As if there wasn’t already enough NSA mass surveillance to worry about, last week we got a peek at the agency’s arsenal of tools for exploiting the hardware and software of its targets. They’re best described as a veritable SpyMall catalog of sophisticated concealed gadgets and surreptitious software “implants”, each sneakier than the last in its ability to compromise and extract private data from the computers and phones on which they’re installed. If you still thought there was anywhere in the electronic world to hide after you’re in their sights, this should be enough to disabuse you of that notion once and for all.
This lies atop six months of news of the myriad ways our metadata and, in some cases, our content, is being routinely collected and analyzed, cloud services and communications providers being compromised, and security standards that should be protecting us being sabotaged. The sane reaction seems to lie somewhere between paranoia and despair.
So we have to take small comforts where we can find them. And, paradoxically as it may seem, at least two of the most egregious revelations might actually hold out a glimmer of hope for privacy going forward.
First, we now have evidence, albeit indirect, that the NSA might not have the cryptologic superpowers that some feared they might. In particular, they have had to resort to outright sabotage of a range of security standards and systems that give them trouble. This suggests that a more robust (and un-sabotaged) infrastructure – secured by proper cryptography and without hidden backdoors or so-called “lawful intercept” interfaces – can make mass surveillance genuinely difficult. (And not just more difficult for the NSA. More difficult for other, perhaps less benevolent, nations’ intelligence services as well.) So perhaps we stand a chance after all, at least if we’re not being individually targeted.
Which brings us to the second encouraging bit of news, which is that if you are being individually targeted, you really don’t stand a chance. The NSA’s tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn’t if you’re a target, to be sure. But it means that there is no good reason to give in to demands that we weaken cryptography, put backdoors in communications networks, or otherwise make the infrastructure we depend on be more “wiretap friendly”. The NSA will still be able to do its job, and the sun need not set on targeted intelligence gathering.