Two years since Edward Snowden instigated a global furore over electronic espionage, what has changed? The short answer is: not much. America has introduced some minor reforms to the way it collects and stores “meta-data”— the details of a message’s origin, duration and direction. Public opinion in Germany, Indonesia and Brazil has been outraged by the news (hardly surprising) that the spies of the world’s most powerful country are interested in their leaders’ decision-making.
But the dreams of the “Snowdenistas” — Snowden’s impressionable followers — have faded. Outrage remains muted. Most people want their country’s spy agencies to hunt terrorists, criminals and spies. The Bourne Identity and other films about spooks with global snooping powers are entertaining, but only the Snowdenistas think they reflect real life.
Meanwhile their hero remains in exile in Russia, his credibility ebbing with every week he spends under the protection of Vladimir Putin. The irony is striking. In the Snowdenistas’ paranoid fantasies about the West, corporate and government power are fused, critics ruthlessly repressed and a pervasive surveillance state tramples on civil liberties. Nothing in Mr Snowden’s stolen documents suggests that anything of the kind is going on in Britain and America. But that is exactly what life is like in Russia.
The Snowdenistas have managed, however, to deflect attention from the real threat to our safety and freedom: the inherent flaws of the internet. Created to foster co-operation among academics, the network of networks was never designed to become the central nervous system of modern life. Yet we now depend on it for our most vital business and messaging. And we do so from a position of grave weakness and danger.
The real problem we face on the internet is not spy agencies such as America’s NSA or Britain’s GCHQ. They have no interest in the vast majority of people. Their staff did not sign up for bit parts in George Orwell’s 1984. They are citizens like you and me. Some even read The Times. Their job is to exclude irrelevant data, so as to focus on people who want to do us harm.
Advertisement
In other words, if you receive phone calls from a terrorist, they will notice. But if they can then discard you from their investigations, they will do so gladly. Conversely, if they are seriously interested in you, nothing will hold them back. As long as a person is sending a message, or receiving it, spies will find a way of reading it — if necessary by hacking into the screens and keyboards of the devices concerned.
The real root of our problems on the internet is the question of identity. How do we prove who we are? And how do we make sure that the people and places we think we are dealing with online are indeed what they claim to be? The farrago of passwords, logins and “security questions” is worse than useless. It creates the semblance of security, without offering anything that deters the determined attacker.
Take for example the woes of the millions caught up in the breach of the Ashley Madison dating website. Some may be innocent victims — it would be child’s play to sign up for the site as “PM4hotties” using an email such as david.cameron@ gsi.x.gov.uk. Others will have a lot of explaining to do if leaked data shows that the last four digits of the credit card used to subscribe to the site happens to match their own.
Our internet privacy rests on astonishingly flimsy foundations: it relies not just on our ability to manage passwords properly (lamentable), but also on the professionalism of the businesses and other organisations that store them (dire). Cracking or guessing credentials is easy; criminals trade our details freely on the “dark web”. Once they break into an email account, they can send messages, laden with attachments containing malware, or direct recipients to a website that will infect their computers. Lax security makes us unwitting accomplices in other people’s crimes.
Our physical safety is at risk too. The “internet of things” is growing fast, with hundreds of millions of devices from cars to fridges and central heating boilers wirelessly connected to networks that give hackers, pranksters and other malefactors free rein. As always during the development of the internet, we prize innovation and low cost over security.
Advertisement
We need a wholesale and urgent cultural change in our attitude to online safety. The decisions we face are difficult, involving trade-offs between freedom and security, of the kind we already make in real-life matters, such as road safety and public health. But don’t expect any help from the Snowdenistas. Their zealotry and absolutism work beautifully when facing the imaginary enemy of the surveillance state. It is precious little use when it comes to the real world.