Your Data or Your Life
No matter what security hawks tell you, argues Bruce Schneier, they can’t protect you and their cures are worse than the disease.
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier (New York: W.W. Norton & Company, 2015), 400 pages.
Your data or your life.
Distilled to its essence, this is the argument of surveillance hawks who want U.S. law enforcement and intelligence agencies to retain their intrusive, unlawful, and unconstitutional surveillance apparatuses that were radically expanded after 9/11. Their message is as subtle as an ISIS snuff film and also about as simple, clear, and pernicious, as cybersecurity expert and cryptographer Bruce Schneier expertly documents in his comprehensive Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
“The government offers us this deal: if you let us have all of your data, we can protect you from crime and terrorism,” writes Schneier. “It’s a rip-off. It doesn’t work. And it overemphasizes group security at the expense of individual security.”
Throughout 200-plus pages, Schneier documents how the trade-offs we’ve made — often without informed consent — have created the “golden age of surveillance” we’re living in, as the technologies we all use and carry around reveal all there is to know about us, even what we’re thinking about. Acting as an invaluable guide to the digital (under)world, he masterfully explains in simple and clear prose how governments and corporations — often in cahoots — collect, store, and analyze our data to control and manipulate us, both as citizens and as consumers. He also, maybe more important, outlines how we can fight back, both individually and collectively, and wrest our privacy back from the powers that be.
The surveillance state couldn’t exist in the form it does today without corporate complicity. “Corporate surveillance and government surveillance aren’t separate,” says Schneier. “They’re intertwined; the two support each other. It’s a public-private surveillance partnership that spans the world.”
When whistleblower Edward Snowden disclosed the National Security Agency’s “collect-it-all” voracity to journalists Glenn Greenwald and Laura Poitras two years ago, the public began to learn how much the technology companies we increasingly rely on for modern life were in bed with the government — whether voluntarily or coercively.
Under Section 215 of the USA PATRIOT Act, the government compelled Verizon and other telecoms to give them calling records of their customers so that the NSA could build a giant database and then map personal networks in pursuit of terrorists. Under Section 702 of the FISA Amendments Act, the government requests data on certain foreign users from Internet service providers, such as Facebook and Google, as part of the PRISM program. It also uses the same provision to tap the Internet’s backbone, sifting through the contents of electronic communications to and from the United States looking for suspicious keywords relating to “foreign intelligence information,” which is far more expansive than counterterrorism and includes economic espionage.
(Full disclosure: I work for the ACLU, which has challenged the constitutionality of dragnet government surveillance conducted under Section 215 of the USA PATRIOT Act and Section 702 of the FISA Amendments Act, and which also represents Edward Snowden.)
While household names such as Google, Facebook, and Verizon comply with government surveillance requests, their hands are legally forced, even though they could put up a bigger fight, as Yahoo did back in 2008 in opposition to the PRISM program. Nevertheless, as Schneier observes, the reason government can twist their arms is that those companies also have the same big data appetite as the NSA.
While those companies certainly surveil their customers, their business models aren’t built around helping governments secretly upend privacy. But that is at least partly the corporatist business model of many others, whether they are defense firms, such as Booz Allen Hamilton (Snowden’s former employer); cyberweapons manufacturers, such as Gamma Group, which sell their capabilities to odious regimes to facilitate spying on targets’ computers and smartphones; or data aggregators, such as Acxiom, which collect public records and then sell them back to governments. Companies like those, and the list is by no means exhaustive, are the most shameless and unseemly corporatists of the corporate capitalist world, receiving taxpayers’ money to enrich themselves while purposively empowering the scariest aspects of the state.
Whether wittingly, unwittingly, or indifferently, companies facilitate government surveillance. “It’s less Big Brother, and more hundreds of tattletale little brothers,” writes Schneier. And things will only get worse as more and more mundane technologies — refrigerators, thermostats, lighting systems — get connected and collect all the digital detritus we leave behind. The Internet of Things is the surveillance of everything. Governments know that, and they will increasingly have more doors to come a-knocking on.
False choices
The effect of constant surveillance is fear and control. It’s a biological response. Many animals, mammals especially, don’t like being watched. “We consider it a physical threat, because animals in the natural world are surveilled by predators,” Schneier writes, summarizing the work of biologist Peter Watts. “Surveillance makes us feel like prey, just as it makes the surveillors act like predators.”
Outside the state of nature, mass, perpetual surveillance is an agent of social control. Its point is to impose the status quo and breed conformity. When there’s an ever-present watcher, or at least the threat of one as in philosopher Jeremy Betham’s panopticon, people will steer clear of unorthodox ideas or countercultural behaviors. Without privacy, freedom is constrained to the point of atrophy. Like a muscle, it needs to be flexed regularly, often in seclusion.
