
The Internet Is a Surveillance State - gits1225
https://www.schneier.com/essay-418.html
======
cromwellian
Schneier has a great article here on the many ways you are being tracked, but
I think overlooks the fact that much of this record keeping happened prior to
the internet. Almost all public activity generates a paper trail, and before
the internet, your phone company, bank, grocery store, even your VHS rentals
and public library, were keeping records on you. The internet makes it far far
more efficient, but it didn't invent the collection of such records.

I think the focus shouldn't be on the unavoidable "information radiation wake"
you give off as you move through the world living your life, but on the ways
people utilize this information. The government, and private entities, need to
be constrained in how this information can be legally used, not in the
collection of it, which I think is impossible.

Consider health records, which lots of people are paranoid about. There's a
lot of diseases we might be able to treat if people's health records were
available to researchers. One might be able to detect correlations in disease
from these records of millions of individual cases. But insurance companies
and employers could potentially discriminate against you based on these
records, so it is in your interest to keep your medical conditions secret. In
cases, if you have a communicable disease, it is understandable you'd want
privacy too.

Point being, the biggest danger of loss of privacy is abuse by the state or
other private entities, and if we could build safeguards against that, the
fact that your phone signals give away your location, or your subway card
shows where you've been, might not be so threatening.

~~~
runjake
_> Almost all public activity generates a paper trail, and before the
internet, your phone company, bank, grocery store, even your VHS rentals and
public library, were keeping records on you. The internet makes it far far
more efficient, but it didn't invent the collection of such records._

In addition to efficient, it also made it more convenient and secure to do so.
This aspect is huge.

The local video tape rental place may have kept records of every movie you
rented, but an agency wasn't going to go in and demand your records from the
scumbag owner unless it had a really pressing reason to, as it would
potentially blow their investigation/operational security. Scumbag owner would
have some guys in dark suits visit him and it'd be all over town in a matter
of hours. The end result is that they probably wouldn't sift through your
rental records.

Now, with the proliferation of the Internet, the government doesn't even need
active participation of the records custodian, they can pull traffic off the
wire and warehouse it themselves.

And if it does require active participation from the data custodian, they have
nice National Security Letters with highly-threatening gag orders, which have
proven to be quite effective.

~~~
rayiner
> And if it does require active participation from the data custodian, they
> have nice National Security Letters with highly-threatening gag orders,
> which have proven to be quite effective.

But they don't need NSL's to get the data. Just as a plain old warrant or
subpoena would have been enough to get your local video tape rental place's
records of the movies you watch, it's enough to get Netflix's records of those
movies.

~~~
angersock
The data offered by my old local video place, though, was pretty minor, and
they were small enough that honestly I don't think anyone higher than the
local police in the food chain cared.

If you can get Netflix, it suddenly justifies the effort to mine that data and
weave it into a larger tapestry.

------
riveteye
Privacy is an illusion, and a dangerous one. It allows dishonest people to
appear honest, and further perpetuates the lie of 'normal'. It closes minds
and turns us against other people who are just as human as ourselves. Privacy
allows corporations selective access to our data, with the promise that it
won't be misused, sold or released to those who wish to do us harm. This is a
promise that no corporation can reasonably be expected to keep, if they fall
under the jurisdiction of any institution greater then themselves (Like the US
government). We have a lot of anxiety around people finding out our secrets,
but only because we expect privacy in a world (or internet) where true privacy
doesn't really exist. If you do a thing, and you do it anywhere beyond in your
own mind, you have effected reality, you have changed the universe, it is
public. As terrifying as that might seem.

~~~
hga
In a country where the average professional commits " _Three Felonies a Day_ "
([http://www.amazon.com/Three-Felonies-Day-Target-
Innocent/dp/...](http://www.amazon.com/Three-Felonies-Day-Target-
Innocent/dp/1594032556/)), you're damned right, " _We have a lot of anxiety
around people finding out our secrets_ " Basically, our normal lives exist at
the sufferance of these "public servants".

~~~
riveteye
Selective enforcement has got to go. It's an infringement on all of our rights
as human beings. Get rid of selective enforcement, and you get rid of
ridiculous laws?

~~~
hga
But how do you get rid of selective enforcement? If for no other reasons than
limited resources, prosecutors have to decide who they'll pursue and how hard.

