Data and Goliath (59 page)

Read Data and Goliath Online

Authors: Bruce Schneier

BOOK: Data and Goliath
9.31Mb size Format: txt, pdf, ePub

US interests have been significantly harmed:
Vivienne Walt (30 Jun 2013), “European officials infuriated by alleged NSA spying
on friendly diplomats,”
Time
, http://world.time.com/2013/06/30/european-officials-infuriated-by-alleged-nsa-spying-on-friendly-diplomats.
Anne Gearan (21 Oct 2013), “Report that NSA collected French phone records causing
diplomatic headache for U.S.,”
Washington Post
, http://www.washingtonpost.com/world/national-security/report-that-nsa-collected-french-phone-records-causing-diplomatic-headache-for-us/2013/10/21/bfa74f22-3a76-11e3-a94f-b58017bfee6c_story.html.
Zachary Keck (31 Oct 2013), “Outrage over NSA spying spreads to Asia,”
Diplomat
, http://thediplomat.com/2013/10/outrage-over-nsa-spying-spreads-to-asia. Matthew
Karnitschnig (9 Feb 2014), “NSA flap strains ties with Europe,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
1424052702303874504579372832399168684.

Relations between the US:
David E. Sanger (1 May 2014), “U.S. and Germany fail to reach a deal on spying,”
New York Times
,
http://www.nytimes.com/2014/05/02/world/europe/us-and-germany-fail-to-reach-a-deal-on-spying.html.
Mark Landler (2 May 2014), “Merkel signals that tension persists over U.S. spying,”
New York Times
, http://www.nytimes.com/2014/05/03/world/europe/merkel-says-gaps-with-us-over-surveillance-remain.html.

Brazil’s president:
Juan Forero (17 Sep 2013), “NSA spying scandal spoils dinner at the White House for
Brazil’s president,”
Washington Post
, http://www.washingtonpost.com/world/nsa-spying-scandal-spoils-dinner-at-the-white-house-for-brazils-president/2013/09/17/24f5acf6-1fc5-11e3-9ad0-96244100e647_story.html.

12: Principles

if our personal spaces and records:
These issues are explored in these books. Daniel Solove (2011),
Nothing to Hide: The False Tradeoff between Privacy and Security
, Yale University Press, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1827982.
Susan Landau (2011),
Surveillance or Security? The Risks Posed by New Wiretapping Technologies
, MIT Press, http://mitpress.mit.edu/books/surveillance-or-security.

When the security versus privacy:
The psychology of security explains a lot of our behavior. Bruce Schneier (11–14
Jun 2008), “The psychology of security,” in Serge Vaudenay, ed.,
Progress in Cryptology: AFRICACRYPT 2008: First International Conference on Cryptology
in Africa, Casablanca, Morocco, Proceedings
, Springer, https://www.schneier.com/paper-psychology-of-security.pdf. Daniel Gardner
(2008),
The Science of Fear: Why We Fear Things We Shouldn’t—And Put Ourselves in Greater
Danger
, Penguin, http://books.google.com/books?id=bmyboRubog4C.

The government basically said:
Of course, costs can affect different people in different ways. Politicians fear
that they’ll get blamed for future attacks, so they have an incentive to push for
lots of visible security measures. Citizens, especially members of unpopular political
and religious groups, become the obvious targets for surveillance, but lack a strong,
coherent voice to fight back. And large security programs are expensive, benefiting
government contractors and the politicians they support.

find an acceptable trade-off:
This paper tries to model that with game theory. Tiberiu Dragu (Feb 2011), “Is there
a trade-off between security and liberty? Executive bias, privacy protections, and
terrorism prevention,”
American Political Science Review
105, http://journals.cambridge.org/download.php?file=%2FPSR%2FS
000
305541
000
0614a.pdf&code=193cd836312527364579326df0a7aa58.

We need to recognize:
Susan Landau (2011),
Surveillance or Security? The Risks Posed by New Wiretapping Technologies
, MIT Press, http://mitpress.mit.edu/books/surveillance-or-security.

Tor is an excellent example:
Electronic Frontier Foundation (28 Nov 2012), “How to help protect your online anonymity
using Tor,” https://www.eff.org/sites/default/files/filenode/Basic_Tor_Intro_Guide_FNL.pdf.

the NSA is continually trying:
Everyone else is too, of course. Roger Dingledine (30 Jul 2014), “Tor security advisory:
‘Relay early’ traffic confirmation attack,”
Tor Project Blog
, https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack.

has been unsuccessful:
US National Security Agency (8 Jan 2007), “Tor Stinks,” http://cryptome.org/2013/10/nsa-tor-stinks.pdf.

the FBI was hacking into:
Kevin Poulsen (5 Aug 2014), “Visit the wrong website and the FBI could end up in
your computer,”
Wired
, http://www.wired.com/2014/08/operation_torpedo.

both the NSA and the GCHQ:
Leo Kelion (22 Aug 2014), “NSA and GCHQ agents ‘leak Tor bugs,’ alleges developer,”
BBC News
, http://www.bbc.com/news/technology-28886462.

