Computer security veteran Philip Le Riche shares his thoughts on questions raised by the revelations of state-sponsored surveillance, following the leaks by NSA whistleblower Edward Snowden.
If you have an article that you’d like to share on grahamcluley.com, please do get in touch.
One of the more interesting facets of the case of NSA whistleblower Edward Snowden is the way it has polarised opinion.
Normally, that would mean two opposing views, but in this case there seem to be three!
There are those who regard him as a hero, those who believe he has done immense damage, and in between, those who believe what he did was wrong, but are glad he did it.
All three positions are asserted strongly by different commentators. So how do we get behind them to a balanced view? There is more to it than a simple privacy/security trade-off.
Can we ever have our security versus privacy cake and eat it?
The idea that Edward Snowden is innocent, indeed a hero, is the easiest to deal with. Anyone who thinks (as Julian Assange appears to) that you can live without secrets is deluding themselves. You might as well try playing poker with your cards face-up on the table.
Snowden broke the law and betrayed the trust placed in him, and deserves whatever penalties the law prescribes – if it can catch up with him.
That said, paradoxically a healthy democracy requires that citizens have the freedom to break the law, and – if necessary – to suffer for it. The Suffragettes did just that in order to further the cause of democracy, and remitted their case to history as their final judge.
History has yet to deliver its verdict on Edward Snowden.
Whilst secrecy is needed at some level, secrecy breeds secrecy and easily gets out of hand, becoming a cover for incompetence, poor judgement, risk aversion and mismanagement.
On the face of it at least, the Edward Snowden files indicate that the lid badly needed to be lifted on the activities of the intelligence community, and appear to highlight a serious lack of accountability in the Patriot Act, passed in the wake of 9/11.
The view that Snowden did what needed doing is probably the easiest to defend. But did he really need to take tens of thousands of files?
And his case is not strengthened by the drip feed of leaks which maximises the revenues of the newspaper industry, whether or not that is a specific intention.
Hardest to judge objectively is the view that the Snowden revelations have done immense damage, since key evidence remains secret.
Security chiefs give impressive figures for the numbers of terrorist plots that have been foiled. If you don’t like the surveillance we have, they say, you certainly wouldn’t like the virtual police state that would be rolled out as a result of a whole series of new terrorist atrocities.
But we need accountability, not just dark assertions of “if you knew what we know but can’t tell you…”.
Phone hacking scandals have amply demonstrated that journalists push the legal boundaries and sometimes exceed them, being strongly motivated by competition for circulation figures. The destitute are strongly motivated to steal in order to feed their children.
How can we expect the spooks not to be strongly motivated to push the boundaries, with the highest motives of keeping us safe from terrorism, and with the cloak of secrecy, and a press ready to jump on any “intelligence failure” as tantamount to incompetence?
Spooks are human, too, after all. But all of us need to stop once in a while and ask ourselves whether what we’re doing still makes sense. The answer can be surprising, and it isn’t always welcome.
So what conclusions do I draw from the whole affair? Can a middle road exist in a dangerous world?
Firstly, with the advent of the internet, the intelligence community has been spoilt by an unprecedented treasure trove of information. But they need to recognise that no intelligence source lasts for ever.
They can whinge about the “internet going dark” with increasing use of encryption, and about their methods becoming known. Crows might as well whinge if hedgehogs ever learnt to look both ways before crossing the road.
There will always be whistleblowers, and sooner or later your adversary is going to realise what you’re up to. Just as impressive as the code breaking at Bletchley Park was the fact that the secret was kept. Good old-fashioned police and detective work has to remain the core intelligence skill.
The second key point is that we need a much more mature public understanding of risk.
We tolerate (in the UK) 50 road deaths a week as the price we’re prepared to pay for the freedom to drive.
Yet one death in a year through a terrorist act seems too high a price to pay for freedom from intrusive surveillance. Do we value our privacy as little as that?
The press has much to answer for, in making so much of one in comparison to the other. The only way to defeat terrorism is to refuse to be terrorised.
Accountability has to be the key, indeed, it’s the foundation of democracy: those who rule are accountable to those who elect them to office.
Those whose mission is to keep us safe are not directly elected but must still be accountable under a strong and transparent legal framework, otherwise they will lose the trust of the public.
The UK Security Service MI5 defines its mission as the protection of parliamentary democracy in the UK. If it were to lose public trust it would be indirectly undermining than very mission.
If you look around the world it’s clear that democracy never thrives in societies where there is no tradition of trust in the government.
So can we have our privacy and security cake and eat it?
It all comes down to accountability and trust. We can have half our cake, but only if we can trust ourselves not to eat that half too.