In my last post I discussed Edward Snowden and his exposure of the mass electronic surveillance by the US government of its citizens via its PRISM program.
Those events, and the controversy that still surrounds them, have obscured the fact that the United States was pushing for greater access to private user data from Google, Facebook and other tech giants via the controversial Cyber Intelligence Sharing and Protection Act (CISPA), first mooted back in 2011.
Dig a little deeper and you discover that the US enthusiasm for internet surveillance of its citizens goes much further back. A news story in PC World from 2002 reported that the US government denied a plan requiring ISPs to help build a centralized system designed to monitor Internet use. “The story is wrong. There is no such proposal under consideration.” said one Brian Roehrkasse, a Homeland Security spokesperson at the time.
Fast forward to 2013 and matters are stranger still. We find that the internet giants have been co-operating on a regular basis with the government, even without any legislation to force them. What’s going on?
Clearly then the American urge to spy on its own population’s internet usage predates Snowden and PRISM and antedates 9/11. We probably shouldn’t be surprised that nation states want to do this – especially one so abjectly haunted by the spectre of another terrorist attack on its soil. But does this make it sensible or effective? Mass surveillance when it gets out of hand causes social division with both surveyors and surveyed caught up in an unending and destructive cycle of paranoia and fear. Which is what happened in the East Germany where the Ministerium für Staatssicherheit (Stasi) destroyed lives, destroyed the state and eventually destroyed itself.
That ended just before the internet age – but imagine what the Stasi might have done with a state controlled internet. Is this the nightmare facing the United States? Probably no – not yet. Snowden may or may not be a traitor but he has at least forced the issue of who owns private data into the open.
The United States (and other democratic nations following the same path) needs to determine very quickly what is the value and purpose of mass cyber surveillance of its citizens. Most of all they need to get to grips with the structures and procedures of the surveillance-industrial complex it seems intent on creating.
How would all this be carried out anyway? Wouldn’t security services find themselves sifting through millions and millions of pictures of cats? Surely a more intelligent and efficient method of tracking would-be terrorists and cyber criminals online exists – or can be made to exist with the resources now being thrown at mass-surveillance?
Like many ill-thought out ideas from the United States, electronic surveillance of citizens internet activity is catching on in the UK – indeed with even greater enthusiasm in the land of the ever-present CCTV camera. If it hadn’t been for Snowden, we probably wouldn’t know that GCHQ has been monitoring quite a lot of us already as well as some our allies.
It appears that our electronic guardians in the silver doughnut are even more data thirsty than their friends at the US National Security Agency, according to a report in The Register. It claims they act with even less compunction than their US counterparts. According to the story, GCHQ claims it is able to analyse and act on all the data it slurps from across the world. Well good for them but for how much longer can they do that and how useful is that data anyway. The nature of Intelligence means of course we cannot know the true extent of its usefulness. GCHQ and the UK government can simply claim that it is useful and preventing attacks – while delivering very good value for money!
What do governments hope to achieve by blanket surveillance? The US government is a little more open on its results with claims of 50 terrorist plots in the US and other countries foiled by its surveillance programme.
But we live in an age of big data which gets bigger every day. IBM has famously that 90% of the data in the world today has been created in the last two years alone. And every day, we create another 2.5 quintillion bytes of data – which is staggering. Given that we are now superconnected, most of that data is likely to flow around the internet – which the world’s intelligence agencies are now so keen on monitoring. Yet they are intent on trying to scan as much as possible, which is not very intelligent – in fact it is close to Stasi like behaviour.
Governments could very easily take a cue from businesses around the world who are having to deal with persistent threats by being a little bit smarter about their data protection and anti-attack policies. Instead of protecting everything and locking everything down, they looking more carefully at the kind of data they hold, where they hold it and whether it needs total protection. They are also assuming that they will be attacked at some point but investigating whether it is more valuable monitoring attackers on the inside rather than simply trying to stop them. They are using active intelligence to protect their assets and businesses. They are using tools to determine active and real threat patterns from what intelligence agencies call “chatter”.
Do our governments need to know what websites we all look at, what our emails say or what rubbish we recently posted on Facebook? In the end all I can imagine is that all those extra analysts and researchers at the CIA, NSA, FBI and GCHQ will just be looking at the ever increasing number of cute cats. After all, as any amateur analyst knows it is they, not terrorists, who took over the internet a long time ago.
About the Author:
Paul Fisher | @Pfanda | Pfanda.co.uk
Paul Fisher has worked in the technology media and communications business for the last 22 years. In that time he has worked for some of the world’s best technology media companies, including Dennis Publishing, IDG and VNU.
He edited two of the biggest-selling PC magazines during the PC boom of the 1990s; Personal Computer World and PC Advisor. He has also acted as a communications adviser to IBM in Paris and was the Editor-in-chief of DirectGov.co.uk (now Gov.uk) and technology editor at AOL UK.
In 2006 he became the editor of SC Magazine in the UK and successfully repositioned its focus on information security as a business enabler. In June 2012 he founded pfanda as a dedicated marketing agency for the information security industry – with a focus on content creation, customer relationship management and social media.
His heroes include David Ogilvy, Ludwig Mies van der Rohe, Ken Garland, William Bernbach, Andy Warhol, Richard Branson, Charles & Ray Eames, Steve Jobs and Paul Rand. And George Best. He comes from Watford but he thinks he comes from Manchester. If you came from Watford, you would too.
As an impulsive adopter of new technologies and an inability to stick to one ecosystem, he can be spotted around London’s finest WiFi hotspots variously sporting a Chromebook Pixel, an old Blackberry, Nexus 7 and a Nokia 920. He also has a Mac and an Xbox at home.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.