Excerpt: "While the leaks of Edward Snowden have shed light on the National Security Agency's surveillance practices, less attention has been paid to other forms of everyday surveillance - license plate readers, facial recognition software, GPS tracking, cellphone metadata and data mining."
The Hidden Battle to Collect Your Data and Control Your World
By Amy Goodman and Bruce Schneier, Democracy Now!
14 March 15
Data and Goliath: Bruce Schneier on the Hidden Battles to Collect Your Data and Control Your World
eading security and privacy researcher Bruce Schneier talks about about the golden age of surveillance and his new book, "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World." The book chronicles how governments and corporation have built an unprecedented surveillance state. While the leaks of Edward Snowden have shed light on the National Security Agency’s surveillance practices, less attention has been paid to other forms of everyday surveillance — license plate readers, facial recognition software, GPS tracking, cellphone metadata and data mining.
Image Credit: United States Department of Defense
Transcript
This is a rush transcript. Copy may not be in its final form.
JUAN GONZÁLEZ: We turn now to look at what our next guest calls the "golden age of surveillance." The leading security and privacy researcher Bruce Schneier is out with a new book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. The book chronicles how governments and corporations have build an unprecedented surveillance state. While the leaks of Edward Snowden have shed light on the National Security Agency’s surveillance practices, less attention has been paid to other forms of everyday surveillance—license plate readers, facial recognition software, GPS tracking, cellphone metadata and data mining.
AMY GOODMAN: Just this week, The Intercept revealed CIA researchers have been working for nearly a decade to crack the security of Apple’s iPhones and iPads. Documents from Edward Snowden show the researchers claim to have created a modified version of Apple software development tool Xcode, allowing them to sneak surveillance backdoors into apps and programs.
Well, Bruce Schneier, author of Data and Goliath, joins us now from Minneapolis.
Bruce, it’s great to have you back with Democracy Now! Can you start off by talking about this latest revelation having to do with Apple iPhones and iPads?
BRUCE SCHNEIER: It’s not really new. We know that the NSA, now the CIA, have been working to find backdoors in the computers we use every day, in Windows, in Macintosh. This isn’t the first backdoor we’ve seen in iOS and iPhones. This looks pretty sophisticated, but this is pretty much what we should expect from the United States and other countries and criminal organizations, as well. There’s a lot of people trying to get backdoors into the devices we use.
JUAN GONZÁLEZ: What about this problem, in terms especially of commercial or corporate surveillance, that the public are willingly giving up their data in exchange for some kind of reduced price or more efficiency in their ability to communicate, this apparent willingness on our part to give away this trove of information about ourselves?
BRUCE SCHNEIER: I mean, we give it away all the time, right? Our cellphones know exactly where we are at all times; otherwise, they can’t work. And think of Facebook or email or paying with credit cards, or anything we do that generates data, we give to third parties. I mean, we do it willingly. I’m not sure we do it with full knowledge. You know, we don’t pick up our phones and say, "This is my tracking device. I’m going to carry it in my pocket." We just do that because that’s how the systems work. So when people are asked, do they value privacy, they say, yes, uniformly. And I think people really don’t think fully about what they’re giving up when they go onto Facebook or use Gmail or do any of these services where data is collected.
AMY GOODMAN: You write that "The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we’re offered." Explain.
BRUCE SCHNEIER: Well, this is what we see. Companies are using surveillance for persuasion, for advertising. And it’s sliced very finely personally. The ads you see aren’t going to be the ads someone else sees, based on your interests, but also based on what the companies believe is your income level, how good a customer you are. You’re going to see different search results than somebody else. So, depending on your political persuasion, you’ll see different advertisements. You’ll see different offers. So you might get a different credit card offer than someone else. And that might be based on your income, on proxies for your minority status. We see a lot of this very personalized advertising designed to influence you and you alone.
JUAN GONZÁLEZ: And how do you respond to those, especially in government, who say that this surveillance is needed to be able to combat modern crimes, terrorism? For instance, all of Lower Manhattan right now is—basically, there are surveillance cameras that capture every single license plate coming into Lower Manhattan for the New York Police Department.
