The NSA can highjack your computer – panic and freak out
First of all, the big news this week: the story in The Intercept about “How the NSA Plans to Infect ‘Millions’ of Computers with Malware”.
What it basically tells us is that the NSA has malware that could completely take over our computers. Tools like CAPTIVATEDAUDIENCE, GUMFISH, SALVAGERABBIT can highjack microphones and webcams to secretly listen in on conversations taking place near the device or to snap photographs. They can even exfiltrate “data from removable flash drives that connect to an infected computer.”
According to the article written by Glenn Greenwald and Ryan Gallagher based on documents provided by Edward Snowden – which can be found here – “the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption.”
Encryption works, Edward Snowden once again told an audience at the South by Southwest (SXSW) conference this week. He isn’t wrong, the encryption that protects the material he took from the NSA being a case in point.
Still, it seems, that if the NSA has already infected your computer, that’s an entirely different story: “The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks.”
This is scary stuff. I dare you to read it in full.
Run-in with Nemesis – well, sort of
Me, I am not going to spend too much time on it this week because one, the article in The Intercept together with the documents provided tell a comprehensive story – and they do it better than I could.
Two, I would like to focus on a rather interesting, and a little bit disturbing, experience I had this week.
You see, I found myself confronted with someone who seemed to be ideologically located at the far end of the political spectrum from where I consider myself to be. That is somewhere to the political left of the centre. To avid readers of this blog, should they exist, this may be obvious. I admit that the fact that I regularly read the Guardian and support many of its views and values is probably difficult to overlook.
Mind you, I do go to other sources. I do not agree with every single opinion put forward in the Guardian (to assume that were possible would be daft). Yet let the Guardian – for the sake of this anecdote – serve as an illustration of where I lean; politically, socially, ethically, editorially etc. Or, for further illustration, you could just read this blog.
Anyway, I had a discussion this week with someone who was clearly not a big fan of the Guardian. I didn’t seek that discussion out – in fact, I tried to warn the other person that it would not be a good idea to “get me started” – but I wasn’t able to avoid it either.
So there I was, trying to get my point of view across to someone who I am guessing must be getting his news from publications that clearly aren’t the ones I have much faith in or whose lines of argumentation I find particularly convincing.
All the more fascinating, thus, to realize that the audience of these media quite probably thinks the same about me. Don’t get me wrong, I was of course aware that these people existed and that their general opinion of readers like myself was probably not a favourable one. Yet surrounded as normally I am by people who share many of my views, to be thus confronted with someone who quite possibly thinks I am at best naïve or a bit radical (don’t know which would be worse but I am neither) and at worse a deluded conspiracy theorist who believes that the powers that be are out to get us all (which I don’t) was quite a fascinating experience for me.
It was also worrying. Once again, I was reminded – and not just by the government-friendly media but actually first hand – that there are people who do not necessarily think that it is wrong to lock people up in an institution like Guantanamo (which hasn’t been closed yet because, after becoming president, Obama realized that there was nowhere else to put the “terrorists”), who hold the view that Chelsea Manning got exactly what was coming to her, or that the death penalty isn’t a bad idea by default (it is: it is complete and utter nonsense, unworthy of democratic societies in the 21st century and there is no room for discussion here either).
Why am I writing this down? Especially when I should be addressing the fact that the NSA, by aid of a “man-on-the-side technique, codenamed QUANTUMHAND, […] disguises itself as a fake Facebook server” to transmit malicious data packets to a target’s computer? A revelation that has prompted Facebook founder Mark Zuckerberg to vent his frustration about NSA spying on the phone to president Obama?
Well, for one thing because I fully trust ye who read this to follow these things up for yourselves – and gobble up some Pulitzer Prize worthy journalism in the process.
For another, my run-in with someone whose views differ so fundamentally from my own, brought home once again the reality that people actually buy into the reassurances made by their governments that everything will be fine.
Surveillance according to other people
Yes, this did shake me: people with a worryingly blind faith in their governments do exist. They are not a media invention.
These people display the kind of faith that completely ignores the fact that not all is good and well in this or most other countries.
More worryingly, these people seem to think that since there is nothing anyone can do about anything governments do, there is no need for us to bother. We are, after all, quite well off. Nothing we can do if others aren’t. There is no danger in a lack of government accountability because the possibility of us becoming victims of a totalitarian regime is remote (I am not sure it is but for that I get odd looks).
So, I am writing this down because what I heard during this discussion I had this week dismays me.
But more in line with the usual subject matter of this blog, I am writing this down because, perhaps obviously, that discussion eventually turned to mass surveillance.
Needless to say that I argued that mass surveillance is a bad idea. And you may have guessed that the the person opposite me argued the… well opposite, saying that mass surveillance is necessary for national security, that there is no danger from it to most of us regular people with nothing to hide and that those who have revealed it may well have done grave damage to the aforementioned national security, which is why they are being persecuted.
