This year has proved to be something of an embarrassment for the US and UK governments, both having been caught red-handing spying on their own, and other country’s, citizens by whistle-blower Edward Snowden. Of course, it’s not the government themselves so to speak, but the agencies the US National Security Association (NSA) and UK Government Communications Headquarters (GCHQ).
Snowden is of course being pursued around the globe in order to halt the documentation that he’s leaked to UK newspaper the Guardian slowly over the course of the last six months, but for many ordinary people, the ex-CIA agent is something of a hero.
This is all too reminiscent of an Orwellian state aka 1984 and I’m sure I’m far from the first to point out the ‘Big Brother’ aspect to the surveillance, but what does it mean to your business? Should you be worried about monitoring, or is it something that is acceptable?
Privacy Concerns
While for consumers, the outrage is understandable (after all, surely we’re all entitled to privacy in the comfort of our homes when participating in personal communications), are businesses too?
According to CSO, for technology companies in the US it could impact heavily, as data is collected from corporations as heavily as it is from the consumer. This, CSO says: “could cause some serious international blowback for the U.S., both politically and economically”.
Not only is there a danger that corporate secrets surrounding intellectual properties could be exposed, but it’s thought that the implications for the US’ governance of the internet itself could be at stake.
“The revelations that have emerged will undoubtedly trigger a reaction abroad as policymakers and ordinary users realize the huge disadvantages of their dependence on U.S.-controlled networks in social media, cloud computing, and telecommunications, and of the formidable resources that are deployed by U.S. national security agencies to mine and monitor those networks,” Ron Deibert, a political science professor at the University of Toronto was cited as saying by CSO.
Clouds on the Horizon
There has been plenty of discussion surrounding what impact the revelations could have on the tech industry when it comes to cloud computing too. Many of world’s largest cloud computing service providers are based in the US and so there is now not as much confidence in the market as there was.
The fear of surveillance is something which may prompt many cloud users to move to data centers located closer to their own location, geographically. However, this is a fear that seems to have settled in recent months as the world has come to realize that it’s not all about the US spying, but is commonplace in many government agencies.
What sets the US aside is the sheer volume of data that they are sifting through under the ‘war against terrorism’ umbrella. However, the huge list of keywords that alert the NSA to supposed terror subjects could apply to any of us, at any time. I would challenge anyone to look at the list and say they have never used any of those words in a communication.
Words such as dictionary, toad, fish, sweeping, virus … these are extremely common, as are many of them. However, this is not an up-to-date list (circa 1998), so it’s not too much of a stretch to imagine how many more have been added.
What can Businesses do to Protect their Data?
Not a great deal, it would seem, if the likes of Google and Yahoo are having trouble fighting against it. It has recently emerged that the NSA has been collecting information from major tech companies for some time and this has led to an open letter being published from the US’ leading tech companies, as shown below:
“Dear Mr. President and Members of Congress,
We understand that governments have a duty to protect their citizens. But this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide. The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It’s time for a change.
For our part, we are focused on keeping users’ data secure — deploying the latest encryption technology to prevent unauthorized surveillance on our networks and by pushing back on government requests to ensure that they are legal and reasonable in scope.
We urge the US to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight. To see the full set of principles we support, visit ReformGovernmentSurveillance.com
Sincerely,
AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter, Yahoo”
Google’s chief legal officer has said that the snooping issue has been a concern to the search company for some time: ““We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said in a statement.
Picking up the Monitoring
So is it possible then to establish whether or not your network is indeed under surveillance? A high level of skill is needed to ascertain the appropriate information, although resources have inevitably popped up, such as this one.
Perhaps what the NSA issue will eventually mean for the tech industry is that IT security professionals will come up with ways to ensure that the data stored by businesses, whether it be on site or in a data center, is better protected in the future.
This will mean that the industry will have to change and essentially fight back, but it’s the responsibility of every business that retains customer data to ensure that it’s not available to any third party without the explicit agreement of the customer.
Whatever the case, it’s certainly been a bumpy ride for the US government this year and it would seem that it’s not an issue that’s going to go away any time soon. However, the IT industry has a responsibility to help ensure that the internet is a place of freedom all over the world and not just where it suits government agencies. It’s the height of hypocrisy to allow the internet to be used as a political tool when it comes to oppressed citizens across the world and then deny freedom of expression to its own country’s citizens.
In the meantime, it’s a case of securing your network as well as you can, utilizing tools such as latest generation firewalls and taking a layered approach to security. Monitoring tools can also help to ascertain if your network is being infiltrated too and this is all really something that any responsible company should be doing as a minimum anyway.
Image Credits
Laura Poitras / Praxis Films [CC-BY-3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons
By EFF (Own work) [CC-BY-3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons
By Coolcaesar (Googleplexwelcomesign.jpg) [GFDL (www.gnu.org/copyleft/fdl.html) or CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0/)], via Wikimedia Commons
By Berishafjolla (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons