Wednesday, March 27, 2013

Schneier on Security: Our Internet Surveillance State


?

A blog covering security and security technology.

? Friday Squid Blogging: Giant Squid Genetics | Main | Identifying People from Mobile Phone Location Data ?

Our Internet Surveillance State

I'm going to start with three data points.

One: Some of the Chinese military hackers who were implicated in a broad set of attacks against the U.S. government and corporations were identified because they accessed Facebook from the same network infrastructure they used to carry out their attacks.

Two: Hector Monsegur, one of the leaders of the LulzSac hacker movement, was identified and arrested last year by the FBI. Although he practiced good computer security and used an anonymous relay service to protect his identity, he slipped up.

And three: Paula Broadwell, who had an affair with CIA director David Petraeus, similarly took extensive precautions to hide her identity. She never logged in to her anonymous e-mail service from her home network. Instead, she used hotel and other public networks when she e-mailed him. The FBI correlated hotel registration data from several different hotels -- and hers was the common name.

The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we're being tracked all the time. Google tracks us, both on its pages and on other pages it has access to. Facebook does the same; it even tracks non-Facebook users. Apple tracks us on our iPhones and iPads. One reporter used a tool called Collusion to track who was tracking him; 105 companies tracked his Internet use during one 36-hour period.

Increasingly, what we do on the Internet is being combined with other data about us. Unmasking Broadwell's identity involved correlating her Internet activity with her hotel stays. Everything we do now involves computers, and computers produce data as a natural by-product. Everything is now being saved and correlated, and many big-data companies make money by building up intimate profiles of our lives from a variety of sources.

Facebook, for example, correlates your online behavior with your purchasing habits offline. And there's more. There's location data from your cell phone, there's a record of your movements from closed-circuit TVs.

This is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it's efficient beyond the wildest dreams of George Orwell.

Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.

There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it's fanciful to expect people to simply refuse to use them just because they don't like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don't spy.

This isn't something the free market can fix. We consumers have no choice in the matter. All the major companies that provide us with Internet services are interested in tracking us. Visit a website and it will almost certainly know who you are; there are lots of ways to be tracked without cookies. Cell phone companies routinely undo the web's privacy protection. One experiment at Carnegie Mellon took real-time videos of students on campus and was able to identify one-third of them by comparing their photos with publicly available tagged Facebook photos.

Maintaining privacy on the Internet is nearly impossible. If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, and you've permanently attached your name to whatever anonymous service you're using. Monsegur slipped up once, and the FBI got him. If the director of the CIA can't maintain his privacy on the Internet, we've got no hope.

In today's world, governments and corporations are working together to keep things that way. Governments are happy to use the data corporations collect -- occasionally demanding that they collect more and save it longer -- to spy on us. And corporations are happy to buy data from governments. Together the powerful spy on the powerless, and they're not going to give up their positions of power, despite what the people want.

Fixing this requires strong government will, but they're just as punch-drunk on data as the corporations. Slap-on-the-wrist fines notwithstanding, no one is agitating for better privacy laws.

So, we're done. Welcome to a world where Google knows exactly what sort of porn you all like, and more about your interests than your spouse does. Welcome to a world where your cell phone company knows exactly where you are all the time. Welcome to the end of private conversations, because increasingly your conversations are conducted by e-mail, text, or social networking sites.

And welcome to a world where all of this, and everything else that you do or is done on a computer, is saved, correlated, studied, passed around from company to company without your knowledge or consent; and where the government accesses it at will without a warrant.

Welcome to an Internet without privacy, and we've ended up here with hardly a fight.

This essay previously appeared on CNN.com, where it got 23,000 Facebook likes and 2,500 tweets -- by far the most widely distributed essay I've ever written.

Commentary.

Posted on March 25, 2013 at 6:28 AM ? 52 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

i read this when it was posted on CNN - great article bruce.

i am very much against this ubiquitous surveillance that you speak of and do my best to avoid it. it is surprising how common it is for me to encounter people who think that i'm "paranoid" for believing that literally _everything_ you do online is recorded, both by local intelligence services and myriad advertising companies. i would not be one bit surprised if nearly all data i have ever sent to or received from the internet (since the 90s) is recorded somewhere in an underground facility.

in terms of dealing with privacy, the only real means left to individuals is to make a best-effort to encrypt everything, e.g your comms and hard drives. it is not reasonable to believe that a government legislative body is going to move quickly enough to legislate privacy online, much less enforce it. privacy legislation has been tried and all it results in is intelligence services gaming the definition of the word "capture" or routing your traffic outside your country for 1 hop so it is now foreign-sourced and avoids the letter of the law. as such, the only real option you have for increasing your own privacy is to DIY.

You left out your time at work (tracked by your employer & shared), telephone records (land line), your checking account, GPS car tracking, and TV viewing. Maybe that was all included in the ubiquitous reference.

I bet this includes all of those people that are doing the tracking and the data reporting (that should make them think about what they are doing to themselves). How about Congress, the Supreme Court, the Administration, Federal employees, and all police/military including the spy agency employees. Well, there has got to be a list to that includes who NOT to surveil.

"This essay previously appeared on CNN.com, where it got 23,000 Facebook likes and 2,500 tweets -- by far the most widely distributed essay I've ever written."

Isn't it ironic. One must purposefully engage in the Surveillance State in order to dissemate an essay about it!

On the commentary site by Robert X. Cringely (the very last link, pointing to InfoWorld), the ever-so-handy Ghostery plugin informs me that it found and blocked 17 trackers.

On this site, it found nothing to block.

Speaks volumes, dunnit?

As usual, you sum up the situation pretty clearly. Hat tip to you sir.

Following the reasoning of Liars and Outliers, what do you think can be done to change the reasons behind this surveillance, thus making it unnecessary?

For example, if the main reason is advertising, a voluntary database of personal data available for free to everyone would take away any value from our browsing habits. Yes, that is a provocatory statement :)

How about making everything public - including data about government officers and corporations - by law? I mean knowing the personal data of those who check your personal data. Re-thinking the meaning of "national security" and "state secret" completely.

Will we reach a state of 'mutually assured cyber destruction' - where every time citizen's data is used by large corporations and governments, the citizens retaliate by making their secrets public, a-la wikileaks?

There are no simple solutions to complex problems, but perhaps we're looking at it from the wrong point of view. The privacy battle is lost; what's the next battlefield? Does fighting make sense anyways?

More on this on my blog

Really great summary.

Unsure if or when mainstream end users will understand the impact from big data and analytics. Privacy concerns alone may never completely change this point of view for some, as for some a common response is "if I am not doing anything wrong, then it does not matter". Most of the news media examples of the impact of collected data usage is where someone was suspected of wrong doing. What mom and pop need to hear is the long term impact it may have on them.

Another angle may be the financial side, comparing ones 'data' to the mineral rights under their property. Most understand not to give this away, if they own it.

So what you're saying is "Privacy is dead ? get over it!"?

And the consequences have been? For most of human history "privacy" has been a privilege reserved for the well-off as most people lived in crowded group settings. Since the 1950's aren't coming back you can either retard productivity gains and go back to living in a small apartment with 15 people spanning 3 generations or just deal with the fact that Google knows what p0rn people like.

@Smee Jenkins

The real question becomes, will using anti-tracking tools like ghostery or TOR let you become a Stainless Steel Rat (nod to the fiction of Harry Harrison) and drop beneath such notice, or will it flag your presence, making you shine like a beacon, or perhaps substitute "terrorist" for "beacon". Or will it just flag you as "One of those tin-foil hatters." Getting tagged as a "harmless ignorable nut-job" might suffice.

No, not at all.

But what experts see and understand is may not be what mom and pop see or interpret. Mom and pop can happily give up privacy if they see value (i.e. auto insurance add on electronics to track their car and driving habits, or a 10% off retail coupon). Their view can be, good for me, bad for the criminals.

My point is the media discussion needs to address the mom and pop level, so they better understand the long term cumulative effect it may have on them (i.e. health insurance may be denied or rates increased based on collected data internet data).

I'm wondering if there is at least a small partial solution in gaming the system somehow. Is there a way a contingent of savvy programmers could come up with a bevvy of solutions to introduce large quantities of false data into a lot of systems making the data less and less valuable.

Just a thought.

P2P development nullifies this spying thats why the Silk Rd is still around. Patreus used bad tradecraft, and Sabu screwed up more than just once by the time he logged into IRC in the clear agents were already sitting on his place. People had figured out his FB profile weeks before.

It seems easier than ever to me for a criminal to hide from tracking/feds if they use good opsec. You used to have to be a fairly decent hacker to not get traced, now any idiot can use Tor and as long as they practice good opsec nobody is gonna find you. Lots of other hackers in that Snitchbu IRC channel that werent caught.

Its also easier to create phony identities online and trick the spies sent after you with a deep layer of fake social media accounts. Some of the hackers did this and when Lulzsec was busted and it worked, nobody has yet found them.

Tax reports, credit reports, license plate scanners, highway toll passes, airline tickets, passports and Onstar GPS, store discount cards and the vehicle data collected when you have your oil changed.

Hell, just looking at seller / buyer feedback on eBay will tell you a great deal.

A poit that seams lost on many people,

TOR is at best content secure whilst the content circulates within the TOR network.

If you are daft enough to think it offers anything more than that then you need to sit down and have a quite think about things such as Traffic Analysis and what bread crumbs you leave on the site you connect to from a TOR exit node.

Then there is the isssue of network pinch points, that is you might thing the TOR nodes you are using are in many countries or juresdictions But... The real problem is that places like Australia act as pinch points where your TOR traffic passes through on both the inbound and outbound leg to a node. But the chances are it also has both legs for all TOR nodes in the global region.

Untill people understand that TOR has serious issues with network topology, the lack of deliberate stor-n-forward latency and the lack of channel stuffing dummy traffic then they have little hope of understanding just how easily traffiic annalysiis etc can be used against them.

Covert communications that are traffic analysis proof are quiite difficult to set up and securely maintain. The military gave up on this a long time ago and went for overt communications links that use end to end encryption as well as link encryption with channel sstuffing with dummy traffic and quite deliberate latency with nodes with human operators doing store-n-forward activities.

As they say,

"You pays your money and you makes your choice"

Me I know when I'm best keeping my money in my pocket...

@ Bruce,

This is what a surveillance state looks like and it's efficient beyond the wildest dreams of George Orwell.

It may well be "efficient" beyond Orwell's technical foresight, but it is in keeping with his general vision.

