One of the hardy perennial issues that comes up in discussions of our ever more wired (and wireless) lives is personal privacy. Technology in general has invalidated some traditional assumptions about privacy. For example, at the time the US Constitution was being written, I doubt that anyone worried much about the possibility of having a private conversation. All anyone had to do, in an age before electronic eavesdropping, parabolic microphones, and the like, was to go indoors and shut the door, or walk to the center of a large open space. It might be somewhat more difficult to conceal the fact that some conversation took place, but it was relatively easy to ensure that the actual words spoken were private.
Similarly, before the advent of computer data bases, getting together a comprehensive set of information about an individual took a good deal of work. Even records that were legally public (e.g., wills, land records) took some effort to obtain, since they existed only on paper, probably moldering away in some obscure courthouse annex. Even if you collected a bunch of this data, putting it all together was a job in itself.
People whose attitudes date back to those days often say something like, “I have nothing to hide; why should I care?” They are often surprised at the amount of personal information that can be assembled via technical means. The development of the Internet and network connectivity in general has made it easy to access enormous amounts of data, and to categorize and correlate it automatically. Even supposedly “anonymized” data is not all that secure.
Bruce Schneier, security guru and author of several excellent books on security (including Applied Cryptography, Secrets and Lies, Beyond Fear, and his latest book, Liars and Outliers), as well as the Schneier on Security blog, has posted an excellent, thought provoking article on “Our Internet Surveillance State”. He begins the article, which appeared originally on the CNN site, with “three data points”: the identification of some Chinese military hackers, the identification (and subsequent arrest) of Hector Monsegur. a leader of the LulzSec hacker movement, and the disclosure of the affair between Paula Broadwell and former CIA Director Gen. David Petraeus. All three of these incidents were the direct result of Internet surveillance.
Schneier’s basic thesis is that we have arrived at a situation where Internet-based surveillance is nearly ubiquitous and almost impossible to evade.
This is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it’s efficient beyond the wildest dreams of George Orwell.
Many people are aware that their Internet activity can be tracked by using browser cookies, and I’ve written about the possibility of identifying individuals by the characteristics of their Web browser. And many sites that people routinely visit have links, not always obvious, to other sites. Those Facebook “Like” buttons that you see everywhere load data and scripts from Facebook’s servers, and provide a mechanism to track you — you don’t even need to click on the button. There are many methods by which you can be watched, and it is practically impossible to avoid them all, all of the time.
If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, and you’ve permanently attached your name to whatever anonymous service you’re using. Monsegur slipped up once, and the FBI got him. If the director of the CIA can’t maintain his privacy on the Internet, we’ve got no hope.
As Schneier also points out, this is not a problem that is likely to be solved by market forces. None of the collectors and users of surveillance data has any incentive, economic or otherwise, to change things.
Governments are happy to use the data corporations collect — occasionally demanding that they collect more and save it longer — to spy on us. And corporations are happy to buy data from governments.
Although there are some organizations, such as the Electronic Privacy Information Center [EPIC] and the Electronic Frontier Foundation [EFF], that try to increase awareness of privacy issues, there is no well-organized constituency for privacy. The result of all this, as Schneier says, is an Internet without privacy.