Or at least that’s how some people seem to portray our choice when we talk about privacy and terrorism. It is a hot topic for sure, in the past year there was even a referendum in the Netherlands about the “sleepwet”. It was a question of whether or not the AIVD the Dutch intelligence service should get more and easier access to the data of all people in the Netherlands. Earlier this week this topic got in the news again when Apple told the Australian government that it’s new plan is a bad idea.
The Australian government wants companies to make it easier for government agencies to get access to data in several platforms. People are afraid that this would be about creating so called backdoors. This are pieces of code which enable users who have access to this code to easily access all data. This sounds great in theory but the fear is that it would enable people with bad intentions to get into these services easily as well.
And this could have scary consequences, think about all the data you have stored online! About all the messages you send to your friends, about the banking transactions you perform online. If people with bad intentions got access to this the consequences could be disastrous!
There seems to be a big gap between what governments think is wise and what the industry thinks is wise. But who should we trust, governments in general don’t have the best reputation when it comes to adapting to new technologies. But on the other hand can we trust companies to have our best interest in mind or are they just thinking about their own gains?
One thing is for sure, if we don’t make the right choices we might end up not even having the choice between our privacy or our life!
Source: https://www.zdnet.com/article/australian-encryption-busting-bill-would-create-backdoors-cisco/
Even more alarming than this push for backdoors is that many states have very recently authorised their intelligence agencies to install spyware and malware of unsuspecting citizens’ devices. This is a key part of the Australian legislation too. This does not only breach privacy, but also significantly endangers individuals and organisations.
If we look at the leak of the US “tailored access” tool suite, the mere existence of these tools has put a large amount of people at risk. The “terrorists and bad guys” that they were supposedly used on turned out to also include foreign commercial players who became the victims of state espionage. The leak basically made these tools a staple of modern non-state Advanced Persistent Threats, granting them powers that would have otherwise taken years to acquire. Now we’ve seen them used in the wild.
And these are primarily entry and extraction tools. If we look at persistent malware/spyware infections by state actors, the scale of damage if something goes wrong grows by an order of magnitude. Suddenly, a state can be directly responsible for the catastrophic loss or misappropriation of proprietary production data. Furthermore, a state actor could lose control of their network of infected clients to some, more advanced party.
In the early 2000s the rhetoric, risks and intelligence targets weren’t really that different. Back then, however, we still had the sense to see that this direction is obviously a horrible one to go down. Now, it’s just snafu.