However it certainly is well beyond the wildest dreams of various dictators such as Stalin and many others.

Back around the time of 9/11 I noted that general or populous wide surveillance historicaly had shown a different behaviour in closed and open societies.

In closed societies it naturaly ramped up on a curve similar to that of the voltage on a charging capacitor, and aproached but never quite reached a level where the cost became prohibitive. The starting point was usually around the time that a single person ammased enough political power to make it feasible.

However in an open society whilst targeted surveillance for political and criminal reasons were rife general surveillance was not. It usually took a significant change such as "going to war" to start it. However once started it usually followed a sawtooth type behaviour, that is it ramped up under political imperitive and sank back as the prohibitive costs effected the economy and other political priorities.

What I also noted at the time was that the prohibitive cost was changing due to the rapidly depreciating cost of technology and that it was since the mid 1990's possible for commercial organisations such as marketing companies to actually store sufficient information to make it worthwhile to do so on individuals.

The important point is that the depreciating cost due to the rapid reduction in technology prices has in effect removed the "prohibitive cost" ceiling on general surveillance. And also opened "revenue generating" oportunities, not just for private companies but Governments as well. In effect it has alowed Governments to start moving from a tax only revenue model to a tax and fines revenue model.

Importantly I expect this new "fines" revenue model to increase rapidly due to the fact that the depreciating cost of technology has alowed many large organisations to virtualise themselves off shore and thus significantly if not totaly removing their tax liability and thus unprofitable payments.

Great article, but it sounds like you've thrown in the towel. There's a lot that people can do to protect their personal privacy: (1) use a privacy enhancing proxy chain with both squid and privoxy, and send all your traffic through that. Squid denies access to a bunch of http headers and Privoxy does a great job blocking all ads as well as forges HTTP_REFERER [sic] and the User Agent; (2) jailbreak all your iOS devices and install the Cydia tools Firewall iP that controls all outgoing traffic (just like OS X's Little Snitch) and allows you to block in-app ads as well as turn off in-app spyware if you take the trouble to figure out where all those connections are going; (3) install Mobile Tor, which runs a Tor+Polipo proxy chain on the iPhone/iPad?you just proxy everything through 127.0.0.1:8118, and you have Tor on iOS; (4) install OpenVPN on your mobile devices and host your own private VPN server to use whenever you're off the LAN.

The EFF has a useful little service called the SSL Observatory to study internet certificates. It would be great to have a EFF service "Tracker Observatory" that helps identify which apps are communicating with which IPs using which protocol -- this information could then be used to selectively block undesired activities on mobile devices.

I have tentatively concluded there is no point in pursuing privacy; on the theory that it is a battle already lost.

Instead, I think the fight we should be pursuing now is our rights to benefit from the data that is being collected. So I would recommend we pursue these steps: (1) Make recording mandatory; (2) make access to personal data mandatory for the person and also via legal process.

I'll get to those steps in more detail, but first I would note that these are intended to address asymmetries in access. Take a call from almost any company nowadays and you often hear, "Your call may be recorded for..." Weasel words aside, that means they are recording your call; if you don't believe it, just try to deny you bought something for $1000 (they'll produce the recording in court). But let's say the phone rep decides to pad his bottom line by pushing $2000 in add-ons you didn't approve. You sue to get that refunded and guess what? Magically, that recording doesn't exist; isn't that odd? That is an asymmetry: A recording that exists to protect the company, but "magically" disappears when I need it for my protection.

So that is what the two steps that follow do: They enforce symmetric access. Since I have lost my privacy to their recordings, I should be able to benefit from those recordings every bit as much as they do.

Step 1 relates to denial: Right now, the NSA and others record the data, but deny they are doing any such thing. So we make it mandatory that they record; and back that up with automatic penalties if they deny having a recording (if they don't have the recording, they are not doing their mandated duty). It's not just government either; as I noted in "asymmetries" above, companies also can deny. So, mandate recording; so they (government, company) can't deny having what the law requires them to have.

Step 2 relates to access: Since you have your microscope on my life and are recording everything I do, I should be entitled to benefit from that recording just as much as you. If it is about me personally, it should be automatically accessible on request; it should be illegal for company or government to deny me access. Fees and "red tape" should be very sharply restricted: with cost of storage in the tenths of millicents per kilobyte, computer processor time approximately the same, and the bandwidth that exists today, there should be no grounds for punitive restrictions to my access to my data. (If it's about someone else, then it should be accessible by legal process; I have to get a judge to sign off.)

As I noted at the start, I think the privacy battle is lost. Let's get on with the next battle, which we might be able to win: Symmetric access.

I don't know if I want to give up my private nerdy Bruce for the CNN rockstar Bruce.

Just one word of advice: DO NOT DATE TAYLOR SWIFT.

Great essay, btw.

There have been lots of people fighting, but it's been like standing in front of the tanks in Tiananmen Square. Surveillance, like the rest of the internet, routes around points of failure.

@lorenzo: "How about making everything public - including data about government officers and corporations - by law?"

+1 ! That would make many types of fraud impossible (food industry, ...)

The situation is not so hopeless. You need to have faith that people simply do not like their lives exposed. Like anything else, this will be cyclical. Currently, hardly anyone is even aware that all of these privacy-invading practices are occurring behind the scenes. Better to work with politicians, etc, than to feel helpless.

