
Surveillance and the Internet of Things - Tsiolkovsky
https://www.schneier.com/blog/archives/2013/05/the_eyes_and_ea.html
======
squozzer
I think it is up to us to figure out how to make this brave new world work.

As Bruce says, the real issue now is not surveillance or even information, but
power. Who gets to watch whom, and (of course) who watches the watchers?

I see four strategies for coping with the issue of power --

1) Default - maintain current trajectory - this is what most of us will do.

2) Withdraw - lower one's profile. This seems to be Bruce's plan.

3) Expose - bring buried secrets to light, and the watchers under
surveillance. Expect harsh repercussions. The US govt has been increasingly
secretive. It has been removing whistleblower protections for some years now.
It has been punishing exposures of information more harshly than in the past
(though I suppose the exposure of Valerie Plame might pass as an exception,
unless your name is Scooter Libby.)

4) Disrupt -- frustrate the collection of information through jamming, feeding
false info, deletion. But info seems to be cheap enough that bad info doesn't
really hurt those using it.

~~~
legutierr
There is a fifth option, which is to construct through the democratic process
a new set of civil rights and policies designed to confront and limit these
new powers.

For example: we can seek to make it illegal for certain information to be
tracked; we can require that any information collected be disclosed to the
individual at risk of being tracked; we can expand fourth-amendment
protections explicitly, forcing a warrant to be issued to collect any of the
information made available through these systems, even if the data is stored
on a corporate server (doing away with national security letters and
administrative subpoenas, and prohibiting disclosure without a warrant); and
we can impose criminal penalties on government and corporate officials that
violate these rights.

And more: we can make exposure of all but the most sensitive government
"secrets" mandatory by law, rather than relying on legally questionable
whistle-blowing for disclosures; we can ensure that encryption technologies
(and other self-protection techniques) always remain legal, and remove any
requirement that backdoors be added to new communication technology; we can
work to decentralize corporate power in telecom by aggressively enforcing
anti-trust laws; we can improve transparency and oversight of telecom services
by explicitly encouraging that high-speed data service be provided as a local
public utility.

And we can reduce the incentive that exists at every level of law enforcement
to undermine privacy and civil liberties (and in turn further centralize
power) by making fewer things illegal--most importantly, drugs.

~~~
sedev
While I'd love for those things to come to pass, it's alarming that you elide
methods and obstacles entirely. The democratic process has been purchased by
the entities you're proposing to regulate, and the entities that you propose
enforce these new rules, are beneficiaries of the current arrangement and
would be greatly inconvenienced by the changes you propose. The beneficiaries
of the current arrangement will resist changes to that arrangement with utmost
vigor, so it doesn't speak well of your proposal that it supposes that they
will cooperate with changes that are against their interests by handwaved
methods and tactics.

How are you going to get from here to there?

~~~
legutierr
I think the first step towards change is to envision the world that you want,
and find people that agree with that vision. And if you can't agree on
everything, find that subset of policies and objectives that people can
passionately agree on, and forget everything else. Then, get organized.

Start by going door to door; find people who care enough about the issue to
help out; have in-person meetings and events and build connections; give
people the tools--online and offline--to recruit participants and stage their
own meetings; orient people towards a focused set of objectives, and ask them
for money to help you broadcast those ideas with counter-propoganda; ask
people to contribute time and money to candidates that support those
objectives; always keep everything above board, to avoid being attacked; rinse
and repeat. If enough people care, you can win; if not, then maybe "money in
politics" wasn't the real hurdle to reform--maybe it's just that the voters
didn't want the reform you were preaching.

Democracy today _seems_ broken, like it doesn't work any more, but it's
_always_ been "broken," it's never "worked". The progressive movement and the
labor movement of a century ago both fought an uphill battle against big money
in politics. It took decades before they experienced lasting success. When
voters want changes in government that cost profitable businesses money, a lot
of those businesses will spend at least as much money as they stand to loose
to prevent that change from happening. It was as true one hundred years ago as
it is today.

The fact is, though, that absent massive violence or election fraud (which
itself is only possible when the polls are tight) with all the money in the
world you still need people--individual people--to vote your way. Money in US
politics has influence only insofar as it can be used to convince the masses
of voters to vote a certain way. The thing is that money and propaganda have
limits, especially if a message of reform resonates. That's what social
movements are all about--coalescing around a message of reform that makes
propaganda sound unconvincing.

------
cottonseed
Speaking of feeling like science fiction, I wish everyone had read David
Brin's The Transparent Society in 1998. Such a prescient book.

<https://en.wikipedia.org/wiki/The_Transparent_Society>

~~~
cottonseed
Some replied with this (somewhat old) response by Bruce Schneier to the
Transparent Society:

[http://www.wired.com/politics/security/commentary/securityma...](http://www.wired.com/politics/security/commentary/securitymatters/2008/03/securitymatters_0306)

It is an interesting response, although I don't think I agree with his
argument. I'm not sure why they deleted it.

