At the moment, in New Zealand, there is an independent review of our intelligence and security agencies going on. That has brought out some dedicated protest movements (which you can read about below), and a recent early stage public consultation. This will, hopefully, at some point in the future lead to some positive changes to the New Zealand's intelligence agencies and the laws they operate under.
In August we submitted to the review. Why? Because we care about an open and uncapturable Internet, and because as a voice for the New Zealand Internet Community, we wanted to make sure that the Independent Review heard that perspective on Internet related surveillance issues.
One thing that I’ve been thinking about recently is the idea that, thanks to the Internet, we’ve been in what Peter Swire has called ‘the Golden Age of Surveillance’. It’s a kind of ominous name, but essentially, the last 15-20 years have seen huge parts of our lives move onto the Internet. Our schools, social interactions, banking, and now thanks to wearables and smart-phones, tablets & 4G many of us are Internet connected all over the show. In some cases even the pace at which our heart is beating is immediately updated to the Internet.
Which means that, right now, surveillance has never been easier. Whether you want to know about your customers shopping habits, understand how people walk around your shopping mall, track people’s movements for civic planning and transport reasons, spying on radicals, stopping terrorism, catching murderers, or disrupting organised criminals. The way we’ve been using the Internet, and the way tech companies have had us using the Internet, has made Internet surveillance and signals intelligence an excellent tool for intelligence and law enforcement agencies.
So if someone does something potentially illegal, or dangerous, it’s been really easy to track down information and collect intelligence to track someones actions and stop ‘badness’.
More and more however, I believe that this situation is starting to come to an end.
We’re used to hear the grumpy Internet voices raise up with chants like “HACK the PLANET, HACK ALL THE THINGS” etc. The noun ‘spook’ is often applied to undercover agents and alludes to their ability ‘to walk or act like a ghost.' The term has been used by these agencies as almost a badge of honor to denote how successful their covert operations have been. Unfortunately, of late, it seems the spooks have unintentionally moved to embodying a slightly different definition of the term…“To startle and cause nervous activity in; frighten.
As a reaction to this startling of the populace, I’m seeing and hearing a change in the Internet mantra to ‘crypto all the things’ and “if you can’t protect it, don’t collect it”.
In the weeks after the Snowden revelations about Prism, Google moved to not only encrypt all the communication between its data centres, but also to proactively move all of its applications to technologies which are encrypted all the way to the end user’s browser (if A is for Alphabet, then S must be for Security). They had been spooked into protecting themselves, and hopefully all of us from the spooks.
I’m seeing similar moves by companies to limit the amount of Personally Identifiable Information they gather and keep on clients and suppliers. More than a few e-commerce sites now outsource the entire payment chain, along with credit card numbers etc, to payment gateways rather than keep this information in their own systems. Why? If you don’t have it, no one can steal it from you. You’re also never going to have to explain to the Privacy Commissioner why you didn’t take adequate precautions to protect your customers data. Corporate Risk mitigated, CHECK!
Now me, I think more secure comms and less plain text that’s a good thing. As more and more of our personal information, lives and relationships end up online, the security of our communications and information needs to get better. Making our communications private by default is a good thing. Companies either not keeping, or encrypting, the information they hold about us is a good thing.
Yes, there will be people doing bad things, but more privacy and more encryption makes it harder for many criminals to obtain and use our personal and financial information as well. Yes, it will make things more inconvenient for law enforcement and surveillance agencies, but better encryption and privacy online is a good thing for all of us.
Recently, as a part of a wide-ranging discussion, one official pointed out that intelligence agencies were losing a significant resource that could make their life harder. I’m sympathetic to that point. I imagine that this closing down of easily accessed content must be confronting for intelligence analysts and investigators. If you can just get a trove of communications data about the people you’re investigating and you have been doing that for over a decade, losing that could be a bit scary.
When you lose your ability to sniff it all and collect it all. Then your ability to know, process and exploit it all is limited. I can see how that would seem threatening to some.
But you can’t halt the march of history. And this Golden Age of Surveillance is starting to be consigned to the history books. Now that this golden age is coming to an end, I’d like to think that here in New Zealand our public servants are sophisticated enough to work with the Internet and not try to hold back the encrypted tide....
As for government-only backdoors? That particular sound-bite needs a separate blog post to dissect...