Whenever I tell people about the new global spy regime they dont care "go ahead and track me I have nothing to hide" then they beg me to help them with all the targeted email and sms spam, phonecalls and mailings they dont want. A few them got fired too for some minor facebook mistake and now they realize what a problem it is

Don't forget that health insurnace and medical providers are now "big data" companies. I remember my mum taking me to the docotor, wiriting a check and expecting that the records would stay in their office.

By contrast, I received a prescription inhaler when I had a cold last year. About a week later, I started getting mail from my insurer asking me to enroll in a program to "better manage my asthma."

Employer-provided wellness plans are also another service where you are the product. Some of them would probably be profitable to run without collecting any fees, just reselling the data.

I'm not sure if it's more disturbing for a data aggregate to know what type of porn you watch, or how frequently you urinate.

Arclight

The availability of information traditionally considered private finds a loose parallel with satellite imagery, communication networks, and other public infrastructure and information that might help the bad guys. In that case, the answer was to make sure such availability helps the good guys more.

It'd be puerile to equate protection of privacy with counterterrorism, but it feels like they have similar themes regarding the asymmetry of information. Schneier has admonished us for years not to consider secrecy, or obscurity, as synonymous with security. Is it worth supposing that secrecy may also not be quite the same thing as privacy?

The phone customer in Coyne Tibbet's example has lost the secrecy of his or her purchase, and with it what has traditionally called privacy. But Coyne's proposal of symmetric access reduces the power that the company holds over this individual. That might cushion the blow a bit, because the main threat posed by the non-public phone recording is the power imbalance it creates.

More generally, we're going to need a more detailed characterization of what privacy means. It's a picture that might vary widely from one person to another. Furthermore, privacy is one of those things that also helps the bad guys. Still, we might together come up with a model of privacy that captures its important essence in the language of threats that can be addressed with security philosophy.

For example, I value my privacy for at least the following reasons: I don't want to be bothered in a personal way by people or marketing entities I don't know; I don't want to be at a disadvantage during a job interview or other business deal due to details I justifiably deem irrelevant; I would like the option of compartmentalizing my life so that one pursuit can be experienced independently of the others. That's just off the top of my head.

Secrecy would achieve these ends, if it could be kept up. But we've gotten to a point where the simple living of a life, like the normal operation of a security mechanism, "leaks" information about its internal operation to the outside world, so that obscurity can't be trusted to provide any appreciable defense. Maybe, just maybe, ubiquitous surveillance that has been coerced into a symmetric publically-available form by suitable activism might provide a means to achieve the same privacy-related needs as secrecy once did. Maybe it's a mutually-assured-exposure kind of thing, or maybe it's something new and altogether more nuanced. Maybe it isn't privacy that's being eroded, but only the ability of secrecy to achieve it. Sure, it feels like a retreat, but I'll bet that's how it feels when a less savvy security vendor is asked to use a published algorithm. One day we might reminisce about the days when we all used to advocate "privacy by obscurity".

And then I can quit avoiding Facebook and gain the benefits of using that platform.

> "Whenever I tell people about the new global spy regime they dont care 'go ahead and track me I have nothing to hide'"

Meet the men who spy on women through their webcams

One poster said he had already archived 200GB of webcam material from his slaves. "Mostly I pick up the best bits (funny parts, the 'good' [sexual] stuff) and categorize them (name, address, passwords etc.), just for funsake," ? As another poster put it in a thread called ? ShowCase ? Girl Slaves On Your RAT, "We are all going to hell for this..." But he followed it with a smiley face. ? Even when their activities trip a victim's webcam light and the unsettled victim reaches forward to put a piece of tape over the webcam, the basic attitude is humorous?Ha! You got us! On to the next slave! And there are plenty of slaves.

@Mike B

"...for most of human history..."

The flaw in this argument is that for most of human history individual identity was not as tightly separated from communal identity, and most communities were only up to about 300 people (i.e. enough that you personally knew everyone who knew or might know your secrets).

In modern society the people that know your secrets are watching "communities" of millions, and are completely separated from personal interaction with the majority of them.

Bruce, I believe you've disagreed about this before, but, if privacy is no more, might it be time to think about transparency (as some comments above seem to suggest)?

Chuck Norris' regeneration into Private James Frazer is proceeding as planned.

I'm sure you would feel much better if you had a shave Bruce.

Ok I give up. My real name is Funsuk Wangdu...

BTW what's up with Bruce, sounds very downbeat lately...

I did look for a good VPN provider a while back but couldn't find one I would consider more trustworthy than my ISP...

Society took a big wrong turn when we allowed surveillance as a business model in the first place.

There is a peculiar weirdness in US culture where an assumption seems to prevail that it must be OK if it is only done for profit.

Yet, it is really obvious that Governments will want, be inspired by and ultimately force access to anything private entities collect.

Somehow this just skipped off the public's consciousness. Only in the US could this blase attitude and crazy situation gotten such a strong foot hold.

How on earth could surveillance as a business model not end in a world of pain for many?

It is also an economic disaster, as it legitimises man in the middle attacks on large amounts of culture itself. Once you can target the individual, then what need have they for culture?

