New generation of hackers
According to the latest from the land of Queen Elizabeth, spying agencies will be given unparalleled powers to spy on the British and non British citizens.That, according to those who believe in old, tired idea of privacy, will lead to ‘stasi Britain’ but these are the same people who criticise government agencies when there’s crime.From a technological advancement point of view, there is an escalating technological arms race underway between governments and hacktivists. As authorities step up their surveillance, the hacktivists always establish new ways to subvert it in what is commonly known as crypto war and it’s been going on for as long as I can remember.The past experience shows how online surveillance can provoke hacktivists to develop and disseminate technologies that enhance privacy.We all know that Cypherpunk movement arose in direct opposition to state surveillance by promoting privacy online and released cryptographic code to thwart prying eyes.Public figures continue to raise awareness and provide advice on how to evade surveillance. Use of TOR, a network that allows people to browse the internet anonymously, increased dramatically following Edward Snowden’s revelations about NSA snooping. What all this means is that technologies that enhance privacy are now readily available and widely used. There has already been a marked increase in encrypted internet traffic.Even a friend of mine admitted he used Wickr to encrypt her communications while in a certain African country. Hacktivists have also launched cyber attacks in protest to government activities and surveillance. In recent past we’ve seen distributed denial-of-service attacks targeting at both government and corporate websites.Although arising from benevolent motives, these same tools can be used for more sinister purposes. Illicit marketplaces abound in the dark web. As I shared last month, anyone can anonymously buy drugs, firearms, stolen identification or distribute child pornography online.Hackers are now using encryption to defeat firewalls and overcome anti-virus protection. This has resulted in an upsurge in malware attacks around the world.The ability to conceal identities, communications and locations poses more challenges for law enforcement and security agencies. It makes identifying offenders and accessing evidence even harder.This means additional resources and new technical skills are needed. Various countries in the western world are outlining plans for increased intelligence and offensive cyber capabilities.And that means the arms race in the crypto-war will continue.
After all this, questions abounds about the success of blanket surveillance programs.According to studies, there’s is currently no evidence to indicate this actually increases security.Although surveillance can be effective under narrow conditions and for specific crimes, collecting too much information can also be a barrier to effective intelligence systems.Recent terrorist attacks in Europe reveal how data retention programs that attempt to identify every possible threat are not failsafe. Security agencies become overwhelmed with data.Collecting as much information as possible about as many people as possible may be positively harmful.Significant resources are being spent on strategies with questionable efficacy. These strategies impact privacy, provoke opposition and create new challenges to overcome.Governments are seeking to detect threats through surveillance. But hacktivists are responding to a perceived injustice. Namely, the invasion of the privacy of all internet users.European governments have argued for the need to balance security and privacy. But there are both political and practical problems with this approach like it is happening in UK where new legislation is expected to be discussed after summer recess at the house of lords. Leading experts argue security interests will always outweigh individual rights. But encroaching on the privacy of all internet users just antagonises hacktivists and inspires further development and use of tools to enhance privacy.The security versus privacy trade off becomes a self-defeating paradox.The stakeholders need to rethink this balancing act in a way that respects the rights of internet users. The public needs to have confidence that their privacy is respected and that governments are collecting and using information appropriately.Certainly governments have a responsibility for countering threats like terrorism. But it is important to realise that mass indiscriminate surveillance, and the development of technologies to circumvent it, are evolving together.As I always say, the security agencies may think they are smart in surveillance, but those evading it are even smarter.