Book Read Free

Data and Goliath

Page 7

by Bruce Schneier


  Second, we are better at tuning advertising out. Since the popularization of analog video recorders in the mid-1970s, television advertisers have paid attention to how their ads look in fast-forward, because that’s how many people watch them. Internet advertising has waged an even more complex battle for our attention. Initially, ads were banners on the top of pages. When we learned how to ignore them, the advertisers placed their ads in the main parts of the pages. When we learned to ignore those, they started blinking and showing video. Now they’re increasingly interfering with what we want to read, so we need to deliberately shoo them away. More than 50 million people have installed AdBlock Plus on their browsers to help them do this.

  The result is that the value of a single Internet advertisement is dropping rapidly, even as the cost of Internet advertising as a whole is rising. Accordingly, the value of our data to advertisers has been falling rapidly. A few years ago, a detailed consumer profile was valuable; now so many companies and data brokers have the data that it’s a common commodity. One analysis of 2013 financial reports calculated that the value of each user to Google is $40 per year, and only $6 to Facebook, LinkedIn, and Yahoo. This is why companies like Google and Facebook keep raising the ante. They need more and more data about us to sell to advertisers and thereby differentiate themselves from the competition.

  It’s possible that we’ve already reached the peak, and the profitability of advertising as a revenue source will start falling, eventually to become unsustainable as a sole business model. I don’t think anyone knows how the Internet would look if the advertising bubble burst, surveillance-based marketing turned out not to be effective, and Internet companies needed to revert to more traditional business models, like charging their users.

  NEW MIDDLEMEN CONSOLIDATE POWER

  One of the early tropes of the Internet was that it would eliminate traditional corporate middlemen. No longer would you have to rely on a newspaper to curate the day’s news and provide it to you in an easy-to-read paper package. You could go out and design your own newspaper, taking bits from here and there, creating exactly what you wanted. Similarly, no longer would you have to rely on centralized storefronts to accumulate and resell collectibles; eBay connected buyers and sellers directly. It was the same with music promotion and distribution, airline tickets, and—in some cases—advertising. The old gatekeepers’ business models relied on inefficiencies of technology, and the Internet changed that dynamic.

  It’s even more true today. AirBnB allows individuals to compete with traditional hotel chains. TaskRabbit makes it easier to connect people who want to do odd jobs with people who need odd jobs done. Etsy, CafePress, and eBay all bypass traditional flea markets. Zillow and Redfin bypass real estate brokers, eTrade bypasses investment advisors, and YouTube bypasses television networks. Craigslist bypasses newspaper classifieds. Hotwire and Travelocity bypass travel agents.

  These new companies might have broken the traditional power blocs of antique stores, newspapers, and taxi companies, but by controlling the information flow between buyers and sellers they have become powerful middlemen themselves. We’re increasingly seeing new and old middlemen battle in the marketplace: Apple and its iTunes store versus the music industry, Amazon versus the traditional publishing industry, Uber versus taxi companies. The new information middlemen are winning.

  Google CEO Eric Schmidt said it: “We believe that modern technology platforms, such as Google, Facebook, Amazon and Apple, are even more powerful than most people realize . . . , and what gives them power is their ability to grow—specifically, their speed to scale. Almost nothing, short of a biological virus, can scale as quickly, efficiently or aggressively as these technology platforms and this makes the people who build, control, and use them powerful too.”

  What Schmidt is referring to is the inherently monopolistic nature of information middlemen. A variety of economic effects reward first movers, penalize latecomer competitors, entice people to join the largest networks, and make it hard for them to switch to a competing system. The result is that these new middlemen have more power than those they replaced.

  Google controls two-thirds of the US search market. Almost three-quarters of all Internet users have Facebook accounts. Amazon controls about 30% of the US book market, and 70% of the e-book market. Comcast owns about 25% of the US broadband market. These companies have enormous power and control over us simply because of their economic position.

  They all collect and use our data to increase their market dominance and profitability. When eBay first started, it was easy for buyers and sellers to communicate outside of the eBay system because people’s e-mail addresses were largely public. In 2001, eBay started hiding e-mail addresses; in 2011, it banned e-mail addresses and links in listings; and in 2012, it banned them from user-to-user communications. All of these moves served to position eBay as a powerful intermediary by making it harder for buyers and sellers to take a relationship established inside of eBay and move it outside of eBay.

  Increasingly, companies use their power to influence and manipulate their users. Websites that profit from advertising spend a lot of effort making sure you spend as much time on those sites as possible, optimizing their content for maximum addictiveness. The few sites that allow you to opt out of personalized advertising make that option difficult to find. Once companies combine these techniques with personal data, the result is going to be even more insidious.

  Our relationship with many of the Internet companies we rely on is not a traditional company–customer relationship. That’s primarily because we’re not customers. We’re products those companies sell to their real customers. The relationship is more feudal than commercial. The companies are analogous to feudal lords, and we are their vassals, peasants, and—on a bad day—serfs. We are tenant farmers for these companies, working on their land by producing data that they in turn sell for profit.

