Insights For Success

Strategy, Innovation, Leadership and Security

Spying

Is the Internet built for spying?

InfoSecEdward Kiledjian

The one and only internet

ISS_Flight_Control_Room_2006.jpg

Edward Snowden is the (now famous) NSA leaker that exposed many of the US intelligence community's most secretive tools to the world. As expected, the public reacted (some would say over-reacted).

 

 

There is one internet

I believe the Internet will be recorded in history as one of the great evolutionary drivers. With the global availability of human knowledge and the ability to create brand new beneficial services (like the Scanadu home health monitor).

Society has become so dependent on the fragile but powerful internet that it is inconceivable to cut oneself off from it completely (unless you want to live in a log cabin in the woods).

The Internet is a reflection of humanity

The internet is a mirror of our world. There are good people doing fantastic things with it to help every living being on our blue marbel. On the other extreme are the thiefs, scammers and "bad people". 

Just like the internet amplifies the good, it amplified the bad.

Is the internet a tool for spying?

A great many readers are upset about the scope of NSA spying revealed by Edward Snowden. Some say that you shouldn't worry is you have nothing to hide but I disagree. Whether you believe these leaks are good or bad, they are forcing us to have an educated dialog about what we think is acceptable and what isn't.

Everyone working in security always assumed that governments were conducting these kinds of activities and these revelations upset us less because we were mentally prepared for them.

There is no tools or technique to be 100% safe and spy-proof on the internet. Even encryption leaves powerful traces of activity we call meta data :

  • who you emailed
  • how often you emailed them
  • where your email originated from

Investigative journalists also discovered that the US Postal Service was also recording meta-data from letters (same as the above but for real-world physical letters and packages).

The internet amplified business and allowed companies like Amazon to create new consummer benefiting models. The internet amplifies espionage capabilities by allowing governments to slurp up an incredibly large amount of data quickly and easily.

The difference between government espionage and economic espionage

"But we stole stuff to keep you free and ... safe. We didn't steal stuff to make you rich, which is really the nub of the issue between ourselves and the Chinese." - Retired Gen. Michael Hayden, a former director of the Central Intelligence Agency the former head of the National Security Agency from CNBC

I think the more important question is related to economic espionage. Economic espionage means a foreign  country (other than the one that owns an innovation) will benefit from the hard work of another without having incurred the costs and risks of R&D. This could leads to an incredible strategic advantage that sometimes becomes irrecoverable (think of Nortel).

People are quick to point the finger at China but I want to burst your bubble and say we simply don't know. The intelligence communities around the world keep tabs on foreign espionage but the general public rarely gets unbiased information. 

As part of our national discussions about government espionage, we need to debate economic espionage policy and determine if this is something we (as the population) want our own countries doing. 

Spying for protection

The reality is that government espionage is used to keep the population safe by foiling terrorism plots early. This is a tool that we (the population) can't take away from our agencies since it benefits us (without the general population realizing).

I hope the debate also leads to discussions about how (and if) this information is used to ensure a level economic playing field between countries. I want to ensure that my government is helping to protect the economic values of the R&D performed by our companies. I want our G20 countries to adopt much clearer cooperation pacts to help protect from economic espionage and to provide helpful guidance to Chief Information Security Officers working on these targeted companies.

Discussions about "Should the government be doing this" aren't useful since that ship has sailed. Discuss how the information can be used and how it should be leveraged to protect the economic engine of our countries (company innovation).