“the NSA gets to do something like intercepting 7 billion people all day long with no problems, and the rest of us are not even allowed to experiment for improving the security of own our lives without being put in prison or under threat of serious indictment. This is what [Thomas] Jefferson talked about when he talked about tyranny”
– Jacob Appelbaum
The German publication Der Spiegel has revealed new details about a secretive hacking unit inside the National Security Agency called the Office of Tailored Access Operations, or TAO. The unit was created in 1997 to hack into global communications traffic.
As if there wasn’t already enough NSA mass surveillance to worry about, last week we got a peek at the agency’s arsenal of tools for exploiting the hardware and software of its targets. They’re best described as a veritable SpyMall catalog of sophisticated concealed gadgets and surreptitious software “implants”, each sneakier than the last in its ability to compromise and extract private data from the computers and phones on which they’re installed. If you still thought there was anywhere in the electronic world to hide after you’re in their sights, this should be enough to disabuse you of that notion once and for all.
This lies atop six months of news of the myriad ways our metadata and, in some cases, our content, is being routinely collected and analyzed, cloud services and communications providers being compromised, and security standards that should be protecting us being sabotaged. The sane reaction seems to lie somewhere between paranoia and despair.
So we have to take small comforts where we can find them. And, paradoxically as it may seem, at least two of the most egregious revelations might actually hold out a glimmer of hope for privacy going forward.
First, we now have evidence, albeit indirect, that the NSA might not have the cryptologic superpowers that some feared they might. In particular, they have had to resort to outright sabotage of a range of security standards and systems that give them trouble. This suggests that a more robust (and un-sabotaged) infrastructure – secured by proper cryptography and without hidden backdoors or so-called “lawful intercept” interfaces – can make mass surveillance genuinely difficult. (And not just more difficult for the NSA. More difficult for other, perhaps less benevolent, nations’ intelligence services as well.) So perhaps we stand a chance after all, at least if we’re not being individually targeted.
Which brings us to the second encouraging bit of news, which is that if you are being individually targeted, you really don’t stand a chance. The NSA’s tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn’t if you’re a target, to be sure. But it means that there is no good reason to give in to demands that we weaken cryptography, put backdoors in communications networks, or otherwise make the infrastructure we depend on be more “wiretap friendly”. The NSA will still be able to do its job, and the sun need not set on targeted intelligence gathering.
Our New Year’s resolutions tend to be well-meaning and hard to keep. That’s because we resolve to change our lives in fundamental ways – get fit, etc. But inertia and habit are the enemy of change, and we usually fall back into old patterns. It’s human nature.
Despite all that, I’ve made a resolution for 2014. It is to do whatever I can to reverse my country’s trajectory toward being a surveillance state, and to push as hard as possible for a truly open internet.
I realize I can’t do much on my own, and hope many others, especially journalists, will join in. This year may be pivotal; if we don’t make progress, or worse, lose ground, it may be too late.
Thanks to whistleblowers, especially Edward Snowden, and the journalists who’ve reported on what they’ve been shown, the citizens of many countries have a far better idea than before about the extent to which security and law enforcement services have invaded their lives. We’ve learned about the stunning capabilities of the National Security Agency and others to create a real-life Panopticon, spying on and recording everything we say and do. We’ve learned that they abuse their powers – because that is also human nature – and lie incessantly, even to the people who are supposed to keep them in check. And we’ve learned that the technology industry is, if not in bed with the surveillance state, its chief arms dealer.