Here’s What You Need To Know About Metadata, Hackers And Privacy
Many people, while they deplore Edward Snowden’s acts of criminal espionage, welcome the debate he has inspired about privacy. Unfortunately, that’s a red herring.
While there is a very small chance that your government is snooping on you in any significant way, there is nearly a 100% chance that someone else is, with almost non-existent oversight or restriction.
My point isn’t that corporations are evil and governments are good. The companies that I have worked with have uniformly been concerned with and acted responsibly regarding the privacy of consumers and the integrity of the data that they collect. Nevertheless, we’re being watched and no one is watching the watchers. Here’s what you need to know.
Outside The Envelope vs. Inside The Envelope
When you send a letter, you typically put the recipient’s and returning address on the outside of the envelope. You understand that everyone who comes in contact with it can see who you’re writing to, but not the content of your message. In other words, the inside of the envelope is private, the outside of the envelope is not.
In 1979, the Supreme Court ruled that the phone numbers we dial are, essentially, like addresses on an envelope. We have no expectation of privacy and you can expect that the NSA is collecting records of everyone you call and who calls you. While I’m not an attorney, the legal basis for doing this without a warrant seems strong, albeit not airtight.
On the other hand, if they want to look inside the envelope, they need a warrant from a judge (for US citizens and people inside the US). That’s an important distinction (and a difference from the Bush era warrantless wiretapping). While opinions can differ about the quality of the oversight, the idea that government agents have free reign is a fantasy.
As I’ve explained before, while the collection of your phone records may be uncomfortable, it is extremely effective and far less intrusive than many other methods. Again, while reasonable people can disagree on this point, collection of phone records seems to me to forge a wholly justifiable balance between privacy and security.
Nobody Actually Needs To Listen To You
Historically, one of the restrictions on snooping has been expense. It has been estimated that the East German Stasi had one spy per 66 citizens. That’s incredibly costly and one reason why the Soviet Bloc went broke. However, these days its not humans who are monitoring us, but highly efficient machines and most of it is done by private companies.
Credit bureaus record our transactions. Mobile phone companies (and a host of apps) track our location through GPS. Marketers monitor our Web surfing and social media activity. A relatively new technology, called natural language processing, can read our communications, both written and verbal, just as a human would.
And it is not just what we’re saying that’s being monitored. Our medical records are increasingly online and our DNA soon will be (costs for sequencing a human genome are falling faster than cost of computer processing). T-Ray technology can potentially detect what’s going on in our bodies when we walk past a monitoring device.
I’m not alleging anything nefarious, in fact, the companies who develop these technologies are trying to improve our lives. Mattersight uses algorithms to monitor call centers in order to serve us better. Scanadu developed a home monitoring device that will cut medical costs and make us healthier.
Still, if having a conversation about privacy is so important, why are we so focused on the relatively mildly intrusive government programs to the exclusion of everything else?
Humans Are The Key Vulnerability
Most intrusions in our lives are dual purpose. Governments monitor communications to fight crime and keep us safe. Corporations track our activity in order to serve us better. There is little point in seeing a “big brother” bogeyman behind every algorithm.
Yet there are people out there who do mean us harm. Competitors want to steal our trade secrets. Cybercriminals want our credit card and social security numbers so that they can empty our bank accounts or even, in the worst cases, steal our identities. With so much online these days, we’re all at risk.
However, the means of attack are often decidedly low tech. The biggest weakness of any system lies not in the code, but in the people. The most pervasive hacking technique is social engineering, where an intruder poses as someone in an official capacity (often someone from tech support) to gain access through ruse rather than technical skill.
So the most important line of defense in cybersecurity is not high tech systems, but basic training. Maintain strong passwords and never give them to anyone.
The Downside of the Global Village
In the 1960’s, Marshall McLuhan started talking about the concept of a global village where electronic media brings us back to a more communal way of life and that’s largely what’s happened. Mostly it’s a good thing. Closer collaboration is one reason why our lives continually improve.
But there is also a dark side to technology. The same way digital communication makes friends and neighbors of people across the world, it also brings the village gossip, the peeping Tom and the friendly (and sometimes not so friendly) constable closer into our lives.
For better or worse, this is something we’re going to have to learn to live with. As Eric Schmidt and Jared Cohen point out in The New Digital Age, attempts to avoid monitoring, such as commercially available encryption software and a small digital footprint may likely invite more scrutiny, not less.
However, while we should all be concerned about government intrusion into our privacy, that is, in the final analysis, a small part of the problem. Everybody’s watching and we should be watching them.