If You Can’t See It, It Can’t See You
Feb 1st, 2010 by sherri
There’s a wonderful quote in the Hitchhiker’s Guide to the Galaxy: “The Ravenous Bugblatter Beast of Traal [is] a mindboggingly stupid animal, it assumes that if you can’t see it, it can’t see you- daft as a bush, but very ravenous.”
Here on the Internet, we face a related problem. Every time we type something into a web search bar, it is analyzed. Every web site we visit is tracked back to us. Every word we send over email can be read in transit. Every IM can be captured. All of our transactions using credit or debit card are logged, the locations, amounts and purchases used to develop detailed profiles of us. This information can be, and often is, used to manipulate/exploit us. (This doesn’t even take into account spyware, keystroke loggers, and other invasive recording/tracking devices that record many people’s every movements.)
We can’t see it happening, so most people don’t realize that we’re being watched.
Even when we do realize we’re being watched, often the attitude is, “Who cares?” Corporations, dictators and other modern predators aren’t as stupid as the Ravenous Bugblatter Beast, and they’re very ravenous. Many of us operate with a broad trust in human goodness which is unfounded. Humans enslave, hurt, kill and exploit each other. Not all of us, but some. Having equal visibility, or at least an accurate understanding of the playing field, is exceptionally important.
In order to preserve true democracy and individual freedom, we need to demand better publicity and transparency of monitoring. People are not designed for an environment in which we are constantly being watched by an invisible eye. We don’t instinctively take this into account when designing government or conducting business. We need to:
a) Educate people regarding current monitoring techniques by government, corporations, and criminals;
b) Work to make these activities as visible as possible, by demanding signage, lights, labels or other visible indications of surveillance in all forms of technology.
If you have suggestions regarding how and why to make surveillance more visible (on the Internet and beyond), please contribute comments. This is an exceptionally important issue that we need to openly discuss and address.
| Sherri Davidoff |
| PGP-signed text: 2010-02-01 (current) |
I think the main reason why people have a lacidasical attitude towards internet privacy and security is because we lack tangible examples of these nefarious plots. It is easy to come up with examples of identity theft, but they mostly rely on keyloggers, spyware, and other activities which are illegal (even if they are easier to execute than they should be).
The only stories I have heard about the perils of legal online surveillance seem to be advanced marketing (which most people believe they are not susceptible to, and there fore are more likely to ignore) and online photos/blogs causing employment problems (which, isn’t so much about secret surveillance, but rather about personal choice and knowledge of consequences).
So, I think the cause of online security and privacy would be helped tremendously if someone were to give us some good specifics of how this surveillance hurts your average westerner who doesn’t worry that the thought police will bust down their door in the middle of the night.
Response to Kevin H
You make a good point.
One good example for people, of why they should care is:
If the government is collecting all this data about its citizens, what happens when (if) a not so pleasant government comes into power (a far right organisation like the BNP (British Nationalist Party)). They would have access to all that data, and therefore know the address of all ethnic minorities residing in the country. ooops.
It is not so much what the government does with this information, the concern is much more what a nefarious government could do with this information. Add into this, most governments inability to keep so-called personal information secure and it doesn’t even have to be a nefarious government, just someone (group) who manages to gain access to the personal data.
Hi Sherri
I’ve nothing to add right now but I think it’s very important for people to understand, and engage with the debate, on internet surveillance.
So I’ve Tweeted it and asked someone close who works in IT security and has more followers than I do to do likewise.
Listeners of the RSA’s podcast – Speaking of Security – will be aware of Joseph Menn’s views on the criminal fraternity investing heavily on snooping on us – http://www.josephmenn.com/other_keystroke_betray_you.php
Bruce Schneier also makes valid points:
“Google’s system isn’t unique. Democratic governments around the world — in Sweden, Canada and the UK, for example — are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell.
Many are also passing data retention laws, forcing companies to retain information on their customers. In the U.S., the 1994 Communications Assistance for Law Enforcement Act required phone companies to facilitate FBI eavesdropping, and since 2001, the National Security Agency has built substantial eavesdropping systems with the help of those phone companies.
Systems like these invite misuse: criminal appropriation, government abuse and stretching by everyone possible to apply to situations that are applicable only by the most tortuous logic. The FBI illegally wiretapped the phones of Americans, often falsely invoking terrorism emergencies, 3,500 times between 2002 and 2006 without a warrant. Internet surveillance and control will be no different.”
http://www.schneier.com/blog/archives/2010/01/me_on_chinese_h.html
I hope it all adds to the debate…
I’d love to see a few well-designed and presented “exposés” appropriate for distribution to the not-so-savvy Internet user…
One idea: Analysis and explanation of all TCP/IP traffic occurring in the background (i.e. not explicitly requested and invisible to the unobservant) when booting up, loading up a popular web browser, visiting a popular social networking site, etc. (… and follow that up with explanations of where personal data is “leaking” or a security vulnerability exists at each step)
It is certainly hard to convince people of a threat which they do not comprehend, however, it is equally important to present a solution or suggestion toward user empowerment – most people choose to ignore threats they feel powerless against (and that may be why so many choose not to comprehend what is going on in the first place).