Cyber security has been a major topic of concern within the government over the last year or so. Republicans have made it a major priority for the coming year, and Obama spoke on the need for new programs and efforts concerning communication within government and business, and between government and businesses, to help each other keep customers and American citizens safe from hackers and security threats to their personal information. Of course, this comes after a year of hacking threats and cyber espionage, but it also comes after a year of intense privacy and surveillance concerns brought on by the release of National Security Agency documents from former analyst and current whistle blower Edward Snowden.
And given the most recent information released by Snowden to the Intercept, paranoia about government overstep with privacy issues is entirely appropriate. According to the Intercept, the documents released to the publication show evidence of a cooperative infiltration done by the NSA and Britain’s Government Communications Headquarters of a cell company in the Netherlands called Gemalto. Gemalto is a global firm that produces phone and credit card chips used by major mobile carriers like AT&T and Verizon. The company’s parts are used by 450 wireless network providers in 85 countries, with factories and headquarters both in and out of the U.S..
Security analysts agree: It’s a major breach of security. “They have the functional equivalent of our house keys,” said Mark Rumold, staff attorney with Electronic Frontier Foundation, to the Guardian. “That has serious implications for privacy not just here in the U.S. but internationally.” Basically, what the keys do is allow these government agencies access to mobile devices sans review or permission from mobile companies or other nations. So the discussion from President Barack Obama and his administration with tech companies on the need for open lines of communication between businesses and the government for the safety and security of the U.S. and its businesses from hackers and infiltration is a very different conversation considering this latest piece of news.
Government agencies within the U.S. can already access a great deal of the information without even seeking approval for data collection — another major issue with phone companies last year — instead of going straight to monitoring communications. The extent of privacy and information violation is disturbing, to say the least, and is certainly of international concern in terms of how nations view the spy tactics of the U.S. and British government. The Netherlands will almost certainly feel added strain given the breach of trust demonstrated by U.S. government hacking into one of its businesses — probably similar to how the U.S. reacts to Chinese hackers, except that the diplomatic and historical nature of the relationship between the U.S. and the Netherlands is far different, and justification for such actions, far less arguable in terms of a back and forth technological hostility. “It’s unbelievable. Unbelievable,” Gerard Schouw of Dutch Parliament said, according to TI. “We don’t want to have the secret services from other countries doing things like this.”
“I’m disturbed, quite concerned that this has happened,” Gemalto’s executive vice president, Paul Beverly, told TI. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure it doesn’t happen again, and also to make sure that there’s no impact on the telecommunication operators that we have served in a very trusted manner for many years. What I want to understand is what sort of ramifications it has, or could have, on any of our customers.”
The Guardian, the first publication to publish documents provided by Snowden, published one case of U.S. monitoring that also irritated international sentiment: the monitoring of German Chancellor Angela Merkel’s phone. The general effect this disclosure, in combination with others over the last year or so, will have on international relations for the U.S. is quite significant.
National security is often the knee jerk response to accusations of government surveillance overstep. Unfortunately, this breach of international trust may be difficult to justify given the other ways there are to get information with international cooperation. “This was the easy way,” said Nicholas Weaver, International Computer Science Institute researcher, to The Daily Beast.
“Attack a NATO [member’s] company, and gain the keys for everybody. But it wasn’t the elegant way. If the GCHQ [British intelligence] wanted to target individuals and was willing to wait a day or two to decrypt a new target, they could have set up a pipeline where the GCHQ asked the Netherlands, which asks Gemalto to provide the keys for a set of targets.” The same obviously goes for the United States. “If they wanted to just target some countries, they could have also targeted recipient [telecommunications companies], rather than a NATO company. But that would require more work.”
Perhaps the most convenient justification is the “he did it too” justification. If British intelligence is able to gain access to this information and the capabilities it represents, then by failing to take advantage of the hacking opportunity, the U.S. would fall behind. It’s mutual escalation internationally, to keep up with intelligence capabilities and to keep the U.S. competitive. But this is hardly a solid argument either. The U.S. could certainly have prevented as easily as it collaborated.
Follow Anthea Mitchell on Twitter @AntheaWSCS
More from Politics Cheat Sheet:
- 3 Cyber Warfare Strategies You Should Be Aware Of
- Can Obama’s Cybersecurity Plan Work?
- Anthem, Sony, and China: Here’s What We’ve Learned About Cyber-Attacks
Check out Politics Cheat Sheet on Facebook