Not in a Trusting Mood
Please visit our sponsor.
In other words… we are going to contract out the job of infringing on your privacy.
Stop collecting metadata.
Certainly, however, the most inflammatory revelation, has concerned the gathering of metadata from the electronic communications of American citizens. This means, according to press reports, not that the government is routinely collecting the content of all online and telephone communications but that it is collecting the metadata associated with those calls.
For instance, the government is, apparently, collecting numbers that you call and the numbers that those numbers call and the dates and times on which those calls are placed. Those individuals with experience in intelligence can tell you that this kind of data is extremely useful in being able to build a picture of an individual's activities and contacts and potentially pictures of entire groups and organizations.
It is also, of course, an extremely intrusive practice. I count myself amongst those who consider it, in fact, to be a clear infringement of the 4th Amendment. I don't begrudge the government's interest in this kind of information. I do think if they want it, they need a warrant and some clear indication of wrongdoing on my part. It is not the capability to collect the information to which I object, it is the widespread use of the capability to collect data on law abiding American citizens.
Now our President has proposed a solution. Characteristically not a solution of his own fashioning, of course, but a solution proposed by some sort of task force that he established for this purpose. It is, after all, his hallmark to always lead from behind.
This commission's brilliant proposal is that we should continue to collect all of the metadata in the same fashion that we do today. However, instead of this metadata being stored in servers under the control of government agencies like the NSA it will now be stored in banks of private servers. In other words, following the pattern of the last decade, we are going to contract out the job of infringing on your privacy. Apparently, the idea is that, since your personal data will now be held by some company instead of by the US government you should feel better about your situation.
Let's forget about a number of things for a moment. Let's forget, for instance, that this proposal does absolutely nothing whatsoever to address the primary concern, which is a collection of the data in the first place. Let's also forget that despite repeated requests from Congress the government remains incapable of actually pointing out any significant number of cases in which this bulk collection of metadata has lead to successes in thwarting terrorist attacks or threats from hostile nations.
Let's just focus for a moment on the whole idea that we are going to trust private companies to hold and safeguard incredibly sensitive personal information on hundreds of millions of Americans.
Just as the President was trotting out his new idea to privatize the holding of sensitive data on the communications of private citizens, the world was being informed of the massive breach of Target's servers by hackers intent on stealing credit and debit card numbers. Using malware that was placed onto the company's network of credit card reading machines, hackers stole shoppers' personal information and compromised 40 million cards, only three weeks before Christmas.
But, while the scale and the timing of the compromise attracted attention, the Target hacking incident was simply the latest in what has become an epidemic of large-scale, highly sophisticated attacks on private companies.
Let's walk through a few just to make a point.
Six people were arrested for their involvement in a worldwide operation targeting ATM machines connected to Middle Eastern banks. Using information taken from the hacked computer systems of the banks, the six stole $45 million. Other "cells" involved in the same operation, are believed to still be active in at least twenty countries.
The press reported that a flaw in a "staggering number" of apps for the IPhone and IPad could be exploited to allow malicious hackers to target the devices, send malicious information to the gadgets and redirect their communications through servers under the control of the hackers.
Adobe announced that it had discovered a major security breach, which compromised the ID's, passwords and credit card information of three million customers. A few weeks later it admitted that the breach had been a little worse than it thought and that it impacted 38 million individuals.
The press reported that Israel had been the target of a major cyberattack, and that hackers had shut down a key tunnel that forms part of the nation's national road security network. The attack knocked out key security operations two days in a row and caused hundred of thousands of dollars in damage. Experts stated that the attack appeared to have been launched by a private group not a hostile government.
Vodafone Germany reported that its data servers had been targeted and that hackers had gained access to the personal information on 2 million customers.
The Chaos Computing Club, a group of German hackers, revealed that it had already hacked the new IPhone fingerprint scanner and then posted a video on YouTube showing how to do it.
Symantec, a computer security company issued a report saying that it had identified an elite group of hackers called "Hidden Lynx", which was more skilled than the Chinese People's Liberation Army unit APT1, which conducts offensive cyber attacks on US and other foreign targets. According to Symantec, "Hidden Lynx" has the capacity to mount long-term, advanced persistent attacks on the world's most sophisticated computer systems. Such attacks, often taking place over a period of years, result in hackers taking complete control of target computer systems and granting themselves system administrator privileges.
I could go on, but that's probably enough.
This is the reality of the world in which we now live. Our computer systems are under assault, our most sensitive data is being stolen, and we far too often far too late to do anything about it.
And yet, our government, the same government, which cannot even stand up and operate a website, now wants you to trust them to place information regarding your private communications in the hands of exactly the kinds of companies, which are having their computer systems compromised daily. The President will likely press his case. He will give rousing speeches. He will promise us security. He will ask us to place our trust in him to see the job is done right.
I don't know about you, but I have a better idea; Stop collecting the data. I'm not in a trusting mood.
Charles Faddis, Senior Intelligence Editor, Former Cia Operative, Host Of Uscs: Charles S. Faddis, President of Orion Strategic Services, LLC is a former CIA operations officer with twenty years of experience in the conduct of intelligence operations in the Middle East, South Asia and Europe. He has worked against the most dangerous terrorist organizations on the planet and has extensive firsthand experience with their methodology and tactics. His last assignment prior to retirement in May of 2008 was as head of the CIA's terrorist Weapons of Mass Destruction unit. He... (more...)