Everyone is very aware of private mass surveillance now. Everyone knows that they are being tracked in their daily lives by Google and Facebook and they know in which way the are being tracked too. So maybe, not much changed in terms of laws but people are significantly more aware now. What used to be conspiracy theory is now accepted fact. Stallman is no longer the butt of the joke. Technologists that used to dismiss privacy concerns can no longer do so.
Yeah, my brother commented to me that in retrospect, my consistent objection to handing over my drivers license/SSN and other personal details needlessly wasn't crazy (which at the time he considered odd behaviour).
After working with the credit bureaus, I don't llike giving out enough info for anyone to mess up my personal life. For example, even the front of a drivers license without the license number is enough info for fraudulent creditors to wreck your credit.
Forget government agencies - anyone not afraid of giving them away is a fucking moron for identity theft reasons alone. Which I believe demonstrates a fundemtnal problem with how the system works - that the burden is even on the individual instead of the crediter is itself a problem.
If a schoolboy orders 3000 pizzas in your name that isn't your problem but the pizza place's problem. So why the /hell/ do we consider it different with big banks except for the general stupid human tendency to hold people in power to lesser standards?
Most people asking for your SSN or drivers license will already know your name and approximate location, therefore they'll have enough information to just look up your SSN and DL via various services like accurint.
Unfortunately, a lot of the people who are aware have bought into the idea that it is not harmful or only associated with advertising recommendations that are beneficial to them, even. They don’t recognize the potential for misuse of their personal data and surveillance. Multiple times in coffee shops i have overheard conversations where a man in his 20s is saying opinions to that effect.
I think this is because most people that are against it only talk about turn key tyranny. But few talk about how hackers can use the same things. How a foreign government can use the same tools (by hacking us), or as John Oliver pointed out, the government has your dick pics. And any nudes you sent.
I don't necessarily know if it's them being dumb. I've found that it's mostly "I don't do anything wrong, why should I care?" that gets bandied around as an excuse.
Because they think "it can't happen here". Or "I'd recognize Hitler if he was coming to power" type of thoughts. Probably because we only talk about evil people with respect to their evilness. And not how evil people can also do good things.
It seems they forgot they are being tracked by governments though. E.g. during the gdpr debate the exceptions for governments were barely discussed. I am also not sure to what extent what you re describing was due to snowden or the trump election.
How is the government going to function if we can e.g. ask the census bureau to remove our PII from their database. Clearly the government needs an exception.
The census is used to determine the allotment of House representatives for each state, and distribute funds to various federal programs by state or region. This probably requires more accurate and detailed demographic information than hashes would provide.
Also, names are not unique, therefore hashes of names would also not be unique. And how would you verify the hashes belong to actual people?
Hash multiple information. While a name isn't unique, a SSN is. Or a name tied to an address and age IS (age needed because similar address also leads to higher chance of name clashing if something like "Jr" or "Sr" is missed). You can hash more than a single thing.
Whenever the topic of anonymizing and deanonymizing and PII comes up, I have to use myself as an example of how little data can be considered PII. Despite living in a city of 300,000 people, through a quirk in street numbering my house wound up with a unique postal code. Given the postal code, almost any piece of data goes from 1 of 2 people (me and my wife) to just one of us.
Hopefully that thought sends shivers down the sounds of anyone who is trying to come up with a data anonymization scheme
This lack of skepticism is unfortunate. There are some topics where people feel free to say whatever they feel strongly about without supporting evidence. It makes for tedious reading.
When you're a semi-anonymous commenter on the Internet, it's better to share your inputs than outputs.
Worked in security for over decade before Snowden, kept finding things I couldn't talk about, knowing I'd found the tip of an iceberg in many places without being able to piece it together. When it all came out, was relieved not to be nuts, and was more interested in what regular people thought of the whole thing.
Normal people know what "parallel construction," is and how elected governments will use these systems for political ends.
