The security guy who has no vulnerabilities thinks there is no privacy left at all on the Internet – Tom Brewster thinks he should cheer up
Bruce Schneier is, undoubtedly, a very smart man. He wrote a seminal book, ‘Applied Cryptography’, on one of the toughest mathematical disciplines, and he is now CTO of BT’s managed security services.
But when he gets on to more philosophical subjects, he’s often guilty of parochialism. He makes a lot of noise, and sometimes it isn’t too constructive. And his latest bluster about Internet privacy, in a piece entitled ‘Our Internet Surveillance State’, contains a number of fallacies, which attempt to lend weight to his claim that the Internet is “without privacy”. And there is no hope for getting it back.
“Maintaining privacy on the Internet is nearly impossible. If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, … you’ve permanently attached your name to whatever anonymous service you’re using,” he wrote.
It’s odd to see Schneier in such a downbeat mood too, considering his latest book, ‘Liars and Outliers’, ends on a far less bleak note, albeit on a slightly different topic: trust. He even closes with a quote from Martin Luther King, Jr.: “The arc of history is long, but it bends towards justice.”
Given his standing in the community, and his legendary technical ability (parodied affectionately at www.schneierfacts.com), perhaps he should be harnessing this positivity to develop more systems to hand people greater privacy, rather than saying what has been said before ad nauseam, just in a more histrionic way.
The last two times I’ve been in the congregation for one of his sermons at whatever conference will pay him, Schneier hasn’t offered any genuine solutions, only fretted about the threat of Facebook, and the gloom Google will bring. The only time I’ve interviewed him he spent the whole time disengaged, playing with his laptop, providing curt answers (not that I’m bitter… it was a self-imposed awkward 25 minutes).
If he could only engage and stand up for privacy more, instead of playing the curmudgeon. In his book, he talks about the need for “defectors”, those who go against the norm for a greater good – people like Rosa Parks. Maybe he should practice what he preaches.
He does, of course, make some good points. Ones that should resonate particularly strongly in the UK. Police can and will use all data they can get their hands on to track people. The Communications Data Bill, or Snooper’s Charter, is the Home Office’s attempt to force communications providers to store data so coppers can access it with much fewer constraints than are currently in force.
UK law enforcement has already shown its hunger for people’s Internet data. Microsoft released a report last week showing police in this country made more requests for Skype user information than any other force in the world.
And it is, as Schneier says, very easy to acquire information on people, regardless of how protected they think they are. Just today, research published in Scientific Reports claimed in 95 percent of cases individuals could be identified by gathering just four pieces of their location data, or “spatio-temporal points”. They looked at 15 months of mobility data for 1.5 million individuals, and decided the findings represented “fundamental constraints to an individual’s privacy”.
Cheer up Bruce
Internet privacy is, in many ways, in decline. Yes, there are many ways for governments, corporations and others to spy on Web denizens. But Schneier is guilty of the same apathy, the same fatalism he decries in his “essay” (it’s really a blog). “We’ve ended up here with hardly a fight,” he writes. Way to rally the troops there Bruce. Why aren’t you leading the fight? Why aren’t you fighting at all?
Ignore Bruce though. There is hope. Let’s remember the Internet is still young. We can still save it. There are ways to find privacy – use a decent VPN, send messages using PGP, take advantage of Tor. It’s not difficult to use these services. Yes, you have to, you know, turn them on, but do that and you can do things privately. It’s really that simple.
We can and should pressure vendors to take privacy seriously, and it appears the big guns really are getting the message.. or at least realising that privacy is a hot button they can use to their advantage. Look at Microsoft’s most recent marketing offensive in the US – the Scroogled campaign. It’s trying to get Gmail users to move across to Outlook by pointing to the ways in which Google uses algorithms to “read” emails to target ads.
“Market forces are at play,” Microsoft’s chief privacy officer, Brendan Lynch, recently told me. It’s hugely encouraging to see privacy used as a selling tool. This is positive capitalism. As Bruce should have noted in his blog, it’s also a sign of what Martin Luther King was talking about, – justice, just possibly, prevailing.
Let’s be honest and pragmatic about this, not shove out overwrought hyperbole that just reiterates the nature of our problems. Let’s talk about what we can do, technologically and politically.
Instead of admitting defeat to government, we should be fighting every fight, not backing down to companies and regimes that want to take control of the Internet and watch over everything we do. Let’s get progressive, and wrest our privacy back. Bruce almighty, maybe you can lead the way?
Are you a pedant on privacy? Try our quiz!