Schneier gets the heebie-Brin-jeebies (was Re: CRYPTO-GRAM, October 15, 2003)
R. A. Hettinga
rah at shipwright.com
Wed Oct 15 11:00:18 EDT 2003
At 10:58 PM -0500 10/14/03, Bruce Schneier wrote:
> The Future of Surveillance
>
>
>
>At a gas station in Coquitlam, British Columbia, two employees
>installed a camera in the ceiling in front of an ATM machine. They
>recorded thousands of people as they typed in their PIN
>numbers. Combined with a false front on the ATM that recorded account
>numbers from the cards, the pair was able to steal millions before they
>were caught.
>
>In at least 14 Kinko's copy shops in New York City, Juju Jiang
>installed keystroke loggers on the rentable computers. For over a year
>he eavesdropped on people, capturing more than 450 user names and
>passwords, and using them to access and open bank accounts online.
>
>A lot has been written about the dangers of increased government
>surveillance, but we also need to be aware of the potential for more
>pedestrian forms of surveillance. A combination of forces -- the
>miniaturization of surveillance technologies, the falling price of
>digital storage, the increased power of computer programs to sort
>through all of this data -- means that surveillance abilities that used
>to be limited to governments are now, or soon will be, in the hands of
>everyone.
>
>Some uses of surveillance are benign. Fine restaurants sometimes have
>cameras in their dining rooms so the chef can watch diners as they eat
>their creations. Telephone help desks sometimes record customer
>conversations in order to help train their employees.
>
>Other uses are less benign. Some employers monitor the computer use of
>their employees, including use of company machines on personal time. A
>company is selling an e-mail greeting card that serriptiously installs
>spyware on the recipient's computer. Some libraries keep records of
>what books people check out, and Amazon keeps records of what books
>people browse on their website.
>
>And, as we've seen, some uses are criminal.
>
>This trend will continue in the years ahead, because technology will
>continue to improve. Cameras will become even smaller and more
>inconspicuous. Imaging technology will be able to pick up even smaller
>details, and will be increasingly able to "see" through walls and other
>barriers. And computers will be able to process this information
>better. Today, cameras are just mindlessly watching and recording, but
>eventually sensors will be able to identify people. Photo IDs are just
>temporary; eventually no one will have to ask you for an ID because
>they'll already know who you are. Walk into a store, and you'll be
>identified. Sit down at a computer, and you'll be identified. I don't
>know if the technology will be face recognition, DNA sniffing, or
>something else entirely. I don't know if this future is ten or twenty
>years out -- but eventually it will work often enough and be cheap
>enough for mass-market use. (Remember, in marketing, even a technology
>with a high error rate can be good enough.)
>
>The upshot of this is that you should consider the possibility, albeit
>remote, that you are being observed whenever you're out in
>public. Assume that all public Internet terminals are being
>eavesdropped on; either don't use them or don't care. Assume that
>cameras are watching and recording you as you walk down the
>street. (In some cities, they probably are.) Assume that surveillance
>technologies that were science fiction ten years ago are now mass-market.
>
>This loss of privacy is an important change to society. It means that
>we will leave an even wider audit trail through our lives than we do
>now. And it's not only a matter of making sure this audit trail is
>accessed only by "legitimate" parties: an employer, the government,
>etc. Once data is collected, it can be compiled, cross-indexed, and
>sold; it can be used for all sorts of purposes. (In the U.S., data
>about you is not owned by you. It is owned by the person or company
>that collected it.) It can be accessed both legitimately and
>illegitimately. And it can persist for your entire life. David Brin
>got a lot of things wrong in his book The Transparent Society. But
>this part he got right.
>
>
>Kinko's story:
><http://www.computercops.us/article2568.html>
><http://www.securityfocus.com/news/6447>
>
>ATM fraud story:
><http://www.globetechnology.com/servlet/story/RTGAM.20030812.gtatmm0812/
>BNStory/Technology>
><http://canada.com/search/story.aspx?id=f07cac50-62c7-46d8-892a-b66dfa2f
>1d88>
>
>Net spying:
><http://www.nytimes.com/2003/10/10/technology/10SPY.html>
><http://news.com.com/2100-1029_3-5083874.html>
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list