RSA If you're looking to the US government to save your electronic privacy, don't hold your breath: Europe looks to be the real hero in this fight.
That's according to, well, quite a few of you, we reckon, but also crypto-guru Bruce Schneier, who was speaking at 2019's RSA Conference in San Francisco on Wednesday. He warned the audience that there was no way Uncle Sam was going to risk upsetting homegrown data-slurping cash-cows like Facebook with any meaningful regulation or safeguards on the sharing of personal information. Europe, meanwhile, was leading the march on data harvesters, he said.
"The EU is the regulatory superpower on the planet," Schneier told The Register. "We won't be regulating surveillance capitalism in the US, it’s too profitable. If you want that done, then look to the EU."
Because the EU is such a large market, the laws it introduces have a knock-on effect for folks worldwide. Many companies have implemented the union's GDPR privacy protections for all customers, rather than attempt to work out who is covered and who isn't.
While GDPR has its faults, he said, it was at least a move in the right direction. In America, certain states, such as California and Massachusetts, are setting up, or have set up, similarly strict privacy and data-protection laws, which was encouraging – but there is a looming danger, he warned. A nationwide federal online privacy law could run roughshod over individual states' attempts to guard people's private info from misuse.
"The biggest danger to privacy will be a mediocre federal law that preempts state laws," Schneier said. "We need to watch for that."
The reason for this American impasse, Schneier said, was that politicians stateside don't have a clue about the internet, and how it works and can be abused. He reminded us of the recent Facebook hearings in Congress during which most legislators seemed baffled by the very technology they were supposed to be investigating.
Schneier said Silicon Valley hasn't done enough to educate our political classes about the latest platforms and ways of doing things online – though, the tech goliaths are more than happy to put in plenty of lobbying dollars and hours to get their own way with legislation.
The infosec expert suggested there was a need for public-interest technologists: people who know a thing or six about technology who can work with policy makers, independently on behalf of netizens, to inform legislators' decisions without big corporations sticking their oars and checkbooks in.
We've faced this before, he claimed, with the legal profession. Fifty years ago, very few lawyers did pro-bono consumer legal cases, but now 20 per cent of Harvard law graduates apply for such work, and there are many lawyers who take big pay cuts to litigate in this area. In other words, if some lawyers can put the public interest ahead of their personal bank accounts for a bit, so can tech experts.
Congress vs Facebook: Great soap opera TV, but don't expect big resultsREAD MORE
And it shouldn't be left to public-spirited eggheads. The big names of Silicon Valley could, and should, put forward advisers, too, who have their users' interests at heart rather than their bosses', he said. Google's 20 per cent policy, whereby staff get a day a week to work on their own projects, would be ideal for this, and other technology companies could follow suit for some of their employees.
Such a move may also give technology workforces a better ethical grounding. Schneier cited the internal protests at Google over the development of weaponized AI as an example of some of tech land's engineers waking up to the ethical consequences of their work.
One snag in all of this, we reckon, is that tech companies fielding employees to advise policy makers may just look like intensified lobbying in the eyes of the outside world. And also, the conflict of interest is a non-starter: you can't be on Oracle, Facebook or Microsoft's payroll, say, while dishing out information and recommendations on regulating your employer.
However, Schneier is confident techies are waking up to the damage they are potentially causing, and that may lead to some rebelling or persuading some executives to change course.
"Everything we do has a moral dimension, and we need to accept and engage with it," he said. "It's hard in security because every tool we build has a dual use and can do bad things in the wrong hands. We aren't responsible for every single use, but we are responsible for the world we create with our technologies." ®
Sponsored: Webcast: Ransomware has gone nuclear