Thursday, October 31, 2013

A scary Halloween post about security and privacy

From security guru Bruce Schneier:
We're in the middle of an epic battle for power in cyberspace. On one side are the traditional, organized, institutional powers such as governments and large multinational corporations. On the other are the distributed and nimble: grassroots movements, dissident groups, hackers, and criminals. Initially, the Internet empowered the second side. It gave them a place to coordinate and communicate efficiently, and made them seem unbeatable. But now, the more traditional institutional powers are winning, and winning big. How these two side fare in the long term, and the fate of the rest of us who don't fall into either group, is an open question -- and one vitally important to the future of the Internet.
I'm not sure that I agree with everything here, but this is a very good overview of where we are and how we got here.  This is certainly correct:
In many cases, the interests of corporate and government powers are aligning. Both corporations and governments benefit from ubiquitous surveillance, and the NSA is using Google, Facebook, Verizon, and others to get access to data it couldn't otherwise. The entertainment industry is looking to governments to enforce its antiquated business models. Commercial security equipment from companies like BlueCoat and Sophos is being used by oppressive governments to surveil and censor their citizens. The same facial recognition technology that Disney uses in its theme parks can also identify protesters in China and Occupy Wall Street activists in New York. Think of it as a public/private surveillance partnership.
This, too:
The truth is that technology magnifies power in general, but rates of adoption are different. The unorganized, the distributed, the marginal, the dissidents, the powerless, the criminal: They can make use of new technologies very quickly. And when those groups discovered the Internet, suddenly they had power. But later, when the already-powerful big institutions finally figured out how to harness the Internet, they had more power to magnify. That's the difference: The distributed were more nimble and were faster to make use of their new power, while the institutional were slower but were able to use their power more effectively.
He recommends increased transparency.  That's where I'm not so sure.  He's correct that we need it, but neither public nor private institutions like it and will resist overtly (public opposition) and covertly (bureaucratic foot dragging).  And what is scary is how the attacks on Internet freedom and privacy increasingly resemble attacks on gun ownership and the Second Amendment:
The more destabilizing the technologies, the greater the rhetoric of fear, and the stronger institutional powers will get. This means increasingly repressive security measures, even if the security gap means that such measures become increasingly ineffective.
Printed guns result in freak outs.  Encryption means you must be a child molester. Objecting to NSA metadata sweeps means that you have something to hide.  As opposed to the Government, who is only hiding things for your own safety.  And the safety of your kids.  Relax, Citizen - the chocolate ration has been increased again ...

This is a thoughtful post, and worth your time.

No comments: