Agne Pix: Does technology protect our privacy on the Internet or is it a threat?
Bruce Schneier: There are a lot of technologies that help preserve privacy and keep us and our data secure, like for example encryption. Technology can also remove privacy: you may think of cameras or listening devices and insecure Internet connections. We are living in a world where we often interact with computers. They produce data about these interactions, which is data about ourselves and that is collected by corporations. Surveillance is the business model of the Internet. So right now a lot of the technology that we use is harmful to our security and privacy.
Isn’t it ironic that the Internet, which was supposed to make the world more open and connected (just like in the mission statement of Facebook), is being exploited by the governments for mass surveillance and by corporations to make mass profits?
The Internet does make the world more open and interconnected. It connects billions of people to new information and new ideas, it’s incredibly empowering. But those same technologies that allow us to communicate allow other people to listen in. When the Internet was built, free and open, it meant that advertising was the only obvious way to make money and that turned into surveillance.
We can build the Internet to be more secure and private but then you have to figure out how companies are going to make money there.
For sure we can build the Internet to be more secure and private but then you have to figure out how companies are going to make money there. You can build the Internet to be more protective of individual liberties, and then the countries that want to invade people’s liberties have to figure out how to get around it. Such tensions will always exist in these technologies. We as the builders of the Internet need to recognize what is important and prioritize it.
Why is encryption so important as means to protect our privacy? Ordinary people don’t really understand what it is, it sounds too technical and complicated.
Encryption is too technical and complicated; no one has to understand it! How does your door lock work, the intricacies of the mechanism? You don’t understand it and you don’t care. But you know that you need a door lock to protect your house. Encryption is just a tool. People don’t need encryption, they need privacy, they need security, things that matter to them and their society. It’s important for your freedom, your liberty, for your autonomy as a person to be both secure and private in your thoughts and communications. That’s a fundamental human right. Encryption is a mathematical technology that in some cases makes that right possible on the Internet.
In Europe, and in the US as well, after each terrorist attempt or attack, sooner or later politicians would point to encryption as means of protecting terrorists.
After terrorist attacks people who like police states always point to technologies and laws that make their lives less convenient. And whether it is encryption or search and seizure laws or procedural laws or investigative powers, police will always try to get more power by exploiting horrific events. We have to understand that our freedom and liberties are more important. It is true that, in every technological age, the price of liberty is the possibility of crime. We need to recognize that we pay that price willingly. We can give police all sorts of powers, over encryption, over due process, over prosecution and arrest… and live in a police state. There might be less terrorism but we’re not going to be safer. All of these police demands is that they are power grips that exploit fear and we have to respond to them as such.
When you think about privacy on the Internet, what is wrong with social networks, Facebook in particular? If you were Mark Zuckerberg for a day, what would you change?
There’s nothing wrong with public social media and social networks and how we communicate through them. But we start having problems when something as powerful as Facebook is run by a for-profit corporation. It’s not operating in the interest of its users, but in the interest of their customers—the advertisers. It’s not Facebook’s fault, they are a company trying to make money. But they’re making money in a regulatory world where they are allowed to exploit all of their users, spy on them, run social experiments and manipulate them for profit. Now, if I was in charge of Facebook, I would do just that, because if I didn’t, I’d be fired. But if I was the government looking at what Facebook is doing, I would stop and ask: is this the society and the business model we want? Do we want companies to make money by exploiting their users or do we want them to operate in the best interest of their users? We’ve been letting the markets run rampant and do whatever they want and it has come up with this surveillance capitalism. Now we have to decide do we like it.
The Internet was a product of the children of the Generation‘68, an idealistic project connecting the world where everybody could exchange information freely. But it has lost its innocence and is not as free as it used to be. Can you pinpoint the moment when it became the money generating machine?
There’s nothing sacred about the way the legal structures enabling the Internet are.
There wasn’t the moment when it turned from this free idealistic project to this enormous engine of capitalism, it happened slowly. The Internet turned from non-commercial to commercial, as companies did not see any way of making money other than advertising and then used personal advertising, the invention of cookies and browsers, as a way to better make money. It happened because of the laws that existed at the time made that the best business model. There’s nothing sacred about the way the legal structures enabling the Internet are, we can change these laws and maybe we should think about it.
What does privacy mean to you?
Privacy is fundamentally about autonomy. Privacy gives me the ability to decide who I share different aspects and information of myself with. And that means I am an autonomous human being in the society. When someone comes to me and says “I know this about you” they are violating my privacy but they are really violating me. What they’re saying is: “You don’t have control over what I know about you.” That is a fraud, an assault. If we are in charge of our own privacy, we’re in charge of ourselves. That’s why it is so important today.
Many people don’t realize this because they accept “free” services without asking themselves questions. They don’t even bother about their privacy and it’s not important to them, because they claim that they “have nothing to hide”, “everything is public anyway” and they are OK with giving away everything to Google.
They are wrong. They are protecting the privacy of their bodies, they’re not telling you their salary, they don’t broadcast their sexual fantasies. These people do use privacy but they don’t realize it because privacy is something you tend not to notice until you’ve had lost it. Also, privacy is not just a benefit to them. They might not have anything to hide, but they might know people who are marginalized in the society, who are dissidents, reporters, activists. Privacy of us collectively helps us all, and it’s not about my privacy, his privacy or hers, it’s about OUR privacy. It’s about society being a place where we can have ideas and conversations away from public view. And that means that we’re going to be able to think new thoughts and advance.
When have we lost control of our devices? We don’t decide on our hardware of software anymore, we are just given prefabricated configuration and mobiles equipped with all sorts of spying applications. How can we regain control and choice?
We’ve lost control of our devices and our data because it has moved to the cloud.
In some ways we’ve lost control of devices at the very beginning, when you had to be some kind of expert to understand how to use privacy and how to make security work. But that really changed with invention of the iPhone. Before the iPhone you could decide what was on your device. With the iPhone you can only put things on that device that Apple approves of. And when you get to the Internet of Things, you have zero control on what’s going on them. So we’ve lost control of our devices and our data because it has moved to the cloud. I have no control over the data on Google, Facebook, Flickr, no control over the security or privacy settings.
Is there a way back?
Companies are doing these things because it’s more profitable, they make more money by violating our privacy and security. If we don’t like that, we change the laws. Laws determine what is possible. There’s always a way back, nothing is inevitable. Laws are not eternal; they are decided by humans for humans. If we don’t like what the laws are producing, we need to change them.
Bruce Schneier (born 1963) is an internationally renowned American cryptographer, called “security guru” by The Economist. He is a researcher at Harvard University and author of 13 books as well as hundreds of articles, essays, and academic papers. His blog “Schneier on Security” is read by over 250,000 people.
The interview took place at RightsCon, the world’s leading event convened around the issues of internet, technologies and human rights. Organized by Access Now since 2011, the convention alternates each year between Silicon Valley and a globally rotating regional event. This year it was held in Brussels. In 2018 RightsCon will not be in the US and instead will be organized in Canada due to President Trump’s restrictions on non-US travelers.