BRUCE SCHNEIER: There are license plate scanners all over the country. It’s surprising how much of that is captured, not just in New York. But there are companies collecting license plates, looking for cars for repossession, sharing it with the government, with Homeland Security. You know, we hear a lot about this is necessary for security. All the evidence shows it’s not. I mean, there isn’t a huge crime wave of unsolved crimes because of no surveillance. And there aren’t a lot of crimes being solved by this surveillance. Crimes are solved by following the leads. That’s how terrorism plots are foiled. Whenever we ask the government, ask the police or the NSA to show how this surveillance is necessary, they can never come up with good examples. Occasionally they come up with examples that don’t pass scrutiny. But this really does seem to be we’re collecting it because we can, not because we need to.
AMY GOODMAN: Can you compare government surveillance with corporate surveillance?
BRUCE SCHNEIER: You know, they’re very similar. And I look at it as a partnership, the public-private surveillance partnership. One is caused by fear, right? We fear criminals, we fear terrorists. That’s government surveillance. The other, as you said, it’s convenience. We like the iPhone. We like this free services we get. They both collect data, very intimate data—where we live, where we work, what we’re interested in, what we’re saying, who we’re speaking to, who we’re intimate with. And they share it back and forth. Data that’s illegal for the government to collect, they purchase from corporations. Corporations purchase data from the government. It goes into databases in the United States. It’s bought and sold. And profiles are generated. And those profiles are used, in both cases, to pigeonhole us, to make decisions about us, maybe whether we can get a mortgage, maybe whether we can board an airplane, maybe what sort of credit card offer we see. They’re all used to judge us. And in all cases, we don’t have the ability to look at the data, to correct the data, to see why we’re being judged and how we’re being judged. We’re being judged in secret.
JUAN GONZÁLEZ: Well, last month at a New America Foundation event on cybersecurity, you questioned NSA Director Mike Rogers on the security of U.S. encryption programs. Let’s go to that clip.
BRUCE SCHNEIER: My question is also about encryption. It’s a perception and a reality question. We’re now living in a world where everybody attacks everybody else’s systems. We attack—we attack systems. China attacks systems. And I’m having trouble with companies not wanting to use U.S. encryption because of the fear that NSA, FBI, different types of legal—legal and surreptitious access is making us less likely to use those products. What can we do, what can the intelligence community do, to convince people that U.S. products are secure, that you’re not stealing every single key that you can?
MICHAEL ROGERS: Right, right. So, first of all, we don’t. Number two, my point would be, that’s the benefit, to me, of that legal framework approach, that, hey, look, we have specific measures of control that are put in place to forestall that ability. Because I think it’s a very valid concern to say, "Hey, look, are we losing U.S. market segment here?" You know, what’s the economic impact of this? I certainly acknowledge that it’s a valid concern. I just think, between the combination of technology, legality and policy, we can get to a better place than we are now, realizing that we are not in a great place right now.
JUAN GONZÁLEZ: What about that response of the NSA director, Mike Rogers?
BRUCE SCHNEIER: Yeah, I think he’s being disingenuous, that he’s saying that some rule of law will convince people the NSA isn’t collecting data. But the rule of law says, outside U.S. borders, it’s a free-for-all. He can collect anything he wants. He’s gone into the links between Google data centers and scarfed up everything. And the problem we have is that foreign companies, foreign buyers, aren’t trusting U.S. products because of the backdoors he is putting in them. And my question was: How can we fix that? And his answer didn’t answer that. Rule of law, you know, doesn’t give people from other countries assurance that we’re not spying on their stuff.
JUAN GONZÁLEZ: I wanted to ask you about one of the startling analogies you make near the end of your book between what’s happening in this information age and the early Industrial Revolution. You made an analogy with climate change. You wrote, "Data is the pollution problem of the information age, and protecting privacy is the environmental challenge. Almost all computers produce personal information. It stays around, festering. How we deal with it—how we contain it and how we dispose of it—is central to the health of our information economy." You go on to say, "Just as we look back today at the early decades of the industrial age and wonder how our ancestors could have ignored pollution in their rush to build an industrial world, our grandchildren will look back at us during these early decades of the information age and judge us on how we addressed the challenge of data collection and misuse." Could you expand on that?
