In a recent opinion piece for CNN, Bruce Schneier proclaimed: "The Internet is a surveillance state."
The Internet's never been secure or private - by design. It's design goals were to be open and shared - to make it universally accessible, flexible, and adaptable. And for those who remember the DARPA (defense-related) roots, even there the primary goal was survivability rather than security. There's a reason the military's never relied on it.
Sure, there are things you can do to make Internet use somewhat more private - use encryption, route through anonymizers, etc. But still, every bit of data carries addresses, and all that flexibility and sharing requires that basic information on users and connected devices be readily available. Add the fact that every data packet travels public routes where they can be duplicated, and ISPs and servers regularly back-up content and messages, and you realize that the Internet is a very public place. As for encryption, industries trying to rely on encryption for copyright protection (as well as governments) have found that every encryption system is beatable, given enough brains, computing power, and time. That many governments seek to restrict the use of encryption technology is a matter of laziness and cost rather than a fear of totally private communications.
For a long time, the sheer volume of Internet traffic provided a bit of privacy protection for common users - searching through the volume of packets and files, identifying and matching traffic through multiple sites, etc. was just too problematic. But if you had the resources, you could often break through whatever privacy/security roadblocks used (if any). Schneier offers three recent illustrations -
- the Chinese military hackers that have been attacking U.S. and European government, military, and commercial sites, were identified in part as they accessed their Facebook accounts through the same networks and hardware used for the hacking.
- a leader of the LulzSec hacker collective was identified and arrested, reportedly because he slipped up and once logged into an IR chatroom in the clear - without masking his IP address as was his normal practice.
- Paula Broadwell, who had an affair with then CIA Director David Petraeus, was identified despite only logging into the anonymous email account created and used for the affair from public internet sites. The FBI reportedly identified her by matching hotel and service receipt records from the times of the emails, and finding hers was the one name in common.
Now if all these were separate, private, and secure, they may be seen by many as the acceptable cost for the services and benefits provided by the Internet and various online services. Even if they were shared, it might not be so bad, if it would take significant time and effort to try to link things together (particularly if you're looking for patterns in behavior). If "surveillance" was too costly or inconvenient to be used regularly or for trivial purposes.
However, that's increasingly not the case, due to technology advances and the rise of Big Data. If you haven't heard the phrase before, Big Data refers to a range of programs and techniques for trolling extremely large data sets (such as online tracking data) to tease out and identify patterns and links. With Big Data to help, the sheer volume of online data is no hindrance. Automated systems can scan millions of emails in real time looking for key words or phrases. Automated systems can match online searches, or the use of certain apps, to purchasing behaviors and location data from mobile devices to send users a coupon for a nearby store or restaurant. And data storage costs keep falling. (And while not exclusively Internet, facial recognition software and the myriad private and public video cameras can be used to track a person's movements).
As Schneier puts it,
This is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it's efficient beyond the wildest dreams of George Orwell.Nor does there seem to be an easy solution, or a means of opting out.
There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it's fanciful to expect people to simply refuse to use them just because they don't like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don't spy.
If that worries you - and it should - you could go offline. But in a modern global information society, that comes at a high cost. Or you could try to level the playing field, as David Brin suggests in The Transparent Society - let us, as citizens, have the same access to surveillance of government activities as the government has over our activities. Make government truly transparent, rather than settling for "transparency" being defined as giving people access to information the government wants to provide them. Turn the cameras around, open records, and let the public see what government actually does, rather than only what the government claims it's doing (true or not). Or hoping that an (increasingly scarce) honest and aggressive press will investigate and report, and do the monitoring for them.
Sources - The Internet is a surveillance state, CNN Opinion
David Brin's Transparency website
Edit - fixed some typos