In fact, as Schneier convincingly argues, privacy combined with the government’s limited capabilities to identify lawbreakers is a social good that aids progress. “Think about it this way,” he writes. “Across the US, states are on the verge of reversing decades-old laws about homosexual relationships and marijuana use. If the old laws could have been perfectly enforced through surveillance, society would never have reached the point where the majority of citizens thought those things were okay.”
The trade-offs surveillance hawks argue we must make — freedom and privacy in favor of security — are false ones. Liberty, privacy, and security aren’t contradictory values that must be balanced; they’re reinforcing. This insight was enshrined in the Fourth Amendment’s “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” Yes, foreign threats such as terrorists are scary and dangerous, but they are no match for a government that doesn’t respect its citizens’ rights or recognize limits to its power.
Unfortunately, the United States has demonstrated how true that is. For more than a decade, the federal government secretly subverted the people’s security from government guaranteed by the Fourth Amendment through its mass surveillance programs, with very little to show for it. As Barack Obama’s own review group concluded, the NSA’s call records program, recently ruled illegal by a federal appeals court, didn’t thwart one terrorist attack. And by engaging in mass rather than targeted surveillance, Schneier argues, the NSA is only creating infinite haystacks to search through for the needles it seeks, which does make us less safe. The military intelligence community already has a name for this problem. Analysts call it “drinking from a fire hose.”
But it gets worse. The NSA’s desire for information was so insatiable that it undermined a global encryption standard and inserted security vulnerabilities, known as backdoors, into computer hardware and software so it could steal the data it wanted or watch over targets. It also hoards security vulnerabilities — known as “zero days” — that allow it to break into a system rather than reporting them to the vendor so they can be fixed. That is akin to the government’s knowing the flaws in a popular door lock but keeping it to itself, regardless of how many thieves benefit from it, just in case some time in the future it wants to break into some suspect’s home. “Its actions,” writes Schneier, “put surveillance ahead of security, and end up making all less secure.”
Even today the U.S. government continues to argue nonsensically that security is a threat to security. The FBI is currently pushing for legislation that would require tech companies to build surveillance capabilities into their networks and products, increasing the chances that hackers and foreign adversaries can exploit the same vulnerabilities. By making us less safe on purpose, the government undermines one of the most persuasive arguments for its very existence: providing for the security of its citizens.
Our data, our lives
There are no easy solutions to the predicament we find ourselves in because, as Schneier observes, “the surveillance society snuck up on us.” Monitoring and data collection are baked into the overwhelming majority of the technologies we use because storage is cheap and the information is valuable to advertisers and data aggregators, which enable government easy access to it, whether legally or surreptitiously.
Nevertheless, Schneier’s many solutions — whether aimed at governments, corporations, or individuals — flow from one starting principle: Individuals, not the collectors, should own their personal data, although not in a commercial sense. “Privacy needs to be a fundamental right, not a property right,” he asserts, urging citizens in democracies to use government regulation to rein in both the surveillance state and the corporate panopticon. Specifically, Schneier advocates “a right to delete,” where individuals could demand companies purge their systems of personal information.
Libertarians would object, saying that the free market would sort this all out, especially through contractual relations between consumers and businesses as well as through competition, but Schneier is skeptical because of the symbiotic relationship between government and technology corporations.
Libertarian entrepreneurs and technologists, particularly in Silicon Valley, should take note of Schneier’s skepticism and do their best to outline free-market technological solutions to the problems he identifies. Apple has begun to do that by building privacy into its products. For instance, iPhones are encrypted by default, making it incredibly hard for an adversary to get to the device’s contents without knowing the passcode.
Conversely, the public-private surveillance partnership also makes Schneier’s call for democratic reform seem unlikely. Because so much money and power flow from surveillance, there are already potent constituencies in government and big business that will work vigorously to destroy any reform movement. Schneier understands that and urges us not to descend into despair. “Every major policy shift in history looked futile in the beginning,” he writes. “That’s just the way of it.”
In the meantime, Schneier calls for people to defend themselves from surveillance. For individual users, Schneier recommends encrypting your communications as much as possible and choosing to do business with companies that protect privacy. People uncomfortable with the idea of corporations’ and governments’ knowing what they search for and do online should use online anonymity tools, such as Tor. Outside of Congress’s prohibiting mass surveillance or the Supreme Court’s ruling it unconstitutional, that is the best way to kick some dirt in the surveillance state’s electronic eye.
“Good defense will force those who want to surveil us to choose their targets,” says Schneier, “and they simply don’t have the resources to target everyone.”
While Data and Goliath is the perfect introduction to corporate and government surveillance and its implications for the digital newcomer, Schneier’s arguments for the enduring value of privacy for basic human dignity and security make this book essential for genuine democratic debate. Snowden disclosed the NSA’s secrets to spark such a discussion, and Schneier performs a public service by demonstrating why privacy is essential to both individual and collective flourishing.
Schneier isn’t just smart. He has heart.
Originally published at www.fff.org on September 1, 2015.
