Comments:"Schneier on Security: Surveillance and the Internet of Things"
URL:https://www.schneier.com/blog/archives/2013/05/the_eyes_and_ea.html
A blog covering security and security technology.
« Security Risks of Too Much Security |Main
May 21, 2013
Surveillance and the Internet of Things
The Internet has turned into a massive surveillance tool. We're constantly monitored on the Internet by hundreds of companies -- both familiar and unfamiliar. Everything we do there is recorded, collected, and collated -- sometimes by corporations wanting to sell us stuff and sometimes by governments wanting to keep an eye on us.
Ephemeral conversation is over. Wholesale surveillance is the norm. Maintaining privacy from these powerful entities is basically impossible, and any illusion of privacy we maintain is based either on ignorance or on our unwillingness to accept what's really going on.
It's about to get worse, though. Companies such as Google may know more about your personal interests than your spouse, but so far it's been limited by the fact that these companies only see computer data. And even though your computer habits are increasingly being linked to your offline behavior, it's still only behavior that involves computers.
The Internet of Things refers to a world where much more than our computers and cell phones is Internet-enabled. Soon there will be Internet-connected modules on our cars and home appliances. Internet-enabled medical devices will collect real-time health data about us. There'll be Internet-connected tags on our clothing. In its extreme, everything can be connected to the Internet. It's really just a matter of time, as these self-powered wireless-enabled computers become smaller and cheaper.
Lotshasbeenwrittenaboutthe "Internet of Things" and how it will change society for the better. It's true that it will make a lot of wonderful things possible, but the "Internet of Things" will also allow for an even greateramount of surveillance than there is today. The Internet of Things gives the governments and corporations that follow our every move something they don't yet have: eyes and ears.
Soon everything we do, both online and offline, will be recorded and stored forever. The only question remaining is who will have access to all of this information, and under what rules.
We're seeing an initial glimmer of this from how location sensors on your mobile phone are being used to track you. Of course your cell provider needs to know where you are; it can't route your phone calls to your phone otherwise. But most of us broadcast our location information to many other companies whose apps we've installed on our phone. Google Maps certainly, but also a surprising number of app vendors who collect that information. It can be used to determine where you live, where you work, and who you spend time with.
Another early adopter was Nike, whose Nike+ shoes communicate with your iPod or iPhone and track your exercising. More generally, medical devices are starting to be Internet-enabled, collecting and reporting a variety of health data. Wiring appliances to the Internet is one of the pillars of the smart electric grid. Yes, there are huge potential savings associated with the smart grid, but it will also allow power companies - and anyone they decide to sell the data to -- to monitor how people move about their house and how they spend their time.
Drones are another "thing" moving onto the Internet. As their price continues to drop and their capabilities increase, they will become a very powerful surveillance tool. Their cameras are powerful enough to see faces clearly, and there are enough tagged photographs on the Internet to identify many of us. We're not yet up to a real-time Google Earth equivalent, but it's not more than a few years away. And drones are just a specific application of CCTV cameras, which have been monitoring us for years, and will increasingly be networked.
Google's Internet-enabled glasses -- Google Glass -- are another major step down this path of surveillance. Their ability to record both audio and video will bring ubiquitous surveillance to the next level. Once they're common, you might never know when you're being recorded in both audio and video. You might as well assume that everything you do and say will be recorded and saved forever.
In the near term, at least, the sheer volume of data will limit the sorts of conclusions that can be drawn. The invasiveness of these technologies depends on asking the right questions. For example, if a private investigator is watching you in the physical world, she or he might observe odd behavior and investigate further based on that. Such serendipitous observations are harder to achieve when you're filtering databases based on pre-programmed queries. In other words, it's easier to ask questions about what you purchased and where you were than to ask what you did with your purchases and why you went where you did. These analytical limitations also mean that companies like Google and Facebook will benefit more from the Internet of Things than individuals -- not only because they have access to more data, but also because they have more sophisticated query technology. And as technology continues to improve, the ability to automatically analyze this massive data stream will improve.
In the longer term, the Internet of Things means ubiquitous surveillance. If an object "knows" you have purchased it, and communicates via either Wi-Fi or the mobile network, then whoever or whatever it is communicating with will know where you are. Your car will know who is in it, who is driving, and what traffic laws that driver is following or ignoring. No need to show ID; your identity will already be known. Store clerks could know your name, address, and income level as soon as you walk through the door. Billboards will tailor ads to you, and record how you respond to them. Fast food restaurants will know what you usually order, and exactly how to entice you to order more. Lots of companies will know whom you spend your days -- and nights -- with. Facebook will know about any new relationship status before you bother to change it on your profile. And all of this information will all be saved, correlated, and studied. Even now, it feels a lot like science fiction.
