governments and corporations have build an unprecedented surveillance state. While the leaks of Edward Snowden have shed light on the National Security Agency’s surveillance practices, less attention has been paid to other forms of everyday surveillance—license plate readers, facial recognition software, GPS tracking, cellphone metadata and data mining.
The Intercept revealed CIA researchers have been working for nearly a decade to crack the security of Apple’s iPhones and iPads. Documents from Edward Snowden show the researchers claim to have created a modified version of Apple software development tool Xcode, allowing them to sneak surveillance backdoors into apps and programs.
Bruce Schneier talking:
We know that the NSA, now the CIA, have been working to find backdoors in the computers we use every day, in Windows, in Macintosh. This isn’t the first backdoor we’ve seen in iOS and iPhones. This looks pretty sophisticated, but this is pretty much what we should expect from the United States and other countries and criminal organizations, as well. There’s a lot of people trying to get backdoors into the devices we use.
the public are willingly giving up their data in exchange for some kind of reduced price or more efficiency in their ability to communicate, this apparent willingness on our part to give away this trove of information about ourselves
we give it away all the time, right? Our cellphones know exactly where we are at all times; otherwise, they can’t work. And think of Facebook or email or paying with credit cards, or anything we do that generates data, we give to third parties. I mean, we do it willingly. I’m not sure we do it with full knowledge. You know, we don’t pick up our phones and say, “This is my tracking device. I’m going to carry it in my pocket.” We just do that because that’s how the systems work. So when people are asked, do they value privacy, they say, yes, uniformly. And I think people really don’t think fully about what they’re giving up when they go onto Facebook or use Gmail or do any of these services where data is collected.
The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we’re offered.
Companies are using surveillance for persuasion, for advertising. And it’s sliced very finely personally. The ads you see aren’t going to be the ads someone else sees, based on your interests, but also based on what the companies believe is your income level, how good a customer you are. You’re going to see different search results than somebody else. So, depending on your political persuasion, you’ll see different advertisements. You’ll see different offers. So you might get a different credit card offer than someone else. And that might be based on your income, on proxies for your minority status. We see a lot of this very personalized advertising designed to influence you and you alone.
Lower Manhattan there are surveillance cameras that capture every single license plate coming into Lower Manhattan for the New York Police Department.
There are license plate scanners all over the country. It’s surprising how much of that is captured, not just in New York. But there are companies collecting license plates, looking for cars for repossession, sharing it with the government, with Homeland Security. You know, we hear a lot about this is necessary for security. All the evidence shows it’s not. I mean, there isn’t a huge crime wave of unsolved crimes because of no surveillance. And there aren’t a lot of crimes being solved by this surveillance. Crimes are solved by following the leads. That’s how terrorism plots are foiled. Whenever we ask the government, ask the police or the NSA to show how this surveillance is necessary, they can never come up with good examples. Occasionally they come up with examples that don’t pass scrutiny. But this really does seem to be we’re collecting it because we can, not because we need to.
Government surveillance with corporate surveillance are very similar. And I look at it as a partnership, the public-private surveillance partnership. One is caused by fear, right? We fear criminals, we fear terrorists. That’s government surveillance. The other, as you said, it’s convenience. We like the iPhone. We like this free services we get. They both collect data, very intimate data—where we live, where we work, what we’re interested in, what we’re saying, who we’re speaking to, who we’re intimate with. And they share it back and forth. Data that’s illegal for the government to collect, they purchase from corporations. Corporations purchase data from the government. It goes into databases in the United States. It’s bought and sold. And profiles are generated. And those profiles are used, in both cases, to pigeonhole us, to make decisions about us, maybe whether we can get a mortgage, maybe whether we can board an airplane, maybe what sort of credit card offer we see. They’re all used to judge us. And in all cases, we don’t have the ability to look at the data, to correct the data, to see why we’re being judged and how we’re being judged. We’re being judged in secret.
the problem we have is that foreign companies, foreign buyers, aren’t trusting U.S. products because of the backdoors he is putting in them. And my question was: How can we fix that? And NSA director, Mike Rogers’s answer didn’t answer that. Rule of law, you know, doesn’t give people from other countries assurance that we’re not spying on their stuff.
what’s happening in this information age and the early Industrial Revolution. “Data is the pollution problem of the information age, and protecting privacy is the environmental challenge. Almost all computers produce personal information. It stays around, festering. How we deal with it—how we contain it and how we dispose of it—is central to the health of our information economy. Just as we look back today at the early decades of the industrial age and wonder how our ancestors could have ignored pollution in their rush to build an industrial world, our grandchildren will look back at us during these early decades of the information age and judge us on how we addressed the challenge of data collection and misuse.”
