In the wake of the latest New York Times/Guardian UK/ProPublica triple team effort breaking news of America’s National Security Agency’s (NSA) anti-cryptography effort Sigint, a new level of social contract has been breached.
The New York Times headline – NSA Foils Much Internet Encryption – is what might best represent “Episode VI: Return of the (Investigative) Journalist”. The report suggests that the NSA has undermined and subverted the security of not just technologies used by the American people, but ones the country manufactures for the global public. To quote a passage:
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world.
Documents leaked from the NSA’s PRISM surveillance program have already provided evidence that US companies and software providers are cooperating—whether by request, legal force, or substantial compensation—with the NSA’s massive information collection programs.
Can they target non-Americans you ask? You might try checking NSA’s own FAQ.
The NSA’s “Bullrun” Enabling Project displays a clandestine, concerted and - perhaps most importantly - incredibly costly US$234 million effort.
But in the wake of the latest NSA development we need to remember the internet was built in large part by the same two actors responsible for the news this morning: Silicon Valley and the US government.
A response to the USSR’s launch of Sputnik, the US government’s Defense Advanced Research Project Agency (DARPA) was launched in the late 1950s to “formulate and execute projects to expand the frontiers of technology beyond the immediate and specific requirements” of the United States military.
The latest NSA articles in the Guardian, New York Times and Pro Publica showcase investigative journalism at perhaps its finest: it’s a substantial international collaborative reporting effort, ripe with details that simultaneously fascinate and enrage.
As with the PRISM coverage, it should win press awards. But in many regards it uses Wiki-reporting and leaked detail to summarise the obvious:
Why wouldn’t the NSA want to circumvent encryption? They are a top-tier spy agency: that’s their job. Their website already has much of the information that the New York Times, Guardian, and Propublica “report”.
Before the NSA revelations of the past year, we might have thought that great power came with great responsibility.
In the case of PRISM and Bullrun, it seems the new adage might be “great responsibility comes with great power”.
At least that’s what the extrajudicial foreign intelligence committees in the US and UK, where an outdated law means only ministerial approval is needed for domestic mass surveillance seem to believe.
Off the grid
The simple fact is: any hacker or terrorist of rudimentary skill knows that sensitive info should be kept off the internet. The cloud? Yeah right. Carrier pigeons, snail mail, trips to other countries - get it? That’s analog. Off the grid.
As our locations, activities, and conversations become connected to the grid through Fitbits, smartwatches, Wi-Fi LED light bulbs, and voice-activated smartphones which are always “listening”, our lives become part of the very fabric that organisations such as the NSA monitor, collect and store.
So this surveillance of our emails, locations, Skype conversations, and Facebook posts just becomes further perpetuated in a viscous techno-arms race. Stored forever or just for a few seconds, we’ll never know.
We can pretend that HTTPS and virtual private networks will shield us, but there are already back doors in most hardware - even to the solid-state drives and RAM our machines use to store our documents-in-progress, and especially the Wi-Fi routers and cellular networks we use to connect with.
NSA reports keep the “you shouldn’t be concerned unless you have something to hide” rhetoric coming back full circle. But in hindsight, it’s ultimately the lack of oversight and accountability that’s the fundamental problem.
There is no level of technological obscuration than will solve this. As our technology advances, so does the ability of agencies such as the NSA and GCHQ to collect it.
A fully-encrypted TruCrypt Linux install on a secure USB drive might help though.