It’s not the “Big Data” we usually talk about, which refers more to the size of the data than of the company behind the management tool. It’s the term Bruce Schneier uses to refer to the industry that has evolved around data as a commodity, the way the energy industry was once considered “Big Oil.” Schneier – the celebrated cryptographer-turned-technologist and easily the RSA Security Conference’s biggest draw, and a CTO at BT – believes “Big Data, Inc.” poses as great a threat to personal security and privacy as malicious actors.
“I mean Big Data as an industry force, like we might talk of Big Tobacco or Big Oil or Big Pharma,” Schneier told an overflow crowd of attendees. “I think the rise of Big Data is as important a threat in the coming years, one we should really look at and start taking seriously.”
Schneier defined this industry as “the companies that collect, aggregate, and use personal data,” citing as one example data aggregation company ChoicePoint (now part of Reed Elsevier and integrated into LexisNexis). To this mix, he added Internet magnets like Google and Amazon, social networks including Facebook, a certain very large company named Apple, “and really the entire marketing ecosystem that surrounds the Internet. I think that is becoming a powerful industry force, and is a risk to our community.”
But a risk in what regard? Can this risk be quantified, anticipated, managed? Amid a growing community of risk managers who are joining the RSA attendees, many for the first time, did Schneier use the right choice of terms?
Here’s how he explains the situation: The onslaught of new consumer cloud services that provide free storage have rendered it as easy, or even easier, for individuals to hold onto data as it is to throw it away. “The marginal utility of saving some data is so low, because the cost of saving it is so cheap. You know this in your own lives: We all hit a point some years ago where we stopped throwing away e-mail that wasn’t important, and started saving it all because it was just easier. And search became cheaper than sort. When that happened, we just saved everything, because why not?”
More devices now than ever before contain sensors, but Schneier describes that these devices are being coupled with more organic entities through the Internet, gathering aggregate data from user transactions. “The collection is becoming ubiquitous. More importantly, it’s all being aggregated. And we kind of knew this in the background, but we’re seeing new examples of it: Google’s new privacy policy talks about the aggregation of data. They’re no longer going to silo their search data from their Google+ data from their Flickr data. It’ll all be collected because they want to make more money serving you ads.
“Our computers are becoming more like terminals again,” he added, citing the degree to which they’re serving as collection points for data and documents for cloud storage. Younger users are accustomed to engage with the closest available screen, he said, as the most convenient collection points. The companies that operate in this space are competing, he explained, to be the first to monetize your data.
“Monetizing data has a variety of different faces. There’s showing you personalized ads. But there’s [also] credit-worthiness, employment assessments. There are linkages with government databases,” he added, citing recent controversy over the Transportation Security Authority’s recent proposal to access a broader base of personal data in assessing whom it should ban from flying on airplanes.
The actual threat comes not from Big Data, Inc.’s size in and of itself, BT’s Bruce Schneier explained, but from the way it leverages that size. “These companies are now very powerful, and they are using their muscle to resist changes that hurt their industry. And their industry does not equal our industry. Our industry is IT; their industry is basically advertising. And this affects security, because [with] a lot of these changes, the result is that control is taken away. We have no control over our Facebook data.”
Pulling out his own iPhone, he continued, “Even more importantly, I have much less control over this iPhone than I do over my computer. As a security guy, I cannot do things on this machine that I can do on my computer. I can’t erase data to my satisfaction, I can’t run an antivirus program to anybody’s satisfaction. Because Apple isn’t giving me the same level of control, of access, that I have to a PC or even to a Mac.” He added that Amazon’s Kindle renders pages prior to delivering them. “This might be good for performance, but for security, it depends.
“There’s kind of a war against general purpose computing going on,” the security expert pronounced. “I actually believe the companies realize they made a mistake when they created general purpose computers, because they gave users too much control, and they’re trying to get that control back. Whether it’s smartphones or tablets or game consoles or cameras, all of these special purpose Internet devices, give much more control to the companies in the back that run them.”
Bruce Schneier’s latest book, Liars & Outliers: Enabling the Trust That Society Needs to Thrive, is – perhaps ironically – very highly rated on Amazon.
