Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Surveillance is the Business Model of the Internet: Bruce Schneier

Internet Surveillance

Internet Surveillance

BOSTON – SOURCE CONFERENCE – Data is a natural consequence of computing, and as search tools get better, it shifts the balance of power towards mass collection and surveillance, renowned security expert Bruce Schneier said at the SOURCE Boston conference on Wednesday.

“Surveillance is the business model of the Internet,” Schneier told attendees. “We build systems that spy on people in exchange for services. Corporations call it marketing.”

The data economy—the growth of mass data collection and tracking—is changing how power is perceived, Schneier said in his keynote speech. The Internet and technology has changed the impact a group can have on others, where dissidents can use the Internet to amplify their voices and extend their reach. Governments already have a lot of power to begin with, so when they take advantage of technology, their power is magnified, he said.

“That’s how you get weird situations where Syrian dissidents use Facebook to organize, and the government uses Facebook to arrest its citizens,” Schneier said.

Over the past few years, it’s become easier and cheaper to store data and search for the necessary item rather than to sort and delete. Email is a very good example of this shift in behavior. This change, spurred by the popularity of mobile devices and the push to move more data and services to the cloud has also made it easier to track user behavior. When corporations track users for marketing purposes, it seems benign, but the same actions come across as sinister when it’s the government.

Data is a by-product of the information society and socialization, Schneier told attendees. It has become easier to do things online, and the very act of doing something using technology results in data. For example, he described how an IM conversation was data—for its content, but also by virtue of the fact that it happened. Details about when it happened, who the conversation was with, the geographic locations of the participants, and other such information is part of the conversation’s metadata.

“Metadata is us,” Schneier said, noting that the government claiming they are collecting “only” metadata downplays just how much insights can be gleaned from the information.

Metadata is far easier to store, search, and analyze, than actual content, and actually has far more value to an intelligence agency, Schneier said. Law enforcement tracking a terror network don’t necessarily need the actual conversations, but rather information about who is talking to who. “Metadata is fundamentally surveillance data,” he said.

Advertisement. Scroll to continue reading.

Data is currency, and consumers are willing to hand over their information in exchange for “free or convenience,” Schneier said. Companies such as Facebook and Google want the data so that they can sell more stuff. Users hand it over to play games, to get email, or some other benefit. “I like to think of this as a feudal model. At a most fundamental model, we are tenant farming for companies like Google. We are on their land producing data,” he said.

By handing the data over, users have an expectation of trust that Google, Facebook, and other data brokers will do the right thing with the personal data. However, this becomes a power play when governments get involved. Governments don’t need to collect the data themselves when corporations are already doing it.

“The NSA woke up and said ‘Corporations are spying on the Internet, let’s get ourselves a copy,’” Schneier said. Most NSA surveillance “piggybacks” what the companies are already doing, he said.

The government didn’t tell anyone they have to carry around a tracking device, but people now carry mobile devices. The government doesn’t require users to notify any agency about their relationships. Users will tell Facebook soon enough, Schneier noted. “Fundamentally, we have reached the golden age of surveillance because we are all being surveilled ubiquitously.”

Lowering the cost of technical surveillance also transforms the actual act of surveillance itself, Schneier said. It’s no longer just “follow the car,” but rather, “tell me everywhere the car has been for the past month,” Schneier noted. Surveilling a car in the past may have required five people, but technology means agents can track 3,000 cars without using any additional agents. Technology has changed the extents of what surveillance can do, and that can be worrisome.

When the government has power, there has to be a way to ensure responsibility, Schneier said.

The Industrial Revolution in the 19th Century largely ignored consequences for widespread adoption and rapid innovation such as pollution. Fast forward to the present day, and privacy and security are being ignored in a similar fashion in favor of rapid online innovation in the digital age, Schneier said.

“I think this is the issue by which we will be judged when our grandchildren read the history of the early days of the Internet,” Schneier said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.