We’re sitting here discussing the data we produce, the data our computers produce, what happens to it, who has access to it, how we recycle it, how we dispose of it. These are really important problems, and they’re not things we’re going to solve overnight. And my fear, is that it’s going to take a couple of generations to figure it out, that here we are, producing this data—this big data land grab, to access it all, to analyze it all, to use it all, is not being buffered by a sense of privacy, of the personal nature of it. And I was, I guess, issuing a warning, that maybe we could do better, that maybe we could think ahead as to the problems and really consider where data should be used, where it should be disposed, how personal it is, and how you can’t just give it to third parties for free, that there is a fundamental rights issue here.
governments tell us, “If you have nothing to hide, you have nothing to fear.” that’s ridiculous on the face of it. Those same government officials who say that don’t tell you all of their secrets, give you copies of all of their emails and correspondence. Privacy is not about something to hide. Privacy isn’t something that you only have if you’re a criminal. Privacy is about individual autonomy. It’s about presenting yourself to the world. It’s about being in charge of what you say about yourself and what you reveal about yourself. When we’re private, we have control of our person. When we’re exposed, when we’re surveilled, we’re stripped of that control, we’re stripped of that freedom. We don’t feel secure. We don’t feel like we have something to hide. We feel like we’re under the microscope. We feel like prey. Privacy is a fundamental human need, and it’s not about something to hide. I think that’s a very wrong characterization, and we should fight it at every opportunity.
I can tell you things like don’t carry a cellphone and don’t use email, don’t be on Facebook. In a lot of ways, that’s ridiculous advice. Those are the tools of society, and we need them to be fully functioning members of society. At this point, the problems are political and social, and we need political change. What people should do now is observe surveillance and talk about surveillance. This needs to be an issue in the next election. This needs to be an issue people care about it. And the more we talk about it and make it an issue, the more we’ll get change. Right? Admiral Rogers is not going to do anything unless he’s required by law. And we need laws to protect us against government surveillance and against corporate surveillance.
Edward Snowden documents are really explaining themselves, that the NSA is collecting everything, everything they can, under a variety of laws that have been bent beyond their intention. Data is being collected on non-Americans and Americans. It’s being saved and stored and used. And we don’t know a lot of the details. This is being done in highly secretive situations. There are secret courts passing secret rules that affect companies and us, and we don’t get to know about them. I mean, what Snowden showed us is that this is all happening by the U.S. What we need to understand is that this is not just the U.S. China, Russia, other countries are doing the same things. And we need to look at this and decide what we want. The NSA is filling a vacuum by collecting everything. We need to step in and put rules in place.
the most surprising thing about the NSA surveillance is how little is surprising about NSA surveillance. There was nothing in there that said the NSA is made of magic. There’s nothing in there that, if you watched a movie where the villain was the NSA, they didn’t do. It’s pretty much what you expected. But seeing it in stark reality is surprising, seeing the details of NSA programs, of FBI collection programs, of these license plate capture programs, or what the data brokers know. The sheer detail, I think, is surprising, because while we recognize this data is being collected, we often don’t understand the analysis. And that, I think, surprises most people. That surprised me.
Our political liberty and justice are threatened. I think we’re living in a world where we are being judged by our data, we’re being judged in secret, where there are effectively secret courts. I mean, if you can’t fly an airplane, you can’t figure out why you can’t or how to redress that. If you’re denied for a mortgage, or possibly a job, it could be because of this data. And you can’t face your accuser and try to protect yourself. These are extraordinary times, and I think the threats are great, because algorithms are making decisions, not people, and that’s very dangerous.