BRUCE SCHNEIER: Yeah, I think it’s an important analogy. We’re sitting here discussing the data we produce, the data our computers produce, what happens to it, who has access to it, how we recycle it, how we dispose of it. These are really important problems, and they’re not things we’re going to solve overnight. And my fear, in that paragraph you read, is that it’s going to take a couple of generations to figure it out, that here we are, producing this data—this big data land grab, to access it all, to analyze it all, to use it all, is not being buffered by a sense of privacy, of the personal nature of it. And I was, I guess, issuing a warning, that maybe we could do better, that maybe we could think ahead as to the problems and really consider where data should be used, where it should be disposed, how personal it is, and how you can’t just give it to third parties for free, that there is a fundamental rights issue here.
AMY GOODMAN: So, governments tell us, "If you have nothing to hide, you have nothing to fear." Why should you be concerned about government surveillance, Bruce?
BRUCE SCHNEIER: Well, I mean, that’s ridiculous on the face of it. Those same government officials who say that don’t tell you all of their secrets, give you copies of all of their emails and correspondence. Privacy is not about something to hide. Privacy isn’t something that you only have if you’re a criminal. Privacy is about individual autonomy. It’s about presenting yourself to the world. It’s about being in charge of what you say about yourself and what you reveal about yourself. When we’re private, we have control of our person. When we’re exposed, when we’re surveilled, we’re stripped of that control, we’re stripped of that freedom. We don’t feel secure. We don’t feel like we have something to hide. We feel like we’re under the microscope. We feel like prey. Privacy is a fundamental human need, and it’s not about something to hide. I think that’s a very wrong characterization, and we should fight it at every opportunity.
JUAN GONZÁLEZ: But what can people do? What are the options for those who don’t want to go with the tide?
BRUCE SCHNEIER: Yeah, this is very difficult. I mean, I can tell you things like don’t carry a cellphone and don’t use email, don’t be on Facebook. In a lot of ways, that’s ridiculous advice. Those are the tools of society, and we need them to be fully functioning members of society. At this point, the problems are political and social, and we need political change. What people should do now is observe surveillance and talk about surveillance. This needs to be an issue in the next election. This needs to be an issue people care about it. And the more we talk about it and make it an issue, the more we’ll get change. Right? Admiral Rogers is not going to do anything unless he’s required by law. And we need laws to protect us against government surveillance and against corporate surveillance.
AMY GOODMAN: The L.A. review of—the L.A. Times review of your book says that you were given access to the Edward Snowden documents. You have a special position to explain complicated, highly secret surveillance programs to the American public. What should we know? What should we be aware of?
BRUCE SCHNEIER: The documents in the stories are really explaining themselves, that the NSA is collecting everything, everything they can, under a variety of laws that have been bent beyond their intention. Data is being collected on non-Americans and Americans. It’s being saved and stored and used. And we don’t know a lot of the details. This is being done in highly secretive situations. There are secret courts passing secret rules that affect companies and us, and we don’t get to know about them. I mean, what Snowden showed us is that this is all happening by the U.S. What we need to understand is that this is not just the U.S. China, Russia, other countries are doing the same things. And we need to look at this and decide what we want. The NSA is filling a vacuum by collecting everything. We need to step in and put rules in place.
AMY GOODMAN: And what most surprised you? You’ve been looking at this for decades, Bruce Schneier. What most surprised you in your research for Data and Goliath?
BRUCE SCHNEIER: You know, the most surprising thing about the NSA surveillance is how little is surprising about NSA surveillance. There was nothing in there that said the NSA is made of magic. There’s nothing in there that, if you watched a movie where the villain was the NSA, they didn’t do. It’s pretty much what you expected. But seeing it in stark reality is surprising, seeing the details of NSA programs, of FBI collection programs, of these license plate capture programs, or what the data brokers know. The sheer detail, I think, is surprising, because while we recognize this data is being collected, we often don’t understand the analysis. And that, I think, surprises most people. That surprised me.
