Little brother more of a threat to privacy
The National Security Agency leak shows the Government has direct access to private information about public citizens, but a computer security expert says Big Brother is the least of our problems.
Auckland University computer security expert Dr Peter Gutmann says the public should be more concerned about the “Little Brothers”, such as Facebook, Google and Yahoo.
He says these companies collect data – called metadata – about what we are buying, who we are contacting, and what we are looking at on the internet, and then use the information for their own gain.
“Google is free, and the reason why it’s free is that they extract information and sell it on to their advertisers.”
“There’s a saying about internet companies: if you’re using some company on the internet, and you can’t figure out what their product is, then their product is you.”
Dr Gutmann says that the advent of the internet age has meant the end of anonymity.
“Generally the only thing you can do [to protect your privacy] is not do anything online which, for most people, just doesn’t work.”
But he also points out digital spying is nothing new, and the latest NSA revelations no surprise.
"The US has been doing this since at least World War II with something called Project Shamrock and that was exposed in the 1970s, and shut down. Then they came back again post 9/11 with something that was exposed about 2005, and the Bush administration retroactively legalised it, because it was all illegal. And then the fact that they're still doing it really isn't that surprising."
RAW DATA: Transcript
DR PETER GUTMANN
Interviewed by RACHEL SMALLEY
Rachel A 29 year old defence contractor is in hiding after causing what some claim as the biggest intelligence breach in US history. Edward Snowden leaked a series of documents that showed America's National Security Agency has direct access to the servers of internet giants like Facebook Google and Yahoo through a secret digital surveillance system called Prism. My next guest describes himself as a professional paranoid. Dr Peter Gutmann is a specialist in computer security code and inscription at Auckland University, and he joined me now. Hello, thank you so much for coming in this morning. Tell me Professor does the existence of a digital spying system surprise you?
Dr Peter Gutmann – Computer Security Expert
Not at all no. The US has been doing this since at least World War II with something called Project Shamrock and that was exposed in the 1970s, and shut down. Then they came back again post 9/11 with something that was exposed about 2005, and the Bush administration retroactively legalised it, because it was all illegal. And then the fact that they're still doing it really isn't that surprising.
Rachel Okay, if they were to access my computer, what could they find out about me?
Peter Well if you use something like Facebook or Gmail or something like that they could find out basically everything you’ve said to someone in email, everything you’ve received, who you’ve communicated with, if you put information on Facebook about the people you come into contact with, where you were, what you were doing at that time. Pretty much everything about your life, depending on how public or private you are about what you share.
Rachel So tell us a little bit then about metadata because this is the word that’s sort of suddenly exploded into our vocabulary in the last month or so, and why is it of value?
Peter So what metadata is, isn't necessarily the communication itself but information about the communication. So if you look at existing laws about for example email surveillance or phone interception, the government needs a warrant to listen to your phone calls. They may or may not need a warrant to find out who you’ve called, when you’ve called, where you made that call from. It's very much a grey area, and so by going through the metadata which they don’t need a warrant for, they could find out an awful lot about what you're doing, where you are, what time you communicated with certain people and so on and so forth.
Rachel And this is what was raised I think in the Kitteridge Report about the GCSB accessing this type of information, so is this essentially what they were doing?
Peter Presumably it's what they were doing. That was kind of vague about exactly what they did. Exactly what their operations are, aren't made that clear, but presumably it would be that sort of thing. So basically when people were communicating, what time the communications took place, things like that. An example of this is let's say it's not the government but your employer doing this, so let's say you’ve promised to pick your brother in law up from the airport or something like that, so you call in sick and you pick him up from the airport. If your employer could get at the metadata they could say well you made a phone call from the airport, your cellphone records show that you drove out to the airport in fact you weren't actually sick. So admittedly that’s a kind of a minor thing it's not big brother, but that’s an example of the sort of thing that other people might be interested in.
Rachel Because we talk about whether we should be concerned about Big Brother, is it just Big Brother that we should be worried about?
Peter No, no not at all. I'd be far more concerned about all the lots of Little Brothers we got, you know Facebook, Google and so on and so forth. For example Google it's say 50 billion US dollar a year company, so that’s not their stock market value, that’s the actual income every year, and they make that from selling information about you to their advertisers. So that’s an enormous business, is extracting information about you and passing it on to third parties.
Rachel So where I shop, where I'm holidaying, what airlines I'm using, all of that type of information.
Rachel I guess on a security level which is of course what every government would say, you know they're only doing this because it's an issue of national security. Does it tell them who I am talking to and networking with and what circles I'm moving in?
Peter Yes, if that communication is going via for example in Google's case by Gmail and they go in and look at who you're talking to by Gmail then yes it will give you information on who you're communicating with and what you're saying.
Rachel Is it at all possible for us to know that we're being watched, or who's watching us, or who's accessing that information?
Peter It is possible to know. The assumption is you are being watched. You know I mean there's a saying about internet companies. If you're using some company on the internet and you can't figure out what their product is, then their product is you. So for example Gmail is free and the reason why it's free is that they extract information and sell it to their advertisers. So they are watching you, Facebook, Twitter and so on, a pile of other companies are also doing that, not out of the goodness of their hearts, but to extract money out of you.
Rachel There's a view I've talked about things like loyalty cards, you know at supermarkets and areas where you know if you shop with these certain sister companies you swipe your card and you get loyalty points. Is that feeding into a greater data base as well?
Peter Yes definitely, and there's you know an interesting example of this happened in the US earlier this year, where a father of a teenage girl turned up at Target which is sort of the equivalent of the Warehouse in the US and complained that his daughter was being sent all sorts of adds for pregnancy products. You know she was a teenage girl she couldn’t possibly be pregnant, and the manager apologised profusely and then he went home and his daughter told him well you know actually I'm due in August. So they'd figured out from her shopping patterns that she was pregnant and the supermarket knew she was pregnant before her own family did. So they can extract an awful lot of information about you from relatively minor things, like your shopping patterns.
Rachel So on the issue of national security then and given what you know about legislation, is it possible, is it feasible that governments can get around their own legislation, using digital surveillance products from other countries in order to access information about their own citizens?
Peter They certainly can and particularly in the US which is what we know the most about, they have a very long history of doing that again and again.
Rachel And the issue here is that we can never know because our spy agencies will never tell us that will they?
Peter Exactly. I mean for national security reasons it's all kept classified. I have a bit more faith in our spy agencies than in the US spy agencies, but really we don’t know.
Rachel Okay, is it foolish to think that we can ever be anonymous. Have we really with the invention of the internet lost the right to privacy?
Peter We've pretty much lost it yeah, because once you're on the internet, for example is you're on Facebook and you're sharing information about what you did, that’s going to be on there forever. Like for example my generation if I did something stupid as a kid then it's okay it's forgotten. The generation that followed me, are already worried about their employers accessing their Facebook accounts. In the US employers have actually asked for passwords to Facebook accounts, so they can see what their employees are getting up to, and then teenagers in particular posting photos of themselves and videos, that stuff is going to be on the internet forever. So yet privacy is going to change quite a bit in the future.
Rachel Are there any precautions that people can take now to protect themselves?
Peter Generally the only thing you can do is not do anything on line, which for most people just doesn’t work.
Rachel No, indeed, alright thank you very much Peter Gutmann, appreciate your time. Department of Computer Science, Auckland University.