We Now Know The NSA And GCHQ Have Subverted Most (All?) Of The Digital World: So Why Can't We See Any Benefits?
from the less-is-more dept
As Mike pointed out recently, thanks to Snowden (and possibly other sources), we now know the NSA, with some help from GCHQ, has subverted just about every kind of digital electronic device where it is useful to do so — the latest being hard drives and mobile phones. That’s profoundly shocking when you consider what most non-paranoid observers thought the situation was as recently as a couple of years ago. However, given that’s how things stand, there are a couple of interesting ramifications.
First, that the recent attempts by politicians to demonize strong encryption look like an attempt to cover up the fact that most digital systems are already vulnerable using one or more of the techniques that have been revealed over the last year or two. That is, the NSA and GCHQ can probably access most digital content stored or transmitted in any way — either because the encryption itself or the end-points have been compromised. Even standalone strong encryption systems like PGP — thought still to be immune to direct attacks — can be circumvented by breaking into the systems on which they are used.
Perhaps the dark hints that encryption could be banned or backdoored are simply part of a cynical ploy to present such an appalling vision of what could happen, that we gladly accept anything less extreme without complaint. In fact, the authorities have no intention of attempting anything so stupid — it would put all online business at risk — because they don’t need to: they already have methods to access everything anyway.
That being the case, there is another important question. If the NSA and other parties do have ways of turning practically every digital electronic device into a system for spying on its users, that essentially means there is no criminal organization in the world — ranging from the so-called “terrorist” ones that are used to justify so much bad policy currently, to the “traditional” ones that represent the bulk of the real threat to society — that is not vulnerable to being infiltrated and subverted by government agencies.
And yet we don’t see this happen. Drug cartels thrive; people trafficking is surging; the smuggling of ivory and endangered animals is profitable as never before. Similarly, despite the constant and sophisticated monitoring of events across the Middle East, the rise of Islamic State evidently took the US and its allies completely by surprise. How is it that global criminality has not been brought to its knees, or that such massive geopolitical developments were not picked up well in advance — and nipped in the bud?
One obvious explanation for this pattern is that just as the attackers of London, Boston, Paris and Copenhagen were all known to the authorities, so early tell-tale signs of the rise of Islamic State were detected, but remained drowned out by the sheer volume of similar and confounding information that was being gathered. Similarly, it is presumably easy to create huge stores of information on drug bosses or people smugglers — but hard to find enough personnel to analyze and act on that data mountain.
Now that we have a better idea of the extraordinary reach of the global surveillance being carried out at all times, the failure of that activity to make us safer by countering criminal activity, at whatever scale, becomes all the more striking. It’s time the intelligence agencies accepted that the “collect it all” approach is not just failing, but actually exactly wrong: what we need is not more surveillance, but much less of it and much better targeted.