Civil libertarians are outraged at the revelation the NSA is reportedly spying on more than one-third of Americans -- obtaining phone records from phone companies, in case it might need them for later use. Edward Snowden, the man who leaked details of that program, also revealed a second effort dubbed “Prism,” which represented a more aggressive grab of email and other communications. (See: Prism Exposes Unwritten Privacy Rules.)
While Prism's scope (thankfully) appears to be limited, a recent study by The Pew Research Center suggests a near majority of US citizens happily embrace the potential for broader email monitoring by the federal government. In the survey, 45 percent of Americans say they’re fine with the government reading all email communications in the country.
Civil liberties aside, that sentiment should sound loud warning bells in the corporate sector.
Regardless of Orwellian abuses, business knows all too well the government -- intelligence agencies included -- has a horrendous track record when it comes to security (a fact further underscored by the leak of these program details). Apart from hackers in China, a disgruntled ex-employee, a careless worker... imagine if the government could access your emails -- and somehow those emails were leaked to the world at large, including your competitors.
The government recently offered to help utilities “improve” security by sharing information. Utilities rebuffed these efforts. As Reuters reports:
But utilities termed the report as overblown, saying their systems were adequately protected through mandatory standards set by the North American Electric Reliability Corp (NERC) that ensure separation of control systems and consumer-facing or administrative networks.
"The majority of those attacks, while large in number, are the same attacks that every business receives" through web-connected networks, Arkansas Electric Cooperative Corporation Chief Executive Duane Highley told the hearing...
"NERC has it covered. Please don't mess up."
Aside from employee leaks and foreign intellectual property theft, the NSA incident illustrates another danger -- contractors using the seized data against their business rivals. In addition to the scores of Gargantuan defense-centric firms like Lockheed Martin and Raytheon, most of the top technology firms, including Microsoft, HP, IBM, and Amazon, assist the NSA in data analysis.
Now imagine if, say, Microsoft were analyzing email looking for “terrorism” and accidentally found information regarding a soon-to-launch IBM or Google product. It could well use those details to launch a counter-strategy.
Recognize this: Top tech firms are active intelligence contractors. And if you indiscriminately seize public emails, you seize intellectual property and trade secrets. And if you seize intellectual property and trade secrets, handing it to contractors with an interest in some of those secrets, sooner or later you’ll have a dangerous mess on your hands.
This premise extends outside simple email monitoring.
Imagine if the government lost -- or passed to an unscrupulous contractor -- phone records associated with your company that showed one of your employees touring a property you are looking to buy or a potential acquisition target. This information could easily be used against you. It’s unclear just how much personally identifiable location information can be extracted from the unpublished NSA data set, but it seems likely that sooner or later this metadata will be fine-grained enough to pose a serious threat to business secrecy.
Google and Apple not so long ago were left backpedaling when it was revealed their apps cached some location-aware information on user smartphones. Much of the backlash came from corporate users who feared this information could fall into the wrong hands. By contrast, the location-aware aspect of the seized phone record data set is under-discussed and a serious concern that businesses should be aware of.
Privacy isn’t just important to citizens. It’s important to businesses as well.
Regardless of what the masses think, businesses must take a firm stand against ubiquitous surveillance and the laws the enable it. They should worry about these NSA programs and the public’s relative apathy over their dangerous nature. Remember: If businesses give the government a blanket pass to spy on their employees and Internet traffic, it’s only a matter of time before one or more businesses are seriously damaged.
— Jason Mick is senior news editor at the independent tech news site DailyTech.