Disbarring a prosecutor from ever holding elective office is about the only
thing I have been able to think of, and it's not hardly enough.

Get rid of the ridiculous laws is more like it. Perhaps our Founders had a
point when they were trying to create a limited government? Gerry Ford's best
ever quote puts it in the modern context, " _A government big enough to give
you everything you want is a government big enough to take from you everything
you have._ "
([http://en.wikiquote.org/wiki/Gerald_Ford#Address_to_Congress...](http://en.wikiquote.org/wiki/Gerald_Ford#Address_to_Congress_.2812_August_1974.29))

~~~
swombat
Getting rid of the laws is the obvious move. If smoking pot is a felony, and
30% of the population has done it, then the law that makes smoking pot a
felony is obviously a bad law.

A simple way to decide if a law is bad or not is to look at how many people
break it each year. Any law that's broken by more than 1% of the population
each year should be removed from the books.

~~~
mindcrime
_A simple way to decide if a law is bad or not is to look at how many people
break it each year._

That's one way. I'd go further and say that if the "crime" doesn't have a
victim, and involves strictly voluntary / consensual actions & behavior among
adults (children may be a bit of a special case) then it is no crime.

I generally agree with Bastiat's[1] sentiments on this:

 _What Is Law?_

 _What, then, is law? It is the collective organization of the individual
right to lawful defense._

 _Each of us has a natural right — from God — to defend his person, his
liberty, and his property. These are the three basic requirements of life, and
the preservation of any one of them is completely dependent upon the
preservation of the other two. For what are our faculties but the extension of
our individuality? And what is property but an extension of our faculties? If
every person has the right to defend even by force — his person, his liberty,
and his property, then it follows that a group of men have the right to
organize and support a common force to protect these rights constantly. Thus
the principle of collective right — its reason for existing, its lawfulness —
is based on individual right. And the common force that protects this
collective right cannot logically have any other purpose or any other mission
than that for which it acts as a substitute. Thus, since an individual cannot
lawfully use force against the person, liberty, or property of another
individual, then the common force — for the same reason — cannot lawfully be
used to destroy the person, liberty, or property of individuals or groups._

 _Such a perversion of force would be, in both cases, contrary to our premise.
Force has been given to us to defend our own individual rights. Who will dare
to say that force has been given to us to destroy the equal rights of our
brothers? Since no individual acting separately can lawfully use force to
destroy the rights of others, does it not logically follow that the same
principle also applies to the common force that is nothing more than the
organized combination of the individual forces?_

 _If this is true, then nothing can be more evident than this: The law is the
organization of the natural right of lawful defense. It is the substitution of
a common force for individual forces. And this common force is to do only what
the individual forces have a natural and lawful right to do: to protect
persons, liberties, and properties; to maintain the right of each, and to
cause justice to reign over us all._

Where I disagree is the whole "from God" bit, considering that I'm an atheist.
I consider the rights he is speaking of, as being a fundamental aspect of
being a sovereign individual possessed of self-ownership and agency.

[1]: [http://bastiat.org/en/the_law.html](http://bastiat.org/en/the_law.html)

~~~
sigzero
So where do your rights originate from then? Ultimately it comes down to
authority. You can say you have the right but so can every other schmoe. I can
even argue that you are wrong about your rights and you have no greater
authority to say I am not correct.

~~~
gnaritas
Made up beings are not a greater authority either; rights are given by the
consent of the society you live in. That is truly the only place they
originate. You can debate endlessly about natural rights and natural law and
God this or that, but the simple fact is you can do only what others allow you
to get away with.

~~~
jlgreco
Not _all_ rights are given by consent of society.

A right that you have is one that cannot be taken away. _Traditionally_ this
is limited to things that society has agreed not to take away. However we are
slowing entering into an age where a new type of right emerges: a right that
you seized and society is powerless to take away.

We don't normally think of "PGP'd email can't be read" as a "right", but that
is essentially what it is. A right that has been seized, not granted.

These rights are of course vulnerable, just like rights granted by society.
Instead of keeping society convinced that the right must remain granted, you
instead have to be careful that you remain in a position where society is
powerless. In practice, this is quite difficult.