AMY GOODMAN: Do you think political liberty and justice are threatened?
BRUCE SCHNEIER: I think they are. I think we’re living in a world where we are being judged by our data, we’re being judged in secret, where there are effectively secret courts. I mean, if you can’t fly an airplane, you can’t figure out why you can’t or how to redress that. If you’re denied for a mortgage, or possibly a job, it could be because of this data. And you can’t face your accuser and try to protect yourself. These are extraordinary times, and I think the threats are great, because algorithms are making decisions, not people, and that’s very dangerous.
AMY GOODMAN: Well, Bruce Schneier, we’re going to continue our conversation outside of this broadcast and post it online at democracynow.org, particularly how people can protect themselves. Bruce Schneier is a security technologist. His latest book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He’s a fellow at Harvard’s Berkman Center for Internet and Society.
Part 2 of our discussion with Bruce Schneier about about the golden age of surveillance and his new book, "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World."
AMY GOODMAN: This is Democracy Now!, democracynow.org, The War and Peace Report. I’m Amy Goodman, with Juan González. Our guest is Bruce Schneier. He is a leading security technologist. He has a new book out, has just hit number six on the New York Times best-seller list; it’s called Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He’s a fellow at Harvard’s Berkman Center for Internet and Society.
You’re sitting in Minneapolis, Bruce. We’re in New York. So, the way it works in an insert studio is you’re sitting in front of a very large camera, and you’re staring into the lens. That’s really interesting, because at least you know you’re being recorded right now. Can you take us through a day of an everyday person and talk about how, from the minute we wake up and before to the end, our lives are being documented?
BRUCE SCHNEIER: You know, I’ll probably miss some things. There are so many. When we wake up, we probably pick up our smartphone. But that smartphone knows where we are; otherwise, it couldn’t ring. Actually, that smartphone is a tracking device. It will track us throughout our day. It will know where we live, where we work, where we go. That phone will know who we talk to, either whether it’s calls or text messages. It’s also a computer. That computer is going track us, if we use the Internet.
There are lots and lots of web devices that are tracking us as we go about our day, what we read, what sites we visit, what we’re interested in. Google tracks us. Facebook tracks us. All those things track us. If we go out into our car, there are computers there that are tracking what we’re doing. Sometimes they’re connected to the manufacturer; sometimes they’re not. If we make payments, we use a credit card that records what we’re purchasing, who we are. All of the things we do involve computers. Think of the cameras. There might be thousands of security cameras we walk by. There are cameras collecting our license plate and putting that into a database. There are cameras collecting our face.
The way to think of it is, computers produce data, and every time we interact with a computer, data about that transaction is produced. That’s surveillance data about us. That data is increasingly saved, increasingly stored. And as we go about our day, we interact with thousands of computers. And that’s all surveillance data.
JUAN GONZÁLEZ: Well, in our earlier segment, you were talking about that it’s now more of a political and social problem in terms of being able to protect privacy. What are the kinds of—if you were to say the most important kind of law that would need to be passed to be able to get back some of our individual autonomy, what would that be?
BRUCE SCHNEIER: Yeah, it’s never one thing. The problem with privacy in data is there’s so many interconnected things. So we need protection for data collection, data use, data storage, data transfer—you know, buying and selling—and then data deletion. That’s the chain of our data, and we need protections in every place. So it’s not a matter of saying, "We’ll let them collect it, and we’ll regulate use," because now what happens, you know, we saw, past year or so, all these great data breaches—Target Corporation, Home Depot, Anthem Health. All right, this is our data being stored by somebody else that’s stolen by criminals. So we need protections against collection. We need protections against use. And we need proof that we can look at our data, correct it if it’s wrong. It’s a whole slew of things that have to work together—you know, and technologies and laws. This is not a simple problem with a simple solution. Unfortunately, it makes it harder.
JUAN GONZÁLEZ: Well, there was a recent article, I think in The New York Times, about school systems now confronting the fact that as they are bringing in more private companies to provide online education and sources into their school systems, sometimes individual teachers are given the opportunity to bring in a particular software company and use it in their class, that these companies now are basically shredding the privacy rights of students, because they’re collecting data on how students are progressing, individual students on particular subject matter, and they now have a trove of data that they in turn can sell, but there’s basically very little protection of student rights now in this new information age.
