How Secure Is Your Data?

For this week's Friday Roundtable, we dive into the issues of data security discussed in Bruce Schneier's new book "Data and Goliath."

Schneier writes in his introduction: "Here is what's true: Today's technology gives governments and corporations robust capabilities for mass surveillance."

Schneier and two other technology and security experts joined the Roundtable to talk about the state of data security.

Highlights from the conversation

Cell phones have become surveillance devices - for better or worse.

"The cell phone knows who you talk to, what time you talked to them, what time you wake up in the morning, what time you go to sleep at night. It knows who you sleep with because you've both got a phone," said Schneier. "It is an amazing surveillance device and something we would never allow if the government mandated it. Of course, we pick it up every morning and put in our pocket, not because we're putting a surveillance device in our pocket but because it's an incredibly useful tool that really we can't live without anymore."

This brings up the idea of good surveillance. Schneier gave the example of Waze, an app that pulls location data from all its users to provide live traffic updates. "I don't think it's intrusive, I think it's useful," said Schneier. "The usefulness exceeds the fact that it impinges on what I consider my privacy."

But don't throw away your cellphone just yet.

The idea of all of your communications and movements being monitored is likely to induce a sense of paranoia, but Schneier says fear isn't the right response. "There's a potential for a lot of abuse and we need to start looking at the positives and negatives, especially the negatives," Schneier said. "But I don't want people to start throwing away their cellphones. ... I think fear makes us do things that aren't necessarily smart. We need to start looking at the data we're producing, who has it, how it's being used, and then make policy decisions based on that."

Beware the fine print.

Most consumers have opted in to corporate surveillance without even knowing it. The language is buried somewhere deep down in all those terms of service agreements you click "yes" to without ever reading. In "Data and Goliath," Schneier gives the example of the "The Brightest Flashlight" app.

It could light up your phone — and sell your location information. "Every person who installed it clicked 'okay' without reading what they were clicking," said Schneier. "And that app was making money selling people's personal information."

There are movements afoot to change how dense terms of service agreements can be. Eran Kahana is working on that at Stanford. "Part of the reason that people click 'I agree' is that they're not going to go through the trouble of reading the fine print, but we can make the law more understandable and more accessible," Kahana said. "By making the law more accessible, the theory is, that people make more meaningful choices."

Data you share with a corporation could end up with the government, and vice versa.

"The real problem we have is the public / private surveillance partnership," said Schneier. "Both are using it together and they're helping each other. Most government surveillance piggybacks on corporate surveillances." The NSA and the FBI can ask corporations for information that users have given them. While it's illegal for the government to collect this data on their own, they can purchase it, Schenier said. And it goes both ways: Corporations can get information like voting rolls from the government.

The U.S. lags behind Europe in terms of data security.

J. Brian Atwood said that while corporations collecting data can be useful, regulation is necessary. "The Europeans have taken a very different view of all this," Atwood said. "They are protecting a lot more than we do. [Data collection] can be a wonderful service or we could feel violated. We really have to decide what it is we want from all of this. It could have a chilling effect, as Justice Sotomayor has said, especially when the government has access to this information."

The U.S. government might have more surveillance information than it can even use now.

Atwood pointed out that in the case of the Boston Marathon bombing, the Tsarnaev brothers were in the system. "They were in the database, we knew them, we were warned by the Russians that they were here and might be a problem, but there's so much in the database that you can't really use that database to prevent."

Schneier echoed that concern: "With a lot of these government surveillance programs, they can't find the needle in the haystack."

People are starting to make data security a priority.

Schneier referenced a recent study from the Pew Research Center: The numbers show that more Americans are in favor of increased data security. The results:

  • 91% of American adults say that consumers have lost control over how personal information is collected and used by companies.
  • The public has little confidence in the security of their everyday communications.
  • Most Americans support greater regulation of how advertisers handle their personal information.

Another survey, Schneier said, showed that "700 million people around the world changed their behavior, or believed they did, because of the documents from [Edward] Snowden. ... Name an issue that caused 700 million people around the world to change their behavior — I can't name one."

Listen to the Audio on MPRNews.org

Categories: Audio, Panel Discussions and Debates

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.