~~~
gnaritas
Society is never powerless to outlaw something, even if they can't enforce it.
It's not a right if it's illegal even if said law is unenforceable.

~~~
jlgreco
Outlawing is a meaningless gesture if the possibility of enforcement does not
exist. They can outlaw seized rights but if they cannot (or do not) enforce
their laws then you will remain in possession of your seized rights.

For that matter, this applies even to granted rights. There are plenty of
rights that people have that are outlawed by unenforced (and unenforceable
laws). Consider for example laws in less enlightened states that specify what
sorts of sex two consenting adults are allowed to have. These laws are not
enforced, making them little more than monuments to the ignorance of the past.

~~~
swombat
The possibility of enforcement for the example of PGP encrypted email is
pretty obviously real: just throw anyone who is found to use PGP in jail for
10 days.

------
Jupe
I just don't get it. Hacker news, just days ago had a posting: "Police admit
they're 'stumped' by mystery car thefts", and the collective response was
something along the lines of "silly police don't know how to use google."

And now, the "hackers" are in disbelief that the US government is actually
reading their emails and listening to their phone calls. NSS!

We got what we wanted here, folks. Information is free - free to be created,
free to be read, and free to be copied, stored, decrypted and analyzed by
anyone with the means and drive to do so.

I don't know who said it, but "Don't put anything online you wouldn't want to
appear above the fold of the Wall Stree Journal."

------
jetblackio
I think instead of trying to fight the increased levels of surveillance by
both governments and corporations, we need to focus on increasing the levels
of transparency. I personally don't really care that governments and other
organizations have information about me. There is always an inevitable paper
(or electronic) trail associated with using the internet and various services.

But I do care about the fact that the FBI can pull up information about me and
I have no knowledge of it. If they collect information to combat terrorism,
fine. But the 99.999 percent of innecent people being tracked have a right to
be notified (and given a course of action for recourse) when they've been
wrongly targeted, for whatever reason.

I know, it's an idealistic dream, but it is more realistic than combating the
inevitable surveillance practices that are just now coming to light.

~~~
goostavos
What would you expect an FBI informational notification to say? What would
they notify you of, that your activities have warranted investigation?

If anything, being notified that I'm being looked at would freak me out more
than not knowing. We've entered this weird world of now needing to avoid
appearances.

The thing that troubles me the most about the government accessing ALL of my
data is the idea of false positives -- or hell, even purposefully spinning one
aspect of my data to mean whatever the hell they want it to mean. If we don't
have access to the same information, how are we supposed to defend ourselves
against accusations?

~~~
jetblackio
Well, I'd probably expect transparency to at least come in two forms:

1\. Broad annual reports containing the number of individuals were
investigated, or whose 'file' was pulled, and the number of investigations
that resulted in some sort of prosecution. Basically, give me the figures that
show me the efficiency of the NSA investigations. This would help combat just
broad pulling of records without specific cause and purpose. You could go so
far as to say that after passing certain thresholds of efficiency, their
actions would be audited. Note that I realize this is not ever likely to
happen, but just trying to give an example of how increased transparency could
be done.

2\. Individual notification. This is obviously much more difficult because
they wouldn't want to tip off a legitimate threat to the fact they are under
investigation. But the general alternative is not acceptable either. The
government can't just investigate people and invade their privacy without good
reason. So some how, individuals need to know.

The checks and balances of Executive, Legislative and Judicial branches is an
effective mode of government, but there is a second 'check': the one by the
people. If I don't know my rights are being violated, how can I hold the
government responsible?

So, yes, some form of individual notification is necessary. Maybe the
notification happens after the investigation is finished. Maybe I'm notified a
year late. But one way or another, I have a right to face my accuser.

Those are my thoughts on it anyhow.

------
trotsky
I've honestly never really quite recovered from watching the dreams of the
cypherpunks die so hideously and completely. I guess it's because the ideas /
movement / whatever bubbled up when I was at that age when you think this is
going to be the groundswell, my generation is going to cause a fundamental
change in the world.

