As Strong As Your Weakest Link

WhisleblowersAs the old saying goes “You are only as strong as your weakest link”.  Interestingly, in the recent rash of data disclosures from Edward Snowden and his predecessors, the weakest link could well turn out to be of America’s own making.

Outsourcing key data activity to contractors rather than keeping it in-house means your online security is only as good as their employees are; in keeping mum about what they discover about your operations in the course of their daily duties.

Consider the fact, expounded by James Sensenbrenner in a recent editorial, that there are some 500,000 employees of private firms with access to the government’s most sensitive secrets.  And this is just the States.  There are surely more in other countries contracted to undertake similar surveillance.

Some regard the actions of Manning, Assange and Snowden as heroic and others consider them heinous, but which ever side of the the ethical debate you sit on, the fact remains that confidential data was accessed and shared with those it wasn’t intended for.

It is a sobering realisation (or maybe reconfirmation) that it is the low level IT guy who poses your greatest threat. These techs seem to be able to rummage through systems and make discoveries that evade all of the so-called safeguards that the governments throw at them.

Consider for a moment what you might have accessed online or sent to others via email in the past year.  I would suggest that many people who would feel less than comfortable in having a total disclosure of their online habits revealed to the world without their permission.

But is there anything you can do to mitigate the risk that others can and do spy on what you do?

Part of the answer could well have been given by NSA whistle-blower Snowden.  In reply to an online discussion set up by the Guardian newspaper he said that:

Encryption (of email) works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it“.

So there you go.  Even encrypting your email can only assure safe passage between systems and if the systems themselves have a weakness an IT tech on a mission can crack it or share it. Not the most comforting of thoughts and if the technician in question has a thumb-drive (as Snowden is reported to have by Senator Saxby Chambliss of Georgia), then your data could be shared and leaked well beyond the boundaries of your network.

Am I alone in thinking that these revelations could well have profound implications for the future of the Cloud? The ‘contracting out’ of data storage from your own servers to a third party based in another country could well have become a far more difficult decision for businesses to make.

And if you wish to mitigate some of the damage your email might cause you could always try using encryption yourself.  Here is one suggestion: GNU Privacy Guard for Windows which is free software.  Mind you I cannot guarantee that a low-level tech at the NSA hasn’t already cracked it.

Enhanced by Zemanta
About these ads

About thedigitalconsultant

Roger Smith is an international, digital consultant and former British Council Director of Online Operations within the East Asia region. http://thedigitalconsultant.blogspot.com
This entry was posted in Business, Data, Email, Security and tagged , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s