Further, that there is no danger to a free press in the UK because it isn’t true that journalists (and human rights lawyers) are being detained at airports. Moreover, that there was a very good reason to make the Guardian destroy its hard drives last year because they contained material that was hazardous to national security, that the destruction was justified and that it accomplished something other than nothing, being not a failed attempt at intimidation but the successful destruction of the only copy of one stash of Edward Snowden’s material. No, I am not joking.
If you have been following the Snowden stories as I have, you may empathize with how well-informed (or not) the person who said these things appeared to me.
I am not going to repeat obvious counter-arguments to claims like the one that mass surveillance is effective because it has successfully foiled several terrorist plots. John Inglis, the deputy head of the NSA himself has conceded that “at most one terrorist attack might have been foiled by NSA’s bulk collection” – and I know I am quoting from the Guardian here but feel free to check this against other sources around the web, although you may find that
the Torygraph or the Daily Fail certain media organisations have been curiously quiet on that particular subject.
Neither am I going to once again blast the unproven allegation that the Snowden disclosures have severely harmed national security. Or the one that Russia and China have Snowden’s material and that the intelligence agencies know where Snowden is. Therefore, my discussion partner argued, if they really wanted to kill him, he would be dead. Seeing as he is still alive they obviously don’t want him dead.
I’d put it to you that that’s not what they told BuzzFeed but hey, prone as I am to believing all sorts of leftie-liberal scaremongering propagated by the Guardian editorial staff, Edward Snowden, and Glenn Greenwald and his minions over at the Intercept (not to mention the NY Times, the Washington Post, the ACLU, Der Spiegel…) what do I know?
The reality is, the person opposite me claimed, that there have been no major terrorist attacks since 9/11 and this is precisely because surveillance was stepped up post 9/11 – I am not even going to repeat the answer I got when referring to the Boston bombings.
Let’s not go there.
It’s the law, stupid!
Instead what I want to focus on is one particular idea that emerged during this discussion that I found both interesting and alarming: the idea, put forward by my discussion partner, that mass surveillance is going to become “the new normal” once the initial outrage has calmed down. We will all get used to it, the person opposite me argued, and that will be that. And anyway, tech companies have been gathering our data for years, so why are we so bothered about NSA and GCHQ doing the same thing?
In answer to the last question, let me refer you to Mr Edward Snowden – who else?
“Why is it less bad if big corporations get access to our information instead of the government?”
Said Edward Snowden – and I am going to quote this at length because it hits the nail on the head:
The government has the ability to deprive you of rights. Governments around the world […] have police powers, they have military powers, they have intelligence powers they can literally kill you, they can jail you, they can surveil you. Companies can surveil you to sell you products, to sell your information to other companies. That can be bad, but you have legal records. First off, it is typically a voluntary contract. Secondly, you have got court challenges you could use. If you challenge the government about these things […] the government throws it out on state secrecy and says you can’t even ask about this. […]That’s the difference and it is something we need to watch out for.
Mr Snowden is right on several counts here: first of all, yes, it is sort of a voluntary contract to give our data to tech companies. In theory, we know about it (from their dreaded T&Cs) and we accede to it. By contrast, we have not acceded to government mass surveillance.
Second of all, tech companies – although perhaps critics of lobbyism would disagree – do not make laws, they are bound by similar laws as we are, at least in theory.
Governments, on the other hand, make laws. Yes, they are also subject to laws but if we have seen anything over the past months, it is that for this to really work, strong oversight is needed.
And in a week in which NSA-supporter Dianne Feinstein herself has ripped into the CIA for spying on the Senate Intelligence Committee, in what potentially amounts to a violation of the US constitution, it has become more obvious than ever that the bodies that make laws, and that should provide oversight that ensures these laws are observed are not actually doing a very good job of it.
(As a side note to how well they are doing with that, do consider that Feinstein never had a problem with surveillance as long as it didn’t involve her or the Senate. Edward Snowden certainly wasn’t wrong to criticize the double standards at work here.)
So yes, Edward Snowden is absolutely right that it is the power difference between governments and companies we need to watch out for, especially as we can already see that the power governments have is being used in questionable ways.
As Chris Soghoian said at the SXSW: “Even if you trust this administration that we have right now, you know that the person who sits in the oval office changes every few years. You may not trust the person who is going to sit there in a few years with the data that was collected today.”
When I advance that particular theory – that all it takes is for the wrong sort of leader to come along for us all to realize that just because we think we have nothing to hide or have done nothing wrong we are by no means safe – I usually get funny looks, even from people who generally share my views.
The threat of a totalitarian government taking over our cosy democracies just seems a little too remote. But I put it to you that the kinds of capabilities that the NSA and GCHQ have or are planning to make use of – again, read the Intercept story! – are the stuff of nightmares if you imagine them in the wrong hands.
