Buried underneath the ever-growing pile of information about the mass surveillance methods of the NSA is a small but significant undercurrent of change that’s being driven by the anger and resentment of the large tech companies that the agency has used as tools in its collection programs.
The changes have been happening since almost the minute the first documents began leaking out of Fort Meade in June. When the NSA’s PRISM program was revealed this summer, it implicated some of the larger companies in the industry as apparently willing partners in a system that gave the agency “direct access” to their servers. Officials at Google, Yahoo and others quickly denied that this was the case, saying they knew of no such program and didn’t provide access to their servers to anyone and only complied with court orders. More recent revelations have shown that the NSA has been tapping the links between the data centers run by Google and Yahoo, links that were unencrypted.
That revelation led a pair of Google security engineers to post some rather emphatic thoughts on the NSA’s infiltration of their networks. It also spurred Google to accelerate projects to encrypt the data flowing between its data centers. These are some of the clearer signs yet that these companies have reached a point where they’re no longer willing to be participants, witting or otherwise, in the NSA’s surveillance programs. Bruce Schneier, the cryptographer and security expert who has seen some of the NSA documents leaked by Edward Snowden, wrote in a new analysis of the current climate that there appears to be a “fraying” of the surveillance partnerships that have existed for years.
“The Snowden documents made it clear how much the NSA relies on corporations to eavesdrop on the Internet. The NSA didn’t build a massive Internet eavesdropping system from scratch. It noticed that the corporate world was already eavesdropping on every Internet user — surveillance is the business model of the Internet, after all — and simply got copies for itself,” Schneier wrote in his essay.
“Now, that secret ecosystem is breaking down. Supreme Court Justice Louis Brandeis wrote about transparency, saying ‘Sunlight is said to be the best of disinfectants.’ In this case, it seems to be working.”
A partnership requires at least two parties, however, and the disinfectant that has helped bring the anger and disappointment of tech companies out into the open has so far not made its way into the NSA. There are several bills making their way through Congress at the moment, and surely more to come, and some of them are designed to require more transparency of the NSA’s activities. Transparency is one thing; reform is quite another.
The surveillance programs that the NSA and other intelligence agencies have been conducting for years now have relied on weaknesses in the Internet infrastructure, ones that they have taken advantage of in order to gobble massive amounts of data.As many security experts have pointed out, those same weaknesses can be exploited by any other kind of attacker, and their presence makes the Internet itself weaker. Fixing those weaknesses will take some doing, as many of them lie in the basic infrastructure of the network, but as Schneier points out, the job needs doing.
“It’s impossible to build an Internet where the good guys can eavesdrop, and the bad guys cannot. We have a choice between an Internet that is vulnerable to all attackers, or an Internet that is safe from all attackers. And a safe and secure Internet is in everyone’s best interests, including the US’s,” he wrote.
Image from Flickr photos of Jim Kelly.