Governments have always spied:
Anthony Zurcher (31 Oct 2013), “Roman Empire to the NSA: A world history of government
spying,”
BBC News
, http://www.bbc.com/news/magazine-24749166.

spy stories in the Old Testament:
John M. Cardwell (Winter 1978), “A Bible lesson on spying,”
Studies in Intelligence
, http://southerncrossreview.org/44/cia-bible.htm.

We don’t (yet) design:
There is an important and complicated discussion that needs to happen about the relative
risks of terrorism, and how much damage terrorists can do with the technologies available
to them, but it is beyond the scope of this book. Bruce Schneier (14 Mar 2013), “Our
security models will never work—no matter what we do,”
Wired
, http://www.wired.com/2013/03/security-when-the-bad-guys-have-technology-too-how-do-we-survive.

both corporations and governments:
Of course, the process of trusting is far less rational than that. Bruce Schneier
(2012),
Liars and Outliers: Enabling the Trust That Society Needs to Thrive
, Wiley, http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118143302.html.

too much information is exempted:
Isolated bubbles of secrecy are always required in any organization, so that people
within the organization can do their job properly: votes in a tenure committee, or
deliberations preceding a controversial decision. Making things like this transparent
can suppress some of the independence of the decision-making process. Deciders will
be more concerned about how their decision processes will look to outsiders than they
will be with making a good decision.

we cannot judge the fairness:
Adrian J. Lee and Sheldon H. Jacobson (May 2012), “Addressing passenger risk uncertainty
for aviation security screening,”
Transportation Science
46, http://pubsonline.informs.org/doi/abs/10.1287/trsc.1110.0384. Susan Stellin (21
Oct 2013), “Security check now starts long before you fly,”
New York Times
, http://www.nytimes.com/2013/10/22/business/security-check-now-starts-long-before-you-fly.html.
Alissa Wickham (7 Mar 2014), “TSA halts program to screen passengers’ online data,”
Law 360
, http://www.law360.com/articles/516452/tsa-halts-program-to-screen-passengers-online-data.

the IRS’s algorithms:
Amber Torrey (Apr 2008), “The discriminant analysis used by the IRS to predict profitable
individual tax return audits,” Bryant University, http://digitalcommons.bryant.edu/cgi/viewcontent.cgi?article=1
000
&context=honors_mathematics.

the existing power imbalance:
This is the problem with David Brin’s transparent society: transparency is not value-free.
When a police officer demands to see your ID, your being able to see his ID doesn’t
balance things out. David Brin (1998),
The Transparent Society: Will Technology Force Us to Choose between Privacy and Freedom?
Basic Books, http://www.davidbrin.com/transparentsociety1.html.

the same with transparency and surveillance:
Iceland’s Pirate Party (yes, it’s a real political party) put it extremely well in
2014: “The individual’s right to privacy means protecting the powerless from the abuse
of the more powerful,
and transparency means opening the powerful to the supervision of the powerless.”
Paul Fontaine (19 Aug 2014), “Prime Minister learns what ‘transparency’ means,”
Grapevine
, http://grapevine.is/news/2014/08/19/prime-minister-learns-what-transparency-means.

Institutional transparency reduces:
There are, of course, exceptions to this rule. There is value in ankle monitors for
people convicted of crimes, even though that reduces the power of the criminals being
monitored.

Transparency doesn’t come easily:
Peter Watts (9 May 2014), “The scorched earth society: A suicide bomber’s guide to
online privacy,” Symposium of the International Association of Privacy Professionals,
Toronto, Ontario, http://www.rifters.com/real/shorts/TheScorchedEarthSociety-transcript.pdf.

police harass and prosecute:
Ray Sanchez (19 Jul 2010), “Growing number of prosecutions for videotaping the police,”
ABC News
, http://abcnews.go.com/US/TheLaw/videotaping-cops-arrest/story?id=11179076.

some jurisdictions have:
Those laws are unconstitutional. Kathryn Marchocki (25 May 2014), “Court rules Free
State project president had right to film Weare police during a traffic stop,”
New Hampshire Union Leader
, http://www.unionleader.com/apps/pbcs.dll/article?AID=/20140525/NEWS07/140529379.

