By Jaime Ortega Simo.
Marcus J. Ranum is a world-renowned expert on security system design and implementation.
1) Cyber Security is an issue that worries many people. Do you think companies like Facebook and Google use the information they gather from their users and work alongside the Intelligence Community agencies like Defense Information System Agency or the C.I.A.?
It seems to be fairly well documented that many web businesses have established streamlined processes for servicing user data requests from government agencies. One of the problems with this is that FISA requests include a gag order requiring the target of the request to say nothing about it. The constitutionality of the process is being challenged and, in my opinion, it is obvious that the constitution
is being bypassed and violated. I don’t think that’s going to make much difference, unfortunately.
2) Are private security intelligence agencies like Sierra GK, AEGIS, CRG, CSS Ltd … involved in cyber security operations that might by any chance target civilians?
One thing that gets largely ignored is that anyone targeted is always also a civilian. Suppose I work for a “legitimate military target” (whatever that is); well, I’m also a human being with a private life and rights as an individual. The trend is to erase those rights based on the suspicion of involvement with something that might make an individual a target for surveillance or investigation – and, of course, it affects the families and normal associates of anyone who is targeted. It’s not possible to say you’re only going to tap one member of a family’s communications if that family shares an Internet connection or phone service. And, when you tap one side of a communication, you’re usually also getting the other side, as well.
It seems to me that your question is really whether I think that too much surveillance and investigation is taking place, and whether it has been privatized. The answer to both of those questions is “yes.”
3) Is the Cyber world an unavoidable reality for our generation in regard to privacy issues?
I think so because of the web of association’s problem. Consider this: if your child has a friend who has a friend who deals drugs – what do you estimate is the likelihood that your child is going to wind up in a database, somewhere, as being associated with drug dealers, if that drug dealer is ever caught and their SMS, call records, email and Facebook relationships are analyzed?
Privacy, historically, has only been a “right” of the rich and powerful. We have enjoyed a brief period during the early part of the history of the US, in which privacy was a populist item and it was felt by all that they had a right to live without being scrutinized. Now, the only people who are able to live without being scrutinized are those who go to great lengths to avoid it, or who are powerful enough to avoid the consequences. Take the case of General Petraeus, for example: what was the FBI doing, being able to access someone’s email and hotel records because they were suspected of having an affair? The last time I checked, “Who is cheating on his spouse?” was not the government’s business. But we see that the broad capabilities are there – put in place in the name of “stopping terrorism”; but, really it’s just general
surveillance. Police states expand, and as they do, they leave the wealthy and powerful alone unless it’s part of an internal purge. What we saw happen with the general is that the surveillance state is now being used for political purposes. President Nixon was forced out of office for doing less than what happens every day in Washington, now.
4) Is the Defense Advance Research Projects Agency the front-runner in engineering new techniques and programs to gather a Total Information Awareness program? Could such a program present controversial technologies once adapted to the system?
The Total Information Awareness program is like a strange zombie – it keeps getting publicly clubbed in the head and killed, but it’s immediately resurrected and starts moving forward again the second public attention turns away from it. What’s important to realize about TIA is not that it’s a programme – it’s not; it’s a destination. (They keep changing its name, and it’s now a many-headed hydra.) The object is to have “total information awareness” and that’s been building … for a long time.
The technologies that are being put in place for such programmes are treason against humanity. And the people who are spending their time developing such things are betraying their own selves and families. Who do they think will be the eventual victims of the surveillance systems that they are building? I hope that they’re wise enough, at least, to be backdooring the systems that they’re building. Because some day we’re going to have to dismantle the police state and it’s not going to go gently.
5) What is your main concern with Private Security in the future?
My concerns are meta-concerns that are mostly to do with what happens when h uman nature expresses itself on technological innovation. The technological innovation side of things doesn’t seem to be likely to stop (which is good, from a standpoint of economics and shiny things) and neither does the tendency of control freaks and militarists to want to surveil, control and weaponize. So, from a high level, my concern is that every useful new thing some clever person comes up with, seems to get tainted by the establishment.
I was on the Internet before there was advertising on it. I was on the Internet before there was spam on it. Now, the biggest and most pressing issues on the Internet appear to involve how to monetize page-views for a billion stupid banner ads. All the big web services have had to build backdoors in to facilitate the surveillance state. This is not progress.
6) What is your main concern with Federal Security in the future?
I’m actually fairly happy about the horrible mistakes that the federal government is making, IT-wise. They have managed to learn absolutely nothing in the last few decades, and the current trend toward outsourcing everything and centralizing data in silos. Since I am concerned about the evolution of the police state, I am happy that Big Brother appears to be getting less competent all the time. I just wish so much money wasn’t being flushed down the toilet in the process.
