Ron Deibert writes:
Buried in a recent Edward Snowden disclosure is a passing remark from a briefing sheet on a program called “Sentry Eagle.” According to the briefing sheet, “unauthorized disclosure” of its contents would negatively impact the United States’ “ability to exploit foreign adversary cyberspace while protecting U.S. cyberspace.”
For many, such a remark might pass barely noticed, obscured beneath the more salacious operational details in the top secret slides. It definitely should not. It represents a deeply entrenched worldview at the heart of cyber security problems today.
A lot of spying depends on a nation’s intelligence services being able to exploit weaknesses in other nations’ cyber infrastructure. National security depends on maintaining – or in some cases actively sabotaging – the global infrastructure.
Agencies like the NSA are tasked with defending critical infrastructures on the one hand, while fueling a multi-million dollar industry of products and services to exploit them on the other. Protecting the integrity of communications systems is a mission imperative, but so is building “back doors” — a kind of insecurity-by-design — programs designed to proactively weaken information security are justified on the basis of strengthening national security.
Agencies like this, who are obsessed with installing back doors to weaken security, are also the very ones trusted to protect our cyber security. This is a major conflict of interest. What’s encouraging is that companies are fighting back. Companies like Google and Apple (and most recently, Whatsapp) are implementing e2e encryption, much to the annoyance of the security agencies.
Historians like to remind us that intelligence is “the second-oldest profession.” But in the past decade, we have accorded extraordinary powers and capabilities over society to mammoth military-intelligence agencies that are unprecedented in human history. Their overarching prominence and power have begun to undermine core values upon which our societies rest while exposing us and our communications to widening risks. It is time we address squarely this syndrome for what it is: the most important threat to cyber security today.