Will you know any of this? Will your friends? It depends. Lots of these devices have, and will have, privacy settings. But these settings are remarkable not in how much privacy they afford, but in how much they deny. Access will likely be similar to your browsing habits, your files stored on Dropbox, your searches on Google, and your text messages from your phone. All of your data is saved by those companies -- and many others -- correlated, and then bought and sold without your knowledge or consent. You'd think that your privacy settings would keep random strangers from learning everything about you, but it only keeps random strangers who don't pay for the privilege -- or don't work for the government and have the ability to demand the data. Power is what matters here: you'll be able to keep the powerless from invading your privacy, but you'll have no ability to prevent the powerful from doing it again and again.
This essay originally appeared on the Guardian.
Tags: cameras, control, de-anonymization, essays, Facebook, Google, Google Glass, identification, internet, internet and society, medicine, privacy, sensors, surveillance, tracking
Posted on May 21, 2013 at 6:15 AM • 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Accountability and transparency are the name of the game. If I can see everything about everybody else, that they can see about me, then all of this is self-neutralizing. However, those "in power" (or think they are) will say you can't see that data about them. Therefore, they have something to hide (don't we all?) When they claim rights for themselves that they won't give to us, the game becomes what we are seeing today. It is called oppression. That is the purpose. Those holding the data, even about the people in power, will use that data about those people in power to control, intimidate, and oppress.
Bruce, it is getting depressing to read your posts. You don't prescribe any kind of resolution such as calling your congressperson.
There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information! - Cosmos, Sneakers, 1992
"It is the common fate of the indolent to see their rights become a prey to the active. The condition upon which God hath given liberty to man is eternal vigilance."
John Philpot Curran
It is not the technology that encroaches on our freedom. It is simply the fate of the indolent to lose their rights.
The whole PATRIOT act and TSA disasters are simply the result of people not caring about what happens (to other other people).
It is also a matter of priorities. It seems that the people of the USA care more about preventing others to marry whom they want than about preserving their personal freedom.
Only readers in the US have congresscritters, so specific remedies will vary from country to country. This is a worldwide issue - but before you can work on solutions, you need to understand the problem. And that's what Bruce is addressing.
As to solutions, maybe the US should get some data protection - Europe has made a start in this area, so personally identifiable information is no longer a wholly unregulated asset of the company which collects it.
But government surveillance and data collection in Europe is comparatively unconstrained - we need to think through the implications of this, and consider how security may be addressed while safeguarding people's rights and privacy (remember this is not an either-or).
And the long memory of the Internet and Computers may also prove to be a problem.
But kashmarek makes a good point - maybe there needs to be well defined openness about what government (and corporations) are doing, and what the people who exercise the power are up to. There is usually a register of legislators' interests, and diaries of some government ministers are open. Some countries' tax receipts are also open to public inspection. Maybe surveillance needs to be balanced with openness?
> but so far it's been limited by the fact that these companies only see computer data.
Hmm... I think you may be underestimating the threat of this alone. You are considering actions, but things like search behavior get to thoughts; Google is monitoring our brains, not just our keyboards.
> Of course your cell provider needs to know where you are; it can't route your phone calls to your phone otherwise.
Mobile networks only need to know very roughly where you are and do an adequate job (barring govt surveillance) protecting this.
OTOH, all sorts of tools you install have problems. Why does your streaming music service need constant, high-precision location data on you?
This is started to dwell into the Helios/merge ending of Deus Ex, only instead of having an AI manage all the data to determine what is best for society, companies and government use it to sell is more crap or keep tabs on us.
I'll take the AI, if that's an option. But all the surveillance is inevitable. Unless you want to choose one of the other Deus Ex endings.
@Someone:
"Bruce, it is getting depressing to read your posts."
I'll say, it sure is.
"You don't prescribe any kind of resolution such as calling your congressperson."
OTOH, I have a distinct feeling this wouldn't change much.
Generate noise. Generate erroneous data. Remember Marlinspike's "Google Sharing" extension for Firefox? Stuff like that, LOTS more! A good opportunity to be creative, yet such concepts are scarcely considered. Security through absurdity.
Rewriting History is another (unaddressed) concern: when one is the only having access to people's history, there's no way to contradict creative accounting.