..
When we wake up, we probably pick up our smartphone. But that smartphone knows where we are; otherwise, it couldn’t ring. Actually, that smartphone is a tracking device. It will track us throughout our day. It will know where we live, where we work, where we go. That phone will know who we talk to, either whether it’s calls or text messages. It’s also a computer. That computer is going track us, if we use the Internet.
There are lots and lots of web devices that are tracking us as we go about our day, what we read, what sites we visit, what we’re interested in. Google tracks us. Facebook tracks us. All those things track us. If we go out into our car, there are computers there that are tracking what we’re doing. Sometimes they’re connected to the manufacturer; sometimes they’re not. If we make payments, we use a credit card that records what we’re purchasing, who we are. All of the things we do involve computers. Think of the cameras. There might be thousands of security cameras we walk by. There are cameras collecting our license plate and putting that into a database. There are cameras collecting our face.
The way to think of it is, computers produce data, and every time we interact with a computer, data about that transaction is produced. That’s surveillance data about us. That data is increasingly saved, increasingly stored. And as we go about our day, we interact with thousands of computers. And that’s all surveillance data.
The problem with privacy in data is there’s so many interconnected things. So we need protection for data collection, data use, data storage, data transfer—you know, buying and selling—and then data deletion. That’s the chain of our data, and we need protections in every place. So it’s not a matter of saying, “We’ll let them collect it, and we’ll regulate use,” because now what happens, you know, we saw, past year or so, all these great data breaches—Target Corporation, Home Depot, Anthem Health. All right, this is our data being stored by somebody else that’s stolen by criminals. So we need protections against collection. We need protections against use. And we need proof that we can look at our data, correct it if it’s wrong. It’s a whole slew of things that have to work together—you know, and technologies and laws. This is not a simple problem with a simple solution. Unfortunately, it makes it harder.
in The New York Times, about school systems now confronting the fact that as they are bringing in more private companies to provide online education and sources into their school systems, sometimes individual teachers are given the opportunity to bring in a particular software company and use it in their class, that these companies now are basically shredding the privacy rights of students, because they’re collecting data on how students are progressing, individual students on particular subject matter, and they now have a trove of data that they in turn can sell.
There’s protections of students for their schools collecting data. It doesn’t really transfer well to third parties. That’s an enormous difference. And the student data collection isn’t different than the collection of you or I. If we go to a medical site, there are going to be advertisers watching what we look at. We’re going to have ads following us. And yes, that happens in the classroom, too. If you think about it, when we were students, we read our textbooks in book form. Now students are reading textbooks online. They’re reading them on their iPads. And the owner of those textbooks, the websites, know exactly what students are reading, how fast they’re reading, what they’re going back and re-reading, how they’re studying. This is powerful information, but it’s incredibly intimate. Right? Amazon knows that about the books you read. You know, if you download Fifty Shades of Grey, Amazon’s going to know which parts you read and re-read.
the whole controversy around Hillary Clinton’s email. Her email, she did not use the State Department email system, that had actually a law just been passed. She would be the first secretary of state to have used it, but she didn’t. Now John Kerry is the first. The front page of The New York Times today is about New York state, and it says that Governor Cuomo had—has put into place a policy of automatically deleting state workers’ emails after 90 days, and now this is being stopped, because there’s been an uprising around this.
I have two main things that interest me. The first one is I have a lot of sympathy for her, that government email systems tend to be antiquated, hard to use, and I know when I go into companies, I want to use my own email system. I have my system. I know it works. I don’t want to use the corporate email system because it’s annoying. And it’s just like anybody within a company: They want to get something done, they jump on Gmail, because it’s easy, because it works, because it bypasses sort of all of the problems in the institutions. And I don’t know if that’s what she’s thinking, but that’s what I would be thinking when I came in.
