"Do as we say, not as we do"

When I was preparing my blog entry about the Gold Standard in Free communications, I had absolutely no idea that The Guardian (another Ganglia user) would be hot on my heels with dramatic revelations about US Government surveillance of dangerous terrorists and maybe sucking up a little bit of data about a few hundred million of their own citizens and another 90% of the world's population for good measure.

Some people even thought I've been a bit paranoid with my concerns about excessive surveillance. However, it is just remarkable to see that in the same week that the trial of Bradley Manning is getting under way for inappropriate use of his employer's computer, the US has been exposed plotting cyber attacks and setting a very bad example for all those little script kiddies out there.

Practical questions for every one of us

Is it time to start blocking email to and from sites like gmail and hotmail?

What about the reports that the US Government was engineering back doors in the OpenBSD operating system? Have any open source projects actually been comprised in this way?

Will spammers and other criminals take this as a cue that there is nothing morally wrong with hacking?

Have certificate authorities been infiltrated too? They may well be the elephant in the room - while everybody was joking about the NSA key hidden in the depths of Microsoft Windows, maybe one or more of the well known trusted root certificates, right under our noses, is also a back door?

The danger is real

Anybody wondering about the practical implications of all this data gathering doesn't have to look very far to find out what can go wrong. In the same week as all these things were exposed, there have been more dramatic revelations about law enforcement officers selling private data for their own commercial gain. While the vast majority of police are surely good citizens, every organisation has it's bad apples and as Bradley Manning demonstrated so well, it only takes one person to breach security and enormous volumes of data can end up escaping.

Comments

I don't understand why anyone's even remotely surprised by any of this. Ever since 1994 I've worked on the basic assumption that anything unencrypted I ever sent anywhere on the internet, anyhow, was public information. It seems bizarre to act any other way.

Of course I'm not going to block traffic to or from anywhere because I'm worried about surveillance of it. I just assume the NSA is reading anything I write to anyone at any time. Seems simpler.

There are many reasons to be surprised. If you submit data to Google or Facebook over a secure connection, it is not automatically decrypted on the wire by the NSA unless they have some very advanced cipher-breaking technology that nobody knows about. Once that data arrives at Google or Facebook, there is a presumption (in fact legal obligation) that they use that data, like any other asset, for the best interests of their shareholders. Sure, the police can get a warrant and get data about a specific person who committed a crime - but if the whole database is leaked in real-time and if somebody misuses that data for a commercial activity on the side, the profit they make is basically money stolen from the shareholders of those companies that collected the data. Then you've got the question of democracy: separating the powers of the politicians from the judges and the police. The police can go to the judge and get a warrant for what they need. However, when there is a shortcut for data to go from police to politician then democracy is in real trouble.

See subject. 'Information wants to be free' works two ways...

Many rightists saw no practical implications when the government registered their criticism. Many Christians saw no practical implications when the government registered the church membership. Many Jews saw no practical implications when their government registered information that could be used to identify ther ancestery.

Sometimes new people took over the government. Other times the people in charge remained the same.

The hundred flowers stopped blooming. Most of the congregation recieved treatment for Sluggishly progressing schizophrenia. The order to move to a Jewish resettelment area arrived.

Each fact the government knows about you is one more reason it later may decide to have you tortured or murdered.

Of course... I'm not claiming this will become a problem in the near future. After all... I see no practical implications when the government registers innocent facts about me.

Note that the allegations regarding backdoors in OpenBSD were never proven right, and are blantant lies. See the discussions on the mailing lists for all parties involved POV. Can you correct your sentence to avoid spreading misinformation ?

The fact that this allegation appeared is true and very well known. I never asserted that the back door actually existed. Nonetheless, I've tweaked the wording slightly to avoid any implication that one implies the other. Thanks for your feedback.

Oh, come on ... backdoor in OpenBSD? That myth was debunked long time ago. Do you really believe that these guys would allow any government to implant its own backdoor inside their super-secure OS? don't you think that would hurt their reputation if the thing was out? that doesn't make any sense. It would be shooting your own foot. People can dislike OpenBSD all they want, but the fact of the matter is that OpenBSD is one of the best secured OS on this planet, with all of its code reviewed and thoroughly checked. I can understand that this may irritate people who need to code in a messy environments, like in some other operating systems case.