A solution would be provably-safe security as then all editing could be stamped and archived.
But we are not living in a world consumed by the burning desire of playing fair games, hence the success of provably-unsafe security.
I agree with Muffin. Congressmen & women don't have the power, this animal has left the cage and is unstoppable. Already laws are lacking and even if they were up to date, our habits can be sold overseas to safe havens in other nations and entities (friend AND foe). I guess the leaders of these businesses/institutions don't mind THEIR habits being recorded and sold?
Resistence is futile.
@ L.Yarble
Indeed, the more erroneous data and noise that there is, the less the other data is worth. For instance, do we really always need unique names?
Also, and very ironically, our off the shelf corporate web filter blocks gogglesharing as it is an anonymising service.
Bruce, I think it's time you revisited your past comments on Brin's transparent society.
I know from wikipedia that you replied to it in the 1990s, but I think it deserves a call out even if you disagree with its take on powerful vs. powerless.
Well, the genie is out of the bottle and cannot be put back in. Abuses are inevitable (and are probably already happening).
Regulation may limit commercial exploitation but will do little to limit criminal abuse, and will do nothing whatsoever to limit government sanctioned abuse.
At the moment, it all seems a bit abstract, because we are waiting for the first scandal to hit, but we could at least try to imagine the kinds of abuses that could or might occur.
It is tempting to point to the breadth and scale of location tracking as the nexus of the "fright factor", but actually, it is at the other end of the spectrum that the menace lies.
I could see probably legitimate (but morally dubious) moves by advertisers to target very small groups of individuals using "Hyperlocal" targeting. For example, you could identify individuals associated with particular workplaces (government agencies that you wish to influence, for example), and use the location data to specifically target those employees, their spouses and friends with advertising and other selected media, attempting to catch all of the people who might influence thinking in that agency in a media "bubble" under the control of the media buyer.
The audience involved in such a strategy, and consequently the amount of money required to pursue it, would be very small: trivial even, (as little as a few hundreds of dollars, probably), so I would be surprised if the more "enterprising" lobbyists and special interests were not already investigating such tactics.
We're not yet up to a real-time Google Earth equivalent, but it's not more than a few years away.
Even then, the Earth is a BIG place. A whole lot of it is no realtime interest - Alaskan tundra, Mojave Desert, etc. Another large part of may be of interest, but the interest so thinly scattered that it will be to hard to separate the meaningless from the relevant - think any rural area.
So maybe the best defense is to move out of the cities.
I've wondered about generating noise.
I could see a browser plugin that, when the browser was idle, would hit a random URL every few seconds. It could obtain URLs from a subscription list like the adblocker uses.
Call it flares or chaff!
I would value any thoughts on this suggestion:
Bruce likened data pollution to the air pollution of the Industrial Revolution.
We don't need to solve the pollution problem now, but we do need to ensure it is clearly visible.
All of these devices may or may not be talking to you; but they will surely be talking to each other about you.
@Someone: "Bruce, it is getting depressing to read your posts. You don't prescribe any kind of resolution such as calling your congressperson."
Reminds me of something the late, great Douglas Adams once wrote...
Barman: Shouldn't we lie down, or put a paper bag over our heads, or something?
Ford: If you like.
Barman: Will it help?
Ford: Not at all. See you.
You know Bruce is right. This is why you are reading this blog.
But the immense majority of people fall into one of these two categories: (1) I don't have anything to hide (until you do) (2) I like the convenience I have (until it becomes convenience to someone else).
An example: high-strength email encryption has been available for at least a decade, yet no one uses it. People who'd start using it today feel that it might make them looks suspicious.
Like the frogs in the fable, we like our bath warm, and probably won't manage to jump out of the pot in time.
@ L.Yarble,
- Generate noise. Generate erroneous data. Remember Marlinspike's "Google Sharing" extension for Firefox? Stuff like that, LOTS more!
Sorry most current research shows that you cann't realy hide a signal in noise for a number of reasons.
Thus the only way to avoide Internet surveillance currently is "Don't Play".
Further it would not take a change in the law in most juresdictions to make you legaly liable for the "noise" and in the US we are well aware you can be offered thirty years or fifty years in jail for having what others consider excessive network traffic and those deciding are some commercial organisation via it's terms of service.
@ William Payne,
- Well, the genie is out of the bottle and cannot be put back in. Abuses are inevitable (and are probably already happening).
Whilst "abuses are inevitable" history tells us that the genie can most certainly "be put back in" the bottle.
