Point A lot of my security practitioner buddies are always keeping their ears to the ground for the distant tread of jackboots and their eyes peeled for other signs of the incipient arrival of Big Brother. Now, these are smart, well-educated people--no questions there--but you need to keep things realistic before you break out the tinfoil hat.
Take, for example, RFID. A lot of people (including you, Bruce) are wringing their hands about the potential that bad guys will be able to RFID-snoop our passports and learn our private information. Or maybe that Big Brother will be able to track our whereabouts once we're RFID-tagged. Since you're always talking about weighing risks, let's be realistic for a moment: What's the likelihood your private information is going to get leaked to an RFID sniffer, as opposed to being left on one of the plethora of laptops that federal agency employees appear to lose every week? What's the likelihood Big Brother is going to track you using RFID, versus the likelihood that every hotel is turning over its guest data to some federal agency? By the way, I'm not saying they are--I rather doubt it, because if the feds were collecting that data, someone would have lost it on a laptop by now.
Another Big Brother scare I just can't understand is e-voting. Am I concerned someone is going to steal an election by jiggering the e-voting machines? Of course not! They'll steal the election the traditional way--manipulating public perception with big-money media campaigns, and plain old lying to voters. Anyone who thinks e-voting creates new problems needs to read some history. Why get upset about a little e-ballot-stuffing while sitting idly and watching both parties in Congress hand out dollars to targeted constituencies known to vote along certain lines? Frankly, a rigged election would probably save the taxpayers a lot of money.
Why worry about Big Brother abusing a national ID system when you can worry about the hundreds of millions of dollars the Department of Homeland Security has spent failing to implement a biometric day-worker pass system for our border with Mexico? Why worry about a Big Brother with huge databases about everyone when you can worry about the decade-long billion-dollar failure of the FBI to get Virtual Case File working? To build a totalitarian state, you need lots of low-tech--effectively and ruthlessly applied. Security practitioners who are worried about Big Brother whenever they see new government technology ought to take off their tinfoil hats and instead worry about mission creep, cost overruns and expensive failures.
Can you imagine what the Department of Big Brother would be like? If it had started in 1984 like it was supposed to, it'd probably have just switched most of the agency email off AOL to its own outsourced private service--after incurring massive cost overruns and having its mail server compromised by a 9-year-old hacker. If the president ordered the Department of Big Brother to jigger the e-voting machines in Florida to rig the 2008 election, it'd never work. By the time it had gotten the first couple implementations specified, implemented and tested, it would be 2016, and by then, the e-voting machines wouldn't be running Vista any more and it'd need to start over. Obviously, I'm kidding around here, but anyone who thinks Big Brother is a problem is overestimating the competence of our government. Me? I'll only worry about Big Brother if the fed starts hiring the guys who built Amazon, Google, eBay and Yahoo!
CounterPoint Big Brother isn't what he used to be. George Orwell extrapolated his totalitarian state from the 1940s. Today's information society looks nothing like Orwell's world, and watching and intimidating a population today isn't anything like what Winston Smith experienced. Data collection in 1984 was deliberate; today's is inadvertent. In the information society, we generate data naturally. In Orwell's world, people were naturally anonymous; today, we leave digital footprints everywhere.
1984's police state was centralized; today's is decentralized. Your phone company knows who you talk to, your credit card company knows where you shop and NetFlix knows what you watch. Your ISP can read your email, your cell phone can track your movements and your supermarket can monitor your purchasing patterns. There's no single government entity bringing this together, but there doesn't have to be. As Neal Stephenson said, the threat is no longer Big Brother, but instead thousands of Little Brothers.
1984's Big Brother was run by the state; today's Big Brother is market driven. Data brokers like ChoicePoint and credit bureaus like Experian aren't trying to build a police state; they're just trying to turn a profit. Of course these companies will take advantage of a national ID; they'd be stupid not to. And the correlations, data mining and precise categorizing they can do is why the U.S. government buys commercial data from them.
1984-style police states required lots of people. East Germany employed one informant for every 66 citizens. Today, there's no reason to have anyone watch anyone else; computers can do the work of people.
1984-style police states were expensive. Today, data storage is constantly getting cheaper. If some data is too expensive to save today, it'll be affordable in a few years.
And finally, the police state of 1984 was deliberately constructed, while today's is naturally emergent. There's no reason to postulate a malicious police force and a government trying to subvert our freedoms. Computerized processes naturally throw off personalized data; companies save it for marketing purposes, and even the most well-intentioned law enforcement agency will make use of it.
Of course, Orwell's Big Brother had a ruthless efficiency that's hard to imagine in a government today. But that completely misses the point. A sloppy and inefficient police state is no reason to cheer; watch Brazil and see how scary it can be. You can also see hints of what it might look like in our completely dysfunctional "no-fly" list and useless projects to secretly categorize people according to potential terrorist risk. Police states are inherently inefficient. There's no reason to assume today's will be any more effective.
The fear isn't an Orwellian government deliberately creating the ultimate totalitarian state, although with the U.S.'s programs of phone-record surveillance, illegal wiretapping, massive data mining, a national ID card no one wants and Patriot Act abuses, one can make that case. It's that we're doing it ourselves, as a natural byproduct of the information society. We're building the computer infrastructure that makes it easy for governments, corporations, criminal organizations and even teenage hackers to record everything we do, and--yes--even change our votes. And we will continue to do so unless we pass laws regulating the creation, use, protection, resale and disposal of personal data. It's precisely the attitude that trivializes the problem that creates it.
Send comments on this column to firstname.lastname@example.org.
Coming in July:
Home users: A public health problem?