Civil libertarians are outraged at the revelation the NSA is reportedly spying on more than one-third of Americans -- obtaining phone records from phone companies, in case it might need them for later use. Edward Snowden, the man who leaked details of that program, also revealed a second effort dubbed “Prism,” which represented a more aggressive grab of email and other communications. (See: Prism Exposes Unwritten Privacy Rules.)
While Prism's scope (thankfully) appears to be limited, a recent study by The Pew Research Center suggests a near majority of US citizens happily embrace the potential for broader email monitoring by the federal government. In the survey, 45 percent of Americans say they’re fine with the government reading all email communications in the country.
Civil liberties aside, that sentiment should sound loud warning bells in the corporate sector.
Regardless of Orwellian abuses, business knows all too well the government -- intelligence agencies included -- has a horrendous track record when it comes to security (a fact further underscored by the leak of these program details). Apart from hackers in China, a disgruntled ex-employee, a careless worker... imagine if the government could access your emails -- and somehow those emails were leaked to the world at large, including your competitors.
The government recently offered to help utilities “improve” security by sharing information. Utilities rebuffed these efforts. As Reuters reports:
But utilities termed the report as overblown, saying their systems were adequately protected through mandatory standards set by the North American Electric Reliability Corp (NERC) that ensure separation of control systems and consumer-facing or administrative networks.
"The majority of those attacks, while large in number, are the same attacks that every business receives" through web-connected networks, Arkansas Electric Cooperative Corporation Chief Executive Duane Highley told the hearing...
"NERC has it covered. Please don't mess up."
Aside from employee leaks and foreign intellectual property theft, the NSA incident illustrates another danger -- contractors using the seized data against their business rivals. In addition to the scores of Gargantuan defense-centric firms like Lockheed Martin and Raytheon, most of the top technology firms, including Microsoft, HP, IBM, and Amazon, assist the NSA in data analysis.
Now imagine if, say, Microsoft were analyzing email looking for “terrorism” and accidentally found information regarding a soon-to-launch IBM or Google product. It could well use those details to launch a counter-strategy.
Recognize this: Top tech firms are active intelligence contractors. And if you indiscriminately seize public emails, you seize intellectual property and trade secrets. And if you seize intellectual property and trade secrets, handing it to contractors with an interest in some of those secrets, sooner or later you’ll have a dangerous mess on your hands.
This premise extends outside simple email monitoring.
Imagine if the government lost -- or passed to an unscrupulous contractor -- phone records associated with your company that showed one of your employees touring a property you are looking to buy or a potential acquisition target. This information could easily be used against you. It’s unclear just how much personally identifiable location information can be extracted from the unpublished NSA data set, but it seems likely that sooner or later this metadata will be fine-grained enough to pose a serious threat to business secrecy.
Google and Apple not so long ago were left backpedaling when it was revealed their apps cached some location-aware information on user smartphones. Much of the backlash came from corporate users who feared this information could fall into the wrong hands. By contrast, the location-aware aspect of the seized phone record data set is under-discussed and a serious concern that businesses should be aware of.
Privacy isn’t just important to citizens. It’s important to businesses as well.
Regardless of what the masses think, businesses must take a firm stand against ubiquitous surveillance and the laws the enable it. They should worry about these NSA programs and the public’s relative apathy over their dangerous nature. Remember: If businesses give the government a blanket pass to spy on their employees and Internet traffic, it’s only a matter of time before one or more businesses are seriously damaged.
@Mitch: I know -- I was thinking on a more grand scale where even encrypting one's email would be an offense unless the govnerment had a key.
From a security standpoint, I think it's important to remember that after a certain point there are serious diminishing returns on effort. One should not spend more on security than it would cost to deal with a breach; it makes no sense to spend even 1.1X on something that would only cost X to repair/deal with if security failed.
Okay, but we've got a ton of legislators --including my own -- who are suddenly freaking out about this when it has been within their power ever since they were elected to repeal the PATRIOT Act. I'm not even sure President Obama has the power to *not* follow it, since Congress passed it.
Weren't a lot of people upset about the rammifications of PATRIOT Act spying under President Bush? I certainly felt it was dangerous and spoke out against it, as did a number of other folks.