  Yes, it’s a metaphor—but it often really feels like that. Some people have pledged allegiance to Google. They have Gmail accounts, use Google Calendar and Google Docs, and have Android phones. Others have pledged similar allegiance to Apple. They have iMacs, iPhones, and iPads, and let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Some of us have pretty much abandoned e-mail altogether for Facebook, Twitter, and Instagram. We might prefer one feudal lord to the others. We might distribute our allegiance among several of these companies, or studiously avoid a particular one we don’t like. Regardless, it’s becoming increasingly difficult to not pledge allegiance to at least one of them.

  After all, customers get a lot of value in having feudal lords. It’s simply easier and safer for someone else to hold our data and manage our devices. We like having someone else take care of our device configurations, software management, and data storage. We like it when we can access our e-mail anywhere, from any computer, and we like it that Facebook just works, from any device, anywhere. We want our calendar entries to automatically appear on all of our devices. Cloud storage sites do a better job of backing up our photos and files than we can manage by ourselves; Apple has done a great job of keeping malware out of its iPhone app store. We like automatic security updates and automatic backups; the companies do a better job of protecting our devices than we ever did. And we’re really happy when, after we lose a smartphone and buy a new one, all of our data reappears on it at the push of a button.

  In this new world of computing, we’re no longer expected to manage our computing environment. We trust the feudal lords to treat us well and protect us from harm. It’s all a result of two technological trends.

  The first is the rise of cloud computing. Basically, our data is no longer stored and processed on our computers. That all happens on servers owned by many different companies. The result is that we no longer control our data. These companies access our data—both content and metadata—for whatever profitable purpose they want. They have carefully crafted terms of service that dictate what
sorts of data we can store on their systems, and can delete our entire accounts if they believe we violate them. And they turn our data over to law enforcement without our knowledge or consent. Potentially even worse, our data might be stored on computers in a country whose data protection laws are less than rigorous.

  The second trend is the rise of user devices that are managed closely by their vendors: iPhones, iPads, Android phones, Kindles, ChromeBooks, and the like. The result is that we no longer control our computing environment. We have ceded control over what we can see, what we can do, and what we can use. Apple has rules about what software can be installed on iOS devices. You can load your own documents onto your Kindle, but Amazon is able to delete books it has already sold you. In 2009, Amazon automatically deleted some editions of George Orwell’s Nineteen Eighty-Four from users’ Kindles because of a copyright issue. I know, you just couldn’t write this stuff any more ironically.

  Even the two big computer operating systems, Microsoft’s Windows 8 and Apple’s Yosemite, are heading in this direction. Both companies are pushing users to buy only authorized apps from centralized stores. Our computers look more like smartphones with every operating system upgrade.

  It’s not just hardware. It’s getting hard to just buy a piece of software and use it on your computer in any way you like. Increasingly, vendors are moving to a subscription model—Adobe did that with Creative Cloud in 2013—that gives the vendor much more control. Microsoft hasn’t yet given up on a purchase model, but is making its MS Office subscription very attractive. And Office 365’s option of storing your documents in the Microsoft cloud is hard to turn off. Companies are pushing us in this direction because it makes us more profitable as customers or users.

  Given current laws, trust is our only option. There are no consistent or predictable rules. We have no control over the actions of these companies. I can’t negotiate the rules regarding when Yahoo will access my photos on Flickr. I can’t demand greater security for my presentations on Prezi or my task list on Trello. I don’t even know the cloud providers to whom those companies have outsourced their infrastructures. If any of those companies delete my data, I don’t have the right to demand it back. If any of those companies give the government access to my data, I have no recourse. And if I decide to abandon those services, chances are I can’t easily take my data with me.

  Political scientist Henry Farrell observed, “Much of our life is conducted online, which is another way of saying that much of our life is conducted under rules set by large private businesses, which are subject neither to much regulation nor much real market competition.”

  The common defense is something like “business is business.” No one is forced to join Facebook or use Google search or buy an iPhone. Potential customers are choosing to enter into these quasi-feudal user relationships because of the enormous value they receive from them. If they don’t like it, they shouldn’t do it.

  This advice is not practical. It’s not reasonable to tell people that if they don’t like the data collection, they shouldn’t e-mail, shop online, use Facebook, or have a cell phone. I can’t imagine students getting through school anymore without Internet search or Wikipedia, much less finding a job afterwards. These are the tools of modern life. They’re necessary to a career and a social life. Opting out just isn’t a viable choice for most of us, most of the time; it violates what have become very real norms of contemporary life.

  And choosing among providers is not a choice between surveillance or no surveillance, but only a choice of which feudal lords get to spy on you.

  5

  Government Surveillance and Control

  It can be hard to comprehend the reach of government surveillance. I’ll focus on the US government, not because it’s the worst offender, but because we know something about its activities—mostly thanks to the actions of Edward Snowden.

