Posts tagged with #privacy

Ed Snowden does a good job of explaining the other side of the argument regarding modern privacy, namely the line of “Sorry, if you want security, privacy has to go a little bit. It’s the price we pay to keep this country safe”

The interview was mainly around the Windows vulnerability that was discovered by cyber attackers causing worldwide damage, but the twist being that the NSA knew about this vulnerability and had been using it to their advantage for a long time. The debate being: was that right?

Paraphrased transcript below regarding some meaty bits of this interview.

Privacy and security improve together. They are actually tied to each other. When one is reduced, the other is reduced. Surveillance and privacy are the contradictory factors. When surveillance increases, privacy decreases.

And unfortunately…when surveillance increases security typically decreases. Now that might not seem obvious at first glance, but when you think about how surveillance actually functions it becomes quite clear, particularly in the computer security context. Surveillance operates by observing, witnessing, and exploiting vulnerabilities. Whether that’s you walking out on the street where you can be observed, rather than within the four walls of your home, that’s exploiting a property where you are insecure, and using that for the interests of whoever runs the surveillance thing.

Now when we think about Internet surveillance this is particularly problematic, because the way internet surveillance works is the same way: communications that are being transmitted unencrypted as they cross the internet can be observed and captured, whether its by the criminal sitting next to you in Starbucks who is on your local wireless network sniffing communications that are going over the air, whether its telecommunications providers, who are seeing it as it crosses the switching points and then heads on to Facebook, whether it’s Facebook itself that’s mining these and then selling your data to advertising, advertisers making it available however they want, or whether it’s these governments themselves.

Maybe you trust the National Security Agency, maybe you think they are the champion of truth and justice in the enlightened world and that’s okay, but recognize that the Russian NSA is doing the same thing, the Chinese NSA is doing the same thing, the French, the German, you know, the Brazilian…this is happening around the world. And in a borderless network we need to be focused on security, on defensive measures more than we are focused on these offensive benefits of surveillance. Because when you cut those corners, when you focus exclusively on being able to watch people, on being able to attack adversaries, on being able to spy on people of interest, what you’re doing is you’re keeping those doors open that allow your adversaries to attack you in the same way. And this is precisely what Microsoft alleges the NSA did that led to the ransomware attacks of this weekend. They knew about this flaw—the National Security Agency—in US software, US infrastructure, hospitals around the world, these auto plants and so on and so forth, but they did not report it to Microsoft until after the NSA learned that that flaw had been stolen by some outside group, right?

We still don’t know the identity of the people who actually did this. But the problem is, had the NSA not waited until our enemies already had this exploit to tell Microsoft, and then Microsoft could begin the patch cycle, but instead told Microsoft when the NSA first learned of this critical vulnerability, we would have had years to prepare hospitals networks for this attack rather than a month or two, which is what we actually ended up with.

This interview was pretty interesting/terrifying and hey maybe it’d be easier to not even think about this and just la la la la la continue on like nothing is happening and wow new season of bojack horseman is coming out soon? So exciting.

SCHNEIER: Surveillance is the business model of the internet. Everyone is under constant surveillance by many companies, ranging from social networks like Facebook to cellphone providers. This data is collected, compiled, analyzed, and used to try to sell us stuff. Personalized advertising is how these companies make money, and is why so much of the internet is free to users. We’re the product, not the customer.

GAZETTE: Should they be stopped?

SCHNEIER: That’s a philosophical question. Personally, I think that in many cases the answer is yes. It’s a question of how much manipulation we allow in our society. Right now, the answer is basically anything goes. It wasn’t always this way. In the 1970s, Congress passed a law to make a particular form of subliminal advertising illegal because it was believed to be morally wrong. That advertising technique is child’s play compared to the kind of personalized manipulation that companies do today. The legal question is whether this kind of cyber-manipulation is an unfair and deceptive business practice, and, if so, can the Federal Trade Commission step in and prohibit a lot of these practices.

GAZETTE: Why doesn’t the commission do that? Why is this intrusion happening, and nobody does anything about it?

SCHNEIER: We’re living in a world of low government effectiveness, and there the prevailing neo-liberal idea is that companies should be free to do what they want. Our system is optimized for companies that do everything that is legal to maximize profits, with little nod to morality. Shoshana Zuboff, professor at the Harvard Business School, invented the term “surveillance capitalism” to describe what’s happening. It’s very profitable, and it feeds off the natural property of computers to produce data about what they are doing. For example, cellphones need to know where everyone is so they can deliver phone calls. As a result, they are ubiquitous surveillance devices beyond the wildest dreams of Cold War East Germany.

I live in Austin and my fuckwit texas senators Ted Cruz and John Cornyn sponsored this lovely bill. I’m glad that for all their hard work, they both got a little side bonus from ISP lobbyists out of the deal. In total, $8,121,535 was donated across the house and senate to make our representatives continue to ignore their sense of ethics and vote for a bill that rolls back basic online privacy rights.

Read the rest of this