Security Expert: Trusting Service Providers With Security Is Dangerous


Security in online services is inherently standardized, and users have no ability to customize security on the system. But this arrangement has its risks, BT's Schneier said: Vendors can make mistakes or employ heavy-handed methods of keeping users tied to their services, for example.

"We all now carry tracking devices in our pockets, and we're even turning on [GPS] to get better maps. Government and corporate power controls your data now, not users," Schneier said. "And what's happening now is that the powerful are trying to change the rules of the game to fit their agendas."

For example, media content companies are trying to change laws in order to shore up their copyright enforcement abilities. As companies get more control in such fashion, they're going to have more control over security as well, Schneier said.

Schneier believes we're headed for even more intense battles. He's advocating more research into surveillance, censorship and propaganda, both from the government and corporate sides.

Safe places for the anonymous publication of information are also needed; WikiLeaks provided that, but U.S. authorities made clear it would not tolerate copycats, he noted.

Basically, what's needed at this point are mechanisms to tip the balance of power back to the serfs, Schneier said. "We need good government to enforce obligations on these companies instead of just giving them rights," he said.

PUBLISHED FEB. 26, 2013