Our private information is under heavy, sustained attack like never before. The Cold War has been succeeded by the Privacy War. Individual privacy and civil liberties, as well as enterprise proprietary data, is under unprecedented attack from various powerful quarters. Like the Cold War, the Privacy War has no gunfire. Like the Cold War, the Privacy War involves government secret agents, subterfuge, secrecy and espionage. Like the Cold War, the most powerful governments in the world are key antagonists. But unlike the Cold War, there are other attackers in additional to governments, and the target of attacks is individual and enterprise information. The Cold War fizzled out in the early 1990s, the Privacy War began in earnest after 9/11.
Our online activities are now an integral part of our daily lives. The Privacy War is a secret surveillance assault on our private information by the secret recording of our phone calls, SMS, emails, VOIP chats, social networking and all internet activity.
Last week a key protagonist in this war was unveiled by NSA whistleblower Edward Snowden. I posted early on as the saga unveiled. In the past week we have gained additional insights into NSA dragnet surveillance. It is not only US citizens who are concerned, but those outside the US perhaps even more so. Due to the way the internet works, much of our online activity outside the US passes through the US. In addition, the NSA PRISM operation extends beyond the US. A cyber spying alliance, known as Five Eyes, exists between the USA, Canada, Britain, Australia and New Zealand. It involves the sharing of cyber data. This treaty was so secret that apparently Australian Prime Ministers were only informed of it’s existence after 1973.
ThinThread was the surveillance operation introduced in 2000. It was a US-built cyber spying operation used by Canada, Britain, Germany, Australia and New Zealand. ThinThread involved dragnet interception of phone, email and internet communications and analysis of the data to reveal patterns. The analysis ensures the identity of individuals are secret until a suspicious pattern evolves. Authorities are then alerted to the online and phone activities of those individuals. ThinThread was replaced by Trailblazer, which was itself subsequently replaced by Turbulence.
This past week has highlighted a polarisation of reactions to whistleblower Edward Snowden’s revelations of PRISM. There are those in the NSA and central government determined to arrest Snowden and throw the legal book at him, while others regard him a hero. I have noticed that many in the IT security field outside of central government agencies (such as leading commentator Bruce Schneier), are full of praise for Snowden.
State authorities have released only carefully crafted, guarded statements about PRISM, that raise more questions than they answer. Yahoo initially refused to supply data to the PRISM programme, but were compelled by a secret court decision to comply. Facebook, Google and Microsoft have applied to be more transparent about what they supply. Facebook stated they received requests to supply information on about 18,000 users over the past 6 months.
Reading between the lines of official statements and examining what has emerged this week, it appears that the NSA do indeed store all our phone and online activities without specific court authorisation. Agents can listen in to any calls or look at any online activity.
Germany has just announced a 100 million Euro expansion of their surveillance budget in order to monitor 20% of external traffic.
In addition to the onslaught on our private data by our own and allied governments, there are also attacks by foreign governments such as the recent revelations regarding the Chinese APT1. These attacks target individual data as well as enterprise proprietary information. Criminal gangs have been targeting our data for identity theft and data theft purposes for years. And of course various software suppliers monitor our online activities through cookies for advertising purposes. Together this amounts to an unprecedented assault on our private information and online activities, the like of which has never been seen before.
Advancements in big data analysis have made the Privacy War era possible. Have privacy laws kept up with the changes of our lifestyles to the online world? Have government agencies such as the NSA taken the step of secretly turning on the cameras in our homes, such as those on our laptops and smartphones? If not, will they one day take this step? The technology is well known and can be triggered by malware. Unlike the Cold War, in the Privacy War era much of the onslaught comes from within our own country or from allies. Cyber spying will soon become a political issue. Civil liberties are the casualty. Europe may try to become more independent and attempt to restrict movements of sensitive data into Five Eyes territories. History will show how whistle blowers such as Edward Snowden get treated. In the battle between privacy and national security it is clear that so far, privacy has been the loser.