Schneier on Privacy (and the Lack Thereof)


More from my conversation with Bruce Schneier (other elements of our conversation are here).

Know It All: Have we seen the death of privacy?

Bruce Schneier: Scott McNealy made the famous comment -- you have zero privacy already, get over it - and the death of privacy has been written about for many years. I think the death of privacy is overrated. Technically, the treats to privacy are enormous, but just because someone invented the camera doesn't mean that everyone gets naked pictures of themselves taken, and just because someone invented a recording device doesn't meant everything gets recorded.
Whenever you have technical advances that perturb our rights, the way you fix that is through laws. If you want to preserve privacy, don't look to technology, look to the legal system. Laws are trailing technology in general. You might have laws that protect your privacy for videotape rentals, but don't apply to downloaded movies on the internet, or laws that protect the privacy of your mail as it goes through the post office, but doesn't protect your email as it goes through ISPs. We're living in a world where a lot of laws are written to be technically specific, and are becoming obsolete when the technology changes so fast. Better laws are technologically invariant.
Know It All: Privacy is a cultural issue, too. A lot of younger people seem to be less concerned with privacy than their elders. Is that healthy?
Schneier: The Internet is the greatest generation gap since Rock and Roll. There's an enormous difference in the way the older and younger generations use the Internet, and that's healthy. We can look in horror at some things the younger generation is doing, but you're looking at the future.
It's not that young people don't care about privacy, they're very concerned about privacy. If you ask them, they'll tell you. They just have a different socialization. They want to have control over their data, what upsets them is if something happens to their data - say their pictures - that they don't want. We as the older generation are morally obligated to build systems that will allow the younger generation to communicate, to contribute, to be part of society, without forcing them into particular boxes that we might think is required of them.
Know It All: Dan Gillmor wrote us a column suggesting that companies shouldn't maintain customer data -- you can't lose what you don't keep.
Schneier: That's the best way to secure customer data, not to have it. The way to make it work is to make companies liable to exposed customer data, to give them the economic problem of owning my data. They are the only entity that can protect it, yet when the data is lost, they don't feel the pain - I do. In a capitalist system, they won't protect the data to the extent I want. They can't. The free market doesn't support that kind of decision, so if you want to make companies more responsible with customer data, you need to fix that externality.
In order to do that, you need to give individuals the ability to sue companies, because then the cost of losing my data goes up. And I think you find that if the cost of losing someone's data is higher, because of the risk of a lawsuit, then companies will save less data. We can't force companies not to keep records, that doesn't make sense, either, but if you force companies to pay the true cost of maintaining and storing data, I think you'll find a lot less of it being stored.