The [intelligence] professionals’ task is therefore to keep judgements anchored to what the intelligence actually reveals (or does not reveal) and keep in check any predisposition of policy-makers to pontificate … of trying to make nasty facts go away by the magical process of emitting loud noises in the opposite direction.
Sir David Omand, “Reflections on Secret Intelligence”
The EFF continues it’s long slog to challenge the US government’s warrantless wiretapping. At this point a series of cases have been dismissed, though the Supreme Court is now hearing a case to ascertain whether those who have been affected by the dragnet surveillance - lawyers, journalists, human rights lawyers - can challenge the statute given that it “prevents them from doing their job without taking substantial measures when communicating to overseas witnesses, sources and clients.”
This is an incredibly serious case. The outcome will not decide the legality of the statute itself but just whether it can be challenged. By anyone. A dismissal of the case - that is, a decision declaring that no one clearly has standing to challenge the statute - would prevent the existing intelligence operations from ever being challenged so long as the government avoids bringing warrantlessly-accessed data into a trial as evidence.
Watch this case; if it goes sideways then the American government will have (effectively) been given license by the highest court in the land to surveil Americans, without warrant, and without an effective means to prevent the surveillance.
A great of speculation exists around mobile companies of all stripes: are they secure? Do they secretly insert backdoors for government? What kinds of assurances do customers and citizens have around the devices?
Recently these concerns exploded (again) following a Reuters article that notes serious problems in ZTE mobile phones. There are a series of reasons that security agencies can, and do, raise concerns about foreign built equipment (some related more to economics than good security practice). While it’s possible that ZTE’s vulnerabilities were part of a Chinese national-security initiative, it’s entirely likely (and more probable) that ZTE’s backdoor access into their mobiles is a genuine, gigantic, mistake. Let’s not forget that even ‘our’ companies are known for gross security incompetence.
In the ZTE case it doesn’t matter if the backdoor was deliberate or not. It doesn’t matter if the company patches the devices, either, because a large number of customers will never apply updates to their phones. This means that, for all intents and purposes, these devices will have well publicized security holes for the duration of their existence. It’s that kind of ongoing vulnerability - one that persists regardless of vendor ‘patches’ - that is increasingly dangerous in the mobile world, and a threat that is arguably more significant (at the moment) than whether we can trust company X or Y.
The Guardian has an excellent bit of coverage on UK-led rendition practices. These practices entailed collaborating with Libya and China to turn over members of the Libyan Islamic Fighting Group, an anti-Gaddafi organization. Ian Cobain, the journalist, precisely notes the kinds of experiences that UK and American agents subjected members of the organization to during their capture and transit to Libya.
It’s a harrowing read, but important, as it details the significance and associated dangers of the state’s secret extension of powers. It also recognizes that states will ‘turn’ on individuals and groups that they had once supported on the basis of building economic relations with a new ‘friend’. Perhaps most ominously, the article outlines how the secret court processes - where neither the accused nor their counsel are permitted to view or argue about evidence against the accused - have had their rulings ignored. Even the judges in these secret cases cannot impose their power on the state, indicating that arms of the government are entirely divorced from the accountability required for democratic institutions to (normatively) survive.
The only way to stop these kinds of practices is for the public to stop quietly ignoring the erosion of their democracies, civil liberties, and basic freedoms. It remains unclear how this can be done, but given the expansion of the state’s perception of its executive powers, it is imperative that citizens vigorously and actively begin protecting their democracies before the last shreds of democracy are truly lost.
The NSA was quite aware that many new network systems were being built rapidly during the dotcom boom, and if cryptography wasn’t built in at the start, it should usually be too expensive to retrofit it later. So each year the NSA held the line on crypto controls meant dozens of systems open to surveillance for decades in the future. In these terms, the policy was successful: little of the world’s network traffic is encrypted, the main exceptions being DRM-protected content, Skype, the few web pages that are protected by TSL, opportunistic TLS encryption between mail servers, SSH traffic, corporate VPNs and online computer games. Everything else is pretty much open to interception — including masses of highly sensitive mail between companies.
R. Anderson. (2008). Security Engineering: Second Edition. Indianapolis: Wiley Publishing Inc. Pp. 795.