Wednesday, December 05, 2007

Bruce Scheier

Bruce Schneier is one of the foremost computer security specialists alive, and I just learned a new fact - he lives in Minneapolis! Anyway, there's a great Q and A with him on the Freakonomics blog over at the NY Times. He even provides links to his longer writings if one topic particularly interests you. Highly recommended reading, and I think I'll be adding Schneier's most recent book to my wish list (apologies for the extended cut-n-paste, but this section is seriously only about 1 percent of the total interview):

Q: How much fun/mischief could you have if you were “evil” for a day?

A: It used to be a common late-night bar conversation at computer security conferences: how would you take down the Internet, steal a zillion dollars, neutralize the IT infrastructure of this company or that country, etc. And, unsurprisingly, computer security experts have all sorts of ideas along these lines.

This is true in many aspects of our society. Here’s what I said in my book, Secrets and Lies (page 389): “As technology becomes more complicated, society’s experts become more specialized. And in almost every area, those with the expertise to build society’s infrastructure also have the expertise to destroy it. Ask any doctor how to poison someone untraceably, and he can tell you. Ask someone who works in aircraft maintenance how to drop a 747 out of the sky without getting caught, and he’ll know. Now ask any Internet security professional how to take down the Internet, permanently. I’ve heard about half a dozen different ways, and I know I haven’t exhausted the possibilities.”

What we hope is that as people learn the skills, they also learn the ethics about when and when not to use them. When that doesn’t happen, you get Mohommad Attas and Timothy McVeighs.

Q: In that vein, what is the most devilish idea you have thought about?

A: No comment.

Q: What’s your view on the difference between anonymity and privacy, and which one do you think is more important for society? I’m thinking primarily of security-camera paranoia (as if nosy neighbors hadn’t been in existence for thousands of years).

A: There’s a huge difference between nosy neighbors and cameras. Cameras are everywhere. Cameras are always on. Cameras have perfect memory. It’s not the surveillance we’ve been used to; it’s wholesale surveillance. I wrote about this here, and said this: “Wholesale surveillance is a whole new world. It’s not ‘follow that car,’ it’s ‘follow every car.’ The National Security Agency can eavesdrop on every phone call, looking for patterns of communication or keywords that might indicate a conversation between terrorists. Many airports collect the license plates of every car in their parking lots, and can use that database to locate suspicious or abandoned cars. Several cities have stationary or car-mounted license-plate scanners that keep records of every car that passes, and save that data for later analysis.

“More and more, we leave a trail of electronic footprints as we go through our daily lives. We used to walk into a bookstore, browse, and buy a book with cash. Now we visit Amazon, and all of our browsing and purchases are recorded. We used to throw a quarter in a toll booth; now EZ Pass records the date and time our car passed through the booth. Data about us are collected when we make a phone call, send an e-mail message, make a purchase with our credit card, or visit a Web site.”

What’s happening is that we are all effectively under constant surveillance. No one is looking at the data most of the time, but we can all be watched in the past, present, and future. And while mining this data is mostly useless for finding terrorists (I wrote about that here), it’s very useful in controlling a population.

Cameras are just one piece of this, but they’re an important piece. And what’s at stake is a massive loss of personal privacy, which I believe has significant societal ramifications.

No comments: