All Your Data Are Belong To US

It has become very apparent that something security and privacy professionals have talked about for a long time has become quite real. And I think there’s really no putting the genie back in the bottle, either, sadly.

Basically, once there was enough bandwidth and computing power, it was only a matter of time before all your electronic activity became available to anyone with the ability to harvest it. And now it is becoming quite clear that the NSA now has gathered enough data on phone calls, email, online purchasing, web surfing and undoubtedly much more to be able to piece together pretty much anything about an individual that they want to know. Who you associate with, who you don’t like, what your political leanings are, whether you work conscientiously at your job or surf pornography in your spare time. They can find out.

Of course, given the reality of how big data like this works, an individual person doesn’t actually know all of that personally about another individual in general. Instead, all the data to allow it is in a huge set of data stores. And when it comes time to want to know everything about someone, then a query gets started and suddenly an NSA analyst can provide a full portrait of my activity and behavior to whoever is asking for it. Until then, you are as anonymous as the billion other people whose data sits in there.

Meanwhile, the bad guys are going to muddy the waters, spoof the systems, do everything they can do to hide their own activities and behavior from the NSA.

Congress could pass a law tomorrow preventing this sort of data gathering and big data application to surveillance and intelligence gathering. It won’t matter one bit. The data has been gathered, the methods created, the bandwidth exists and the computing power. If you think the Chinese government isn’t doing this already, I’ve got a bridge in New York to sell you.

I’m not suggesting that you should just give up, shrug your shoulders and ignore the problem. I am suggesting be realistic about this. Realize that if the US government (or China, Russia, France, Israel, UK and many others) really want to know all about someone, they can find out most all of what there is to know. You’re only hope to avoid this is to do what cyber warriors do …. use encryption …. all the time …. never use Facebook, Twitter, LinkedIn … run all your internet connections through multiple proxies. Always use an alias, not your real name. Never use online services provided by major US companies (Amazon, Google, Microsoft, etc). Never buy anything online. Never use credit cards in your own name to buy anything, online or in real life.

Of course, this is completely unrealistic for most of us. We simply can’t go back to the world of 1990. And even then, as Osama bin Laden found out, they can still find you through your eventual connections to people who are communicating with cell phones, posting stuff online, etc.

Basically, you can’t escape, so make your time. All Your Base Are Belong To Us

Advertisements

About Eric Cowperthwaite

Nearly 30 year security professional, 11 years in the US Army, and another 18 in the civilian world. Worked for EDS for 9 years, then for Providence Health & Services as their CSO for 7 years. Now I work for CORE Security as their VP, Advanced Security & Strategy. This blog is not just about security, either physical or information. You can expect to read about cigars, my life, things I think are funny and much more. And I will rail about the FUD that so many security practitioners toss around on a regular basis. Plus, once in a great while, I might actually share a thought or two about security. Did I mention that I will probably blog about cigars? Just to be clear, nothing that I write here represents the position or opinion of my employer. Nothing I write here is proprietary or confidential to my employer. Everything I write here is my personal opinion.
This entry was posted in Big Data, CyberWar, Government, InfoSec, Security, Technology. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s