As the old saying goes “You are only as strong as your weakest link”. Interestingly, in the recent rash of data disclosures from Edward Snowden and his predecessors, the weakest link could well turn out to be of America’s own making.
Outsourcing key data activity to contractors rather than keeping it in-house means your online security is only as good as their employees are; in keeping mum about what they discover about your operations in the course of their daily duties.
Consider the fact, expounded by James Sensenbrenner in a recent editorial, that there are some 500,000 employees of private firms with access to the government’s most sensitive secrets. And this is just the States. There are surely more in other countries contracted to undertake similar surveillance.
Some regard the actions of Manning, Assange and Snowden as heroic and others consider them heinous, but which ever side of the the ethical debate you sit on, the fact remains that confidential data was accessed and shared with those it wasn’t intended for.
It is a sobering realisation (or maybe reconfirmation) that it is the low level IT guy who poses your greatest threat. These techs seem to be able to rummage through systems and make discoveries that evade all of the so-called safeguards that the governments throw at them.
Consider for a moment what you might have accessed online or sent to others via email in the past year. I would suggest that many people who would feel less than comfortable in having a total disclosure of their online habits revealed to the world without their permission.
But is there anything you can do to mitigate the risk that others can and do spy on what you do?
“Encryption (of email) works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it“.
So there you go. Even encrypting your email can only assure safe passage between systems and if the systems themselves have a weakness an IT tech on a mission can crack it or share it. Not the most comforting of thoughts and if the technician in question has a thumb-drive (as Snowden is reported to have by Senator Saxby Chambliss of Georgia), then your data could be shared and leaked well beyond the boundaries of your network.
Am I alone in thinking that these revelations could well have profound implications for the future of the Cloud? The ‘contracting out’ of data storage from your own servers to a third party based in another country could well have become a far more difficult decision for businesses to make.
And if you wish to mitigate some of the damage your email might cause you could always try using encryption yourself. Here is one suggestion: GNU Privacy Guard for Windows which is free software. Mind you I cannot guarantee that a low-level tech at the NSA hasn’t already cracked it.