What I don't understand is why it's not a bigger public issue with all the controversy around the current U.S. president. The scenario where a radical takes power and has control of these systems was the precise nightmare scenario everyone was concerned about, and yet mass surveillance just isn't a part of the popular discourse in the culture war.
Is it because the other team wants to use it too, or is it because the current perceived radical tyrant isn't dangerous enough?
It reminds of the biblical story of Israel, when the people were fed up with the corruption of the judges, who ruled the land. The judges were a sort of a "checks and balances" system. The people were not happy with the sorry state of the system. They said, other countries have kings and order, we want one too. So the most prominent prophet listened to the will of the people and said, "ok, you will have a king, I will anoint one for you, you might not like what you get though".
To me the current situation rings like an echo of that, people want strong leaders to fix their problems.
"History never repeats, but it rhymes" -- probably not Mark Twain
These were not just collateral damage. It took 2 strikes to get the older brother. It's unclear how many were done to get the sister. At least publically all that is known about the father in terms of wrong-doing was making videos about how US foreign policy was damaging on youtube. They say he's a 'bad guy' but there's never been any evidence given. He was taken out long before they went back in to get the kids.
I don't understand why your upper comment was downvoted since it points at a core aspect of the systemic problem that in a democracy the different branches are supposed to keep each other in check: legislative, judiciary and executive branches. If you have an executive branch without oversight from the judiciary, it just grows like a cancer since the executive government doesn't need to prove anything, and the right to legal defense is vaporized...
your quote:
>... used (and expanded) the purely executive branch assassination program
>I don't understand why your upper comment was downvoted
There are two reasons I can think of. The first is that it really doesn't have much to do with Snowden's legacy. It's a tangent (even if I didn't start it). That's justifiable downvoting.
The second is cognitive dissonance from acknowledging the problems of US government aren't all entirely the result of Trump. It's run of the mill partisan thinking. Often people think by highlighting the same bad behavior of past administrations I'm supporting the current. Not true, but partisans are gonna partisan.
I'm not sure what the OP talked about, but minors are frequently killed as collateral damage in areas where the US is taking military action. This is especially common when explosives are used in heavily populated areas, like the many online videos where a strike is carried out in a city. Assange helped reveal that in some cases, US citizens are killed as well (this was in the movie when he was played by Benedict Cumberbatch).
I think Donald Trump would have to be far more popular for him to be dangerous in this sense. I don't think calling him a tyrant is realistic, either - tyrants are typically popular across broad sectors of society, not extremely divisive.
Biggest benefit for me, too. The difference is I had to do that with security professionals who thought certain risks were too speculative or that defenses didn't make sense. That mostly didn't change after the Snowden leaks but it did a little and I have some proof. :)
He (and Greenwald etc) moved the reality of mass surveillance in the West from somewhere between "it happens in other countries, but not here where we are Free" past "tinfoil hat derision"
and into to a reality that we have to accept and deal with.
For one person, it's quite an achievement.
As for what has changed, Only in the movies would there be a neat resolution, and we go back to being safe.
We can never go back. But at least we know where we are. Fixing it is now our problem.
The people of the west can no longer look at China/Iran/Russia and say they're police states without looking at what they've allowed in their own countries.
Once China's "Social Credit" system is in full force and in the governments eyes working well (undoubtedly crime/social tension will decrease, at the cost of freedom) will the west start copying these technologies just like their spy agencies did after 9/11?
Social credit is already a thing for the people of the west. Where people have to pass various checks for everyday things, so that ideologically wrong people could get punished and removed from ideologically right circles by not allowing them to get decent jobs and decent places to live.
Social Credit is merely a virtual representation of something that is already very real. Our reputations precede us, a decade of hard drinking, abuse and fighting in pubs will earn you a social score amoungst your local area, as will a decade of volunteer work with a local charity.
Putting those online is not inherently a stupid or bad thing. Putting them online without a means to view them, without controls on who can view them, without ability to redress wrongs or corrections, without institutions that support it, yes that's crazy.
We are never going back to a world where only your neighbours knew what you were like, but we do not either have to go to a world where only the Stasi or ad-tech firms do too.
