There have been so many disclosures, revelations and speculations since Snowden fled and the media trickled out one tantalizing slide after the next- that it's hard not to get overwhelmed. It’s hard not to get angry.
Now that the sheer scope and massive worldwide surveillance of the NSA has come to light over the last few months, it seems as if a veritable cloud of "Privacy Depression" has set in lately among citizens and the technology community at large. Adding to that hot mess is the willing complicity of the tech giants, backbone providers and hardware manufactures. Fuel to the fire.
Yes, there are some feigning outrage, some with true concern, and others calling for heads-on-a-platter while western intelligence agencies and big technology firms hunker down and hope it all goes away. It won’t. It’s only going to get worse for them and the government.
Through the great work of The Guardian, New York Times, Washington Post, ProPublica and Der Spiegel we now have a much clearer understanding of what we are up against. Along with all of this new information comes some confusion, wild speculation and some understandable depression about society as a whole ever winning back it's basic right of privacy. Don’t buy into this thinking. Don't drink the "all is lost" Kool-Aid, because we are winning.
We at Silent Circle believe these revelations and disclosures are some of the best things that could happen to the technology sector. In fact, the battle for your digital soul has turned strongly towards Privacy's corner because we now know what we are up against. We are beginning to define the capabilities and tactics of the world’s surveillance machine. Before all of this -we speculated, guessed and hypothesized that it was bad –we were all way off. It’s horrendous. It’s Orwell’s 1984 on steroids. It doesn’t matter –we will win the war.
Last week we saw headlines about the NSA having made incredible breakthroughs in cryptanalysis and being able to crack SSL and VPN's. Some media outlets that we spoke to were under the faulty impression that "all encryption had been easily broken" by the NSA and they possessed some magic black boxes that instantly decrypted everything. Hence the deeper onset of Privacy Depression that set in around the world.
Don’t buy the hype. Trust the math and strong encryption. One of the world's greatest technology security experts, Bruce Schneier, wrote some terrifically clear and concise articles about these revelations and is perhaps in the best position to clarify what these recent disclosures mean. He has reviewed all of Snowden’s documents. Here is a quote from his article in The Guardian a few days ago that sums up the reality of the situation:
Honestly, I'm skeptical. Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system. I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks. Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts.
He is spot-on here in his comments. The security technology community has known for a long time that the platforms are the weak link (Windows, Mac, Android, browsers, IOS, Firefox OS, etc.) and we have known for years that it’s wise to be skeptical of mass-produced hardware as well (routers, servers, etc.). The fact that the NSA and the Chinese (Huawei) have pressured hardware and phone makers to be “surveillance friendly” is not new either, we just now have concrete proof right in front of our collective faces. We are really lucky this information has come to light. It’s a true gift. We are going to use it to set the government surveillance machines back 7-10 years. Back to where they should be to accomplish their responsibilities without violating those rights that they are in place to protect.
A lot has been made about the “35,000 NSA employees and $11 Billion spent annually on Department of Defense-wide Consolidated Cryptologic Program” along with $440 Million spent annually on Research & Technology. That is a hell of a lot of money and manpower. Good –I hope they increase both, because it’s good for us. Why? Its called bureaucratic, Red Tape, B and C grade talent, committees, focus groups, audit committees, professional politics, backstabbing, budget fights, and waste –in summary “Big, Bloated, Incompetent Government”.
I spent a good portion of my adult life in Special Operations –it’s an environment of innovation, A+ talent, self-sufficiency, and zero tolerance for bureaucracy. It’s about small teams of highly talented and dedicated people with skill and daring outwitting huge clunky armies. The NSA and the world’s government’s surveillance organizations are huge, bloated clunky armies. If you ever worked in a large corporation or government agency, then you know what I mean. It’s like the movie “Office Space” all over again.
They can have their $11 Billion dollars and armies of C-grade talent. I will put my money on people like Phil Zimmermann, Bruce Schneier, Jon Callas, Moxie Marlinspike, Charlie Miller, Kim Dotcom, the guys from Pirate Bay, Jacob Appelbaum, Chris Soghoian, and Nadim Kobeissi. Freakishly talented people like The Grugq, Mike Kershaw, Mudge, Matthew Green, Nick DePetrillo, and security researchers like Mark Dowd and Steve Thomas. Add to this the hundreds of thousands of highly creative, innovative and kick-ass new wave of smart hackers, coders and engineers focused on finding vulnerabilities and building cool secure systems – it’s not even a fair fight.
Small teams of highly experienced programmers can iterate builds, test and get feedback from expert talent around the world literally overnight – and produce groundbreaking innovations in secure communications and technology faster than the NSA can hold a budget meeting.
Now that we are armed with the solid evidence of what the surveillance state is doing and how they are doing it –sit back and watch as new hardware and software comes out of small innovative companies that disrupt entire multi-billion dollar cloud, communications, and telecommunications industries – based upon secure architecture and strategies learned from these disclosures.
Now that we know coercion, secret FISA courts, chummy-agreements with giant tech firms, National Security Letters, trunk line tapping and encryption standards-manipulation are the playing field – it’s game on.
We at Silent Circle feel it’s the dawn of a new age of secure communication and the real innovators of the world are just getting started. Simple secure phones, custom-made open source routers, servers, new encryption standards and software are going to come out in droves.
The battle for your digital soul has now begun. Sit back, grab a drink and watch this battle unfold from your back-doored computer, leaking browser, cracked VPN, compromised operating system and zero-day infected phone. My money is on the outraged innovators. This is going to be fun.