Data Privacy, One of These Days

For some odd reason, data privacy maven Bruce Schneier is an optimist. It's odd because, according to Schneier, there's practically no such thing as data privacy. Just about everything we do these days is under some form of electronic surveillance, with governments and corporations eager to record and analyze our every action.

But when Schneier holds forth on Friday at Harvard University, as part of the ongoing HUBweek festivities, he'll reassure his listeners that the cause is not lost, that our online privacy will someday be ensured. Just give it a decade or two.

"It is possible to write laws to prohibit behavior we find immoral," Schneier said. "We do it all the time." So it's just a matter of persuading businesses, governments, and voters that the current level of comprehensive digital surveillance crosses an ethical line. Technology isn't the issue. "It will take an act of moral will," he said.

Schneier, a fellow at Harvard's Berkman Center for Internet and Society, has been trying to prick the public conscience for years. He's a cryptographer by trade, and author of one of the field's most respected textbooks. But since 2000, he's written a series of books for the rest of us, intended to wise us up about the importance of securing our data, and the perils of hyper-surveillance. This year's entry is the New York Times bestseller "Data and Goliath," an entertaining and worrisome survey of the many ways we're being watched.

The temptation to spy on us is irresistible, in part because we've made it so easy. The electronics in our phones, computers, and cars generate a torrent of information every time we switch them on—"data exhaust" is the cool nickname for it. The problem arose by accident. There was no evil conspiracy, no master plan. The people who built the Internet or the phone system or even those automatic toll booths just wanted them to work efficiently. Nobody thought much about privacy.

Your computer needs an Internet address so it can receive messages. But that same address gives away your location. GPS was added to your phone so emergency workers could find you when you dial 911. But it also lets the phone company, Google, Apple, and perhaps the US government track every move you make.

Schneier says networks and devices could filter out data exhaust with a sort of catalytic converter. The tollway EZ-Pass would collect its fee, but forget the identity of the driver who paid it. All Internet traffic could be routed through proxy servers that would obscure its point of origin. The cellular network could be designed to forget our location data every 24 hours.

It's all technically feasible, but costly, and there's no sign that anybody's willing to foot the bill. Schneier compares it with the perennial popularity of human bondage. "Why wasn't slavery abolished from the beginning of time?" he said. "Because it was so easy, and we liked having slaves." In the same way, today's privacy-shredding gadgets are so pleasant and so cheap that even their victims—pretty much all of us—can't imagine life without them.

There's only one hope for building privacy-friendly networks, said Schneier. "It would require a law saying you have to do this."

That's bound to happen, he believes. He's just not sure how much pressure it will take. "Do you need social upheaval to solve this problem, like we did with slavery," Schneier wondered, "or can you do it incrementally, like we did with child labor?"

Schneier is no privacy purist. Like many of us, he lives a life of compromise. He uses a smartphone, but won't get a Facebook account. He tries to use the pro-privacy search service Duck Duck Go, but admits falling back on Google, because it generates more accurate search results. Schneier has a personal e-mail account and wants no part of Google's Gmail. But he notes that many of his friends and colleagues are on Gmail. So when Schneier writes to them, Gmail analyses his inbound messages, whether he likes it or not.

"Everybody makes their own tradeoffs," Schneier said. "I think I'm the reasonable guy. I'm not the paranoid guy."

But there's no compromise about his ultimate goal—a world in which you don't have to be paranoid to ensure your personal data stays personal. "I think it's going to take 10, 20 years," said Schneier. Depending on how much we want it.

HUBweek is founded by The Boston Globe, Massachusetts Institute of Technology, Harvard University, and Massachusetts General Hospital.

Categories: Articles, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.