Why I'm Not (very) Worried about PRISM

Thursday, June 20, 2013

Eric Knapp


(SecurityWeek) - The NSA is tapping into our digital lives, monitoring voice calls, emails, social media, and who-knows-what-else. It’s for national security, say those on the side of the NSA; it has stopped terrorist plots already and will stop more. It’s a heinous breach of privacy, say those on the opposing team; it is nothing less than a blatant intrusion of our personal lives, a digital version of breaking and entering and rifling through our closets, looking for skeletons.

I say, “meh.”

Government Surveillance

The reason isn’t because my closet lacks skeletons, or because I’m blinded by absolute patriotism and faith in the morality of my government. It’s because I understand, and try to live by, one of the best pieces of advice I’ve ever received on the topic of privacy: “assume that everything you do and say is being watched and heard, always.” It’s a fundamental principle of cyber security and Internet privacy, but it is advice that was given to me in grade school by my first grade teacher, after I had said something mean about a fellow student that was overheard. Then, I’d hurt someone’s feelings unintentionally. Now, the consequences of leaving a trail could be more severe. Then, there was no such thing as the Internet, or social media. Now, it’s almost impossible to avoid leaving an indelible digital trail of everything that you do and say.

The benefits of following this advice is that it fosters safe(r) digital behavior. If you have a secret, don’t email, text, tweet or even talk about it unless you are confident that you can’t be overheard. Is that document confidential? Then use TrueCrypt or something similar and jiggle your mouse like mad before emailing it to your colleague, or even your most trusted friend (random mouse movements are used to create entropic crypto seeds).

This advice also breeds a cautious paranoia, and that’s why I’m not shocked or outraged by the recent leaks of government spying. I’ve always assumed that the government was spying. The hackers certainly have been — they’ve been trying to steal my credit cards, passwords, and other details of my digital life for decades now. If I absolutely don’t want something to be stolen, I simply shouldn’t inter it into the digital landscape. Period.

We still buy thing online with credit cards, and we still connect our bank accounts directly to various third party agencies to automatically pay bills and direct deposit our paychecks. We do it because we’re relatively confident that we’ll be okay, and if a breach does occur, the breached institution will most likely help to solve the problem.

The irony is that, for most of us this is a risk/reward decision that we make and that convenience almost always wins; but for the bad guys it’s a decision that will most likely be made in favor of privacy. So the lesson is being learned, just not by the right team. The average citizen will continue to show their cards at the poker table and then complain about cheating, while the bad guys will smile with an ace up their sleeve.

Originally Published in SecurityWeek

Possibly Related Articles:
Post Rating I Like this!
Gregory MacPherson Okay, Bruce Schneier let the cat out of the bag so I can talk about it now...

The major telcos (and through them the governments) have ALL of your banal voice and text messages, content and all, not just the metadata as reported.

Here's the problem, depending on what country you live in, that's a violation of the principles (not the laws per se, but the principles) of your government. If you live in the USA, a representative republic (not a democracy as often reported), then your government’s practices are in violation of the Bill of Rights. Specifically the Fourth Amendment of the Bill of rights: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated,..." Other countries mileage may vary.

Unfortunately, unless you are Constitutional attorney (with big brass ones) you are not going to take on the government in court (or anywhere else). Sadly, the few Americans (oligarchs) who have the money and time to do so are not doing it – in fact they are profiting from the violation.

I predict torches and pitchforks before the end of the decade.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.