As Bruce Schneier spent the past decade watching the growing rash of phishers, malware attacks, and identity theft, a new Internet threat has emerged that poses even greater risks, the security expert said.
Unlike the security risks posed by criminals, the threat from government regulation and data hoarders such as Apple and Google are more insidious because they threaten to alter the fabric of the Internet itself. They’re also different from traditional Internet threats because the perpetrators are shielded in a cloak of legitimacy. As a result, many people don’t recognize that their personal information or fortunes are more susceptible to these new forces than they ever were to the Russian Business Network or other Internet gangsters.
“Taken as a whole, there’s a lot of things going on that affect our industry from outside our industry,” Schneier, who is the author of five security books, said during a Wednesday keynote at the 24th General Meeting of the Messaging Anti-Abuse Working Group. “These are things that might be imposed on us. More capability, more usability, less control.”
The first of three pillars propping up this outside threat are big data collectors, which in addition to Apple and Google, Schneier identified as Amazon and Facebook. (Notice Microsoft didn’t make the cut.) The goal of their data collection is for marketers to be able to make snap decisions about the product tastes, credit worthiness, and employment suitability of millions of people. Often, this information is fed into systems maintained by governments.
Schneier didn’t discuss the effect this unprecedented level of data scavenging has on individual privacy. Instead, he focused on how it ties the hands of people working at ISPs and software companies who work to secure their customers’ personal information.
“We in security face enormous threats here because there are things we might want to do that we won’t be able to do,” he told about 400 people attending the three-day San Francisco conference. “You could see a law that limits what we can do about cookie deletion.” Laws that require smartphones or other devices to be equipped with unique identifiers aren’t a stretch, either, he said.
Schneier said the threat is often obfuscated by the tremendous technical advances the big data players have offered. Google mail is a safer alternative for average users because there’s almost no chance they’ll ever lose a message. Apple’s iPhone is wildly popular because it’s easy to use and to date has proved largely impervious to real-world malware attacks. But behind the security and reliability, there are threats many don’t consider.
“I can’t find a program that will erase the data on this thing to a reasonable assurance without jailbreaking it,” he said, holding up his iPhone. “For me that’s bad.”
Read More: Ars Technica