Nobody seriously thinks that the Chinese system is your "local reputation," it's an East-German style reporting system where everyone informs on everyone else and only the state's interests are served.
Yes, I know. But the point is that a cctv camera that is accessible only to the police is the same camera that is open to the web. It's the use not the technology.
Your local reputation is relative, there’s maybe a different version of it for every pair of eyes that assess you
THE Chinese credit score is objective, there’s only one. It’s merely what the government thinks of you, with no room for disagreement, with the consequences of that assessment automatically enforced throughout all of China
After reading your comment, we immediately need to reject the term "social credit" and instead adopt the phrase "government credit".
As discussed, in true social credit, many people/citizens reporting their accounts of an individual's credit to the "centralized image" would be similar. Their government-held system is not.
That isn't social credit. Social credit would be when you're turned down for a bank loan because the NSA scans your Facebook profile and scores you as a possible political dissident because you liked too many anti-Trump memes. But that isn't happening in "the west" (yet.) No one is being blacklisted across the "the west" from housing or employment because of wrong-think. At least not systemically.
What you seem to be describing is simply society, and the fact that speech in a free society can have social consequences.
In terms of end result for the individual, what difference does it make if an internet mob blacklists you from employment for thoughtcrime or if a government bureaucracy does it?
absurd. you simply cannot compare iran/russia/china/SA with the west in general and the US specifically.
i’m walking on the beach on thanksgiving and when i get back home i’ll feel just as free to speak my mind and respect my neighbors right to speak their mind without fear of the stasi knocking on my door tonight.
we have a free press whose only fault is our own (profit motive).
We can compare them. And we are in almost every measurable way, better.
Comparision does not have to mean the right-on teenager reflex of throwing out babies with bath water- Comparison means comparing against our ideals, as well as against the failings of others.
I am proud of the society my forefathers have created and try to do what I can to both preserve it, and enhance it.
And It is that enhancement that matters here - a new opportunity fell into the laps of our security services, who rightly took that as far as they could. They incorrectly kept it secret from us.
It is now up to us to decide how we balance the advantages and disadvantages of this new technology - something we are barely grappling with on Facebook, something billions of people are familiar with, as opposed to the more abstract Five Eyes world of surveillance.
We will get there. Things like GDPR are starting to grapple with the subject
>We will get there. Things like GDPR are starting to grapple with the subject
I'm jealous of your optimism, but I'm in Australia and our politicians don't care about the freedom of our citizens. The exact opposite, in fact.
They have already brought in draconian metadata retention laws [1], despite the ministers involved not even being able to explain what metadata is [2], and are now trying to bring in a bill to literally install malware on our phones with no judicial oversight. This all happens unopposed in a bipartisan way, I suppose because no politician has the spine necessary to defend a position that, even though good for the vast majority of people, could be trivially misrepresented as being "soft on terror".
I'm as much in favor of stopping terrorism and most other crimes as anyone else, however I am far from convinced that blanket spying is an effective way to achieve those aims, and the negatives are so great. There has been no discussion on whether the loss of our freedoms is worth the actual damage. The people did not vote on these laws. Instead it is secret this and secret that, and everything is by default classified for "security reasons".
On a population scale the losses from terrorism have been minimal. Far too minimal to justify such massive changes to our fundamental way of life with no provided metrics in support, or any way provided to measure how effective those changes have been.
And what are we protecting if not freedom? Because a world where everywhere we go, and everything we do or discuss is recorded forever by Big Brother for later analysis is not freedom. There should be a right to privacy.
I guess that's why the people were not consulted. Better to ask forgiveness than permission. Although in this case they haven't even asked for forgiveness - they're not asking at all, and when discovered, doubling down!
Such surreptitious behavior does not inspire trust in people in charge of the greatest surveillance apparatus the world has ever known.
Frankly I do not trust our security services to safely handle all our personal data. There will be abuses of that information as well as false positives. Also data breaches and leaks. The government is not adept enough at data security to handle the multitude of hackers that will want to gain access to the worlds largest honeypot of blackmail information.
