The security guy who’s unlocking the mystery of government surveillance

Bruce Schneier believes governments, driven by fear, are going the wrong way about tackling terrorism

Bruce Schneier: “So much surveillance is piggy-backed on corporate servers. I think it’s funny when someone like [Google chairman] Eric Schmidt is complaining about government surveillance.”

Bruce Schneier: “So much surveillance is piggy-backed on corporate servers. I think it’s funny when someone like [Google chairman] Eric Schmidt is complaining about government surveillance.”

 

Renowned security expert Bruce Schneier is on the phone from a US airport, and there’s an awful lot of commotion going on in the background.

A bleeping siren is punctuated by loud announcements. “I have no idea what is going on,” says Schneier. “Oh, wait. Firemen in full uniform just went past. Carrying sharp implements for smashing things.”

That’s a bit alarming, isn’t it? “Just as long as they aren’t going towards my gate.”

They aren’t, but it’s an ironically amusing backdrop for a conversation with the man who has berated national governments for tackling terrorism by instilling a fear about unlikely “movie plot” disaster scenarios. He even created an annual disaster plot competition for readers of his blog, Schneier on Security.

His argument, reiterated in various blog posts, was that governments should stop scaring people with unique and rare scenarios – and inconveniencing them by confiscating their liquids and gels. Instead, states should take a broader approach in defending against terrorism, including investing in intelligence, and in better emergency response to save lives when something actually does happen.

Nine years on, he remains just as sceptical.

He’s finishing off the final edits on a forthcoming book, due in March, “about surveillance and what you can do about it”. The title? “Data and Goliath.”

A prolific writer, Schneier is aiming this book – like his others in recent years on issues such as security, privacy, fear and trust – at a general audience. In the wake of whistleblower Edward Snowden’s revelations about large-scale, secretive surveillance by US and UK security agencies, concerns about corporate data-gathering, and other big data alarms, public interest in such topics has probably never been higher.

“I’m really writing about government and corporate surveillance and how to deal with it,” he says.

Held in high esteem by hardcore geeks

Applied Cryptography

A quarter of a million people follow his monthly newsletter and blog posts, which appeal to both the specialist and the generalist.

He’ll be in Dublin on October 6th to give the second annual lecture for Front Line Defenders, a Dublin-based organisation that offers support and protection to global human rights defenders, including a free digital toolkit for online security.

Entitled “Is it Possible to be Safe Online? Human Rights Defenders and the Internet”, Schneier’s lecture will be about government power, the internet, and how things are changing, he says.

“It’s interesting that the internet is also a tool for freedom and social contribution” at the same time it can be used for surveillance and oppression, he notes.

Real opinions of governments

“There’s a whole lot of posturing. It’s very hard to tell what’s real and what’s not,” in official reactions and statements.

“For example, the German government was offended at finding out about US surveillance of its communications, but at the same time, it’s a major US surveillance partner,” he notes.

And it is difficult to sift through government positions within the US, where officials have complained they were unaware of the depth and breadth of domestic US surveillance conducted by the US National Security Agency (NSA).

Congress approved the laws that were used as the basis for such surveillance, “yet Congress had no idea what they actually would be used for. It’s hard to understand – did the NSA know in advance what it wanted to do, and carefully craft what went into those laws, or did they exploit loopholes after the fact?”

The US government seems not to have known how such laws would be used, or what its security agencies were doing, “and that’s true in the UK as well.”

Schneier, who for seven years until last December was the “security futurologist” for BT (he’s now chief technology officer of Co3 Systems), believes it’s clear that UK surveillance agency GCHQ acted without the British government having much idea what it was up to.

But corporations are snoopers too.

“So much surveillance is piggy-backed on corporate servers. I think it’s funny when someone like [Google chairman] Eric Schmidt is complaining about government surveillance. You just can’t look at it separately [from corporate surveillance],” says Schneier.

He’s called that combination of government and corporate data-gathering “the surveillance industrial complex” and the “public-private surveillance partnership”.

But he also acknowledges that finding an acceptable balance between privacy, security and intelligence-gathering “raises some pretty hard questions”.

Not least as we have entered an age in which so much that we do involves electronic or digital devices that create massive streams of revealing data about our lives and activities.

“Yes, we live in interesting times. How do we get the benefits of data, without sacrificing privacy?”

Right now, many people remain too scared, too unaware, or too trusting to demand significant change from governments, he thinks. And he notes that governments have manipulated public fear by using carefully timed announcements about terrorist plots, increasing public terrorist alert levels, in order to forward political agendas.

“We know, certainly, that in the Bush years, they were timed for political benefit.” Is that still the case? It’s difficult to tell, he says.

‘Long-term optimist’

“Is society doomed? I just don’t believe that. It may take a generation or two, but we’ll figure this one out.”

Fear makes people do stupid things, he notes.

“Think of history – in the second World War we incarcerated Japanese citizens [in the US]. We should be able to look back eventually and think, ‘that was dumb of us’.”

“The terrorists really screwed us” because fear has driven overwrought responses by government that are oppressive to society generally, “but it will get better, it really will. All this does not spell the end of democracy and liberty.”

Bruce Schneier will deliver the second annual Front Line Defenders lecture in association with TCD and UCD in Dublin on Monday, October 6th. Further details and ticket information: frontlinedefenders.org/schneier2014