Second thing I’m interested in is: Who’s controlling the email? In the beginning, there was a little tension between Clinton and Obama. And possibly, Hillary Clinton recognized that she might not have friends in IT, and she wanted more control of her email. And again I have sympathy with that. On the other hand, government email is government records, and that needs to be preserved, and that needs to be collected by government, by the National Archives, for the people. And I want to make sure that happens, and I want to make sure her email is not deleted. So those are my two thoughts. I have sympathy for her position, because I also want control over my system, and I have a lot of sympathy for the position of, you know, “That’s government property. You shouldn’t be taking it home.”
It should be that history should be the raw data. We save it in—you know, maybe in—we protect it for 50, 100 years, and then it becomes history and all exposed. And I think we’re seeing that problem everywhere. It’s not just Hillary Clinton. It’s history in general. Right? Is everything going to be saved? What’s going to be deleted? What data will be preserved in old formats? And I do worry about history and data and whether history can read our stuff, whether we’re going to delete stuff, whether we’re going to save stuff, whether we’re going to save too much. I mean, there’s emails of mine I don’t think history needs, and I’m happy to delete. All that surveillance data I’m not sure is valuable. But, yes, when you are secretary of state, when you are the president, when you are a government official, the data you produce has value to the country and needs to be preserved. We need to make sure that happens, that government officials can’t scrub their record in an effort to decide how they are viewed by history.
Email is weird. It’s not correspondence, which we would obviously save. And it’s not conversation, which we would obviously delete. It’s somewhere in the middle. And I have had conversations on email that don’t deserve saving. And I’ve had official correspondence on email that I do need to save. And if you think about some of the big court cases that have involved emails, it’s very easy to pull a sentence here, a sentence there, out of context and make the emails say whatever you want. That’s because we can be very, very informal on email. We can just chat on email in a way that we don’t believe is preserved, is archival. So email occupies that middle ground. And you could easily see deciding either way, that it counts as correspondence or doesn’t count, it’s just conversation.
in the United States, there’s not a lot of protection for our data, that data generated by us, collected by third parties. So, your cellphone company collects data of everybody you call, when you call. Your credit card company knows when you make purchases, where and how much. Google knows what you search on. All that data is collected by third parties, and those parties basically own that data. They have the right to buy it, to sell it, to use it however they like.
last year, Uber, the taxi company, used the data they had of people’s rides to figure out who’s going—who’s using Uber to go and have sex. They looked for rides happening in the evening to a place and rides happening the next morning away from that place. Right? They had searched their database for that. And they produced aggregate statistics of that—what cities were good for it, what neighborhoods, what days of the week. They thought it was all in good fun. They didn’t expose personal information. But they had that. They had the list of people who were using Uber in that way. They, if they wanted to could sell it.
Uber collects the route. When you get a receipt from Uber, it includes a map of the route you took. So it knows exactly where you started and where you ended. It’s not like a taxi ride that happens when you pay cash. The data is there. The surveillance data is there.
The data could be subpoenaed. Uber could publish it because it was fun. Uber could decide, “We’re going to release the names of these people.” There’s nothing stopping them except that it would be really creepy, and they would probably get a lot of bad press for it. But legally, they have no obligations to keep that secret. And that’s the point. This data is owned by those third parties, who can sell it at will. And if they want to sell a database of people who use Uber to have sex to some company that wants to market some sort of product, it is within their rights to do that.
the simple things tend to be around the edges. So there are programs to secure email, to secure chats. There are encryption programs for voice. There are ways to protect the things we say to each other. Using cash is a way to protect ourselves. The problem is that a lot of the data is collected—it’s metadata. It’s collected by the systems we use. So being careful what you say on Facebook, not using Google search, if you’re worried. There’s a search engine called DuckDuckGo that doesn’t track you.
But, by and large, we are tracked because of what we do in our day, and it’s very hard to opt out. Not having a credit card, not having an email address, not being on Facebook is really dumb advice to give people. So what I want people to do is to observe surveillance and talk about surveillance, to make this a political issue. This really isn’t something we can install some tech and opt out of. It’s not that easy. We really have to make it that lawmakers care that we care. And that’s difficult. I mean, that is the hard solution that’s going to be the good solution.
— source democracynow.org
Bruce Schneier, security technologist and author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He is a fellow at Harvard’s Berkman Center for Internet and Society.