With the metadata retention laws of 2015, there has been an "authority creep" to now 81 entities who have requested that data, most of those agencies being unrelated to terror.
When the legislation was introduced, cutting down on the number of organisations that could access the data without a warrant was used as a selling point by the government, something which now seems laughable.
Centrelink is on that list of entities that have accessed that data, despite them having no authority under the Telecommunications (Interception and Access) Act 1979 to request metadata. [3]
The safest thing is not to collect all that dangerous data at all. There is enough data available with a warrant now (eg location data from phones) to investigate crimes. In the old days, actual police work was necessary. Every contact leaves a trace.
Anecdotal, and possibly I'm just uninformed about this, but it seems that almost every time there is a terrorist incident, the people responsible are already on some watchlist and known to the authorities.
>>> I'm as much in favor of stopping terrorism and most other crimes as anyone else, however I am far from convinced that blanket spying is an effective way to achieve those aims, and the negatives are so great. There has been no discussion on whether the loss of our freedoms is worth the actual damage. The people did not vote on these laws. Instead it is secret this and secret that, and everything is by default classified for "security reasons".
I agree with you. We do need to have election-level discussions on the trade-offs of surveillance and security. These go hand in hand with similar discussions on privacy, handling of private/personal/personally identifying data (I am tempted to get my genome sequenced for 200 bucks, but you know the company involved will have my genome. Forever. What can they do with it. If they go bankrupt what can the purchaser do with it?)
These are big questions, and we will only grok then answers in a generation - but we should most certainly not assume governments or corporations will do the right thing without regulation.
>>> The safest thing is not to collect all that dangerous data at all
But there is a benefit to collecting it as well - from genomics to terrorists mothers phone calls.
ehhhhh... Idk about that. I think there's still a strong sentiment that the way privacy is handled is still better in the US than places where collected information is used to greater effect. I think the world at large always knew that governments monitored large portions of the public so I am really not sure it's become as big a change as your comment about "We can never go back" implies.
Nothing, and no one cares. It's like the aged grandfather wheeled out at special occasions to reassure everyone they care, and promptly wheeled back out of sight. Life goes on.
Snowden is an embarrassment for those who use human rights, freedom and democracy to further other interests. Hence the deafening silence. The entire ecosystem that supports dissenters with asylum, grand freedom narratives and wall to wall coverage about evil regimes and heroic protest closed shop for Snowden, Assange, Manning and others.
Imagine the hysteria of the 'free world' in unison against the totalitarian chinese if there was no Snowden and a chinese dissenter leaked something like this, and his or her subsequent global fame as a defender of freedom. Now look as Snowden stranded in Russia and Assange in the Ecuador embassy. That is the pathetic state of pretension.
And instead of demonizing others and filling pages upon pages scaremongering about totalitarian surveillance vs democracy, its surveillance that is being demoted to a lesser transgression, even something 'acceptable' if not 'necessary', and that's what Snowden changed.
It's amazing and almost completely unremarked how pwned the NGOs are by western intel agencies. I mean some of them have always been known to be spook outposts (Freedom house), but ... it seems virtually all of them are.
> Imagine the hysteria of the 'free world' in unison against the totalitarian chinese if there was no Snowden and a chinese dissenter leaked something like this, and his or her subsequent global fame as a defender of freedom.
That's a silly thing to imagine. China makes no secret of doing domestic mass surveillance (and censorship) far worse than anything in Snowden's leaks.
"Suddenly, everybody knows, and nothing's changed," security technologist and author Bruce Schneier told Ars. "It was never a campaign issue. We tried to make it one. We failed... the subsequent changes are very small."
2FA, E2E communications, TLS everywhere, tightening security on our phones and computers, Congress rolling back some of the NSA’s dragnet powers, allied countries switching to open source and re-evaluating intelligence sharing agreements, and a sharp rise in VPN use is nothing?
