Fighting the Survellance State

"The NSA is not made of magic," Bruce Schneier told a Harvard audience. Make surveillance harder and they will be forced to do less of it.

  • Posted on: 18 December 2013
  • By: stannenb

Raise the cost of surveillance, Bruce Schneier told a packed crowd at Harvard today, and you'll reduce the amount of surveillance the National Security Agency (NSA) can do. "The NSA is not made of magic", he said, but is governed by "economics, physics, and math." If we all take steps to make the bulk collection of our data harder, Schneier suggested, the NSA will be forced to rethink its "collect everything" strategy.

Schneier, a well-regarded computer security technologist, is one of the few people to have full access to the cache of documents released by Edward Snowden, the 30 year old contractor whose leak of 1.7 million NSA documents has triggered a wide ranging scandal and public review of intelligence practices. Last week, Chas Freeman, who was George H.W. Bush's Ambassador to Saudi Arabia, told an MIT audience that the surveillance practices exposed amounted to a "turnkey totalitarian state".

Schneier cautioned the audience at a lunch seminar held by Harvard's Center for Research on Computation and Society that NSA surveillance is "robust" in the technical, political, and legal senses. The NSA uses multiple means to get at particular data streams, each involving different technical methods and legal justifications. This, he said, argues for a broad set of responses from individuals, corporations, and the Internet Engineering Task Force, the group that sets standards for internet protocols. Schneier's proscriptions include:

  • redesign of internet protocols for ubiquitous encryption
  • use of anonymity tools such as TOR
  • redesign of products and services to include security and encryption
  • use of personal security products, such as hard disk encryption
  • more use of open standards and open source software which is harder to covertly subvert
  • target dispersal

Bulk surveillance would be harder, he said, if there were a thousand Internet Service Providers rather than 10, or if email was less centered on Google's GMAIL, or personal data not clustered on Facebook. Disperse the data - the targets of bulk surveillance - and you raise the costs to collect it.

Schneier does not believe it realistic to seek an end to all government surveillance. Rather, he thinks that by making it more difficult, the government will be forced to shift from the bulk, indiscriminate collection of data to a targeted surveillance. In his review of the Snowden papers, Schneier said, all the "victories" - the events that we'd all acknowledge as good outcomes - seemed to come from targeted surveillance, not bulk data collection.

Without doing anything else, Schneier noted, there is already a shift that will force the NSA to change its behavior. There's no evidence that the NSA has needed to provide a cost/benefit analysis of any of its surveillance regimes, that the Bush-era mandate to never let anything else like 9/11 happen again gave them carte blanche to spare no expense. That he expects to change. Similarly, internet companies, who are seeing lost business due to the loss of trust, are beginning to push back, finding a public relations benefit to doing battle with the NSA. Economic interests are, he noted, quite powerful.

Encryption, he said, remains the best tool to defeat surveillance. He does not believe that the NSA has, in general, the means to defeat encryption. That is supported in the great efforts undertaken to find ways around encryption, whether that meant tapping into Google's internal networks where there was no encryption, or finding means to "exfiltrate" - steal - encryption keys that would allow deciphering of messages.

In the broadest sense, we are confronting what Schneier termed the fundamental problem of the information age: How do we derive collective, societal benefits from data while still protecting the privacy and autonomy of individuals? Cautioning against futility, Schneier urged that we have the stamina confront this issue and fight for change.

