I have had a good read of the latest Snowden revelations on the Guardian website. This one covers the extent to which the NSA and GCHQ are able to decrypt our ‘private’ internet activities. You know, things like email, shopping websites, banking etc which we all thought were ‘protected’ by “strong” encryption.
I am not surprised by the revelations, just dispirited. This is not just to do with the impact it has on my right to privacy as a private person, it also has implications for my working life.
Consider my situation (or anyone like me) as a IT specialist working in a country with strong privacy laws. We, like so many other organisations in the world, are tightly locked into proprietary, vertically integrated product systems supplied by large US based multinationals. Supposedly these systems sit behind impenetrable firewalls with layers of security and encryption to stop this data falling into the hands of third parties who do not have a right to view it.
However, according to the information that has been published so far, all of these commercial systems will have backdoors built in them to assist NSA/GCHQ data slurping. This could be designed weaknesses in the modules that encrypt and decrypt our data or ‘erroneously implemented’ bits of code in other parts of the systems. On top of this, once our data leaves our servers and travels out via the Internet it can be collected and read by the NSA (even if we made sure it was encrypted before it left our servers).
1) This means that, by installing and maintaining such systems we are effectively enabling the ‘theft’ of private data, not inhibiting it.
2) The fact that 850 000 people in the US have access to the NSA’s Tempora (electronic surveillance) system means that there is no way that this slurped information can be considered private.
Thus my organisation and I (together with all other organisations in a similar position) are effectively breaking the data privacy laws here in our bit of Europe.
I don’t really see a way around this one to be honest.