Email snooping is a small fraction of the storyWed, Jul 17, 2013 in Security
I wrote previously about why privacy and security require open-source, inspectable hardware and software to run on, and software that makes encryption the default so everyone uses it. My example application was email, and I concluded that it’s currently impractical to think that we can block government snooping on a large scale even in the domain of email.
Now, think what a small fraction of people’s Internet-connected activities we’re talking about: email. What about web browsing, social network use, chat clients, game playing, phone use, GPS use, credit card transactions, search engine activity, smartphone apps, online video streaming, television viewing, car driving, access to personal devices such as security systems and webcams, cable TV use, and on and on? How can all of this be made secure and intrusion-proof? And make no mistake, all of this data is intensely personal, private, and meaningful. Email is a tiny part of the story.
And day by day, our lives are becoming ever more electronic, ever more connected, and thus ever more trackable. Wearable computing and RFID chips are going to be reality for normal citizens in the next decade or less. In twenty years many people will probably have Internet-connected, GPS-enabled, RFID-broadcasting devices physically implanted in their bodies. (The rest of us already carry these in our pockets every day). This is not sci-fi, it’s the quite predictable and ordinary extension of current trends and developments.
It’s not to say that this is evil. All of these things have good and wholesome uses, and will become available for good reasons – medical, business, convenience, entertainment, and so on. They’ll enhance us and our lives greatly. But their potential for abuse, and thus the virtual certainty that they will be abused, is stunning.
And as I’ve pointed out in my previous posts, it’s practically impossible to prevent such abuse, even for the mundane technologies such as email. Any workably-secure technology that I currently know of is unsuitable for mass use, and thus won’t be used. All of these devices and technologies will, in their convenience, expose us to intrusion on a scale I’m not sure I can imagine.
Put it this way: have you heard of bitcoin? It’s a radical departure from traditional currencies. Now imagine that every kind of electronic activity you engage in needs to be similarly radically invented if there’s any hope of privacy and security. This might not be an exaggeration.
What can we do? I think that all devices, technologies, and services need to be designed to be surveillance-proof, but I think the very foundations of our technology platforms, such as the Internet itself and all of the components that make it work, might have to be redesigned. Perhaps there’s another way, such as building a secure “tunnel” or VPN-like environment inside and on top of existing technology. But I’m not the expert in such matters.
If someone can solve this, it could be a more significant technological advance than all of the technological advances in human history thus far, because rather than just enabling technical innovation, it could enable and guarantee freedom – both freedom to and freedom from. If so, this would truly be a first. However, I believe that freedom is never guaranteed and won universally and permanently; I believe there will always have to be a fight for freedom against those who seek to limit it.
In the meantime I personally plan to carry on as usual, doing what I can and working to become successful within the system, so that I have more of an opportunity to counteract the potential and actual abuses. Because that’s what it seems to come down to: stopping governments from monitoring and thus (as I said previously) partially controlling us seems to be impossible or impractical.
I also want to end on a positive note. I don’t worry about these things; I don’t make myself unhappy about them. And I hope you don’t, either. The future is always uncertain. If it’s not the race between technological good and evil, it’s something else. This is simply another challenge to be met with a clear, present, joyful head and heart.
I'm Baron Schwartz, the founder and CEO of VividCortex. I am the author of High Performance MySQL and lots of open-source software for performance analysis, monitoring, and system administration. I contribute to various database communities such as Oracle, PostgreSQL, Redis and MongoDB. More about me.