We have seen this with England's Kings John and Charles. John upset the Barons and they forced him to relinquish some of his absolute power from his supposed divine right. Likewise Charles who would not ceed his absolute power by his supposed divine right found that trying to ignore the inevitable resulted in his lossing his head.
The thing is what you and I might call "abuse" is others excercising what they think is their supposed "divine right". Society eventually will not tollerate the worsening abuse and takes power away one way or another and that is when those supposadly holding "divine right" find there is a reality that disagrees with their dilusions.
In the US the current president has shown only three strengths, the first is to make empty promises to the electorate , the second to do the biding of his moneied sponsers and the third be a control freak in all aspects. None of these are atributes that sits well with good governance.
But you need to ask why this is, in part it is that there are now two distinct societies within the US, that of the ordinary electors the second is that of the plutocrats who either buy up or out spend political candidates, thus making the electoral system broken and biased by the abuse of a free hand with a dollar.
It is not a matter of making minor changes such as more transparency but of root and branch surgery of the system. Which as the plutocrats will stop you getting such a candidate into power can only occur by preasure from outside the system. As history repeatedly tells us Empires wither from within untill the Barbarians break down the gates where one of two things happen. Firstly either the Barbarians compleatly destroy the old by killing and enslaving, secondly the Barbarians integrate. In either case the cycle repeats.
All this willy-nilly exposure of every detail about me makes we want to drop Off The Grid and go deep underground.
"Bruce, it is getting depressing to read your posts. You don't prescribe any kind of resolution"
Why read the posts then?
Bruce is a consistent voice of awareness. That is more then enough.
I see a number of posters go, "Why doesn't anyone do anything? You can do something, do it?"
I wonder at these.
On abuses of surveillance, that is ultimately up to the authorities to hunt down anyone who is abusing these things.
If public awareness is continually kept up, then public condemnation is readily available for when exposure of secret sins are made public.
Hoover voiced repeatedly at the end of his life that he was scared of getting caught. He was right to be.
The big knife wound recently to privacy and freedom was actually made by a liberal President's DoJ. As many have pointed out Obama has gone far beyond what Nixon did in investigating leaks.
Nixon, though, never figured out who was spying on his NSC sessions and posting that to the newspapers. He had far bigger fish to fry, and couldn't.
Sometimes such fissures are signs of things to come.
It was with Nixon, and the whole FBI and CIA at the time.
The beauty is that reality often differs from the ideas of people. Data sets are not reality and thus as much as these kind of ideas are pushed, the more reality sets in and starts to mix things up.
I think we will see a huge drive in the maker movement and open source. We will see people moving towards re-learning how to do things by hand again.
in related event, I read somewhere that Mobily or something close to that, a telecom company in Saudi Arabia is crowd sourcing hackers to help it break or bypass SSL/TLS so it can eavesdrop on mails and tweets to thwart terrorism. they claim the regulators demand it.
I am a little skeptical that "everything ... will be stored forever." There are slightly more than 300 million people in the US, and even with good codecs, storing video of every minute of say, 15 hours a day would approach 100GB per person, hardly practical to store. I think it's far more likely to mined and discarded at a fairly fast pace, daily or even hourly, to be realistic, with only hits being compressed and stored. Unless those zettabytes are cheaper than I think?
You have: ((100 $) / (4 TB)) * (1000 GB / TB) * (100 GB) * 365 * 300000000 / ( 1 G$)
You want:
Definition: 273.75
So the disk cost to store 100 GB of data
per person per day for a year would be
$274 billion. Call it say $500 billion
for the other storage overhead.
Storage is not the problem, collection is.
@qka: Living in a city might be a better defense, depending on what precisely you're worried about. It's a question of whether it's better to hide a needle in a well-searched haystack or an unsuspicious spot on the floor.
In terms of protecting yourself from de-anonymized data, you're usually better off in the city. If you're the only 45-year-old male in your zip code, any record with your age, sex, and zip code isn't anonymous. If you have the only blue truck in your county, you can be tracked by satellite or amateur drone.
Anywhere you buy stuff in person these days has a surveillance camera, but in a city you have dozens of shops to choose from-- making it harder to find the camera that took your picture. Or you could make your purchases online-- but in a rural area there may be fewer people per shared IP address.
And of course there are the people. In a small town, nobody buys birth control anonymously. Indeed, many people find more freedom in the highly-regulated city than in a judgmental countryside with weaker laws.
The "everything" we're recording whether we want to or not should be open to everyone who cares to go see it, not only the powerful.