If you're unfamiliar, there was a strong meme in the late eighties through
early/mid nineties among a certain set that the perfect storm of public key
encryption (still wonderfully unbounded in our minds) and the emerging global
network would be a nexus point for personal power in privacy, anonymity and
security and in many real ways break down the bonds of the states. It's worth
noting that this was about the time that the soviet union fell, and many in
the know had gotten a first taste of global presence by hearing about the
people in the streets via usenet before it made the news.

It wasn't that I was particularly a hard core believer or activist, at least
compared to many I knew. But for those who understood what an immense impact
the internet was going to have it seemed to everyone I knew - NSA, hackers,
professors, that it was just how it would be. You couldn't hope to spy on
pretty much anyone anymore when you could use perfect encryption to scramble a
telephone call or an email. Kind of like when you knew everyone was about to
have a touch phone.

I was ideologically aligned and mixed in such circles, nerds were still
outcasts so not really too big a world, but my life was busy with other things
- but I watched from a distance, fascinated with all the ideas and things to
come. I'm not sure I've every really been more sure something was going to
happen, at least to a very significant degree.

The government was sure too - that was when they came up with CALEA and people
got upset but mostly scoffed - there was a real sense that they were just in
their death throws.

Things got pretty busy, Internet boom. Company got bought by an agency, every
big name anybody needed to be on the Internet yesterday. Was a blast though a
bit of a blur - ended up in SF as the whole thing worked itself into a nasty
hangover. Can't remember worrying too much about when the cypherpunks were
going to win but still knew it had to be coming, err well it's just about
adoption.

It really sucks to wake up after a bender and realize that you helped kill the
dream that you were just waiting for someone else to make happen.

Working infosec as california recovered put me face to face with reality
pretty early in this cycle. Not only was the thing I was so sure of totally
not how it went down, with shift from relatively petty financial fraud and
wankers to states and srs.bsns abandoning defense to focus solely of offense
it's been very hard to square. It's hard to believe many people ever feel so
sure about something that turns out so absolutely opposite.

Fuck, at least nobody killed rms.

~~~
smtddr
Well, don't completely give up hope just yet! All the tools needed to create
the world you mentioned exist today. We have good open-source encryption that
can be applied to all sorts of data and hide your tracks if you really want
to. What we don't have(yet) is something so easy that the general public can
do it. Like, tap a padlock icon on your cellphone and suddenly anything your
phone does is encrypted and only the receiving party can decrypt it. GPG/PGP-
plugins could be added to just about anything. Hang in there and keep up the
fight. Keep explaining your point of view to anyone who will listen. There
have been times in history where seemingly-invinsible corporations and/or
groups of very privileged people get overturned when the general public "wake
up" to what's going on. Even what's going on in North Korea won't last
forever, there will be someday that one major incident that domino-effects
into the downfall of that whole system.

"And never forget, the internet only knows what you tell it... more or less"
\--me!

~~~
loup-vaillant
> _Like, tap a padlock icon on your cellphone and suddenly anything your phone
> does is encrypted_

Not good enough: you have to _think_ of activating it. And even if you do,
most traffic will still be unencrypted, making it easier for spies to tell who
may have something to hide, and when they do.

To have real good, actual privacy, everything should be encrypted by default,
the internet itself should be a giant scrambling overlay network such as Tor,
and people should have symmetric bandwidth to encourage decentralization —no
more need for YouTube.

I don't see it happen in the following decades.

~~~
shawnz
What's the problem with most traffic being unencrypted? If you have something
in particular that you want hidden, it's possible to make sure that it gets
hid. What more do you need?

~~~
cgag
You not to know I'm hiding anything at all.

~~~
zhemao
Exactly. They may not know what you're hiding, but if they see small portions
of your internet traffic are encrypted using a scheme very different from your
regular traffic, flags are raised. Then it's simply a matter of sending an NSL
to whoever they need to in order to get the content of the message.

~~~
gizmo686
>Then it's simply a matter of sending an NSL to whoever they need to in order
to get the content of the message.

If its done right, there are only 2 people capable of getting the content of
the message: you and the intended recipient.

------
dnautics
There are two obvious ways to fight this. First, add a lot of noise. For
example, you could change your name to something extremely common. You could
broadcast inaccurate data about yourself.

