The New America: Little Privacy, Big Terror

Excerpt

In Data and Goliath, Bruce Schneier, a security technologist and fellow at Harvard Law School, explores what it means to have entered the age of mass surveillance. Our data are collected in the first instance by private corporations, but are increasingly exploited, as Edward Snowden has shown, by government intelligence agencies. The NSA didn't have to build from scratch a vast database on billions of innocent citizens the world over, Schneier explains, because private corporations had already done so. All the NSA needed was access.

Data is, according to Schneier, "the exhaust of the information age." When we carry our cell phone, use (or have downloaded) apps on those phones, browse websites, send emails or texts, drive in our cars, or make purchases with a credit card, we send digital information about our whereabouts, our associations, our interests, and our needs and desires to the corporations that serve us. Because the information is digitized, it is relatively cheap to store, and can be analyzed by computers in great detail.

From even a single data source, one can learn a great deal about a person's private life. A GPS device in your phone or car can pinpoint you to within sixteen to twenty-seven feet at any time of day or night, and can keep a record of your movements. Phone records can show whether you called a rape crisis line, an abortion provider, or Alcoholics Anonymous. The photos we upload to the cloud or social media sites are often embedded with information about the date, time, and place they were taken, and can be identified by increasingly accurate facial recognition systems.

Corporations are taking advantage of these opportunities. Defentek, a private security firm registered in Panama, sells a device that can "locate and track any phone number in the world?undetected and unknown by the network, carrier, or the target." Amazon Kindle tracks what you read. "Facebook can predict race, personality, sexual orientation, political ideology, relationship status, and drug use on the basis of Like clicks alone."

The US government could not possibly compel us to provide this type of information. Yet, Schneier writes, we allow private companies to have it as a routine matter:

Imagine that the US government passed a law requiring all citizens to carry a tracking device. Such a law would immediately be found unconstitutional. Yet we carry our cell phones everywhere. If the local police department required us to notify it whenever we made a new friend, the nation would rebel. Yet we notify Facebook. If the country's spies demanded copies of all our conversations and correspondence, people would refuse. Yet we provide copies to our email service providers, our cell phone companies, our social networking platforms, and our Internet service providers.

We "agree" in large part because we have no real choice. For the most part, you cannot obtain the services of the digital age without clicking through a "consent" form that authorizes the service provider to collect, analyze, and sell your data.

Schneier argues that if we are to preserve privacy, we must regulate both government and corporate use of this data. The Fourth Amendment regulates only government actors. There are some good reasons for that. Google cannot lock you up or launch a tax investigation against you. Google's computerized monitoring of your emails and Web searches in order to direct particular advertising to you poses a less ominous threat than the NSA using the same tools to identify suspicious political beliefs or associations. But, Schneier maintains, we are unlikely to achieve protection from public surveillance unless we also impose some limits on private surveillance. Europe has pursued precisely this option, with a Data Protection Directive that sharply limits what corporations can do with customer data.

Categories: Book Reviews, Data and Goliath, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.