A day without PRISM is like a day without sunshine
Glenn Greenwald, a noted American writer, said recently ““The way things are supposed to work is that we’re supposed to know virtually everything about what they [the government] do: that’s why they’re called public servants. They’re supposed to know virtually nothing about what we do: that’s why we’re called private individuals.”
Things are unbalanced friends. To say the least. The war on privacy has been going on for months and yet it is only in the past few short weeks that we see the full arsenal being deployed by the United States and her allies.
Released this week was information on the budget of the sixteen various spying agencies and her 107,035 employees. However also noted is the fact that they “remain unable to provide critical information to the president on a range of national security threats.” Something that many commentators have noted in previous months, it seems that the U.S. and Five Eyes are gathering immense amounts of data, but not being able to do much with it.
Revelations this week that “spying”, the act of passively watching and reporting back, has only been a half of the story with aggressive cyber acts having been carried out. Something that we commentators have been watching for several years, the militarisation of the Internet.
Not only have the CIA and NSA been hoovering up all our data, they have also deliberately started to “hack into foreign computer networks to steal information and sabotage systems.” A war by any other name. Surprisingly, on that list of foreign targets is Israel, which according to the information is (obviously) a strong ally of the U.S. but this has not stopped them [Israel] from carrying out electronic espionage against Uncle Sam. Talk about snakes in your bed.
The Washington Post reports: “The document describes a constellation of spy agencies that track millions of surveillance targets and carry out operations that include hundreds of lethal strikes. They are organized around five priorities: combating terrorism, stopping the spread of nuclear and other unconventional weapons, warning U.S. leaders about critical events overseas, defending against foreign espionage, and conducting cyber-operations.”
This is a country, who along with her allies in the Five Eyes, is on a fierce war footing, showing us their teeth, and while pointing out the other cyber warfare players in the world with an accusing finger, have been conducting this war themselves. They spent nearly half a trillion dollars post 9/11 to establish what has become PRISM and her various tentacle agencies and tools.
Of interest to the ICT community must be the fact revealed that “nearly 35,000 employees are listed under a category called the Consolidated Cryptologic Program, which includes the NSA as well as the surveillance and code-breaking components of the Air Force, Army, Navy and Marines.”
This group is tasked with breaking encrypted data. This is really interesting. It means that the Five Eyes see this as a problem area and are throwing a massive amount of resource against it. In order to break encryption you need processor, memory, and platforms. And a hell of a lot of it. Is it any wonder then we see the CIA procuring $615m of Cloud services from Amazon?
The war on privacy is being fought at this layer in a few different hot spots. The Five Eyes have now revealed (no surprises here) that they have infected tens of thousands of machines with their own custom malware and intend to propagate that as much as they can.
There are three reasons for this. First, if they can get a piece of malware onto a device then they can capture any encryption keys the user types in. Secondly, like the Russian Mob, they can then use that army of devices they control to attack targets. Third, they can use the raw processing power of those devices to provide processing resource to break encryption.
Countering this the ICT industry has responded, almost by instinct, by upping the speed of development and release of tools to protect privacy. We see in the last week Fujitsu, in a world first, develop working homomorphic encryption. This is a very substantial step forward in the area of cryptography. It allows for data to be processed in an encrypted state as opposed to it having to be decrypted, processed, then re-encrypted.
We see a number of companies openly advertising the fact that they are working on encrypted email and messaging. Interestingly, these companies are establishing themselves, or are established already, in countries that are not part of the Five Eyes network. Vietnam and Germany as examples. The rise of anonimising services is increasing with revenue streams in established companies rocketing and start up companies attracting tens of millions of dollars in fundraising in the past month.
In Germany, idcloak provides proxy servers that, notionally, allow for anonymous web surfing. In a press-release this week they note that they have added more proxies in a deliberate effort to foil PRISM. They are also a few weeks of releasing a virtual private network tool that will increase the anonymity of users; ”Users concerned about the recent controversy surrounding PRISM data collection in Europe may configure a browser to connect through one of the public proxies in the list. If a medium or high anonymity proxy is chosen, surveillance taps monitoring web activity will have no record of users’ IP addresses.”
The fallout at a political level is still high. Google and Microsoft (who are two of the companies that have the most to lose) are suing the U.S. Government to win the right to reveal more information about official request for user data. What else can they do? These are companies that have been paid by the spy agencies to implement back doors, offer up encryption techniques, and let the spies right into the heart of their network. The have to be seen to be distancing themselves from their own personal scandal.
It may be that the PRISM scandal has had something to do with the U.K. Parliament turning down a vote to attack Syria this week. The Guardian noted in response to the the downvote that; “There is no evidence that British public opinion has turned isolationist. There is plenty of evidence that it is fed up with the debilitating post 9/11 years of national sacrifice, with the humiliating excesses of US national security policy (not least its abuses of human rights and surveillance), with the unequal burden-sharing among allies and, above all, with the failures of policy.”
It appears that the scandal could be part of a political mixed bag that is seeing some push back by the U.K. on it’s oldest ally. In a snub only yesterday, Obama conferred that title on the French, in a seeming backhander to the U.K.’s unwillingness to participate in yet another war.
Each week brings more revelation of the surveillance machines, which quite frankly, leak like a sieve. Hence the move by the U.S. to automate the work and get rid of 4,000 administrators in the NSA.
Shortly, when the TICS bill is passed in New Zealand, we will find ourselves much more part of the surveillance machine. Let’s face it. We have no choice. The U.S. whistles and we respond like the well-trained pooch that we are. The ramifications of us turning down TICS and effectively not joining the new global surveillance state are far too high in a country that is seen in the eyes of the U.S. in the same way that we look at Fiji.
Inconsequential save for the strategic value it gives it’s big brother.
Ian Apperley is an independent cloud computing consultant. He posts at whatisitwellington.com.