Or the terrorists win
by Tom Sullivan
Encryption is the best defense for protecting private data from Russia, China and criminal gangs according to a secret 2009 report by the US National Intelligence Council uncovered as part of the Edward Snowden documents:
Part of the cache given to the Guardian by Snowden was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with [Government Communications Headquarters] and made available to the agency’s staff through its intranet.
One of the biggest issues in protecting businesses and citizens from espionage, sabotage and crime – hacking attacks are estimated to cost the global economy up to $400bn a year – was a clear imbalance between the development of offensive versus defensive capabilities, “due to the slower than expected adoption … of encryption and other technologies”, it said.
And yet authorities object to the idea that private encryption will keep them from reading what you and I are saying. It’s like the trending enthusiasm for free speech that way. Authoritarians are all for it so long as it is speech directed at Muslims. Even as they warn of the risks from hacking, they are doing it themselves:
The Guardian, New York Times and ProPublica have previously reported the intelligence agencies’ broad efforts to undermine encryption and exploit rather than reveal vulnerabilities. This prompted Obama’s NSA review panel to warn that the agency’s conflicting missions caused problems, and so recommend that its cyber-security responsibilities be removed to prevent future issues.
In a 2008 memo, the Guardian reveals, British authorities sought more ways to hack communications:
The memo requested a renewal of the legal warrant allowing GCHQ to “modify” commercial software in violation of licensing agreements. The document cites examples of software the agency had hacked, including commonly used software to run web forums, and website administration tools. Such software are widely used by companies and individuals around the world.
The document also said the agency had developed “capability against Cisco routers”, which would “allow us to re-route selected traffic across international links towards GCHQ’s passive collection systems”.
GCHQ had also been working to “exploit” the anti-virus software Kaspersky, the document said. The report contained no information on the nature of the vulnerabilities found by the agency.
But rest assured. Per a statement from spokesmen, “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight,” etc., etc., etc.
So keep that software up-to-date, ya’ll, or the terrorists win.