Government // Cybersecurity
News
5/14/2014
09:46 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Government Surveillance Criticism Heats Up

As book on Snowden affair debuts, several organizations take steps to restrain the mass online surveillance that Snowden investigation exposed.

Just as investigative reporter Glenn Greenwald's book No Place To Hide, about whistleblower Edward Snowden and the National Security Agency, went on sale, two organizations took steps to restrain the online surveillance that came to light through reporting by Greenwald and others.

In the United Kingdom on Tuesday, advocacy group Privacy International filed a legal complaint seeking an end to unlawful hacking conducted under the auspices of GCHQ, the UK intelligence agency, and its US counterpart, the NSA. The lawsuit accuses the agencies of implanting malicious software on desktop and mobile devices to further intelligence gathering.

"The hacking programs being undertaken by GCHQ are the modern equivalent of the government entering your house, rummaging through your filing cabinets, diaries, journals, and correspondence, before planting bugs in every room you enter," said Eric King, deputy director of Privacy International, in a statement. "Intelligence agencies can do all this without you even knowing about it, and can invade the privacy of anyone around the world with a few clicks."

[Learn more about Greenwald's revelations in "No Place To Hide." See NSA Reportedly Adds Backdoors To US-Made Routers.]

Unchecked government spying of this sort, King asserted, is inconsistent with the rule of law and must be reined in. The complaint, the first to challenge government hacking by intelligence services in the UK, argues that GCHQ and the NSA have no legal authority to conduct hacking operations that would land individuals in jail, and that the agencies must stop immediately.

An example of the behavior in question surfaced on Monday. In advance of the publication of Greenwald's book, The Guardian published an article by Greenwald citing a June 2010 NSA report that reveals the agency regularly intercepts routers being exported from the US to implant backdoor surveillance tools prior to delivery.

In 2012, the US House Intelligence Committee advised against doing business with Chinese telecom equipment maker Huawei over fears the firm might allow the Chinese military to compromise its equipment. Evidently, national intelligence services do not need ties to network equipment makers to compromise networking gear; all they need is access to shipments.

The second organization to take action on Tuesday was the Internet Engineering Task Force, an international group of network designers, operators, vendors, and researchers. The group published a best practices document declaring, "Pervasive monitoring is a technical attack that should be mitigated in the design of IETF protocols, where possible."

Privacy advocates rally against NSA surveillance in October 2013. (Image: Stephen Melkisethian)
Privacy advocates rally against NSA surveillance in October 2013. (Image: Stephen Melkisethian)

"Pervasive monitoring" refers to indiscriminate, large-scale gathering of application content and metadata, the very activities carried out on the Internet by intelligence agencies. In short, the IETF intends to take steps to restore online privacy by requiring that future Internet specifications consider the impact of pervasive monitoring and justify design decisions related to this "attack."

Last week in Washington, D.C., the USA Freedom Act, a legislative attempt to address NSA data collection, got a new lease on life when Republican Bob Goodlatte of Virginia, chairman of the House judiciary committee, decided to support the bill. This makes it likely there will be a vote on the bill in the House of Representatives.

Cyber-criminals wielding advanced persistent threats have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Read our Advanced Attacks Demand New Defenses report today. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
asksqn
50%
50%
asksqn,
User Rank: Ninja
6/9/2014 | 4:00:17 AM
Funny how surveillance has increased under Obama
Except that the USA Freedom Act as passed by the House is so watered down it has weakened the entire bill particularly with regard to  Section 702 of the Foreign Intelligence Surveillance Amendments Act, and, the inability to introduce a special advocate in the FISA Court.  The bill is a joke and a half.
Bprince
50%
50%
Bprince,
User Rank: Apprentice
5/18/2014 | 1:10:46 AM
Re: Government Surveillance Criticism Heats Up
Interesting point on the crypto Thomas. Do you think it is possible agencies just view it as an acceptable risk? I have to imagine that if spy agencies are exploiting a vulnerability, they would also have to be taking precautions to avoid it being used against them. It would be foolish not to. That it may be exploited in attacks against the average user or the private sector may be something they are willing to accept if the vulnerabiltiy can facilitate better surveilliance of terror suspects or foreign countries. 

BP
WKash
50%
50%
WKash,
User Rank: Author
5/14/2014 | 11:39:51 PM
Re: Government Surveillance Criticism Heats Up
The other risk is that more and more countries will begin to pass laws that essentially insist "You can't do business here in this country (e.g. Brazil) unless you physically house user data in our country" which will be a costly problem for global companies.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
5/14/2014 | 5:07:07 PM
Re: Government Surveillance Criticism Heats Up
We should be spying, but within a publicly accepted legal framework. And we also need our government to understand that weakening encryption systems for easier spying makes us more vulnerable to attack, which is the very thing spying should be working against.
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Apprentice
5/14/2014 | 4:17:00 PM
Government Surveillance Criticism Heats Up
Snowden brought to light the NSA's program and the methods used that is true but he could have picked a better plan if he was gonna do it. I mean the NSA should not be spying on americans just as part of normal business but if intelligence has implicated an individual check them out but not everyone. Just my opinion.
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.