2013 will be remembered as the year when the world woke up to the dramatic changes occurring in the world of security in the internet age. The Snowden revelations have exposed the highest level of online espionage and the vulnerability of online data to attack.
The latest leaks, published in German newspaper Der Spiegel, allege that Britain’s GCHQ used malware, software more commonly associated with hackers than with governmental institutions, to access the computers of engineers working for one of Belgium’s biggest telecommunications companies.
We are headed towards a world in which transparency is inevitable – despite the increasingly stringent efforts of governments to protect their secrets. The Security and Defence Learning track at ONLINE EDUCA BERLIN 2013 will explore the ramifications of this new age of openness.
By Alasdair MacKinnon
The fortresses of the internet age are the data centres. These are the hidden hubs of the internet, often buried deep in the countryside near the power stations that satisfy their vast electricity demands. Lawrence Jones, the founder of UKFast, described these on the BBC’s The Bottom Line (here at 5:52) as “hostile environments”, surrounded by prison fencing, with huge gates, biometric security, and guards on patrol 24 hours a day. Inside are huge aisles of data storage banks, sucking in frozen air from below and expelling it boiling hot on the outside. This is the forbidding industrial landscape of the data age.
Yet there is an inherent contradiction to this bristling show of defence: for while the razor-wire and guard dogs offer some basic physical protection to the computers, they do not actually secure the data within them. They are the illusion, or the threat, of security in an age which has found many ways to get round a simple chain-link fence.
For in the online world, there is no such thing as an impenetrable fortification. The un-stormable castles and unbreakable prisons gained security through isolation; but it is inherent in the nature of the Internet that everything is connected to everything else. Even the best-guarded system can be compromised, from inside, outside, as the result of malice or human error. Keeping a secret online has become a gigantic task, and one which Dr Harold Elletson of the New Security Foundation, chair of Security and Defence Learning, believes will eventually prove impossible.
“We are going through a period in which there are enormous demands placed on intelligence and security services to provide information in very difficult circumstances,” he says. “However, governments and businesses have not yet come to terms with the implications of the Internet, and I suspect that sooner or later it will become clear that the process of increasing transparency is unstoppable.”
The PRISM scandal exemplifies the self-defeating nature of Internet secrecy. Internet communication presented the US surveillance agency, the NSA, with a vast amount of information to be clandestinely collected and analysed. To deal with it, they entered into partnerships and arrangements with private companies, and added private contractors to the payroll – thus losing much control over the people they were employing, and inviting future whistleblower Edward Snowden within the walls.
In the wake of his revelations, governments are coming to realise that one of the few defences they have against leaks is deterrent justice – something many consider to be as antediluvian as prison fences and razor wire themselves. The fugitive Edward Snowden has been charged with three counts of espionage, while Chelsea Manning is serving 35 years, having been prosecuted for 22 different offences including “aiding the enemy”.
This knee-jerk tightening of security, however, is not something Harold Elletson thinks will last for long. “The Web may go through another evolution in which it appears that data can be protected but, ultimately, protecting information that is stored or transmitted electronically will be increasingly difficult. This means that Governments and corporations will have to cope with living, operating and doing business in a more open environment. They need to start thinking now about what this means for recruitment, training and strategic planning.”
The secrecy with which governments and businesses habitually carry out much of their work is doomed to fade away – leaving behind, it is to be hoped, fairer and more equal societies. It is a transformation not unprecedented in history – where a new communicative technology contributes to the erosion of injustice.
When the Liverpool and Manchester Railway was opened in 1830, it revealed first-hand to the urban populations of the two booming industrial centres the gross corruption of the electoral system.
Riding the new railway, citizens of Liverpool, represented by one MP, and citizens of Manchester, with none, could stop off at the tiny village of Newton along the way – at that time a parliamentary borough, with the authority to elect two representatives to Westminster. The railway, in linking two disenfranchised conurbations with a rotten borough lying between them, removed the veil of secrecy that hid the electoral process, supporting a growth of public consciousness that led to the passing of the “Great” Reform Act of 1832.
There are, however, those who strike a note of caution at the idea that the workings of government and security services can become public knowledge – among them MI5 chief Andrew Parker, who in his first public address in office warned that “it causes enormous damage to make public the reach and limits of GCHQ techniques. Such information hands the advantage to the terrorists. It is the gift they need to evade us and strike at will.”
Is there a danger that security services will be unable to function at all outside of the shadows?
In fact there is some evidence that transparency is a better strategy than a reliance on secrecy. It has long been a maxim of cryptographers that a code should work even when those trying to break it know exactly how it works. Knowing the method by which information is protected should not yield any information as to what that information is: and today, most of the coded information sent over the internet is encrypted securely using algorithms that are public knowledge.
There is no reason why whole security systems should not also have to stand this test: the best security services will be able to function even when the enemy knows what they are up to. Cryptographer Bruce Schneier puts it this way: “every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness – and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility.”
As we enter a transitional age between secrecy and openness, we must realise that obscurity is only the illusion of security.
“The End of Secrecy and What It Means” will be chaired by Janis Folkmanis, former advisor to the President of Latvia. Speakers include Harold Elletson, Jesus I. Nuñez Perez, writer and composerLeonardo de Arrizabalaga y Prado and journalist and author Beate Wedekind.