Another Reason Adopting 'Collect It All' Was A Bad Idea: China May Now Be Applying It To US Citizens' Personal Data
from the this-is-why-strong-crypto-is-your-friend dept
At the start of the year, we wrote about an important point made by Bruce Schneier and Edward Snowden concerning information asymmetry in the world of spying — the fact that the US and the West in general have far more to lose by undermining security in an attempt to gain as much information as possible about other countries, than they have to gain. A fascinating analysis from Bloomberg indicates that this also applies to the “collect it all” mentality. The article raises the troubling possibility that both the huge OPM data breaches were not only the work of Chinese state actors, but part of a much larger plan:
Some investigators suspect the attacks were part of a sweeping campaign to create a database on Americans that could be used to obtain commercial and government secrets.
“China is building the Facebook of human intelligence capabilities,” said Adam Meyers, vice president of intelligence for cybersecurity company CrowdStrike Inc. “This appears to be a real maturity in the way they are using cyber to enable broader intelligence goals.”
The Bloomberg article suggests that China started gathering first travel records, then health records, Social Security numbers and other personal information on Americans in an attempt to build an increasingly complete picture about huge swathes of the US population. Whether or not that new “collect it all” approach was directly inspired by the NSA’s espousal of the idea is a detail: it was certainly brought to prominence by General Alexander’s statements, and is now part of the common currency of surveillance.
It is made possible by lax security, even for huge datasets, as the OPM fiasco shows. That means it is entirely plausible for the Chinese secret services — and for those of other nations — to try to collect information about every US or EU citizen, as people’s lives move online, and their most personal data is stored in Internet-accessible databases.
Standing in the way of achieving that is the strength of the security protecting that information — something that governments around the world are now threatening to undermine in the name of their own offensive surveillance capabilities. How many hundreds of millions of personal records must be lost before the authorities wake up to the fact that if they compromise encryption, the only thing they are certain to achieve is to make the task of “collecting it all” easier for China and other nations?