Feeds

Blame Silicon Valley for the NSA's data slurp... and what to do about it

Hive mind gloop and legal sophistry paved the way

Top 5 reasons to deploy VMware with Tegile

Comment Widespread ridicule has greeted the announcement that eight giant technology companies led by Google and including Facebook and LinkedIn were going to save us from the NSA.

The ridicule is thoroughly justified, for trusting giant corporations - whose business models rely on selling your identity to advertisers - to safeguard your privacy is like hiring a kleptomaniac to guard the sweet shop.

Thirty years after the Khmer Rouge declared war on "the Garden of the individual", Silicon Valley was lauding the collective "hive mind" while stealthily dismantling the rights that protect the individual.

Both practically and philosophically, today's giant web corporations are incapable of defending you - and how can they, when don't really accept that the individual really exists? In Silicon Valley, the individual is merely a phantom: a collection of patterns, or a node secreting data into one of its giant analytical processing factories.

Before we can understand why tech/media companies can't protect the individual, and why their "solutions" are impoverishing us, let us remind ourselves what's happened. We need to see how complicit the data business was with the behaviour of the intelligence agencies.

Spooky action at a distance

Edward Snowden's revelations confirmed that 20 years after it was opened to the public for commercial access, the internet is subject to the same casual warrant-free surveillance as the circuit-switched telephone network. Fantasies that the internet would put us beyond the reach of the spooks turned out to be just that: fantasies. Only a fraction of Snowden's material has been released, and much of it is banal: spies spy on foreign powers, for example. But the material did confirm that the physical infrastructure of packet communication is completely compromised, and security backdoors are apparently commonplace.

This week's disclosures in Der Spiegel confirmed the lack of protection. Spiegel did not draw from the Snowden cache in its report, which details alleged offensive capabilities of the NSA's Office of Tailored Access Operations (TAO).

According to the German magazine's report, TAO's operations range from Q-Branch-style custom hardware to directed hacks on suspected individuals, networks and infrastructure. It would be naive to think this didn't already go on, given the capabilities of Russian and Chinese cyber-warfare teams against political and industrial targets. The sophisticated Stuxnet malware, believed to be a joint US-Israeli effort, was constructed to disable control systems in Iran's nuclear fuel processing plant.

Yet at least the NSA is subject to democratic scrutiny. Technology companies are not. The scrutiny of the NSA may have been supine and ineffective, thanks to senators including Democrat grandee and chair of the Senate Intelligence Committee Dianne Feinstein - but the structure is there to provide better oversight.

The Great Data Slurp

What I find far more disturbing than anything in Snowden's cache is the fact that Silicon Valley's internet companies have been complicit in denuding citizens of the privacy an individual requires to be an individual.

Firstly, these companies are a data acquisition industry. They hired the best engineers and mathematicians of their generation and set them about creating a kind of derivatives bubble of inferred human behaviour. The gimmicky gadgets we feature - Android phones and Google Glasses - are simply subsidised data-capture devices. I am doubtful there is as much value in this data as the hypesters want us to believe - because economists always put more store by "revealed preferences" - what you actually spend on a good - than by second guessing what you might spend.

Far from being bold and "disruptive", Google and Facebook appear to be deeply conservative companies that seem loathe to stray from their comfort zones. They'd prosper from helping other industries build transaction-based markets, which makes the inferral analytics less important than traditional business skills. Why don't they go there? Perhaps the nerds who run these web companies fear being smaller fish a bigger pond.

Yes, I like cat videos. What's it to you?

However, if there is value in this data they capture, then we are giving it away too cheaply. New elites prosper on the back of this. This prompted Jaron Lanier to suggest that we charge them for it, receiving a micropayment when an ad is clicked. There are two drawbacks in Lanier's suggestion. One is that it relies on micropayments, which only ever work in aggregate amounts - discrete micropayments are too expensive to process. The second, rather larger problem, is that there isn't enough money there in the first place.

So, instead of conducting a real transactional business, or helping other people make operational IT efficiencies, they've created a ghost world of their own instead, in which we're the product. This required a public relations effort to try to persuade us we don't have any property rights over our data, anyway.

While you were out fighting SOPA, we left you this note

One of the most ironic sights of 2013 was seeing the fugitive Snowden open up a laptop emblazoned with stickers for the EFF, the Electronic Frontier Foundation. The EFF is just one of many groups that receives money from the technology industry - with Google leading the handouts - waging a ceaseless war on the individual's digital rights, while claiming to defend them.

These groups also loudly claim to be privacy watchdogs - yet have turned their meek protest into a funding activity. And guess who's doing the funding? When Google and Facebook settled their respective Buzz and Beacon privacy lawsuits, the biggest beneficiaries were not individuals but “organizations that are currently paid by [Defendant] to lobby for or to consult for the company” thanks to a quirk called cy-près. The EFF and ACLU each bagged $1m from the settlement, which for the EFF was more than it raised in donations. And it has some pretty wealthy donors.

So the poachers are paying off the gamekeepers.

The web giants have also paved the way for the NSA by driving a bus through legal loopholes. For example, The Washington Post reported how the NSA justified its infrastructure interceptions by arguing it wasn't really doing interception.

The distinction is between “data at rest” and “data on the fly.” The NSA and GCHQ do not break into user accounts that are stored on Yahoo and Google computers. They intercept the information as it travels over fiber optic cables from one data center to another.

Sound familiar?

It should do, as it was the same argument Google used when it launched Gmail in 2004. Google was reading your email because it wanted to inject advertisements based on your private communication. So it sought to redefine "reading" as "not actually reading". Here's what security expert Mark Rasch predicted at the time.

Google will likely argue that its computers are not ‘people’ and therefore the company does not ‘learn the meaning’ of the communication. That's where we need to be careful. We should nip this nonsensical argument in the bud before it's taken too far, and the federal government follows…

Imagine if the government were to put an Echelon-style content filter on routers and ISPs, where it examines billions of communications and 'flags' only a small fraction (based upon, say, indicia of terrorist activity). Even if the filters are perfect and point the finger only completely guilty people, this activity still invades the privacy rights of the billions of innocent individuals whose communications pass the filter. Simply put, if a computer programmed by people learns the contents of a communication, and takes action based on what it learns, it invades privacy.

So what's to be done?

Beginner's guide to SSL certificates

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.