BRUCE SCHNEIER: Yeah, there is some. There’s protections of students for their schools collecting data. It doesn’t really transfer well to third parties. That’s an enormous difference. And the student data collection isn’t different than the collection of you or I. If we go to a medical site, there are going to be advertisers watching what we look at. We’re going to have ads following us. And yes, that happens in the classroom, too. If you think about it, when we were students, we read our textbooks in book form. Now students are reading textbooks online. They’re reading them on their iPads. And the owner of those textbooks, the websites, know exactly what students are reading, how fast they’re reading, what they’re going back and re-reading, how they’re studying. This is powerful information, but it’s incredibly intimate. Right? Amazon knows that about the books you read. You know, if you download Fifty Shades of Grey, Amazon’s going to know which parts you read and re-read.
AMY GOODMAN: Bruce, can you talk about the whole controversy around Hillary Clinton’s email and put it into the context, the lens through which you see it, right? Her email, she did not use the State Department email system, that had actually a law just been passed. She would be the first secretary of state to have used it, but she didn’t. Now John Kerry is the first. The front page of The New York Times today is about New York state, and it says that Governor Cuomo had—has put into place a policy of automatically deleting state workers’ emails after 90 days, and now this is being stopped, because there’s been an uprising around this. But talk about what you found interesting about the controversy around her keeping it on her own email address with a server based at her home in Chappaqua, New York.
BRUCE SCHNEIER: So, I have two main things that interest me. The first one is I have a lot of sympathy for her, that government email systems tend to be antiquated, hard to use, and I know when I go into companies, I want to use my own email system. I have my system. I know it works. I don’t want to use the corporate email system because it’s annoying. And it’s just like anybody within a company: They want to get something done, they jump on Gmail, because it’s easy, because it works, because it bypasses sort of all of the problems in the institutions. And I don’t know if that’s what she’s thinking, but that’s what I would be thinking when I came in.
Second thing I’m interested in is: Who’s controlling the email? In the beginning, there was a little tension between Clinton and Obama. And possibly, Hillary Clinton recognized that she might not have friends in IT, and she wanted more control of her email. And again I have sympathy with that. On the other hand, government email is government records, and that needs to be preserved, and that needs to be collected by government, by the National Archives, for the people. And I want to make sure that happens, and I want to make sure her email is not deleted. So those are my two thoughts. I have sympathy for her position, because I also want control over my system, and I have a lot of sympathy for the position of, you know, "That’s government property. You shouldn’t be taking it home."
AMY GOODMAN: I mean, that’s the—I mean, the fact of the matter is she is not Hillary Clinton, she’s the secretary of state. So, for all time, she will decide what record of history we have.
BRUCE SCHNEIER: Right, and that shouldn’t be. Right? It should be that history should be the raw data. We save it in—you know, maybe in—we protect it for 50, 100 years, and then it becomes history and all exposed. And I think we’re seeing that problem everywhere. It’s not just Hillary Clinton. It’s history in general. Right? Is everything going to be saved? What’s going to be deleted? What data will be preserved in old formats? And I do worry about history and data and whether history can read our stuff, whether we’re going to delete stuff, whether we’re going to save stuff, whether we’re going to save too much. I mean, there’s emails of mine I don’t think history needs, and I’m happy to delete. All that surveillance data I’m not sure is valuable. But, yes, when you are secretary of state, when you are the president, when you are a government official, the data you produce has value to the country and needs to be preserved. We need to make sure that happens, that government officials can’t scrub their record in an effort to decide how they are viewed by history.
JUAN GONZÁLEZ: And what—and this decision of Governor Cuomo to institute a 90-day deletion process whereby every employee would decide affirmatively which emails to preserve beyond a 90-day period?