I try to get all my friends to use it. Since a lot like to use WhatsApp anyway it usually isn't too hard. But Signal doesn't have a push from a big company like WA does. Generally it is my friends from India that I can't move, because all of their communication is done with WA anyway. But it doesn't seem unreasonable to me that such a stronghold could happen for Signal too. But it needs to be spread by word of mouth.
Here's the hard truth: the overwhelming majority of Americans don't care about being surveilled. They may say they do, but at the end of the day, the issue doesn't affect most of them directly (or even indirectly) and therefore goes to the bottom of the pile.
> we (the techies) didn't adequately explain it to them
We’re also perfectly happy making money in the employment of those making the problem worse, e.g. Facebook. Silicon Valley has neither the political stamina nor moral high ground for solving this problem. In its absence, there isn’t a clear coalition leader.
I always used a series of arguments on the "I've got nothing to hide" mentality. I've always responded, with:
"Yes you do. Do you have curtains on your windows? Do you wear clothes? If you don't care about privacy, open your curtains and walk down the street naked."
But the fact is that apathy is so high, that people don't give a damn when they're installing some app -- we're too focused on getting what we want (at that moment in time), and really not caring about sending up personal details to the cloud.
When I try to talk about apps (eg Messenger, WhatsApp) that requires access to the contact list -- everyone I've spoken to really don't care. They don't care that my details are sent to some company (FB) because they want to use WhatsApp.
When I try to talk about state level surveillance, I try to liken it to some sleazy guy taking photos up a woman's dress. It's wrong, no matter how you go about it. Just because I'm "in public" in no way suggests that I should be subjected to a "fully exposed" surveillance system. The same goes for the internet.
Of course, this last part is non-legal rhetoric of mine, but I genuinely feel that if I think that I should have an expectation to privacy, regardless of my location, then the civil and polite thing to do is to respect that. State level surveillance all too easily disregards civility and politeness in the pursuit of their goals.
I've had better success talking about hackers and foreign agents. Which are also a real threat. But if people are quoting Goebbels they probably don't think an evil person that would use these tools would rise to power. But when explaining how foreign governments and hackers can use the same tools (because NOTHING is unhackable), people get worried.
A simple example: recently there was the article about the DEA and ICE putting cameras in streetlights [0]. It is easy for the common person to understand how such a thing could be hacked and used to stalk someone. But the examples you use should target your audience and illustrate why they personally should be concerned. Because talking about turnkey tyranny is fairly abstract to most people.
I remember watching that segment and thought it was a great illustration of the problem of people not truly caring about their privacy unless given a highly visceral and easy to understand explanation. The thing is though, even this kind of explanation doesn't seem to stick over time.
The Fappening should have triggered that type of reaction. It didn't. Because it wasn't the average person who got snooped on, just celebrities. And people love looking at celebrities, nude and otherwise.
Snowden revealed that big companies voluntarily cooperated with NSA+CIA (with the exception of Twitter) and provided api's for snooping.
It would be nice to see if things have changed behind the scenes. My hope is that more of them are just complying with court orders and refuse cooperating with mass surveillance. Mass surveillance without cooperation is very expensive and don't always work.
No, Snowden "revealed" the big tech companies voluntarily cooperated with the FBI. In quotes because we already knew that. PRISM simply takes data that the FBI requested via court order and ingests it into NSA data processing system.
No, we knew it. The FBI has always had the ability to get data from communications companies for specific subscribers via a court order. This is as true for email and chat as it is for phones.
People who spy on their own countrymen should be regarded as traitors, in my opinion. And they should be prosecuted as traitors, and punished as traitors. However, the theory of the "Deep State" and its influences makes it difficult to accomplish this. How can we fix this?
There is a very specific constitutional definition of treason. Another class of crime should likely be used.
Section 3.
Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.
The Congress shall have power to declare the punishment of treason, but no attainder of treason shall work corruption of blood, or forfeiture except during the life of the person attainted.