Because my life's data is worth nothing compared with the value of possessing the ability to see everyone else's.
I'll welcome the transparent society when transparency is a free service as a matter of course.
@Tobias Boyd
Your comments reflect something that I have been saying for quite some time with regards to the NSA data center in Utah. Eventually, the technology to carry out their task has got to become bigger, better, faster, cheaper, and continouusly usable (they have already run into a cost problem because that state is requiring them to pay taxes on the power they use and that modest amount is disrupting their mission?). The IRS is embedded into old technology such that they can't keep up with taxpayer records any longer. The NSA data center will crumble due to the same problem. Collect all the known data and analyze it. That is, until a technology shift occurs. When the shi(f)t happens, there won't be time or money to convert the old data to the new technology for analysis so it will go unused, and the demand for new data to be collected will eventually overrun the new technology and the cycle will repeat.
Also, it will be too cumbersome to collect all data, so they will only collect the "bad" data about you, which reduces the problem of space, time, cost and usability for their purposes. Sometimes, only a small amount of bad information is all one needs to achieve intimidation.
An inch. It's small and it's fragile and it's the only thing in the world worth having. We must never lose it, or sell it, or give it away. We must never let them take it from us.
-AM
@Atomboy
I read Bruce's posts because he has typically been a voice of reason and level-headedness for quite some time. His recent posts are just getting more and more doomsday-ish and is a departure from what he typically posts.
While I agree with these concerns, I always feel obliged to point out that use of the internet is not mandatory.
Very true Mr. Schneier. The escape would probably be open source, open source security ninjas and tor-like networks.
Currently, reasonable definition video/audio of every square inch of earth is somewhat expensive to record and store. A decade from now; not so much.
After all, it wasn't too long ago reasonable definition audio files of all hitsongs were too complicated to store and stream.
The only upside I can see, is that a decade after the "powerful" can see everything everyone does; even the powerless can do so. And, even more important, a few decades after the powerful can have anyone they want, anywhere on earth, assassinated at will; the powerless will be fairly well equipped to return the favor.
The most important thing is symmetry. Noone spying on and killing anyone might be some kind of ideal; but everyone spying on and killing everyone, is better than someone spying on and killing everyone else. Internalizing that is very important. Which is why the powerful will do all in their power to indoctrinate their underlings to erroneously believe otherwise.
@Mentifex
All this willy-nilly exposure of every detail about me makes we want to drop Off The Grid and go deep underground.
Don't forget to lose your Nike+'s when you do 8-)
I agree with Bruce that things are not looking good and that an Orwellian surveillance state is upon us in which privacy and anonimity for all practical purposes are dead. What we can do however is try to contain the personal damage as much as possible by learning about the ways were being tracked and adopting various degrees of digital hygiene. Just a few things that come to mind:
- Some operating systems are less insecure than others. Learn how to use them and the security/privacy/anonimity features that come with them. Think of it as that anti-skid course you took after getting your drivers license.
- Some applications are less insecure than others. Toss anything that is known or suspected to contain backdoors (e.g. Skype). Usually, there are plenty of alternatives anyway.
- Some browsers do a better job at protecting your online privacy than others, especially when used with extensions created for that exact purpose.
- Some search engines leak less information about your online activities than others do.
- In many countries, it is not illegal to encrypt your email communications. It is also not hard to set up.
- Encrypt your hard disk(s) while you're at it.
- Do the same for data you're holding in cloud services.
- Use an anonimising service such as Tor. They provide easy-to-use bundles for lots of platforms.
- Use VPN's like the free ones found at http://www.vpngate.net/en/
- Ditch Facebook. Unless you're a 12-year old, you don't need it anyway. Explore the possibilities of darknets to keep in touch with intelligent friends instead.
- There is no reason for your household appliances to be connected to the internet all the time. Put them in a different subnet of your home network.
- Turn off location services on laptops, tablets and other handheld devices whenever possible.
- Do you really need that fancy, expensive smartphone you are only using to make calls with, text friends and take pictures?
- Avoid the company of glassholes.
- There is no RFID-tag your microwave can't fry.
- Be suspicious of any and all free services. They usually take more than they give.
The list is endless. Will it protect you from Big Brother ? Not a chance, but at least you've given him a run for his money awaiting the inevitable day that the masses will turn against him. All of this has happened before and it will happen again.
This article reminds me of (2 words)
Farenheit 451
The scary thing about "things" is it does what it is programmed to do.
And we know the state of programming and software development.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.