from the thinking-it-through dept
In Der Spiegel's recent revelations about the far-reaching nature of the NSA's spykit, it mentions several US companies, Samsung from South Korea, and one from China -- Huawei. Like the others, Huawei denied any knowledge of the modifications to its products that Der Spiegel claims are used by the NSA to break into systems. This isn't the first time that the finger has been pointed at Huawei. Some years back, Huawei was accused of facilitating spying for the Chinese government, but after an 18-month investigation, no evidence was found of this. That fact allowed John Suffolk, Global Head of Cyber Security for Huawei and the former UK Government CIO, to enjoy the irony of Snowden's leaks about backdoors in US products:
Huawei were investigated by the American Congress and we were given a "clean bill of health". Well as journalists and analysts said "lots of ifs buts and maybe's but no evidence of wrongdoing", or my favourite "a report for vegetarians, no meat", so in my definition no evidence of wrongdoing is a clean bill of health. Based on this lack of evidence of any wrongdoing, the American Congress said that Huawei should not be allowed into America, so based on all of these revelations [from Snowden], and there will be many more on America, should all other Governments ban American technology companies, especially Cisco and Juniper given their position in critical infrastructures?
Perhaps triggered by the latest Der Spiegel article that mentions Huawei in the context of spying, Suffolk has another blog post on the subject. Discussing the Tailored Access Operations (TAO) that Der Spiegel revealed, he writes:
Questioning the morality or legality of TAO misses the point.
Since when did people operate in a moral vacuum? I seem to recall the "just following orders" excuse was rejected definitively some years ago. The morality and legality of TAO is precisely the point. Suffolk then goes on to explain:
In relation to my views I am quite clear I want my Government to have as much data as possible. I want them to have the tools, techniques and resources to mine this data to stop a terrible event from occurring -- stopping one event is good enough for me. The alternative is we have to sift through the body parts once an event has occurred.
Leaving aside both the false dichotomy (either total surveillance or terrorist carnage) and the implicit emotional blackmail (if you don't agree that the government should spy on everyone, any deaths will be on your head), it would seem that Suffolk hasn't thought this through.
"I want my Government to have as much data as possible," he writes. Really? So he's happy for CCTV cameras to be installed in every room in every building in the land -- because that's certainly extremely useful data for the government. It is quite likely that such CCTV footage, suitably analyzed using all those tools that Suffolk wants the government to have at its disposal, would lead to the occasional careless or incompetent terrorist being caught before any harm could be caused. And remember, even if this 24x7 CCTV surveillance of everyone in the country only stops "one event", that's still a good enough justification according to him.
I can't really believe Suffolk is advocating such an extreme approach, but it's where his logic leads. That's why there must be some proportionality in the government's efforts to keep us safe, and a weighing of what we would lose in terms of privacy and personal freedom if we allowed it to "have as much data as possible". If there isn't either, Suffolk's naïve acquiescence in maximalist surveillance opens the door to a deep and possibly long-lasting oppression far worse than extremely rare terrorist attacks whose impact pales into insignificance compared to dozens of everyday risks we accept without a moment's thought.