Nothing is private on the internet. Most of us understand this idea intellectually. We realize that we are being surveilled at some level, but most of us do not grasp the depth and breadth of that surveillance and what exactly it is used for and the implications. Bruce Schneier does and lays it out very clearly in his book Data and Goliath.
This book is a must read for everyone regardless of your online presence or level of concern about security and privacy. It affects us all. As Bruce lays out, the surveillance goes far beyond simply our Google search history and Facebook posts. It touches all of us regardless of whether we use social media or even browse the internet. He uses many chilling examples pulled from real life headlines to make his point.
How did we get here?
Mass Surveillance has really grown in the past decade due to the confluence of 4 factors:
- The IOT revolution, the ubiquity of smartphones, the rate with which people post private information on social media, and the low cost of storage has greatly increased the amount of data available.
- This massive amount of data has provided lot’s of new training data to fuel advances in machine learning technology. This machine learning combined with all the available data makes it very easy to correlate data from unrelated sources.
- Corporations have quickly realized the value of becoming information brokers and have been sold on the value of highly targeted advertising. Data has become a highly sought-after commodity and a competitive advantage.
- Governments have seized on the opportunity provided by all of this data to solidify their power. They often use the guise of national security to justify their actions.
The Irony of Mass Surveillance
The irony is that mass surveillance is that is counterproductive. As I wrote this section, I realized I am not quite doing it justice. You really need to read the book to see just how counterproductive all this mass surveillance is, but I will try.
In terms of governments mining data for national security reasons, searching for terrorists is like searching for a needle in a haystack.Using mass surveillance is like throwing more hay on the stack. The terrorists they are trying to catch are generally planning unique attacks and are actively trying to avoid detection, which makes them very hard to find. In addition, any analysis is plagued with false positives, which just causes more problems and diverts resources.
When it comes to corporate Mass Surveillance, corporations are finding that highly targeted advertising can be creepy and turn customers off. There’s also a potential cost in terms of safeguarding all that data. At the moment, there aren’t any meaningful consequences, but GDPR may change that.
What to do about Mass Surveillance
The first thing to note is that Bruce is not advocating for zero surveillance. He does acknowledge that there is a time and place for highly targetted (and regulated) government surveillance for national security and police purposes. He generally takes a pretty pragmatic approach. Giving your GPS data to Google for example is what makes Google maps possible. So sometimes giving up some privacy is advantageous. The issue is what else is that data used for? How is it stored? etc. Bruce outlines several proposals for governments, corporations, and individuals on how to deal all of this.
We have some serious decisions to make. Bruce outlines a couple of principles that we should keep in mind as we are making those decisions. I’ll leave you with those. If you want more you will have to read the book.
- Security AND Privacy
- Security OVER Surveillance
- Oversight AND Accountability
- Resilient Design
- One World, One Network, One Answer