It used to be that advertisers had to help fund culture as they had the audience, so needed to cooperate. Now they can monetise sharing without regards to creators, nor the quality of content (click harvesting, headline gaming, simple memes is enough). Giving advertisers an audience of one is a disaster for any culture business, especially quality journalism.

I really don't understand why the media didn't oppose targeted advertising right from early on? They surely must have known individual targeting would be a disaster for anything but the lowest quality content.

What options might we have to combat this? One idea comes to my mind: deliberately poisoning the well and then hoping that you yourself get lost in the flood of data. Is this very feasible? And how would one go about poisoning the well of data in the corpus at these various organizations that love to Big Brother us for fun and profit?

Yes, but they are not very good at it. I have seen some profiles of myself on internet sites that show snippets of a profile of you when you put in your name and hometown in Google. My name is a fairly common one, but I am alleged to have relatives that I have never heard of (my cousin recently published a book that traced my surname going back to the mid 1700s and I'm about 100% sure of who my relatives are, as well as the names of the people who I have lived with for all of my adult life. These online profiles indicate that there are 20 or so individuals who I am supposedly associated with or have been associated with who I have never met and know I will never meet. I have never ordered the profile that one pays money to obtain because I am certain that the profile would be as corrupt as the small amount of information that is shown about me online.

I once was a law clerk for a lawyer who became the President of the Trial Lawyers Association of America (before they changed their name). Suppose I find out that some of these people named as having lived in a household with me are criminals. Would I have a case for libel and/or slander?

One problem with the security state is that it is no better than the people who run it., And from what I have seen, many of those companies must be grossly incompetent and negligent in their data collection methods. Can I expect the state to do a better job of data collection than these private companies?

Coyne Tibbets' comment could work and seems worthy of further exploration. The best way to fight fascists has always been to give them exactly what they are asking for.

I'll bet that if companies were forced to collect and save all that data, AND be ready at any time to answer any individual's request for that data, with the threat of jail hanging over each company's board and C-suite, then there would be a big change in how corporations would treat the data they are collecting.

So the fight now isn't about privacy. As others have said, it's about controlling your personal data.

@ Big Brother,

I really don't understand why the media didn't oppose targeted advertising right from early on They surely must have known individual targeting would be a disaster for anything but the lowest quality content

The answer to this is complex but can be explained more simply explained by examining the personalities involved.

The problem arises with Rupert Murdoch his out of date understanding of the way the news world now works and his not so bright children and the fact that News International share holders were happy to keep their eyes of the ball and just let the Murdochs dribble as they saw fit...

If you go back a little while in time you will see that the Murdoch's tried to jump on the Internet bandwaggon with the view that they could Buy In success and treat it just like they had their more traditional and antique media outlets and business models.

Needless to say this has proved to be an unprofitable way of proceading.

The Murdoch's appear to have belived that rather than the marketers providing personalised advertising they would act as a conduit where NI in effect owned the content consumers and acted as the gateway to them and NI would do the personalisation as a significantly payed for service to the marketers....

In other words it was just a rehash of the "walled garden" idea that had failed by the mid 90's. And the Murdoch's rather than wake up and smell the coffee persisted in sniffing the poppy smoke of their self enforced "perfumed garden" prison.

Rupert decided that as the rats were leaving the overly expensive garden NI had purchased, they would have to be herded back into another garden. Sadly for NI this idea turned out to be yet another ship destined for a watery grave. Basicaly Rupert assumed people could be fleaced ttwice, once for accessing his news services via pay walls and secondly by the targetted marketing idea.

Needless to say with fairly powerfull free search engines any news that NI journos wrote up would in all likelyhood be available from another news media outlet without paywalls (unless the journos had sole access to a source without the source being aware ie as in the News of The World and other titles using payed "private eyes" that used unethical or illegal methods such as phone hacking to access source information).

So the Murdoch solution was to have an arrangement with a major search engine service. And as expected this suffered from the same old revers midas touch that the Murdochs appeared to be having with the Internet.

Oh the latest wheeze is for NI to supply schools with free learning pads that in effect are tied into Murdoch services. Only time will tell if this turns out to be another monument to the internet success that so alludes the Murdochs or actually makes a profit.

I'm glad this essay was posted; I wanted to respond since reading it on cnn.com.

While I agree with most of the points, I'm not sure why the essay focuses on "the Internet" or why this was posed as a new phenomenon. Brick-and-mortar companies have been doing this kind of tracking for years. If anything the Internet has made this kind of tracking more transparent than before.

When I worked at Time Inc. several years ago, one of the biggest print innovations was the ability to target magazine editions down to a ZIP+4 level. In other words, it was possible to create custom magazines for a single street. The magazines delivered to households were correlated with demographic data collected via any number of methods, buying trends from credit cards, and viewing behaviors from television. This would allow advertisers to precisely target their goods towards a specific household or group of households.

Similarly, other brick-and-mortar groups have created similar profiles of consumers. As others have reported, the "discount card" trend at supermarkets and drug stores have less to do with customer loyalty and more to do with tracking consumer spending and buying habits. When combines with the use of a credit card, it becomes trivial to correlate personal information with those buying trends.

Credit card purchase information is readily available from credit card companies. Your television viewing information is readily available from cable providers. Your travel information may be sold by airlines and hotels. Restaurants will track your favorite foods and will makes notes on your behavior. There is nothing stopping brick-and-mortar companies from using image recognition to pick out your face in a crowd or to identify your license plate in a parking lot. [Interestingly, while video rental information is protected by federal law; c.f. [http://en.wikipedia.org/wiki/Video_Privacy_Protection_Act . Yet there is no similar protection for tracking other goods and services.]