BRUCE SCHNEIER: I mean, I don’t like that. But think of what’s going on here. Email is weird. It’s not correspondence, which we would obviously save. And it’s not conversation, which we would obviously delete. It’s somewhere in the middle. And I have had conversations on email that don’t deserve saving. And I’ve had official correspondence on email that I do need to save. And if you think about some of the big court cases that have involved emails, it’s very easy to pull a sentence here, a sentence there, out of context and make the emails say whatever you want. That’s because we can be very, very informal on email. We can just chat on email in a way that we don’t believe is preserved, is archival. So email occupies that middle ground. And you could easily see deciding either way, that it counts as correspondence or doesn’t count, it’s just conversation.
AMY GOODMAN: Bruce, can you talk about data being bought and sold?
BRUCE SCHNEIER: Well, in the United States, there’s not a lot of protection for our data, that data generated by us, collected by third parties. So, your cellphone company collects data of everybody you call, when you call. Your credit card company knows when you make purchases, where and how much. Google knows what you search on. All that data is collected by third parties, and those parties basically own that data. They have the right to buy it, to sell it, to use it however they like.
I don’t know if you remember, last year, Uber, the taxi company, used the data they had of people’s rides to figure out who’s going—who’s using Uber to go and have sex. They looked for rides happening in the evening to a place and rides happening the next morning away from that place. Right? They had searched their database for that. And they produced aggregate statistics of that—what cities were good for it, what neighborhoods, what days of the week. They thought it was all in good fun. They didn’t expose personal information. But they had that. They had the list of people who were using Uber in that way. They, if they wanted to—
AMY GOODMAN: Wait, how did know what places where they were going?
BRUCE SCHNEIER: —could sell it.
AMY GOODMAN: What places were they going?
BRUCE SCHNEIER: Uber collects the route. When you get a receipt from Uber, it includes a map of the route you took. So it knows exactly where you started and where you ended. It’s not like a taxi ride that happens when you pay cash. The data is there. The surveillance data is there.
AMY GOODMAN: So could that, for example—could that data be subpoenaed in a case, in a court case?
BRUCE SCHNEIER: The data could be subpoenaed. Uber could publish it because it was fun. Uber could decide, "We’re going to release the names of these people." There’s nothing stopping them except that it would be really creepy, and they would probably get a lot of bad press for it. But legally, they have no obligations to keep that secret. And that’s the point. This data is owned by those third parties, who can sell it at will. And if they want to sell a database of people who use Uber to have sex to some company that wants to market some sort of product, it is within their rights to do that.
AMY GOODMAN: So, if you could, once again, tell us the simple ways—you may consider them so simple, as a security technologist, you wouldn’t even raise them, but for everyday people, people have no way to know how to protect themselves—the simple, maybe, steps you take in a day to protect your privacy?
BRUCE SCHNEIER: I mean, the simple things tend to be around the edges. So there are programs to secure email, to secure chats. There are encryption programs for voice. There are ways to protect the things we say to each other. Using cash is a way to protect ourselves. The problem is that a lot of the data is collected—it’s metadata. It’s collected by the systems we use. So being careful what you say on Facebook, not using Google search, if you’re worried. There’s a search engine called DuckDuckGo that doesn’t track you.
But, by and large, we are tracked because of what we do in our day, and it’s very hard to opt out. Not having a credit card, not having an email address, not being on Facebook is really dumb advice to give people. So what I want people to do is to observe surveillance and talk about surveillance, to make this a political issue. This really isn’t something we can install some tech and opt out of. It’s not that easy. We really have to make it that lawmakers care that we care. And that’s difficult. I mean, that is the hard solution that’s going to be the good solution.
AMY GOODMAN: Bruce Schneier, thanks so much for being with us, security technologist, author of the new New York Times best-seller, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
verything you need to know about Israeli Prime Minister Benjamin Netanyahu’s address to Congress Tuesday was the presence in the visitor’s gallery of one man – Sheldon Adelson.
he same Senator 
t seems possible now that, at the moment, the administration doesn't have the votes in the Senate to give the president fast-track authority to approve the Trans-Pacific Partnership, the noxious turkey of a trade deal the supporters of which assure us will lead us to pie in the sky by and by when we die. (I'm sure the benefits of the TPP to average Americans will come rolling in just as soon as the benefits from NAFTA do.) The way you know that it's in trouble is that some 