Create a culture that is opposed to it. Films, TV, Advertising, Sports, Billboards.. when neighbors are expected to spy on each other then the fabric of society breaks down.
Culture is opposed to it. Hollywood movies and TV shows generally portray mass surveillance as a tool of oppression or as a last resort (The Dark Knight).
I see the opposite: all the cop and terrorist shows have them stopping lots of big threats through their databases and/or ignoring the law (eg illegal searches). That's most of them my friends and family watch. You don't see a lot of them where they're constantly talking about how some terrorist is an incompetent idiot, the bosses want terrorist arrests in the paper, they need to motivate them to confess on video for an arrest, maybe supply them some weapons/training, and some guy gets paid $100,000 to do that. And then they do that a bunch more times hyping up the threat. Or just police work respecting Constitutional rights catching bad folks since most are sloppy with fictional Congress, cops and courts shooting down things like Patriot Act.
Nah, it's stuff that reinforces what the government is doing or shows problems that wouldn't lead to rebellion. Pretty consistently. Especially the one or two episodes of Person of Interest I saw.
You can't fix this because of your government not only applying your own countrymen to spy on each other; it also applies foreign powers to do the same.
Example: Some weeks ago the United States decided to sell out the fingerprints of 210 Million American citizens with the Netherlands, a tiny nation with aprox 20mil inhabitants and a insanely bad track record when it comes to infosec.
This dot on the map is now enabled to unlock millions of phones, empty bank accounts, create compromat and so much more.. .
I'm slightly surprised that neither the article nor commenters here have mentioned Safe Harbor (or Privacy Shield).
Well, maybe not _that_ surprised, this is a very American-centric community.
Snowden's revelations had a direct effect on transatlantic ties, with the Court of Justice of the European Union holding that the EU-US Safe Harbor system violated the essence of the right to a private life. That's a big deal, and it's a very important piece of case law here now. I'm not sure if Schrems would have been able to make his case without those details being made public.
Just a comment to ask general HN members, do you think the Snowden legacy has resulted in a more stressful world? As they say, ignorance is bliss, but Snowden's allegations have forced the public to realize the extent of the surveillance being conducted. Humans (and crows) become stressed when being observed by others, and this could mean citizens now have a higher stress rate. Could it be that Snowden's legacy has resulted in a decrease in net productivity from stressed Americans?
Not an American :) But it pushed me to un-google myself and switch all my data to Apple. They do security properly. I have not a single byte of Google code on all my desk/laptops and phones. No Chrome, no Android, no Gmail, no Google Maps.
I do feel less stressed now, because i was aware of what he made public. As for general public, I believe it added stress, and it is right thing, it might lead to some changes, and slow down surveillance apparatus.
> Could it be that Snowden's legacy has resulted in a decrease in net productivity from stressed Americans?
In the short term, it’s entirely possible - there’s probably some productivity metric (it’s not exactly a well-defined term) that was negatively impacted. Long term, honesty is the pillar atop which so much of what’s good in life is built (and that does include some measures of productivity: effective business decisions are those supported by fact and grounded in truth). There’s just no frame of reference in which an honest person can support sacrificing the truth in exchange for some temporary, perceived improvement in quality of life.
It’s a pointless endeavor, anyway: anything built on falsehood will, eventually, be exposed. Leaks happen. Though Snowden is exceptional, his story is hardly an exception to the rule.
Whistleblowing always makes it more difficult for the human rights violators. Some of these people will finish their workday in government or tech companies and be with families and friends who really don't care about their actions, but even then, they still have to wonder and worry.
"Do they think I'm spying on them, after Snowden reported that NSA men passed around private images of girls they found? Will I be named in the history books as a monster?"
And more and more normal people are on Signal & Riot. Hopefully Briar and Mastodon continue to improve, Briar for metadata free chats would be a great thing to normalize.
Let's Encrypt doesn't ever possess your private keys, doesn't know who connects to your site if you use OCSP stapling, and doesn't control what kind of cryptography you use when negotiating TLS sessions with your site visitors. Let's Encrypt also doesn't need any contact information from you when you obtain a certificate.