The vast majority of purchases occur offline; the majority of my life occurs offline. Yet it feels like modern privacy advocates are more concerned about online tracking than the ubiquitous and unpublished surveillance of our daily lives and habits.

[These comments are mine; I do not speak for my employer.]

"This isn't something the free market can fix. We consumers have no choice in the matter."

Consumers do have a choice if this feature is so important to them. And there is no reason to think that corporations wouldn't provide them as part of competitive process (we have more privacy than Google, see DuckDuckGo).


"where the government accesses it at will without a warrant."

To me this is the part that is worrying, because individuals cannot opt-out.
I can choose not to use Google or be tracked by Google by using a browser plugin to block any site which has a beacon, social tracker or ad from Google.
Also, government has the unique ability to correlate information across companies.

Finally, you still need to explain what harm Google can do with the information, and what happens to Google if they did abuse it (PR hit, lost market share, lawsuit if breached privacy policy).
Contrast that with the harm government can do with this information, and the consequences there.
Then you may reconsider your suggestion that "fixing this requires strong government will".

The problem with encryption is that a) it does make you stand out and b) in some countries it's a crime to not reveal the decryption key.

Data transmission is cheap.

So the solution is to just slosh around random data. Flood the system with noise. Make it useless. Regularly email completely random data to complete strangers. Sounds like spam, but that's how surveillance will be defeated.

That it provides a back-channel is just a bonus - well-encrypted data is indistinguishable from random data, and through a side channel one can pass a key (eg. a card with two hexadecimal numbers on it passed off in a park. Those two numbers are the first four bytes of the two "random" messages to be XORed together to get the "real" message...)

J.

"This isn't something the free market can fix."

There is an oversimplification here loses some important details. The reason a free market can operate against privacy is that In a free market, a business that has more ways of turning a profit on the same interaction (e.g. gathering and selling or otherwise profiting from personal information revealed by normal transactions), will out-compete a business that doesn't, so in the absence of legal restrictions, we can expect a loss of privacy in many cases.

However, if a business can charge enough extra for a 'privacy-enhanced' service to cover what they'd be getting from data resale, etc., then the free market can offer alternatives. We actually see this in action, where hotels that host illicit activity don't ask for ID and deal in cash (probably charging more than an equivalent room would cost in a regular hotel), and black and gray markets both offer anonymous and untraceable transactions for a substantial mark-up.

The problems with offering privacy enhancements in a mainstream, legal market are that 1) there has to be a market for marginally improved privacy at the price it would actually cost, 2) the marginal improvements have to be trustworthy enough that people will pay money for them, and 3) the means of improving privacy and demonstrating trustworthiness have to be legal.

All three of those conditions tend to have problems, both direct and indirect. Added to these are the tendencies for customers to resent being charged extra for privacy (people who want it think pricing shouldn't reflect it), and for society to stigmatize people who want it enough to pay for it.

I had the same idea that Zombie John posted. Flood the 'system' with so much useless, nay, worse than useless data that it's not worth doing anymore.

This even gives you plausible deniability: "I wasn't checking out pr0nham$terzzmakemetingle.com, it was my browser's privacy obfuscation plug-in-matic!"

I feel fortunate in the few ways in which I am a little less 'on the radar.'

1 - No longer receiving salary - credit report fading away
2 - Living mostly outside of the U.S.
3 - Pre-paid anonymous SIM cards in foreign countries - both cell and data
4 - Regularly changing street and IP addresses

None of that is done with an intention to maintain privacy, it's just a byproduct of living cheaply overseas. If someone is proceeding from "Where is Glenn right now?" then they will find me. I'm not hiding. If someone is proceeding from "Who is this accessing such-and-such site?" then I'm not so easy to find.

And since I file taxes and follow most rules and generally keep my nose clean I don't anticipate problems. I do, however, worry sometimes when I become interested in a cause. I generally support much of what Anonymous does, and Adbusters, OWS, and the rights of indigenous peoples (think Zapatistas). And I frequent Greenwald and Schneier articles...hmmm

A quick point to @stvs - while there are lots of technical means to increase privacy, almost all are beyond the grasp of the masses. There will always be a select few that know how to be incognito, but simply pointing at techie tools misses @Bruce's point.

@Glenn

The problem with an Internet Surveillance State (should I say Information Surveillance State?) isn't that they can find specific persons, it's they can track anyone all the time.
The disturbing part is that somewhere, some computer has already correlated your location, tax filings, IP addresses and online behavior.
Btw. that anonymous pre-paid SIM card isn't going to be anonymous if you the data can be linked to your profile. Apparently, if you connect even once to a monitored IRQ chatroom your busted. ;)

A while ago I watched an interview with the producer of the TV show Person of Interest (think Echelon++), who said that the premise of the show was interesting to explore, but quickly added that in reality technology hasn't progressed far that far. Really made me laugh. Granted, fully working AI systems like in POI or Eagle Eye (movie) are unlikely to exist, but the surveillance, storage and analysis systems have existed for years, if not decades.

