printer friendly version

The future of surveillance

At a filling station in Coquitlam, British Columbia, two employees installed a camera in the ceiling in front of an ATM machine. They recorded thousands of people as they typed in their PIN numbers. Combined with a false front on the ATM that recorded account numbers from the cards, the pair was able to steal millions before they were caught.

In at least 14 Kinko's copy shops in New York City, Juju Jiang installed keystroke loggers on the rentable computers. For over a year he eavesdropped on people, capturing more than 450 user names and passwords, and using them to access and open bank accounts online.

A lot has been written about the dangers of increased government surveillance, but we also need to be aware of the potential for more pedestrian forms of surveillance. A combination of forces - the miniaturisation of surveillance technologies, the falling price of digital storage, the increased power of computer programs to sort through all of this data - means that surveillance abilities that used to be limited to governments are now, or soon will be, in the hands of everyone.

Benign to the criminal

Some uses of surveillance are benign. Fine restaurants sometimes have cameras in their dining rooms so the chef can watch diners as they eat their creations. Telephone help desks sometimes record customer conversations in order to help train their employees.

Other uses are less benign. Some employers monitor the computer use of their employees, including use of company machines on personal time. A company is selling an e-mail greeting card that surreptitiously installs spyware on the recipient's computer. Some libraries keep records of what books people check out, and Amazon keeps records of what books people browse on their website.

And, as we have seen, some uses are criminal.

The trend is not your friend

This trend will continue in the years ahead, because technology will continue to improve. Cameras will become even smaller and more inconspicuous. Imaging technology will be able to pick up even smaller details, and will be increasingly able to 'see' through walls and other barriers. And computers will be able to process this information better. Today, cameras are just mindlessly watching and recording, but eventually sensors will be able to identify people.

Photo IDs are just temporary; eventually no one will have to ask you for an ID because they will already know who you are. Walk into a store, and you will be identified. Sit down at a computer, and you will be identified. I do not know if the technology will be face recognition, DNA sniffing, or something else entirely. I do not know if this future is 10 or 20 years out - but eventually it will work often enough and be cheap enough for mass-market use. (Remember, in marketing, even a technology with a high error rate can be good enough.)

The upshot of this is that you should consider the possibility, albeit remote, that you are being observed whenever you are out in public. Assume that all public Internet terminals are being eavesdropped on; either do not use them or do not care. Assume that cameras are watching and recording you as you walk down the street. (In some cities, they probably are.) Assume that surveillance technologies that were science fiction 10 years ago are now mass-market.

Privacy, once gone, is gone forever

This loss of privacy is an important change to society. It means that we will leave an even wider audit trail through our lives than we do now. And it is not only a matter of making sure this audit trail is accessed only by 'legitimate' parties: an employer, the government, etc. Once data is collected, it can be compiled, cross-indexed, and sold; it can be used for all sorts of purposes. (In the US, data about you is not owned by you. It is owned by the person or company that collected it.) It can be accessed both legitimately and illegitimately. And it can persist for your entire life.

David Brin got a lot of things wrong in his book The Transparent Society. But this part he got right.

For more information contact Bruce Schneier, Counterpane Internet Security, [email protected].

Kinko's story:

http://www.computercops.us/article2568.html

http://www.securityfocus.com/news/6447

ATM fraud story:

http://www.globetechnology.com/servlet/story/RTGAM.20030812.gtatmm0812/BNStory/Technology

http://canada.com/search/story.aspx?id=f07cac50-62c7-46d8-892a-b66dfa2f1d88

Net spying:

http://www.nytimes.com/2003/10/10/technology/10SPY.html

http://news.com.com/2100-1029_3-5083874.html

Share this article:

Further reading: