to solve overnight. And my fear, in that paragraph you read, is that it’s going to take a couple of generations to figure it out, that here we are, producing this data—this big data land grab, to access it all, to analyze it all, to use it all, is not being buffered by a sense of privacy, of the personal nature of it. And I was, I guess, issuing a warning, that maybe we could do better, that maybe we could think ahead as to the problems and really consider where data should be used, where it should be disposed, how personal it is, and how you can’t just give it to third parties for free, that there is a fundamental rights issue here.
AMY GOODMAN: So, governments tell us, “If you have nothing to hide, you have nothing to fear.” Why should you be concerned about government surveillance, Bruce?
BRUCE SCHNEIER: Well, I mean, that’s ridiculous on the face of it. Those same government officials who say that don’t tell you all of their secrets, give you copies of all of their emails and correspondence. Privacy is not about something to hide. Privacy isn’t something that you only have if you’re a criminal. Privacy is about individual autonomy. It’s about presenting yourself to the world. It’s about being in charge of what you say about yourself and what you reveal about yourself. When we’re private, we have control of our person. When we’re exposed, when we’re surveilled, we’re stripped of that control, we’re stripped of that freedom. We don’t feel secure. We don’t feel like we have something to hide. We feel like we’re under the microscope. We feel like prey. Privacy is a fundamental human need, and it’s not about something to hide. I think that’s a very wrong characterization, and we should fight it at every opportunity.
JUAN GONZÁLEZ: But what can people do? What are the options for those who don’t want to go with the tide?
BRUCE SCHNEIER: Yeah, this is very difficult. I mean, I can tell you things like don’t carry a cellphone and don’t use email, don’t be on Facebook. In a lot of ways, that’s ridiculous advice. Those are the tools of society, and we need them to be fully functioning members of society. At this point, the problems are political and social, and we need political change. What people should do now is observe surveillance and talk about surveillance. This needs to be an issue in the next election. This needs to be an issue people care about it. And the more we talk about it and make it an issue, the more we’ll get change. Right? Admiral Rogers is not going to do anything unless he’s required by law. And we need laws to protect us against government surveillance and against corporate surveillance.
AMY GOODMAN: The L.A. review of—the L.A. Times review of your book says that you were given access to the Edward Snowden documents. You have a special position to explain complicated, highly secret surveillance programs to the American public. What should we know? What should we be aware of?
BRUCE SCHNEIER: The documents in the stories are really explaining themselves, that the NSA is collecting everything, everything they can, under a variety of laws that have been bent beyond their intention. Data is being collected on non-Americans and Americans. It’s being saved and stored and used. And we don’t know a lot of the details. This is being done in highly secretive situations. There are secret courts passing secret rules that affect companies and us, and we don’t get to know about them. I mean, what Snowden showed us is that this is all happening by the U.S. What we need to understand is that this is not just the U.S. China, Russia, other countries are doing the same things. And we need to look at this and decide what we want. The NSA is filling a vacuum by collecting everything. We need to step in and put rules in place.
AMY GOODMAN: And what most surprised you? You’ve been looking at this for decades, Bruce Schneier. What most surprised you in your research for Data and Goliath?
BRUCE SCHNEIER: You know, the most surprising thing about the NSA surveillance is how little is surprising about NSA surveillance. There was nothing in there that said the NSA is made of magic. There’s nothing in there that, if you watched a movie where the villain was the NSA, they didn’t do. It’s pretty much what you expected. But seeing it in stark reality is surprising, seeing the details of NSA programs, of FBI collection programs, of these license plate capture programs, or what the data brokers know. The sheer detail, I think, is surprising, because while we recognize this data is being collected, we often don’t understand the analysis. And that, I think, surprises most people. That surprised me.
AMY GOODMAN: Do you think political liberty and justice are threatened?
BRUCE SCHNEIER: I think they are. I think we’re living in a world where we are being judged by our data, we’re being judged in secret, where there are effectively secret courts. I mean, if you can’t fly an airplane, you can’t figure out why you can’t or how to redress that. If you’re denied for a mortgage, or possibly a job, it could be because of this data. And you can’t face your accuser and try to protect yourself. These are extraordinary times, and I think the threats are great, because algorithms are making decisions, not people, and that’s very dangerous.
AMY GOODMAN: Well, Bruce Schneier, we’re going to continue our conversation outside of this broadcast and post it online at democracynow.org, particularly how people can protect themselves. Bruce Schneier is a security technologist. His latest book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He’s a fellow at Harvard’s Berkman Center for Internet and Society.