Fishing or Phishing
‘We are living in interesting times’: so goes the cryptic Chinese observation, which is really a warning of impending threats. The question is, from which direction do the threats come? From the threat of terrorism and cybercrime, or from over-reaching state surveillance systems that in the eyes of critics are undermining civil liberties? The issue at stake is ‘over-reach’, or security laws that enable ‘fishing’ exercises. No one, for example, objects to surveillance or even to being unobtrusively searched when passing through airport security, but when full body scanners were proposed that could reveal all beneath the clothes a howl of protest went up. When the body scanners were abandoned, cases of aircraft hijacking or bombs-on-board did not shoot up. Over-reach is, of course, only incontrovertibly self-evident after the event.
The real issue is the heightened consequences of anything untoward occurring. ISIS especially has found ways to enact carnage on a scale previously rare. Separately, and notably in the USA, oddballs running around as loose cannons armed to the teeth with combat-grade weaponry made easy to purchase due to lax firearms licensing controls, are raising the stakes of failure to detect and prevent. The Patriot Act was the US response to 9/11, but a combination of the National Rifle Association and the resurgent Right in the Republican Party has prevented any greater security measures to prevent what is starting to look like an almost ritual slaughter of US citizens at home. So the security wonks are onto something. The risks have risen due to the spread of terrorism and the opportunities for cybercrime, and the costs of security failure have risen due to the level of loss of life or of property that can happen.
The UK is a country that has prided itself on being moderately conservative in most things, but not with the proposed security law. As the Financial Times recently put it “Canada, Australia, France, New Zealand and others have introduced powers to give security services and police far-reaching surveillance powers. No country, however, is going quite as far as the UK.” The Investigatory Powers Bill [1] will undoubtedly sail through parliament. Under the Bill Internet companies, for example, will be required to hand over without warrant details of every website an individual visits and every app they use and to hold that information for 12 months. Notably, this is so-called meta-data rather than the content itself. Nevertheless, the only other country to have such a draconian law as it affects data, according to the Financial Times, is Russia.
The problem with all laws, draconian or not, is they are soon superseded by technologies. Will trained terrorists or professional criminals really rely upon ISPs for their access to communications and content? In the era of the Internet-of-Things (IoT) and of apps, more and more “things” are also devices for sending and receiving encrypted communications. At the same time, these devices become weak links in the network, open to criminals to exploit.
As a report in the Wall Street Journal 1st August: “When computer hackers and security pros gather for twin conferences in Las Vegas this week, the focus will be on risks related to the growing assortment of connected thermostats, smartwatches, cars and other devices that the tech industry calls the “internet of things”.
The Internet of Thieves might be an equally apposite name. Phishing for IDs, card and account numbers, security passwords, etc., becomes easier as the number of points of vulnerability grows larger. Even such a trivial mindless game as Pokémon Go soaks up the personal and locational data of the mostly young and innocent players. So is fishing by security services so bad if it combats those who phish? If using Big Data analytics on vast amounts of meta-data can spot the criminal and target the terrorist, isn’t that a good thing? In the subtract the answer has to be Yes, were it not for the reality that is the agency. It is security personnel running these operations. Who is to ensure they play by the rules? Ultimately, that is an issue of trust and there isn’t a lot of that around these days. Following Edward Snowden, do we wonder why?
