Stop collecting metadata.
For months now the news has been filled with details of sensitive intelligence activities leaked by Edward Snowden, a former National Security Agency (NSA) contractor. Not all the so-called revelations have been particularly newsworthy. We have, for instance, learned, courtesy of Mr. Snowden, that our spy agencies actually do what we pay them to do and spy on other nations.
Certainly, however, the most inflammatory revelation, has concerned the gathering of metadata from the electronic communications of American citizens. This means, according to press reports, not that the government is routinely collecting the content of all online and telephone communications but that it is collecting the metadata associated with those calls.
For instance, the government is, apparently, collecting numbers that you call and the numbers that those numbers call and the dates and times on which those calls are placed. Those individuals with experience in intelligence can tell you that this kind of data is extremely useful in being able to build a picture of an individual's activities and contacts and potentially pictures of entire groups and organizations.
It is also, of course, an extremely intrusive practice. I count myself amongst those who consider it, in fact, to be a clear infringement of the 4th Amendment. I don't begrudge the government's interest in this kind of information. I do think if they want it, they need a warrant and some clear indication of wrongdoing on my part. It is not the capability to collect the information to which I object, it is the widespread use of the capability to collect data on law abiding American citizens.
President Obama, the 44th President of the United States, reflects as he contemplates the burden of the office. | Photo: Pete Souza |
Now our President has proposed a solution. Characteristically not a solution of his own fashioning, of course, but a solution proposed by some sort of task force that he established for this purpose. It is, after all, his hallmark to always lead from behind.
This commission's brilliant proposal is that we should continue to collect all of the metadata in the same fashion that we do today. However, instead of this metadata being stored in servers under the control of government agencies like the NSA it will now be stored in banks of private servers. In other words, following the pattern of the last decade, we are going to contract out the job of infringing on your privacy. Apparently, the idea is that, since your personal data will now be held by some company instead of by the US government you should feel better about your situation.
Let's forget about a number of things for a moment. Let's forget, for instance, that this proposal does absolutely nothing whatsoever to address the primary concern, which is a collection of the data in the first place. Let's also forget that despite repeated requests from Congress the government remains incapable of actually pointing out any significant number of cases in which this bulk collection of metadata has lead to successes in thwarting terrorist attacks or threats from hostile nations.
Let's just focus for a moment on the whole idea that we are going to trust private companies to hold and safeguard incredibly sensitive personal information on hundreds of millions of Americans.
Just as the President was trotting out his new idea to privatize the holding of sensitive data on the communications of private citizens, the world was being informed of the massive breach of Target's servers by hackers intent on stealing credit and debit card numbers. Using malware that was placed onto the company's network of credit card reading machines, hackers stole shoppers' personal information and compromised 40 million cards, only three weeks before Christmas.
But, while the scale and the timing of the compromise attracted attention, the Target hacking incident was simply the latest in what has become an epidemic of large-scale, highly sophisticated attacks on private companies.
Let's walk through a few just to make a point.
Six people were arrested for their involvement in a worldwide operation targeting ATM machines connected to Middle Eastern banks. Using information taken from the hacked computer systems of the banks, the six stole $45 million. Other "cells" involved in the same operation, are believed to still be active in at least twenty countries.
The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances. | Photo: |
The press reported that a flaw in a "staggering number" of apps for the IPhone and IPad could be exploited to allow malicious hackers to target the devices, send malicious information to the gadgets and redirect their communications through servers under the control of the hackers.
Adobe announced that it had discovered a major security breach, which compromised the ID's, passwords and credit card information of three million customers. A few weeks later it admitted that the breach had been a little worse than it thought and that it impacted 38 million individuals.
The press reported that Israel had been the target of a major cyberattack, and that hackers had shut down a key tunnel that forms part of the nation's national road security network. The attack knocked out key security operations two days in a row and caused hundred of thousands of dollars in damage. Experts stated that the attack appeared to have been launched by a private group not a hostile government.
Vodafone Germany reported that its data servers had been targeted and that hackers had gained access to the personal information on 2 million customers.
The Chaos Computing Club, a group of German hackers, revealed that it had already hacked the new IPhone fingerprint scanner and then posted a video on YouTube showing how to do it.
Symantec, a computer security company issued a report saying that it had identified an elite group of hackers called "Hidden Lynx", which was more skilled than the Chinese People's Liberation Army unit APT1, which conducts offensive cyber attacks on US and other foreign targets. According to Symantec, "Hidden Lynx" has the capacity to mount long-term, advanced persistent attacks on the world's most sophisticated computer systems. Such attacks, often taking place over a period of years, result in hackers taking complete control of target computer systems and granting themselves system administrator privileges.
I could go on, but that's probably enough.
This is the reality of the world in which we now live. Our computer systems are under assault, our most sensitive data is being stolen, and we far too often far too late to do anything about it.
And yet, our government, the same government, which cannot even stand up and operate a website, now wants you to trust them to place information regarding your private communications in the hands of exactly the kinds of companies, which are having their computer systems compromised daily. The President will likely press his case. He will give rousing speeches. He will promise us security. He will ask us to place our trust in him to see the job is done right.
I don't know about you, but I have a better idea; Stop collecting the data
. I'm not in a trusting mood.