Schneier gets the heebie-Brin-jeebies (was Re: CRYPTO-GRAM, October 15, 2003)

R. A. Hettinga rah at shipwright.com
Wed Oct 15 11:00:18 EDT 2003


At 10:58 PM -0500 10/14/03, Bruce Schneier wrote:
>            The Future of Surveillance
>
>
>
>At a gas station in Coquitlam, British Columbia, two employees 
>installed a camera in the ceiling in front of an ATM machine.  They 
>recorded thousands of people as they typed in their PIN 
>numbers.  Combined with a false front on the ATM that recorded account 
>numbers from the cards, the pair was able to steal millions before they 
>were caught.
>
>In at least 14 Kinko's copy shops in New York City, Juju Jiang 
>installed keystroke loggers on the rentable computers.  For over a year 
>he eavesdropped on people, capturing more than 450 user names and 
>passwords, and using them to access and open bank accounts online.
>
>A lot has been written about the dangers of increased government 
>surveillance, but we also need to be aware of the potential for more 
>pedestrian forms of surveillance.  A combination of forces -- the 
>miniaturization of surveillance technologies, the falling price of 
>digital storage, the increased power of computer programs to sort 
>through all of this data -- means that surveillance abilities that used 
>to be limited to governments are now, or soon will be, in the hands of 
>everyone.
>
>Some uses of surveillance are benign.  Fine restaurants sometimes have 
>cameras in their dining rooms so the chef can watch diners as they eat 
>their creations.  Telephone help desks sometimes record customer 
>conversations in order to help train their employees.
>
>Other uses are less benign.  Some employers monitor the computer use of 
>their employees, including use of company machines on personal time.  A 
>company is selling an e-mail greeting card that serriptiously installs 
>spyware on the recipient's computer.  Some libraries keep records of 
>what books people check out, and Amazon keeps records of what books 
>people browse on their website.
>
>And, as we've seen, some uses are criminal.
>
>This trend will continue in the years ahead, because technology will 
>continue to improve.  Cameras will become even smaller and more 
>inconspicuous.  Imaging technology will be able to pick up even smaller 
>details, and will be increasingly able to "see" through walls and other 
>barriers.  And computers will be able to process this information 
>better.  Today, cameras are just mindlessly watching and recording, but 
>eventually sensors will be able to identify people.  Photo IDs are just 
>temporary; eventually no one will have to ask you for an ID because 
>they'll already know who you are.  Walk into a store, and you'll be 
>identified.  Sit down at a computer, and you'll be identified.  I don't 
>know if the technology will be face recognition, DNA sniffing, or 
>something else entirely.  I don't know if this future is ten or twenty 
>years out -- but eventually it will work often enough and be cheap 
>enough for mass-market use.  (Remember, in marketing, even a technology 
>with a high error rate can be good enough.)
>
>The upshot of this is that you should consider the possibility, albeit 
>remote, that you are being observed whenever you're out in 
>public.  Assume that all public Internet terminals are being 
>eavesdropped on; either don't use them or don't care.  Assume that 
>cameras are watching and recording you as you walk down the 
>street.  (In some cities, they probably are.)  Assume that surveillance 
>technologies that were science fiction ten years ago are now mass-market.
>
>This loss of privacy is an important change to society.  It means that 
>we will leave an even wider audit trail through our lives than we do 
>now.  And it's not only a matter of making sure this audit trail is 
>accessed only by "legitimate" parties: an employer, the government, 
>etc.  Once data is collected, it can be compiled, cross-indexed, and 
>sold; it can be used for all sorts of purposes.  (In the U.S., data 
>about you is not owned by you.  It is owned by the person or company 
>that collected it.)  It can be accessed both legitimately and 
>illegitimately.  And it can persist for your entire life.  David Brin 
>got a lot of things wrong in his book The Transparent Society.  But 
>this part he got right.
>
>
>Kinko's story:
><http://www.computercops.us/article2568.html>
><http://www.securityfocus.com/news/6447>
>
>ATM fraud story:
><http://www.globetechnology.com/servlet/story/RTGAM.20030812.gtatmm0812/ 
>BNStory/Technology>
><http://canada.com/search/story.aspx?id=f07cac50-62c7-46d8-892a-b66dfa2f 
>1d88>
>
>Net spying:
><http://www.nytimes.com/2003/10/10/technology/10SPY.html>
><http://news.com.com/2100-1029_3-5083874.html>

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list