http://edition.cnn.com/2013/03/16/opinion/schneier-internet-surveillance/
The Internet is a surveillance state
By Bruce Schneier, Special to CNN
March 16, 2013
Editor's note: Bruce Schneier is a security technologist and author of "Liars and Outliers: Enabling the Trust Society Needs to Survive."
(CNN) -- I'm going to start with three data points.
One: Some of the Chinese military hackers who were implicated in a broad set of attacks [1] against the U.S. government and corporations were identified because they accessed Facebook [2] from the same network infrastructure they used to carry out their attacks.
Two: Hector Monsegur, one of the leaders of the LulzSac hacker movement, was identified and arrested last year by the FBI. [3] Although he practiced good computer security and used an anonymous relay service to protect his identity, he slipped up. [4]
And three: Paula Broadwell, [5] who had an affair with CIA director David Petraeus, similarly took extensive precautions to hide her identity. She never logged in to her anonymous e-mail service from her home network. Instead, she used hotel and other public networks when she e-mailed him. The FBI correlated hotel registration data [6] from several different hotels -- and hers was the common name.
The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we're being tracked all the time. Google tracks us, both on its pages and on other pages it has access to. Facebook does the same; [7] it even tracks non-Facebook users. [8] Apple tracks us on our iPhones and iPads. One reporter used a tool called Collusion to track who was tracking him; 105 companies tracked his Internet use [9] during one 36-hour period.
Increasingly, what we do on the Internet is being combined with other data about us. Unmasking Broadwell's identity involved correlating her Internet activity with her hotel stays. Everything we do now involves computers, and computers produce data as a natural by-product. Everything is now being saved and correlated, and many big-data companies make money by building up intimate profiles [10] of our lives from a variety of sources.
Facebook, for example, correlates your online behavior with your purchasing habits offline. [11] And there's more. There's location data from your cell phone, there's a record of your movements from closed-circuit TVs.
This is ubiquitous surveillance: [12] All of us being watched, [13] all the time, and that data being stored forever. This is what a surveillance state looks like, and it's efficient beyond the wildest dreams of George Orwell.
Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.
There are simply too many ways to be tracked. The Internet, e-mail, cell phones, [14] web browsers, social networking sites, [15] search engines: these have become necessities, and it's fanciful to expect people to simply refuse to use them just because they don't like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don't spy.
This isn't something the free market can fix. We consumers have no choice in the matter. All the major companies that provide us with Internet services are interested in tracking us. Visit a website and it will almost certainly know who you are; [16] there are lots of ways to be tracked [17] without cookies. [18] Cellphone companies routinely undo [19] the web's privacy protection. One experiment at Carnegie Mellon [20] took real-time videos of students on campus and was able to identify one-third of them by comparing their photos with publicly available tagged Facebook photos.
Maintaining privacy on the Internet is nearly impossible. If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, and you've permanently attached your name to whatever anonymous service you're using. Monsegur slipped up once, and the FBI got him. If the director of the CIA can't maintain his privacy on the Internet, we've got no hope.
In today's world, governments and corporations are working together to keep things that way. Governments are happy to use the data corporations collect -- occasionally demanding that they collect more and save it longer -- to spy on us. And corporations are happy to buy data from governments. Together the powerful spy on the powerless, and they're not going to give up their positions of power, despite what the people want.
Fixing this requires strong government will, but they're just as punch-drunk on data as the corporations. Slap-on-the-wrist fines [21] notwithstanding, no one is agitating for better privacy laws.
So, we're done. Welcome to a world where Google knows exactly what sort of porn you all like, and more about your interests than your spouse does. Welcome to a world where your cell phone company knows exactly where you are all the time. Welcome to the end of private conversations, [22] because increasingly your conversations are conducted by e-mail, text, or social networking sites.
And welcome to a world where all of this, and everything else that you do or is done on a computer, is saved, correlated, studied, passed around from company to company without your knowledge or consent; and where the government accesses it at will without a warrant. [23]
Welcome to an Internet without privacy, [24] and we've ended up here with hardly a fight.
[1]
http://security.blogs.cnn.com/2013/02/19/report-chinese-military-engaged-in-extensive-cyber-espionage-campaign/
[2]
http://www.washingtonpost.com/blogs/worldviews/wp/2013/02/19/chinese-hackers-outed-themselves-by-logging-into-their-personal-facebook-accounts/
[3]
http://www.cnn.com/2012/03/06/us/new-york-hacker-arrests/index.html
[4]
http://arstechnica.com/tech-policy/2012/03/all-the-latest-on-the-unmasking-of-lulzsec-leader-sabu-arrests/
[5]
http://www.cnn.com/2012/11/10/politics/broadwell-profile/index.html
[6]
http://www.aclu.org/blog/technology-and-liberty-national-security/surveillance-and-security-lessons-petraeus-scandal
[7]
http://lifehacker.com/5843969/facebook-is-tracking-your-every-move-on-the-web-heres-how-to-stop-it
[8]
http://www.firstpost.com/tech/facebook-finally-admits-to-tracking-non-users-133684.html
[9]
http://www.theatlantic.com/technology/archive/2012/02/im-being-followed-how-google-151-and-104-other-companies-151-are-tracking-me-on-the-web/253758/
[10]
https://www.propublica.org/article/everything-we-know-about-what-data-brokers-know-about-you
[11]
http://adage.com/article/digital/facebook-partner-acxiom-epsilon-match-store-purchases-user-profiles/239967
[12]
http://www.schneier.com/essay-109.html
[13]
http://www.washingtonpost.com/wp-dyn/content/article/2007/01/15/AR2007011501304.html
[14]
http://www.propublica.org/article/how-many-millions-of-cellphone-are-police-watching
[15]
http://www.propublica.org/article/yes-companies-are-harvesting-and-selling-your-social-media-profiles
[16]
http://queue.acm.org/detail.cfm?id=2390758
[17]
http://news.cnet.com/8301-1009_3-20005185-83.html
[18]
http://panopticlick.eff.org/
[19]
http://www.schneier.com/blog/archives/2013/01/man-in-the-midd_6.html
[20]
http://www.heinz.cmu.edu/~acquisti/face-recognition-study-FAQ
[21]
http://www.nytimes.com/2013/03/13/technology/google-pays-fine-over-street-view-privacy-breach.html
[22]
http://www.schneier.com/blog/archives/2008/11/the_future_of_e.html
[23]
http://epic.org/privacy/nsl/
[24]
http://www.schneier.com/essay-114.html