Your cellphone emits a signal that tags your location every minute of every day. Your Google search log records your private anxieties and interests. Your text messages and social media accounts capture every detail of your social life. Your store purchases produce records of your spending habits. Your photos are embedded with the date, time and location of the moment they were taken.
Everything you do and everywhere you go, you leave a trail of data that reveals intimate details of your life, and governments, corporations and hackers are keen on having more and more of it in their hands.
That's why Bruce Schneier, a computer security and privacy specialist, wrote the new book Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, an examination of where your data ends up and who is most eager to acquire it.
"Data is the pollution problem of the information age, and protecting privacy is the environmental challenge," he writes. "Almost all computers produce personal information. It stays around, festering. How we deal with it — how we contain it and how we dispose of it — is central to the health of our information economy."
In 2013, the world caught a glimpse of what poor data health looks like when Edward Snowden leaked an enormous trove of NSA documents, showing a regime of global surveillance far more invasive than the public had ever imagined.
Schneier lays out how the NSA is only one of many different kinds of surveillance entities that the public needs to worry about. He explains how we need to re-evaluate the trade-off that we make by giving up personal data in the name of convenience and security. While Schneier is not against surveillance per se, he's concerned that if governments and corporations have free reign over our data, it will inevitably be misused to undermine freedoms we take for granted today.
Mic asked Schneier about how we're being tracked today, and what that means for the future.
Mic: How can our cellphones be used to track us, and who does the tracking?
Bruce Schneier: A cellphone is probably the most intimate tracking device ever invented. It needs to know where you are at all times. Otherwise, it isn't able to connect your phone calls. Location tracking is part of how the system works. And if you assume that everyone carries one, it's easy for the system to correlate locations and figure out who is with you — who works with you and who sleeps with you. Your phone also knows who you talk to, how often, what times of day and how long. It knows who you send text messages to. And because your phone is also a computer, all the Internet tracking we're constantly subjected to happens on your phone as well.
As to who does this: everyone who can. Your cellphone provider tracks all of your cellphone use. The various Internet sites you visit track your Internet use. And many of those companies package and sell this information to others.
"As a society, we need to choose security over surveillance."
Mic: We all know that Facebook knows a lot about us. What are some things that it knows or can deduce about its users that most of the public might not know?
BS: Facebook can predict race, personality, sexual orientation, political ideology, relationship status and drug use on the basis of "likes" alone. The company knows you're engaged before you announce it and gay before you come out, and its postings may reveal that to other people without your knowledge or permission.
Mic: How about Google?
BS: We don't lie to our search engine. We're more intimate with it than with our friends, lovers or family members. We always tell it exactly what we're thinking about, in words as clear as possible. Google knows what kind of porn each of us searches for, which old lovers we still think about, our shames, our concerns and our secrets.
If Google decided to, it could figure out which of us is worried about our mental health, thinking about tax evasion or planning to protest a particular government policy. I used to say that Google knows more about what I'm thinking of than my wife does. But that doesn't go far enough. Google knows more about what I'm thinking of than I do, because Google remembers all of it perfectly and forever.
Mic: How does corporate surveillance shape what kind of news articles we see?
BS: We don't know how, because the algorithms that do the shaping are all secret. We do know that this happens. News sites and search sites show us articles based on what they believe we want to see. So we're more likely to see articles that agree with our politics than ones that disagree with it. Moreover, sites like Facebook charge content sites to promote their articles. So the news articles we see on free sites may depend on how much someone is willing to pay for us to see them.
Mic: Ubiquitous surveillance on the Internet has given rise to what Al Gore has called "the stalker economy." You've written about how readers have become products: Websites generally rely on advertisers for revenue, and the more that their advertisers are able to learn about a website's users by mining them for personal information, the more revenue they're going to be able to generate. Can you explain more about what it means for advertising to be so customized now that even prices can be custom-tailored?
BS: What it really means is that we all see a personalized Internet. Because advertisers know so much about us, we see different advertisers. Because merchants we visit know so much about us, we see different offers and sometimes different prices.
Two documented examples are credit card offers that depend on income level, and prices for office supplies at the Staples website that depend on location, especially proximity to a competitor's store. For a while, Google was more likely to show ads for bail bondsmen when people searched on a stereotypical black name than on a stereotypical white name.
Mic: Many cellphone apps ask if they can track your location. Sometimes it makes sense, such as when Yelp uses your location to recommend a restaurant in close proximity. But there are times when it isn't as clear, like when Facebook Messenger prompts you for location access. We're getting used to revealing our whereabouts to countless companies and services. Should we resist this? And what's a smart way to do it?
BS: I believe we should reveal our location information to services that need it, like Yelp or Google Maps. But there are smartphone apps that have nothing to do with location that nevertheless collect it so they can resell it to data brokers. I think we should absolutely resist giving away our privacy in this way, and you can do that by checking the settings on your phone and only giving appropriate apps access to your location information. It's the same with your address book, calendar and everything else on your phone. If you don't understand why an app needs that sort of access, don't provide it.
Mic: Could you explain how our purchasing patterns are recorded and what they reveal about us?
BS: Organizations that collect our data spend a lot of time correlating things like purchasing patterns, to make more general inferences about our lifestyle. Famously, Target is able to predict when someone is pregnant based on the things she purchases. Similarly, retailers can predict when we're getting married or going on vacation. More disturbingly, they can predict when we've just lost a job or have a major illness. The predictions might not be terribly accurate, but they're good enough for targeted advertising.
Mic: Earlier this month, the Intercept reported that the CIA has been attempting to hack into the iPhone and iPad for years and, if successful, they could steal passwords, capture personal data and covertly install surveillance software. Has the CIA succeeded at all in their ambitions, and should we be worried?
BS: The CIA's successes and failures are classified, so I can't speak to them. It seems unlikely that they have been successful in all their ambitions; if they were, they'd be a pretty unambitious lot. But the NSA, CIA and FBI are all trying to hack our computers, phones and other devices. This should worry us all, because it means these organizations have a vested interest in keeping these devices insecure. Any hack these organizations find and exploit can also be found and exploited by others: other governments, cyber criminals and hackers. As a society, we need to choose security over surveillance.
Mic: Which is worse: government surveillance or corporate surveillance?
BS: It's not one or the other — it's the two of them working together. In my book I call it the "public-private surveillance partnership." Most government surveillance piggybacks on existing corporate capabilities. Data that the U.S. government cannot legally collect, it purchases from corporations. On the other side, corporations regularly buy personal data from governments, and corporations that get big government surveillance contracts fund lobbying groups that support more surveillance. The problem is surveillance by the powerful over the powerless, and that's both government and corporate surveillance.