The biggest problem is web browsers. The security landscape of "the web" (browsers) is insane, and leaking privacy is not the only thing they do.

Get rid of third-party "inline" content, form submissions, and cross-site scripting and 50% of the privacy issues disappear overnight - the other 50% are manageable.

@ pfogg,

Added to these are the tendencies for customers to resent being charged extra for privacy (people who want it think pricing shouldn't reflect it), and for society to stigmatize people who want it enough to pay for it.

I think you are not quite expressing this in the way quite a few people view it. That is they object to having to pay to stop being abused.

That is they view the "privacy charge" as equivalent to an extorted "protection payment" for which there is anti racketering legislation in many jurisdictions.

The real issue that needs to be fixed (and it won't due to lobbying) is who owns Person Identifing Information (PII).

In the US the law is such that the effect is "who ever collects it own's it" (unless there is a pre-agreed contract in place). In most other parts of the world it is a lot less clear cut, in that the legislation either does not exist or offeres only weak protectiion and remedies (see EU legislation and contrast it with member countries legislation).

Another issue is what is PII in it's various forms. Technicaly in most countries you don"t actually own your own name, and you almost certainly don"t own the address of where you live, though you are often given the historic courtesy of being able to name the building (but not in all cases).

In the UK this has led to what appears to be quite ludicrous court decisions where people have "modified" their given name to track down who is selling their name/address for the purposes of advertising. Apparently the reason being is there is a legal requirment to correctly register your name at an address for the purposes of voting, and this then becomes a matter of the public record via the "electoral role" which is maintained for open public use. Which has unfortunatly allowed Credit Checking and other similar organisations to amass these public records and sell them for a profit.

The only way I can see to put the privacy genie back in the bottle is for legislation to remove any potential profit in maintaining databases of PII and imposing heavy fines on those that do and misuse the data. The reason for not making such lists illegal is of course employment records, club membership lists, university and other education roles, etc. etc. are required.

In theory (only) we have such protections in the UK but they don't work because of the 'monopoly supplier' issue.

Take Transport for London (TfL) and it's Oyster Card system. In theory it's a non mandatory system, that is you don't have to have a card therefore don't have to comply with their draconian terms and conditions (set up by the "control freak" Ken Livingston), but that's not the way it works in practice.

Getting around London by any other means than public transport has penalties. Even walking means you are under constant surveillance, riding a pushbike of your own has all sorts of issues to do with a lack of secure storage. And just about anything with a motor in it has to be licenced and thus carries a licence plate and has to be registered with TfL for the purposes of the Congestion Charge (even if the vehicle is exempt) and parking is highly restricted especialy in Westminster.

Thus as an adult even if you are disabled you are in effect forced onto public transport in London and thus fall under the surveillance web that is the Oyster Card system (yes you can pay cash but they are shutting down ticket offices and the machines when functioning are programed to not offer the full range of fares etc, so the cost quickly becomes prohibitive to all but a few and the inconveniance immense).

But if you are young it is even more draconian and as a result has become subject to abusive and legaly questionable mission creep.

Basicaly TfL insist on all people under 11years old must be accompanied by an adult (this is legaly questionable as legal responsability starts at age 10). If over 11years old but not an adult (ie 18 or over) they insist on proof of age with photo identification even if the non adult has a method of paying for the transport.

Worse the Met Police have free and easy access to the Oyster card Data Base (which is realy questionable). The result is "mission creep" in that in many areas of London it is now in effect de jure for non adults to carry their non adult Oyster card with photo and all their other details. This is to avoid being given a very hard time by Met Police officers if stoped as often happens in these areas. The result is some Met Police officers regard the non carrying of what is in effect a back door Identity Card by non adults as an indicator that the person is upto no good and thus subject them to unwarranted attention, detention and in some cases abuse of their rights (ie being questioned without a non police adult present).

Basicaly all aggregations of PII will become targets for direct profit or indirect profit via "efficiency savings". As I noted above such DBs are a gold mine for Gov's as they are forced to move from a tax revenue system to a fine based revenue system due to the tax base losses technology has given to major (now) "international" companies that have virtulised their structure into one or more "tax efficient" schemes run from various tax havens etc.

Bruce,

Do you think that our web histories internal to the United States are being tracked as well? It seems to be the elephant in the room that I've yet to hear be done (outside of the auto opt-in for Verizon wireless customers).

There seems to be room for Bitmessage:

https://bitmessage.org/wiki/Main_Page

Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs.

Excellent article, forwarded, but:

1. Sabu was caught despite using Tor, etc. Sabu was a highly wanted criminal who made a lot of enemies. He was caught because there were dedicated people even in his own circle who wanted to catch him. These people were willing to do the footwork because they were against him, but even moreso, because they were literally threatened by him.

I do find the Sabu story suspicious, in general. For instance, with the Stratfor hack, he was under surveillance already. Why did the FBI let him give those orders to continue it?

2. Patreus' affair was caught because he was the director of the CIA. That is how the FBI could justify resources used in the investigation. They thought he was a target. Turned out, he was just having an affair.

3. The Chinese hackers were targets, like Sabu, of a massive manhunt. They were serially hacking major corporations and government. The people who found them knew they would have a huge reward awaiting for them in terms - at least - of business prestige.

