Now that we know more about the extent of government snooping both domestically and abroad, there's an important question to ask: Can we ever feel safe again?
It's fairly safe to say that many of us owe an apology to the "tin foil hat" community -- at least in regard to their claims of government spying (makes you wonder about the aliens). I'm still reeling over the increasingly incriminating details regarding how the US government (and others) have been actively monitoring, recording, and storing all kinds of information on foreigners and citizens alike. All the while, they publicly denied this until undeniable details began leaking out. Finally, the NSA has fessed up and admitted to what they were actually doing.
We're talking about things like circumventing online encryption by cracking SSL with super computers. Or even working alongside technology hardware/software companies to knowingly create backdoors into applications and operating systems. It's clear now that the Internet can in no way be considered secure as it once was.
A few months back, I blogged about the possibility that security engineers were being "played" by our governments. At the time, I was simply pontificating. Now I'm fully convinced of this fact. Companies -- including our financial institutions and healthcare providers -- have been deceived into thinking that SSL was a secure form of communication. Nope, turns out that it's not even close.
There are also suspicions that IPSec -- the protocol used for many Virtual Private Network (VPN) tunnels -- is likely to be compromised. Additionally, it's looking more and more likely that hardware and software vendors were either "played" like the rest of us — or willingly assisted in creating backdoors into any and all systems. These secret backdoors have been suggested in the past with foreign IT infrastructure companies like Huawei. Now it looks like we have to come to grips that the same thing is happening on this side of the world.
So, not only have encryption protocols been compromised, we must also assume that all network, server, and desktop hardware is riddled with backdoors. This type of mistrust does not sit well with many of us, and there are increasing calls to "take the Internet back." Bruce Schneier of the Guardian recently wrote an article precisely about this topic. In it, he listed several ways to make the Internet secure once and for all. His solution is to rely on the engineering community that built the Internet to come clean and make it secure once again. Some of Mr. Schneier's suggestions include:
- The engineering community as a whole must blow the whistle -- and fully expose the extent of current government spying.
- Re-engineer the Internet from the ground up -- eliminating easy backdoors and exploits. This will make it too expensive for governments to spy on a large scale.
- Take the control of the Internet away from government's and give it back to the people to control.
While I respect this optimistic outlook, I seriously have my doubts that this could ever happen. So much money has already been poured into infrastructure, that to rip it out and replace it with "clean" components would be an enormous undertaking. Secondly, governments around the globe are far too entrenched in the control of the Internet that it would be nearly impossible to uproot this control. We have to admit to ourselves that the Internet is not controlled by the people, but the governments around the world. And they don't have the same ideas regarding privacy that you and I may have.
So will we ever be able to trust that communications can one day become truly secure? It's highly doubtful in my opinion. Ultimately, the means that it's up to business leaders to determine if a lack of security is something worth fighting against -- or simply a sobering new reality moving forward.