And we do not even need to wait for our own governments to go rogue to see the danger of such capabilities or un-checked spying: “Every other government within the international community will accept [NSA spying] as a sign, as the green light to do the same. And that is not what we want.”
Mass surveillance is not the “new normal”
Now, as to the other idea forwarded by my discussion partner this week – that mass surveillance will become the “new normal” – that is actually both a very worrying and a very interesting suggestion.
Worrying for two reasons: one, the person sitting opposite me seemed to advance it by way of saying that we needn’t bother get outraged over the whole mass surveillance omnishambles because we’ll all get used to it. Two, because if we’re not careful, this might actually prove to be true.
We may be having a debate about this at the moment, and both the US and the EU may be looking into amending legislation to reflect and rein in the spooks’ new technical capabilities but unless we all pay attention, I daresay these things may just quietly go away again. Let us not forget that there has not been any meaningful reform yet.
And that is exactly why the idea that mass surveillance will be the new normal is interesting: it says a lot about where we are at the moment.
You see, I would argue that we have reached the proverbial fork in the road: either, we will now all accept – and more or less quietly consent to – what is going on or we will keep insisting on much-needed reform, both of policy and of technical capability.
During his appearance at the SXSW conference, Edward Snowden said that the NSA was setting fire to the internet and that it was for technologists to act as firefighters.
Along with that, Ben Wizner and Chris Soghoian of the ACLU called for more usable encryption tools to be made available as default software settings. Obviously, this is not going to be easy but if implemented, it could make mass surveillance a lot more difficult and perhaps even economically unviable for the spooks. Which is what we want.
Rather than for mass surveillance to become the new normal, because after our initial outrage we all go back to quiet and comfortable ignorance, we have reached a point where there is a chance to profoundly reform – and thus lastingly reshape – internet security. If this happens, it may be done just in time for us all to be safer.
And, as Chris Soghoian said, the fact that we have reached this fork in the road, is because of Edward Snowden. It is to him that we owe both knowledge and opportunity.
Actually, complacency killed the cat
My point in this anecdote about my uncanny encounter with political conservatism is that one of the most worrying aspects about the views expressed not only by my discussion partner but also by many of the government-friendly media, is the complacency they bespeak.
A “we can trust the government to do right” kind of complacency, a “there is nothing we can do about it so why bother” kind of complacency, a “it’s not as bad as you make it sound” kind of complacency, and finally a “there is no need to assume the worst case” kind of complacency.
To this, I have a couple of answers: firstly, the past couple of months have shown that we cannot trust our governments to always get it right. So we have no reason to be complacent about that.
Secondly, during that session with Edward Snowden, Ben Wizner and Chris Soghoian at the SXSW conference, valuable suggestions have emerged about what can be done about mass surveillance – I suggest you watch the video, it’s very worthwhile but basically, what they are saying is that it is perfectly possible to make mass surveillance a lot more difficult.
And precisely because it is possible to do this, we absolutely need to bother. The technology community needs to step up its game. It’s all very good and well for people like Yahoo and Zuckerberg to complain, but what use is their righteous outrage if it doesn’t result in substantial changes that make mass surveillance less attractive for the spooks?
Those of us who aren’t the tech-savviest of people can also step up our security. We can learn about these things. We too can make mass surveillance more difficult. Then, if the policy side of things falls short, perhaps the technology side can do something to reclaim the internet.
And if nothing else, we can make ourselves heard. We can keep the discussion that Edward Snowden was trying to enable alive. We can discuss the question if our security is worth a complete loss of privacy and liberty.
And by doing all of that, make no mistake, we can shape the future. The other important question is what shape we want the future to take.
“It is the steps we take today, the moral commitment, the philosophical commitment, the commercial commitment to protect and enforce our liberties through technical standards that will allow us to reclaim the open and trusted internet,” Edward Snowden told the SXSW.
That is our responsibility and it will not do for us to let complacency interfere with that commitment.
The threat that mass surveillance and the indulgence that has been shown towards the spy agencies so far mean for our rights and freedoms cannot be emphasized strongly enough.
It is evident in the very news that the CIA has been spying on the Senate Intelligence Committee and in Dianne Feinstein’s reaction to it: the spooks seem to be arrogant enough to believe they are above the law, while lawmakers seem to believe that mass surveillance only is wrong when it targets them – the mass collection of data from countless of innocent citizens didn’t seem much of an issue for Ms Feinstein.
I agree that in many ways our political system sort of works at the moment. That does not mean it always will. It certainly doesn’t work well enough now (and that’s not only evident from the Snowden disclosures).
As Paul McNamee put in the UK’s Big Issue this week, “we should be nervous about what may become of the system unless we speak up”.
Thanks to Edward Snowden we have reached that fork in the road where we have the knowledge we need to speak up and do something about where the system is headed.
Yet if we allow ourselves to become complacent, we may miss our chance to do it.