<<< Date Index >>>     <<< Thread Index >>>

[IP] The Future of SurveillanceRisks Digest 22.96




Date: Tue, 14 Oct 2003 22:58:28 -0500
From: Bruce Schneier <schneier@xxxxxxxxxxxxxxx>
Subject: The Future of Surveillance

  [From CRYPTO-GRAM, October 15, 2003]

At a gas station in Coquitlam, British Columbia, two employees installed a
camera in the ceiling in front of an ATM machine.  They recorded thousands
of people as they typed in their PIN numbers.  Combined with a false front
on the ATM that recorded account numbers from the cards, the pair was able
to steal millions before they were caught.

In at least 14 Kinko's copy shops in New York City, Juju Jiang installed
keystroke loggers on the rentable computers.  For over a year he
eavesdropped on people, capturing more than 450 user names and passwords,
and using them to access and open bank accounts online.

A lot has been written about the dangers of increased government
surveillance, but we also need to be aware of the potential for more
pedestrian forms of surveillance.  A combination of forces -- the
miniaturization of surveillance technologies, the falling price of digital
storage, the increased power of computer programs to sort through all of
this data -- means that surveillance abilities that used to be limited to
governments are now, or soon will be, in the hands of everyone.

Some uses of surveillance are benign.  Fine restaurants sometimes have
cameras in their dining rooms so the chef can watch diners as they eat their
creations.  Telephone help desks sometimes record customer conversations in
order to help train their employees.

Other uses are less benign.  Some employers monitor the computer use of
their employees, including use of company machines on personal time.  A
company is selling an e-mail greeting card that surreptiously installs
spyware on the recipient's computer.  Some libraries keep records of what
books people check out, and Amazon keeps records of what books people browse
on their website.

And, as we've seen, some uses are criminal.

This trend will continue in the years ahead, because technology will
continue to improve.  Cameras will become even smaller and more
inconspicuous.  Imaging technology will be able to pick up even smaller
details, and will be increasingly able to "see" through walls and other
barriers.  And computers will be able to process this information better.
Today, cameras are just mindlessly watching and recording, but eventually
sensors will be able to identify people.  Photo IDs are just temporary;
eventually no one will have to ask you for an ID because they'll already
know who you are.  Walk into a store, and you'll be identified.  Sit down at
a computer, and you'll be identified.  I don't know if the technology will
be face recognition, DNA sniffing, or something else entirely.  I don't know
if this future is ten or twenty years out -- but eventually it will work
often enough and be cheap enough for mass-market use.  (Remember, in
marketing, even a technology with a high error rate can be good enough.)

The upshot of this is that you should consider the possibility, albeit
remote, that you are being observed whenever you're out in public.  Assume
that all public Internet terminals are being eavesdropped on; either don't
use them or don't care.  Assume that cameras are watching and recording you
as you walk down the street.  (In some cities, they probably are.)  Assume
that surveillance technologies that were science fiction ten years ago are
now mass-market.

This loss of privacy is an important change to society.  It means that we
will leave an even wider audit trail through our lives than we do now.  And
it's not only a matter of making sure this audit trail is accessed only by
"legitimate" parties: an employer, the government, etc.  Once data is
collected, it can be compiled, cross-indexed, and sold; it can be used for
all sorts of purposes.  (In the U.S., data about you is not owned by you.
It is owned by the person or company that collected it.)  It can be accessed
both legitimately and illegitimately.  And it can persist for your entire
life.  David Brin got a lot of things wrong in his book The Transparent
Society.  But this part he got right.

Kinko's story:
<http://www.computercops.us/article2568.html>
<http://www.securityfocus.com/news/6447>

ATM fraud story:
<http://www.globetechnology.com/servlet/story/RTGAM.20030812.gtatmm0812/
BNStory/Technology>
<http://canada.com/search/story.aspx?id=f07cac50-62c7-46d8-892a-b66dfa2f
1d88>

Net spying:
<http://www.nytimes.com/2003/10/10/technology/10SPY.html>
<http://news.com.com/2100-1029_3-5083874.html>

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/