Cops in Chicago have:
David Lepeska (27 Dec 2011), “When police abuse surveillance cameras,”
CityLab
, http://www.citylab.com/politics/2011/12/surveillance-cameras-threat-police-privacy/806.

San Diego Police Department:
Sara Libby (18 Aug 2014), “Even when police do wear cameras, don’t count on seeing
the footage,”
CityLab
, http://www.citylab.com/crime/2014/08/even-when-police-do-wear-cameras-you-cant-count-on-ever-seeing-the-footage/378690.

police routinely prevented protesters:
Chris Matyszczyk (14 Aug 2014), “Ferguson, Mo., unrest tests legal right to film
police,”
CNET
, http://www.cnet.com/news/ferguson-unrest-tests-legal-right-to-film-police. Hillel
Italie (19 Aug 2014), “Ferguson arrests include at least 10 journalists,” Associated
Press, http://abcnews.go.com/Entertainment/wireStory/ferguson-arrests-include-10-journalists-25044845.

Los Angeles police even:
Cyrus Farivar (8 Apr 2014), “LAPD officers monkey-wrenched cop-monitoring gear in
patrol cars,”
Ars Technica
, http://arstechnica.com/tech-policy/2014/04/lapd-officers-monkey-wrenched-cop-monitoring-gear-in-patrol-cars.

declining half-life of secrets:
Peter Swire (5–6 Jun 2014), “The declining half-life of secrets and the future of
signals intelligence,” 7th Privacy Law Scholars Conference, Washington, D.C., http://www.law.berkeley.edu/plsc.htm.

the NSA spied on the cell phone:
Jacob Appelbaum et al. (23 Oct 2013), “Berlin complains: Did US tap Chancellor Merkel’s
mobile phone?”
Der Spiegel
, http://www.spiegel.de/international/world/merkel-calls-obama-over-suspicions-us-tapped-her-mobile-phone-a-929642.html.
Ian Traynor, Philip Oltermann, and Paul Lewis (23 Oct 2013), “Angela Merkel’s call
to Obama: Are you bugging my mobile phone?”
Guardian
, http://www.theguardian.com/world/2013/oct/23/us-monitored-angela-merkel-german.

It was a private men’s club:
This excellent book on Soviet spy Kim Philby talks about the clubbiness in spy agencies.
Ben Macintyre (2014),
A Spy among Friends: Kim Philby and the Great Betrayal
, Crown, http://books.google.com/books?id=wIzIAgAAQBAJ.

Moving from employer to employer:
Charles Stross (18 Aug 2013), “Spy kids,”
Foreign Policy
, http://www.foreignpolicy.com/articles/2013/08/28/spy_kids_nsa_surveillance_next_generation.

Recall that five million:
US Office of Management and Budget (Feb 2014), “Suitability and security processes
review,” http://www.fas.org/sgp/othergov/omb/suitsec-2014.pdf.

Younger people are much more comfortable:
USC Annenberg School for Communication and Journalism (22 Apr 2013), “Is online privacy
over? Findings from the USC Annenberg Center for the Digital Future show millennials
embrace a new online reality,”
USC Annenberg News
, http://annenberg.usc.edu/News%20and%20Events/News/130422CDF_Millennials.aspx. Mary
Madden et al. (21 May 2013), “Teens, social media, and privacy,” Pew Research Internet
Project, http://www.pewinternet.org/files/2013/05/PIP_TeensSocialMediaandPrivacy_PDF.pdf.

tougher sell convincing this crowd:
To be fair, we don’t know whether this is a substantive difference between this generation
and older generations, or whether this is a simple age-cohort effect that will change
as they get older and have more secrets that matter.

we should strive for transparency:
I think of institutional secrecy rather like chemotherapy. Yes, the cancer treatment
would kill the patient slowly, but it kills the cancer cells faster, and is therefore
a net benefit. If we could find an effective cancer treatment that wasn’t so toxic,
we would dump chemo in a minute. Anytime we can find a less harmful substitute for
institutional secrecy, we should use it.

This was nicely explained:
Charlie Rose, Inc. (29 Jul 2013), “General Michael Hayden, former director of the
NSA and the CIA and principal with the Chertoff Group,”
The Charlie Rose Show
, http://www.charlierose.com/watch/60247615.

Other books

Running Out of Night by Sharon Lovejoy
Casketball Capers by Peter Bently
I Was Here by Gayle Forman
Possessed - Part One by Coco Cadence
The Marrying Kind by Monique Miller
Europa Blues by Arne Dahl
Thieves Fall Out by Gore Vidal