They were involved in mass hacking, and were sloppy. If there were more people tracking them down who could speak mandarin, they likely could have been caught earlier. Probably, a lot more is known about these groups by governments and contractors which is not exposed to the public because it is in the realm of counterintelligence.

I am not saying that people should not f33r for their privacy. And there are many disturbing trends out there. But, note, I am also critical of the counterterrorism TSA moves. Overreaction to a singular event, where Bruce well points out more people die in car crashes every month. (What about 2 plus million people in jail, the drug war, and so on?)

I see a lot of "well you should not say you have nothing to hide". This is true. Extortionists are bad people. The FBI used extortion for many years through surveillance.

Patreus probably considered his affair no big deal. I think it was no big deal. Sabu and the Chinese hackers though were different animals. They were crazy and wild and socialized a lot. I am surprised the FBI has not caught more of that sort.

Probably, they have.

Sabu and the Chinese hackers captures, assuming all is on the up and up there I think are positives for people.

But there is an overall picture of a surveillance society which is true. So, there is a need for data retention laws and a continual watch and fight against the powers of policing agencies to surveil in non-important cases.

Currently, the governments of the world seem caught up on "catching the bad guy" and throwing a very wide net to do so.

That will not end well for those nations. It is a bad expenditure and a bad investment. There are real problems the world faces.

Governments have a tendency to overfocus on how much power they can have, and I think that when they get a sure power outlet like with surveillance powers they end up trapping themselves.

Those sorts of systems do fall and will fall by their own efforts. Hitler went too far, Pol Pot went too far, Hoover went too far, and so on.

There is a strong weakness of surveillance: the audience is guilty and without a voice. They are the listeners to the players. Like a television audience to a television show. It is the actors who have the real power. If they learn how to use it.

Consider the double X program and similar ones for proof of that concept.

@Grey, while there are lots of technical means to increase privacy, almost all are beyond the grasp of the masses. There will always be a select few that know how to be incognito, but simply pointing at techie tools misses @Bruce's point

Perhaps, but I disagree with Bruce's point that the law is the solution to these privacy problems. The benefits are too large, the technology is too powerful, and the temptation is too strong to have any reasonable expectation that private industry or Congress will ever recognize digital privacy.

It's up to you. If existing tools are too techie for the masses, then the masses can pay for privacy-as-a-service if it's is important enough to them.

I'd also say (assuming that I understand his argument correctly) that Bruce's reliance on the law to protect privacy implicit in this essay is not consistent with his recent essay When Technology Overtakes Security, in which he argues that the law is oftentimes powerless in the face of asymmetrically empowering technologies. Digital security is in many instances equivalent to digital privacy, and attackers in either domain need not be be hindered by law.

Coyne Tibbets - Allot of what you describe is already law in Europe under the Data Protection Directive and local legislation like the UK's Data Protection Act. It does not mandate recording but does guarantee data subject's rights to review, access and correction on data stored on them. We also have some legislation working its way through (EU Data Retention Directive is an example) trying to force ISPs to store the data you are talking about. We are fairly close to your somewhat dystopian future. I do agree that it is better than the current abuses we see of the asymmetry you described. It is a far from ideal solution though.

Instead of evading the tracking, how about overloading the trackers instead? I wish there was something similar to a screensaver that could run in the background when my PC is idle and do random searches and browsing.

@AC
Do you think that our web histories internal to the United States are being tracked as well?

(I assume you mean, "by government.") The assumption I have been using is, that if it is feasible to record it, it is being recorded. That's a pretty broad assumption.

Take phone calls: It's hard to find a statistic, but let's assume 750 billion minutes annually (based on 2x or so of the 315 billion minutes figure for 2010 hard lines). Assume a secret form of live voice compression at 2000 bits/second (phoneme encoding could be done ca. 1980 at 150 bits/second so that seems reasonable). 750 G x 60 sec x 2000 = 10,050 terabytes per year. Retail storage is available for around $1/GB, yielding a bottom line of $25 million/year or so, including a complete double set for backup. Could the NSA afford that (and keep it forever)?

Well, "Duh!"

William Binny talked about how the NSA had the problem of analyzing 20 TB/minute--10 million TB/year-- of data. Just what do you think that data contains?

So, assume they are recording all calls: Given NSA proclivities, assuming anything else doesn't make sense.

...which brings us back to your question about web history. Much less to record than voice...do you still doubt the answer is, "Yes"?

@Finlay Macrae
It [...] does guarantee data subject's rights to review, access and correction on data stored on them.

And that's great, assuming those recording acknowledge the recording exists. Here in the states, it is SOP to deny the recording even exists, if you're not willing to allow "review, access and correction."

They'll look you right in the eye--look a judge right in the eye--and say, "Nope, we don't record that."

This is almost always revealed in the asymmetries: The company that always has the recording when it benefits the company and never when it benefits the customer; the police who never loose the interrogation room tape when it contains evidence against the suspect, but somehow always lose it when accused of using a rubber hose on the subject; the company that denies recording that you bought X, even as you get buried in advertisements saying, "Because you bought X, you might be interested in Y"; and etc.

Possibly the environments are different between US and EU. But here, we need the mandate to eliminate denial and the asymmetries that result.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

?

Source: http://www.schneier.com/blog/archives/2013/03/our_internet_su.html

ohio state vs kansas daniel von bargen the beach blood diamond 8 bit google maps kids choice awards 2012 micah true

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.