Security technologist Bruce Schneier tells DW why he finds it curious that the German BND is getting a free pass on surveillance and why Europe should take the lead on protecting privacy in the digital age.
Bruce Schneier (@Bruce_Schneier) is an internationally renowned security technologist. He helped the Guardian analyze top-secret NSA documents leaked by Edward Snowden. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, and the Chief Technology Officer at Co3 Systems, Inc. He blogs at Schneier on Security.
DW: One year ago the Guardian published the first article on the NSA's surveillance activities based on the disclosures of Edward Snowden. Many other revelations have followed since and triggered a robust international debate about surveillance and privacy. Now one year later what is the most significant consequence of Snowden's disclosures?
Bruce Schneier: Right now the most significant consequence has been the knowledge that has fueled the debate. A lot of what we have read from these NSA documents isn't surprising, but the details make them real in a way that speculation doesn't. And by putting the documents in front of the world and forcing the debate Snowden has made an enormous contribution. And that is I think why he has been given all these awards and people respect him.
And what is the most neglected, but crucial fallout from the so-called NSA scandal?
There are a few things I think that aren't talked about enough. The first is the amount of data sharing between the NSA and other organizations in the US like the FBI, the DEA and DHS etc. The documents focused on the NSA, so there is not a lot of discussion about how that information moves between government organizations. We do know that a lot of that happens, but that's really not talked about.
Second, since the documents focus on the NSA there is not a lot of discussion about what other countries are doing, and not just the UK and other EU countries, but China, Russia, Iran, Syria or India. These techniques are not unique to the NSA. They are much more general. And there isn't really this discussion about how this plays out internationally. These are the two major things that I think are missing.
The third more minor thing is how these data streams are correlated. The documents tend to talk about collection. Just a few days ago we learned that the NSA is collecting faces and tagging them with names, or collecting location information, or collecting cell phone calling data, or email records, or buddy lists. What is talked about much less is what you can do if you can correlate these streams with each other. And that kind of analysis is at least as important as collection and it is a lot more scary when you start reading the details. But since the documents tend to focus on collection, the stories focus on collection.
While the German parliament has formed a committee to investigate the NSA's conduct, the role of Germany's intelligence agencies like the BND and what they knew or didn't know about the NSA's activities has received less attention. From your experience, how would characterize the BND's linkage with the NSA?
Germany is a very close partner with the United States in surveillance. We know from the maps of the NSA eavesdropping points that there are several in Germany. This has been true throughout the Cold War of course and it remained true even after the Berlin Wall fell.
So you wouldn't be surprised if the BND knew something about the NSA's activities?
The BND is a very close partner. The BND and the NSA spy for each other. It's not that they knew, it's that they were doing it with them. They were partners. So yes, it's sort of interesting to watch the German political reaction where the German activities are getting a free pass when they are probably just as bad. Like I said earlier, these are NSA documents, so they focus on the NSA, but what the German BND is doing is the same thing. It's not going to be any different. The BND might not spy on Germans. The NSA might do the German spying and the BND might be doing the US spying. There is a lot of trading going on. But the result is that most of the world is under surveillance.
The NSA according to the New York Times is working on facial recognition technology as is Facebook whose aptly named project Deep Face reportedly can identify a face with 97 percent accuracy. Is face recognition the next frontier in surveillance?
I think it is. Automatic identification of which face is just one thing, whether its retina or figure print scanning automatically from a distance. As cameras get better lots of things are possible. I see gait recognition, recognizing people from the way they walk from a distance and so there are many different ways for automatic recognition from the environment.
Can you explain the potential of automatic face or similar recognition methods coupled with our other data for intelligence services and companies alike?
Right now to identify people you have to ask for their ID. It's an action that the person being identified knows about. When you can identify people automatically either from a cell phone they are carrying, the RFID chips in their clothing, their face or the iris then you can identify people without their knowledge. And that really is another level of surveillance. And of course you could correlate that with other data.
There was an experiment done at Carnegie Mellon University a few years ago where researchers put a camera in the quad and it filmed people walking by. They compared the images they captured with Facebook's public database of Carnegie Mellon student photos that were tagged, compared that with other databases, were able to get social security numbers and then had a system where people would walk by and the camera screen would automatically display their name and social security number. That's incredibly invasive, but that's what's possible with automatic identification and then correlation with other databases.
How hopeful are you that these activities can be remedied or curbed by legislative action?
The way we human beings curb abuses is through law. That's why people don't shoot each other in the street constantly, because we have laws that prevent that. Laws are how society works. And this is one of those things. It might take a couple of decades until we are no longer scared by the terrorists, but we will pass laws about this.
In light of recent decisions by the European Parliament and Court many regard Europe as a beacon of hope for the protection of privacy rights in the digital age. Do you?
I think that is true. I do look to Europe to take the lead on this. Because I think what Europe is realizing and that is a very important truism is that all this government surveillance piggybacks on corporate surveillance. The NSA didn't wake up one morning and say let's spy on everybody. They woke up one morning and said all these companies are spying on everybody, let's get ourselves a copy.
You mentioned Facebook's face recognition system and we talked about all these images that NSA is grabbing and they are coming from Facebook, Flickr, Skype. The location data comes from your cell phone, your buddy lists and call records come from the things you do with your smartphone and email. So there is all this corporate surveillance, because surveillance is the business model for the Internet. And that is being used to fuel the government surveillance. And what the European Court has been doing is really looking at this corporate surveillance and coming up with rules about it. I think the court ruling was kind of crazy, but these are the right issues to be debating. So I am hopeful that Europe is going to take the lead on this.