------
tripzilch
from one of the comments:

> Bruce, it is getting depressing to read your posts. You don't prescribe any
> kind of resolution such as calling your congressperson.

(I _hope_ they were being facetious with this remark)

~~~
snowwrestler
Why? Calling members of Congress is incredibly effective, especially in large
volumes. Organizing politically has always been the way to create real,
durable change in the law. It's how the U.S. got labor, civil rights, and
environmental protections enshrined in the law despite well-funded opposition.

I know it's very cool these days in Internet-land to consider the system too
broken to engage, but that seems to me to be a self-fulfilling prophecy.

~~~
smacktoward
It's effective on an individual level, but just telling people "call your
congressperson" doesn't scale. Most people are too busy to individually
monitor each bill, vet it on privacy, and decide whether or not a call is
needed. So to really effect change you need an organized movement or interest
group that can pool the voices and resources of all those people together into
something so big it can't be ignored.

Currently the only group like that I know of on technology & privacy is the
EFF, but so many corporate giants have an interest in eroding your privacy
that you'd need to bulk up their funding base considerably to make them able
to take those giants on directly. (Or go the other direction, people-power
rather than money-power, and develop a base of activists who are willing to
march for privacy.)

~~~
stinkytaco
I think you are right, but organized movements only work with grassroots
efforts. It's up to organized movements to mobilize a grassroots base to
effect change. We've seen how successful this is in political campaigns (the
Republics were hurt in numerous elections by their lack of "ground game").
Additionally, and I mention this elsewhere, this is really a social problem,
not technological. If the government (or corporation or powerful individual)
wants to get me (via surveillance or anything else) the only thing that's
stopping them from doing so is social norms and the laws those norms reflect.
Without those, no amount of technology will keep me safe. With them, we can
hope for a normal existence with all its requisite benefits (i.e. technology).

The only way for us to protect ourselves is through political and social
action.

------
D9u
We don't _have to use_ Google, nor Facebook, and we can still buy prepaid
mobile phones with cash, and it's up to us just how much information we share
online.

Maybe I'm a hermit, but I'm online every day and images associated with my
name are quite scarce.

Add to that the fact that there are literally dozens of Americans who share my
exact name, my privacy worries are negligle within the context proposed by the
author.

That said, I do agree with the premise that surveillance is growing
increasingly intrusive, thus my habits outlined above.

------
rogerchucker
Why does he always have to be such a pessimistic grandpa? Privacy as he knows
it doesn't exist anymore because majority have made a choice to give it up in
exchange of new value created by new technology. I'm unsure of what Bruce
Schneier has added of any value to the society lately except his rampant
skepticism. To me he's turning into a Richard Stallman of security/privacy.

~~~
cytzol
The majority have made a choice, but not a conscious choice. Not only do many
people still chase the latest shiny thing or hand over their details willy-
billy without thinking of the consequences, but it's quickly becoming the
default to do so, making it even less of a choice, and more just what you do
in everyday life!

There are plenty of things I've found worth trading my privacy for, but it's
been a conscious choice every time.

~~~
progrock
Funny you say that. A lot of retail chains in the UK, ask for your postcode as
you make a purchase, and basically identify you. I'm never comfortable with
that arrangement, but hand out the data anyway, basically because I don't want
to make a scene in public.

I like the way you've phrased it: not a conscious choice. I wouldn't say that
ignorance is an active part in choice making. But it certainly feels less
complicated.

~~~
DanielStraight
This practice is relatively common in the US as well, and it's never turned
into scene if I refused. I've also been asked for (and refused without making
a scene) my phone number and email address. I just say I'd prefer not to give
it out, and they go on with the process. Obviously can't vouch for the UK, but
I'd say at least try it once.

~~~
progrock
You are right of course, I doubt there would be a scene, only me embarrassing
myself by probably dragging out some kind of justification of not wanting to
hand over my details. Perhaps it's down to being schooled in implicit
compliance, and it feels a little weird!

It drags you down though. Every supermarket you go to asks for your loyalty
card - which I refused to opt-in to for years, but you still are confronted
with the question everytime - it gets tiresome.

I do my shopping by proxy, through a partners' loyalty card, and I've been
pretty surprised at how sophisticated these systems have become.

There's a desperate battle between outlets now for custom. Loyalty cards now
lead to offers (coupons) on items from the weekly shop, and our shopping
basket is quite anormal I'd say. We are actually recouping some worthwhile
savings, for once. Rather than being offered some promotional discount on
something I have no interest in. I feel a little wrong about it, but I no
longer can resist the enticement.

~~~
moheeb
Not to single you out specifically, but you guys sound like a bunch of
pansies. Make up a few fake people with names and addresses and use those.
It's more fun to do so on the spot.

Ted Billson. There...use that. His email address is ted@bill.com if you get
asked. ;)

~~~
kps
His email address should really be ted.billson@example.com.

Another 'fuck you money' project: a set of domains with an open SMTP server
that does nothing but flip the headers around and re-send the message back to
the sender.