  The US national security surveillance state is robust politically, legally, and technically. The documents from Snowden disclosed at least three different NSA programs to collect Gmail user data. These programs are based on three different technical eavesdropping capabilities. They rely on three different legal authorities. They involve cooperation from three different companies. And this is just Gmail. The same is almost certainly true for all the other major e-mail providers—also cell phone call records, cell phone location data, and Internet chats.

  To understand the role of surveillance in US intelligence, you need to understand the history of the NSA’s global eavesdropping mission and the changing nature of espionage. Because of this history, the NSA is the government’s primary eavesdropping organization.

  The NSA was formed in 1952 by President Truman, who consolidated the US signals intelligence and codebreaking activities into one organization. It was, and still is, part of the US military, and started out as entirely a foreign intelligence-gathering organization. This mission rose in importance during the Cold War. Back then, a voyeuristic interest in the Soviet Union was the norm, and electronic espionage was a big part of that—becoming more important as everything was computerized and electronic communications became more prevalent. We gathered more and more information as both our capabilities and the amount of communications to be collected increased.

  Some of this was useful, though a lot of it was not. Secrets of fact—such as the characteristics of the new Soviet tank—are a lot easier to learn than mysteries of intent—such as what Khrushchev was going to do next. But these were our enemies, and we collected everything we could.

  This singular mission should have diminished with the fall of Communism in the late 1980s and early 1990s, as part of the peace dividend. For a while it did, and the NSA’s other mission, to protect communications from the spying of others, grew in importance. The NSA became more focused on defense and more open. But eavesdropping acquired a new, and more intense, life after the terrorist attacks of 9/11. “Never again” was an impossible mandate, of course, but the only way to have any hope of preventing something from happening is to know everything that is happening. That led the NSA to put the entire planet under surveillance.

  Traditional espionage pits government against government. We spy on foreign governments and on people who are their agents. But the terrorist enemy is different. It isn’t a bunch of government leaders “over there”; it’s some random terrorist cell whose members could be anywhere. Modern government surveillance monitors everyone, domestic and international alike.

  This isn’t to say that government-on-population surveillance is a new thing. Totalitarian governments have been doing it for decades: in the Soviet Union, East Germany, Argentina, China, Cuba, North Korea, and so on. In the US, the NSA and the FBI spied on all sorts of Americans in the 1960s and 1970s—antiwar activists, civil rights leaders, and members of nonviolent dissident political groups. In the last decade, they’ve focused again on antiwar activists and members of nonviolent dissident political groups, as well as on Muslim Americans. This latest mission rose in importance as the NSA became the agency primarily responsible for tracking al Qaeda overseas.

  Alongside this change in target came an evolution in communications technology. Before the Internet, focusing on foreign communications was easy. A Chinese military network only carried Chinese communications. A Russian system was only used for Russian communications. If the NSA tapped an undersea cable between Petropavlovsk and Vladivostok, it didn’t have to worry about accidentally intercepting phone calls between Detroit and Cleveland.

  The Internet works differently. Everyone’s communications are mixed up on the same networks. Terrorists use the same e-mail providers as everyone else. The same circuits that carry Russian, Iranian, and Cuban government communications could also carry your Twitter feed. Internet phone calls between New York and Los Angeles might end up on Russian undersea cables. Communications between Rio de Janeiro and Lisbon might be routed through Florida. Google doesn’t store your data at its corporate headquarters in Mountain View; it’s in multiple
data centers around the world: in Chile, Finland, Taiwan, the US, and elsewhere. With the development and expansion of global electronic communications networks, it became hard not to collect data on Americans, even if they weren’t the targets.

  At the same time, everyone began using the same hardware and software. There used to be Russian electronics, radios, and computers that used Russian technology. No more. We all use Microsoft Windows, Cisco routers, and the same commercial security products. You can buy an iPhone in most countries. This means that the technical capability to, for example, break into Chinese military networks or Venezuelan telephone conversations is generalizable to the rest of the world.

  The US has the most extensive surveillance network in the world because it has three advantages. It has a larger intelligence budget than the rest of the world combined. The Internet’s physical wiring causes much of the world’s traffic to cross US borders, even traffic between two other countries. And almost all of the world’s largest and most popular hardware, software, and Internet companies are based in the US and subject to its laws. It’s the hegemon.

  The goal of the NSA’s surveillance is neatly captured by quotes from its top-secret presentations: “collect it all,” “know it all,” and “exploit it all.” The agency taps the Internet at the telcos and cable companies, and collects e-mails, text messages, browsing history, buddy lists, address books, location information, and pretty much everything else it can get its hands on. There is no evidence to suggest that the NSA is recording all telephone calls in the US, but we know it is doing so in (at the least) Afghanistan and Bermuda under the SOMALGET program. The agency’s 2013 budget was $10.8 billion; it directly employs some 33,000 people, and many more as contractors. One of the Snowden documents was the top-secret “Black Budget” for the NSA and other intelligence agencies; the total for 2013 was $53 billion. Estimates are that the US spends $72 billion annually on intelligence.

 

‹ Prev