Even President Obama seemingly believed it. Here's a campaign statement from 2008:
Revise the PATRIOT Act. Barack Obama believes that we must provide law enforcement the tools it needs to investigate, disrupt, and capture terrorists, but he also believes we need real oversight to avoid jeopardizing the rights and ideals of all Americans. There is no reason we cannot fight terrorism while maintaining our civil liberties. Unfortunately, the current administration has abused the powers given to it by the PATRIOT Act.
Why shouldn't we be concerned about the President endorsing this kind of monitoring when he himself called this program abusive back in 2008.
If anything wouldn't it be racist if we condemned President Bush and gave Obama a blank check? I think most people are more concerned about policy than skin color -- most sensible folk, anyways.
You have the right idea. However, I think you understimate how many companies play a role in both government data mining and the private sector... a lot of big companies have data mining units or provide cloud resources for data mining. Of course most of this is off the record, but recent reports have suggested that Amazon and the CIA have a $600M USD cloud computing contract established: http://fcw.com/Articles/2013/03/18/amazon-cia-cloud.aspx?Page=1
Whether or not it's true, I think it's bound to happen. After all most of the best companies at data mining and hosting (e.g. Microsoft, Amazon, Google, IBM, Apple, etc.) are also in the consumer sector. Marketing analytics provides a lot of real world experience in handling massive data sets and behavioral prediction -- the kind of real world expertise a specialist (non-consumer) firm would be unlikely to have.
@Kim
The basic idea is that if the government hands company A a contract to handle and analyze harvested emails or call records and company B is a competitor, if oversight is poor and if company A is less than scrupulous it could use its access to spy on its competitor, company B. As the whole contract would likely be secret, company B might not even realize it was being spied on.
Again, as far as we know the government isn't collect email on that scale -- yet. However, given public apathy that could change, particularly if companies who might score big contracts lobby the right people in Congress and the White House.
And even the location and calling information that we know now the government currently collects could pose a lesser risk to corporate secrecy in such a scenario.
This stuff has been going on since the so-called PATRIOT Act after 9/11. This faux outrage because now it's a black Democratic President in charge is really annoying.
Kim, I think the idea is that government would contract out the actual analysis of email to a private company. But aren't intelligence contractors specialists?
smkinoshita - Law enforcement is already trying to demand that individuals give up their encryption keys, for example during border crossings. They're having mixed success in court.
Will companies go along when government asks for more information? Or will they push back?
Consumers are willing to give up information in exchange for services or goods. What incentives would corporations have to do the same with government?
I am having trouble drawing a link between what the government has been doing and potential for Microsoft to spy on Google, or vice versa. If the government gets a court order for Microsoft or Google to hand over some set of emails, how does that help the corporations spy on each other (or prevent them from spying on each other anyway)?
"So what's next? Encryption and demands for the encryption keys? Or security so paranoid that it doesn't trust itself and cripples its effectiveness?"
Well, hopefully it doesn't come to that. :)
A little encryption is common sense, but once businesses are forced to operate under the premise that all of their data is being compromised, it's going to be a pure mess.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
While outsourcing can initially appear to deliver massive cost savings, some firms are starting to wake up to its hidden costs -- shipping, production latency, and quality control. But perhaps the biggest hidden cost of outsourcing is intellectual property (IP) theft.
The version of Windows 8.1 that Microsoft previewed this week is a step in the right direction, but it shows that Microsoft is still missing the boat in some ways.
Whether you’re an engineering firm that uses CAD for parts design, or an e-business that leverages Photoshop for user-interface graphics, you likely require a modest graphics-processing unit. In the old days, this was a daunting hurdle to innovation, but today, the situation has improved thanks to technologies like NVIDIA’s GRID and Microsoft’s RemoteFX. Such virtualized graphics protocols allow you to load-balance graphics-intensive workloads from virtual desktops on a server-side graphics card.
Take a trip down memory lane and imagine, if you will, a system-on-a-chip with Apple IIe-like specs -- 4KB of RAM and 32KB of flash. Add some modern niceties like an ARM Cortex-M0+ 32-bit pipeline, 12-bit DAC, and low-power UART, and you have Freescale's recently unveiled Kinetis KL02, which the company calls "the world's smallest ARM Powered MCU."
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
