There is always a lot going on in security, which is good for those of us in the field. On this particular occasion I had some thoughts on the recent article from the Washington Post with the latest revelations from Snowden on the NSA tracking of US citizens. (Warning! It is a long article.)
The first thing I have to say is, why is anyone shocked about this?!? Federal law enforcement and intelligence agencies have been doing this for years.
Various organizations and their precursors were involved in unsanctioned and/or questionable, rights infringement surveillance on US domestics well before the Internet – back in the 1950s during the Red Scare and McCarthyism. The law enforcement and intelligence communities are voracious and insatiable information consumers so you have to expect it to be tapped into the Internet backbones and data centers to “feed the need”. Since the Information Age has begun, there have been programs such as FBI’s Carnivore (fall of 1997) gathering data from Internet and other communications. Given the historical examples and functional purposes of these organizations, no one should be in the least surprised.
A common justification for these types of surveillance is, “If you have nothing to hide then you shouldn’t care.”, or something similar. These arguments are intrinsically flawed. With bulk data (actual or meta) gathering, comes privacy loss. Going with the presented argument, those who say bulk surveillance should be allowed are by extension saying that recording of lawful activities in our bedrooms and bathrooms is ok. Though there may be no illegal activities going on in those locations, no one wants them recorded because they feel entitled to privacy during those activities. Our phone conversations don’t usually contain illegal communications but they are ours and meant for the intended recipient only. We have an expectation of privacy without illegal activity.
In Part 2 I will speak further on this and ultimately how we can improve our privacy on the web.
David is a senior information security executive with over 15 years of experience. He has organized and managed both physical and information security programs, including Security and Network Operations (SOCs and NOCs) for organizations ranging from Fortune 100 companies to local government and small public and private companies. He has diverse Audit and Compliance and Risk and Privacy experience – providing strategic and tactical leadership, developing, architecting and deploying assurance controls, delivering process and policy documentation and training, as well as other aspects associated with educational and technical solutions.