Security

Schneier: Don't expect Uncle Sam to guard your web privacy – it's Europe riding to the rescue

'Everything we do has a moral dimension ... we are responsible for the world we create with our technologies'

By Iain Thomson in San Francisco

36 SHARE

RSA If you're looking to the US government to save your electronic privacy, don't hold your breath: Europe looks to be the real hero in this fight.

That's according to, well, quite a few of you, we reckon, but also crypto-guru Bruce Schneier, who was speaking at 2019's RSA Conference in San Francisco on Wednesday. He warned the audience that there was no way Uncle Sam was going to risk upsetting homegrown data-slurping cash-cows like Facebook with any meaningful regulation or safeguards on the sharing of personal information. Europe, meanwhile, was leading the march on data harvesters, he said.

"The EU is the regulatory superpower on the planet," Schneier told The Register. "We won't be regulating surveillance capitalism in the US, it’s too profitable. If you want that done, then look to the EU."

Because the EU is such a large market, the laws it introduces have a knock-on effect for folks worldwide. Many companies have implemented the union's GDPR privacy protections for all customers, rather than attempt to work out who is covered and who isn't.

While GDPR has its faults, he said, it was at least a move in the right direction. In America, certain states, such as California and Massachusetts, are setting up, or have set up, similarly strict privacy and data-protection laws, which was encouraging – but there is a looming danger, he warned. A nationwide federal online privacy law could run roughshod over individual states' attempts to guard people's private info from misuse.

"The biggest danger to privacy will be a mediocre federal law that preempts state laws," Schneier said. "We need to watch for that."

Baffled

The reason for this American impasse, Schneier said, was that politicians stateside don't have a clue about the internet, and how it works and can be abused. He reminded us of the recent Facebook hearings in Congress during which most legislators seemed baffled by the very technology they were supposed to be investigating.

Schneier said Silicon Valley hasn't done enough to educate our political classes about the latest platforms and ways of doing things online – though, the tech goliaths are more than happy to put in plenty of lobbying dollars and hours to get their own way with legislation.

The infosec expert suggested there was a need for public-interest technologists: people who know a thing or six about technology who can work with policy makers, independently on behalf of netizens, to inform legislators' decisions without big corporations sticking their oars and checkbooks in.

We've faced this before, he claimed, with the legal profession. Fifty years ago, very few lawyers did pro-bono consumer legal cases, but now 20 per cent of Harvard law graduates apply for such work, and there are many lawyers who take big pay cuts to litigate in this area. In other words, if some lawyers can put the public interest ahead of their personal bank accounts for a bit, so can tech experts.

Congress vs Facebook: Great soap opera TV, but don't expect big results

READ MORE

And it shouldn't be left to public-spirited eggheads. The big names of Silicon Valley could, and should, put forward advisers, too, who have their users' interests at heart rather than their bosses', he said. Google's 20 per cent policy, whereby staff get a day a week to work on their own projects, would be ideal for this, and other technology companies could follow suit for some of their employees.

Such a move may also give technology workforces a better ethical grounding. Schneier cited the internal protests at Google over the development of weaponized AI as an example of some of tech land's engineers waking up to the ethical consequences of their work.

One snag in all of this, we reckon, is that tech companies fielding employees to advise policy makers may just look like intensified lobbying in the eyes of the outside world. And also, the conflict of interest is a non-starter: you can't be on Oracle, Facebook or Microsoft's payroll, say, while dishing out information and recommendations on regulating your employer.

However, Schneier is confident techies are waking up to the damage they are potentially causing, and that may lead to some rebelling or persuading some executives to change course.

"Everything we do has a moral dimension, and we need to accept and engage with it," he said. "It's hard in security because every tool we build has a dual use and can do bad things in the wrong hands. We aren't responsible for every single use, but we are responsible for the world we create with our technologies." ®

Sign up to our NewsletterGet IT in your inbox daily

36 Comments

More from The Register

Oops! Almost a year in and ICO staff haven't been handed a GDPR privacy notice yet

Data watchdog: All our staffers are 'aware' of policies...

What was that P word? Ah. Privacy. Yes, we'll think about privacy, says FCC mulling cellphone location data overhaul

Analysis Commissioners still doing their best to ignore bounty hunter stalking scandal

Apple arms web browser privacy torpedo, points it directly at Google's advertising model

Safari tech ready to be ignored by online ad giants like all other privacy proposals

Turn me up some: Smart speaker outfit Sonos blasted in complaint to UK privacy watchdog

Tech lawyer argues that 'give us all your data or your kit gets it' doesn't count as valid consent

California's politicians rush to gut internet privacy law with pro-tech giant amendments

Analysis Meanwhile, the only pro-privacy proposal gets quietly pulled

Eggheads confirm: Rampant Android bloatware a privacy and security hellscape

Bundled software not just an annoyance, it's also a risk

Apple to require privacy policy on all apps

October iOS change reflects broader societal shift

Hands off Brock! EFF pleads with Google not to kill its Privacy Badger with its Manifest destiny

It's not hard, we just need some coding tweaks to make sure Privacy Badger stays sane

Looks like Uncle Sam has pulled its finger out and appointed a Privacy Shield ombudsperson

White House to nominate former DocuSign boss

Microsoft promises to boil down its lengthy and confusing privacy controls… in 1,500-word announcement

Same day Zuckerberg declares with a straight face at F8 event: 'The future is private'