Secondly, whenever you do need privacy, use the social equivalent of a one-
time pad. Never execute the same mechanism twice. For example, you could
conceivably use a cantenna to access a distant wi-fi spot. You could buy the
wireless cards with cash (and walk to the store where you buy it, preferably
in a city that you don't frequent - and get there by car with good mileage so
that there's limited trace of you being there), and buy a used laptop on
craigslist with cash....

While surveillors can be open-minded, to a certain degree access to enhanced
tracking technology will also engender a stronger reliance on the streetlight
effect - and complete expurgation of the streetlight effect is impossible.

------
finnw
> _Google knows exactly what sort of porn you all like_

If only.

------
splitrocket
Those who would stop this cannot: their whole lives are also part of the
surveillance state. Politicians,generals, senators, prime ministers and CEO's
all: their dirty laundry and skeletons in the closet that they thought were
secret are no longer.

No one of power will fight this because they are afraid of becoming its
target.

------
websitescenes
I am really surprised how people are reacting to surveillance revelations.
These practices or obvious and have been in use for as long as I can remember.
Did no one really know about widespread government surveillance? You don't
have to look very hard to find evidence. Bottom line: this has been happening
for a long time. Do really think that the military released the internet
because it made them feel all fuzzy inside? Think about it.

------
mrt0mat0
why not just flood the NSA with false data? We know what they monitor all data
through those big ten companies. Couldn't botnets be configured to just start
surfing the internet, maybe doing keywords that would trigger the government
monitoring. I assume that enough junk information would fill up the gov.
databases that they would have a harder time trying to figure out what's real
and what's just useless data.

~~~
aegiso
Which would no doubt brand us cyberterrorists if it managed to work.

~~~
pyre
Well, then the system worked! It shook out the terrorists among us into
showing their true faces! </sarcasm>

------
matrix9
You'd better encrypt your private data before uploading to web sites.

Recommend to use some privacy oriented apps/sites spideroaks, securekeep.com

~~~
cromwellian
Encryption doesn't defeat traffic analysis, and a lot of the recently reported
surveillance is based on metadata to generate leads.

~~~
err_badprocrast
So what if you use something like a Russian VPN or Tor? It seems like that
would only be vulnerable to attacks based on exact connection times and to
traffic volume analysis, both of which could be avoided by generating fake
traffic.

~~~
Herring
Too few people do that. They can afford to tag you for other kinds of
surveillance.

If the State wants your head, there's not much you can do even if you're
innocent.

------
ilaksh
There is no reason to trust large companies with our data. We should move to
content oriented networking where data is encrypted by default and we can
choose what networks our data goes into and how it is accessed.

We should also use peer based grid/mesh networks as much as possible

------
giardini
The USA is a Surveillance State.

FTFY

~~~
zobzu
If you think it's only the USA, you're fooling yourself pretty hard.

------
Datsundere
This is a world where the hacker who identifies the raper gets punished more
than the raper himself. What do you expect

------
hga
" _If the director of the CIA can 't maintain his privacy on the Internet,
we've got no hope._"

Blah. Ignoring for the moment that he's 6 levels removed from the agents in
the field, notoriously the very few of them out there (last time I checked 90%
of the CIA is desk bound in the US) are _very_ bad at fundamental trade-craft,
with the Camp Chapman attack
([http://en.wikipedia.org/wiki/Camp_Chapman_attack](http://en.wikipedia.org/wiki/Camp_Chapman_attack))
as a telling extreme example.

~~~
RyanMcGreal
Surely we can agree that the director of the CIA is going to be better a
maintaining privacy than the average person.

~~~
stonemetal
Why should I agree to that? The director of the CIA is a political appointee
not an uber spy. They probably have more security training than your average
citizen but not much more.

~~~
theklub
I think it just says more about the types of people running the CIA. Not the
smartest... not very moral... etc

------
ommunist
I always wonder how fast telepests start to call you once you register at some
online service with your phone number. UKFast hosting I believe sells your
data immediately. Comparison sites do the same.

------
Datsundere
lol, there is no way Guns are going to get banned now. More people will buy
guns cause of this. I don't know if the Government did this knowingly or
unknowingly.

~~~
Datsundere
Instead of voting me down, give me a proper argument. I'm stating a fact, if
you don't like it counter argue.

This is nothing different than what the us government is doing by abusing
their power and the people that can vote down are doing the same.

