Nov 29, 2004 (10:11 AM EST)
Universal Surveillance Doesn't Make Us Safer

Read the Original Article at InformationWeek

Once, only the paranoid believed that the government and big corporations were watching them.

Now, it's a simple observation of fact. Step outside your front door, and you'll see surveillance cameras sprinkled all over the landscape of cities and suburbs. Your employer-issued smart badge tracks your movements inside the office building. Automatic toll-taking mechanisms like the New York metropolitan area's EZPass note your movements as you drive around. The credit-card companies keep a record of every item you purchase, and where and when you bought them.

Even if you're at home with the curtains drawn, you're being tracked. The phone company lists your incoming and outgoing phone calls; that's been going on for decades. If you have a TiVo, it sends information on what you're watching back to the home office. TiVo swears it only uses the information in the aggregate, that it doesn't keep a database of individual usage, but how can we be sure? And of course every time you log onto the Internet you leave a trail of records.

It's a massive experiment in universal surveillance, carried on in the name of security (when governments do it) and productivity (when corporations do it). But it's got Bruce Schneier, chief technology officer of Counterpane Internet Security, worried.

Schneier founded Counterpane, which provides managed security monitoring services to enterprises. He has written eight books, most recently Beyond Fear: Thinking Sensibly About Security In An Uncertain World, which tackles the problems of security from the small to the large: personal safety, crime, corporate security, and national security. An earlier work, Applied Cryptography, is considered a seminal work in cryptography. He pens the free newsletter Crypto-Gram, blogs about security issues, and designed the popular Blowfish encryption algorithm.

Schneier applies the disciplines of computer security to national security issues. A persistent theme of his writing is that automated security measures are only tools; the best security is a seasoned cop who knows the subtle warning signs of impending trouble. He's also a staunch civil-libertarian; another theme is that national security and crime debates are often wrongly framed as pitting security concerns against civil liberties. The government asks citizens to give up some liberty and privacy in exchange for increased security. In fact, says Schneier, it's all about security; increased police powers are designed to protect us from crooks and foreign enemies, while civil liberties protect us from overzealous cops and government.

Schneier has addressed the issues of wholesale surveillance in newspaper essays and around the Internet. He discussed the subject with me in a recent e-mail exchange.

Wagner: What is "wholesale surveillance"?

Schneier: Surveillance isn't anything new; it's as old as our species. (Actually, it's older—animals follow each other.) What's new about surveillance in the modern technological era is that you can do it in bulk. Instead of manually following one person, you can track millions of people using their cell phones. Instead of photographing one person's house, you can use aerial or satellite imagery to track an entire city. Credit card companies can track the spending patterns of every one of their customers. Computers can monitor thousands of telephone conversations at once. The list goes on and on.

I call this wholesale surveillance. And it's different. And as more and more of our lives become stored in the public sphere, it will be conducted without the safety controls of a warrant process.

Wagner: Why is that bad? Doesn't it help keep us safer to be able to track an entire city at once? And who cares if the credit card company knows everything I'm buying? Where's the harm?

Schneier: There's a lot here, and I need to deal with the issues one at a time. First, of course no one cares if your credit card company has a record of your purchases. That's their job and they have to bill you. The risk is almost always the secondary use of the information. And there are two kinds of secondary use: corporate and government.

Corporate secondary use is almost never helpful. It means that marketers know more about you, and can send you more invasive advertising. It means that your health provider can buy information about your food-buying habits from your grocery store, and use that to make decisions about coverage. It means that your long-distance phone companies can take information about who you are calling and use that to pressure friends into switching to the same company. It means all sorts of invasions of privacy, some of them damaging and some of them just annoying.

We've already seen financial services companies use personal information to customize loan offers. If your profile indicates that you don't shop around, you won't get as good an interest rate.

Government uses are a different consideration. Usually presented as "security" measures, the government is collecting all sorts of information for secondary purposes. Profiling at airports is a good example of this. Not only does it not make us any safer, it actually reduces security. It's a complicated argument, and I've written about it here: "Trusted Traveler Program."

Several jurisdictions are using aerial photography to search for building-code violations. Some airports are collecting license plate numbers of everyone who enters the property. Police can even buy a hand-held license plate reading "gun" that can be used to identify everyone passing through a particular intersection. And the FBI used U.S. census data to identify Muslims in the months after 9/11.

And finally, there are all of the illegal uses of this information. This is all being stored in databases, which makes it vulnerable to malicious use by both insiders and external hackers. We've seen these databases used for identity theft, stalking, and worse. There's a lot of security in not allowing this information to be collected in the first place, and—when it is collected for legitimate reasons—in having it used only for those reasons and deleted as soon as it is no longer relevant.

Letting the government collect information on everybody is a bad idea. The extreme example of this is East Germany: the secret police there collected information on most of the country's citizens. Not only did they fail to detect the fall of their country, but no one would hold the country up as a model of security. Universal surveillance doesn't make us safer.

Mitch Wagner is the editor of Security Pipeline.

The TechWeb Spin TechWeb's editors are busy assigning and editing and linking and otherwise creating the content you see on and the Pipeline sites, but we wanted the chance to tell you what we see and what we think about it directly. So, each week, The TechWeb Spin will bring you the informed insight and unique perspective of a different TechWeb editor: Fredric Paul, Scot Finnie, Tim Moran, Stuart Glascock, Mitch Wagner, and Cora Nucci. We hope you like it, and even if you don't we hope you take the time to tell us what you think about it.

Check out The TechWeb Spin Archive.