Let's Encrypt certificates aren't trusted by Chrome without a proof of inclusion in public Certificate Transparency logs, so all issued certificates have to be disclosed.
As I've said in a number of HN comments, the people working on Let's Encrypt generally still think that the CA system is too powerful, and are happy for your suggestions about how about it can made more transparent and less powerful.
I think what buboard is talking about is that CAs can revoke certificates that they've issued, and can refuse to issue certificates to particular sites. Someone might pressure CAs to do this for a content censorship purpose, much in the way that people pressure other kinds of intermediaries and technical infrastructure providers when they find some online site or content or activity objectionable.
SSL depends on national agencies and orgs overseen by national agencies.
If SSL is required, then whoever controls those agencies controls what's seen online.
I already cannot easily add a root CA for .onion addresses and then make my own certs there, without browsers screaming bloody murder.
I already cannot bypass cert errors for certain types of cert fails.
Tor onion sites, which are end to end encrypted, are considered "insecure" because we plebes cannot buy a "proper" EV ssl cert, like Facebook did.
Enforcement of SSL is just another way of controlling the user in name of "stupidity". Sure, the dumb click-anything users win, but anyone tech-savy loses freedoms.
Not taking input from google about who to block (iirc it still use google's safe browsing list) would be nice.
That just doesn't feel safe to me, not to mention idealogical reasons.
But that's just my opinion I guess.
Semi off topic, but I used to work with his girlfriend 10 years ago or so. It was really strange seeing pictures of her and Snowden pop up in my Facebook feed, and even stranger seeing her on the stage of the Oscars for Citizen Four.
Our relationship with shops has changed over the last 30 years thanks to CCTV (affordable webcams) and point of sale systems. We went from an era where we were not expected to be 'filmed as we shopped' to taking it for granted.
In the pre-CCTV days different strategies were needed for preventing slippage. Helpful shop assistants would ask suspicious customers if they 'needed any help'. Having stock locked away in glass fronted cabinets helped too, having all the goodies behind the counter or in hard to get to window displays helped too. There was a lot more going on than physical security though.
If your prices were actually reasonable and if everyone in town loved your store then you wouldn't get robbed. Being locally owned rather than part of a chain helped as theft from a big chain could be imagined to be only costing some notional insurance company (in a thief's mind wanting to justify stealing). Community also mattered in that nobody wants to steal from a shop they rely on, so getting barred from the local newsagents was not a desirable outcome. Nobody would steal a packet of sweets from a shopkeeper who they knew the name of and depended on for their daily newspaper/milk/fags/top-shelf magazines. Kids could be watched or only allowed in two at a time, adults could be trusted due to soft levers of trust.
Nowadays though you just wouldn't have a fortune in stock laid out ready for people to slip into their pockets, you would have CCTV, on every aisle, from both sides and from both directions. You would have some outsourced security contractor monitoring the CCTV and telling staff if they needed to apprehend anyone. There would be no 'he said vs shopkeeper said' discussion with the police, CCTV does the evidence providing bit.
The thing is that the CCTV works without anyone looking at the monitor screens. The 'smile you are on CCTV' signs are a huge part of it. They instil fear in the souls of the shoplifter. Coupled with this there is no need for patrons to actually know the staff or for them to know neighbours that could also be shopping. With increased mobility (people shop far and wide these days) the nature of shopping has changed.
The difference that the Snowden leaks have made is that we now know that the CCTV is 'everywhere', in our email and phone calls too. This ubiquitous spying works in a similar way to CCTV in retail - behaviour is controlled. We accept CCTV in retail in part because we want our pint of milk (or whatever it is) and there is no option to buy what we need from places that don't have CCTV. We are not going to buy a pasture and get a herd of cows going just to have that spot of milk in our tea. CCTV can't be objected to. Similarly in post-Snowden world we still have needs to communicate and we just have to accept the spying. That is what has changed, an acceptance of it.
