After appearing as the keynote speaker at Scholarship After Snowden, security expert and author Bruce Schneier had a conversation with CGCS about online security.
CGCS: Were the Snowden revelations novel? What in the documents uncovered information that was unknown to surveillance and security scholars and experts?
Bruce Schneier: On the one hand, there was no real surprise. Anyone who has followed the NSA has assumed that they did this. What was surprising is the sheer extensiveness of the surveillance programs, which probably should not have been a surprise, either. I guess just seeing it in actual detail made it more real, and therefore different.
What is the greatest misconception the general public has about security online, especially in this post-NSA revelations environment?
I think people believe that their data is more secure than it is. And I’m not thinking about criminals and hackers, I’m thinking about the “good guys.” Google knows when I stop thinking about it. Google knows what related things I’m thinking about. And Google knows that about everyone. Google knows what kind of porn everyone likes. This kind of thing is inherently creepy, and people don’t think about it.
We don’t think about it because it’s not salient. We don’t wake up in the morning and think “I’m going to carry a tracking device around with me today.” We just grab our cellphone. People don’t think about this data, who…
Ferret Cannon. Egotistical Giraffe. Bullrun. These are not just nonsensical terms, but rather the names of a few of the surveillance tools used by the National Security Agency (NSA) to monitor your online activity. The discussion of Internet surveillance and the right to privacy has swept the U.S. by storm after the NSA exposé by Edward Snowden earlier this year. On October 17th a group of scholars and practitioners gathered at Penn to discuss what these revelations mean for the future of the academia and the Internet. Scholarship After Snowden proved to be a thought-provoking event. Attendees were forced to reexamine the breadth of government surveillance, and to reevaluate the way the academy approaches technology education and policy going forward.
The mere scope of surveillance by the U.S. government is astounding – we are not talking about an email here, a chat history there. Everything that is done on the Internet is collected and stored as data. As Bruce Schneier, a renowned cryptographer and privacy expert noted, “We leave digital footprints everywhere,” and the fundamental problem is that we have made surveillance far too easy and cheap. When surveillance and data storage is cheap, there is a tendency to store everything. As Schneier aptly noted, when you have a great deal of money and resources, “when you have the choice of A or B, you do both.” This problem is furthered by the fact that while many Internet users understand its basic mechanics, they do not really get what is going on “under the hood,” as Joseph Turow, the Associate Dean for Graduate Studies…