When I wrote the piece, Is the AV industry in bed with the NSA, I concluded that on balance it probably is. I have no evidence. It’s just that I cannot believe that an organization complicit in developing and deploying its own malware, and able to ‘socially engineer’ RSA into doing its bidding, would leave AV untouched.
Obviously I spoke to people in the industry. In private conversation with one contact, while accepting his own protestations of innocence, I asked, “What about McAfee and Symantec?” He paused; but then said, “If I had to question anyone, those are the two names that would come to mind.”
I should say, again, that I have no evidence. It’s just doubts born out of the repetition of hyped-up statistics, frequently used by government to justify its actions, and what appears to be preferential treatment from government.
A couple of months later, the Dutch digital liberty group Bits of Freedom wrote to the leading AV companies for a formal position. One of the questions it asked was, “Have you ever been approached with a request by a government, requesting that the presence of specific software is not detected, or if detected, not notified to the user of your software?”
My understanding is that some, but not all, AV companies replied, in writing, that they do not collaborate with governments.
F-Secure’s Mikko Hyppönen spoke yesterday at the TrustyCon conference. I wasn’t there, so this is from The Register’s report:
A surprising number of governments are now deploying their own custom malware – and the end result could be chaos for the rest of us, F-Secure’s malware chief Mikko Hyppönen told the TrustyCon conference in San Francisco on Thursday…
While ESET, F-Secure, Norman Shark, Kaspersky, Panda and Trend Micro replied to Bits of Information, Symantec and McAfee (among others) have not responded, Hyppönen claimed.
Same names. Coincidence? I wonder.
Blogs are different to newspapers. You can get away with greater subjectivity in a blog than you can in a newspaper. But newspapers cannot absolve themselves of their responsibility for pure objective fact by calling a particular section a blog.
So when Martha Gill wrote about Anonymous in the Telegraph blog, it was wrong. Her headline says it all: Anonymous have been exposed as hypocrites. Watch them try to wriggle out of it (6 November 2013). You can hear the glee in her voice – this is personal, not factual.
Anonymous responded with an open letter to the media in general. It accused Gill of being inaccurate in one of her two accusations (that their masks are produced in what she strongly implies is a sweatshop) and hypocritical in another (that Warner Bros benefits from every sale of a mask). On the latter, Anonymous suggests that royalties are a sad fact of life; and wonders how many Telegraph staff support Foxconn by using Apple or Dell, Sony or HP equipment. “Since 2010, at least 17 deaths occurred when employees committed suicide by jumping from the roof of the building. To use a phrase from Martha Gill’s article, these are certainly ‘unpleasant conditions.’”
But in reality, this incident is just a small local battle in a much larger war. Anonymous – and it’s not alone – believes that much of the media has been bought and usurped by government and big business; and supports the agenda of government and big business to the exclusion of truth. It is no coincidence that there is a nationwide (US) march against corporate media planned for next Saturday:
We are planning a march and rally in Washington DC to raise awareness of the privatization, corporatization, and monopolization of the mainstream media and the corruption of our fifth estate. The failure of the corporate networks to adequately cover critical social issues has allowed for the rampant corruption of our political and economic system to go unquestioned and unchallenged.
March against mainstream media
If you have already thought about this, it cannot be denied. A few (very few) newspapers have kicked back in recent months with the Snowden revelations (notably the Guardian, Washington Post and Der Spiegel); but it’s also noticeable that the Guardian is under threat of prosecution in the UK for doing so.
And if you want a specific current example of this media betrayal, consider an EFF blog from Thursday: How Can the New York Times Endorse an Agreement the Public Can’t Read?
The New York Times’ editorial board has made a disappointing endorsement of the Trans-Pacific Partnership (TPP), even as the actual text of the agreement remains secret. That raises two distressing possibilities: either in an act of extraordinary subservience, the Times has endorsed an agreement that neither the public nor its editors have the ability to read. Or, in an act of extraordinary cowardice, it has obtained a copy of the secret text and hasn’t yet fulfilled its duty to the public interest to publish it.
TPP is the successor to ACTA. ACTA was defeated by European activism. It is dead. TPP allows the same provisions to be established everywhere else without European involvement. Once this is achieved, the new discussions on an EU/US trade agreement will be dragged into the same agreements – it will be inevitable.
But where is the mainstream media’s concern over either? In defeating ACTA, the people made it very clear that they do not want ACTA – more specifically the internet-controlling, copyright-enforcing aspects of it. To understand the great Battle of ACTA, read Monica Horten’s new book, A Copyright Masquerade.
Rather than accept the will of the people, big business and government withdrew, regrouped, renamed and returned from a different direction, calling it TPP and being equally if not more secretive.
The problem is that the mainstream media is not on the side of its readers, but on the side of its owners.
Quite simply, the majority of US news outlets are owned by the same media companies that are lobbying in favour of trade agreements that will take over control of what appears on the internet, who can see what, and who goes where. Quite frankly, we can no longer believe what we read in the press any more than we can believe what government tells us.
If you are suffering from ‘shock fatigue‘ (and who isn’t?) over the never-ending revelations on the extent and degree of NSA surveillance on all of us, then I can do no better than recommend you view NSA Files: Decoded – What the revelations mean for you. It is a single document that provides an overview of what we’ve learnt so far, and is interspersed throughout with brief videos on viewpoints from both sides of the fence.
If you are American, then you should be proud of the public debate that these revelations have prompted. If you are British, you should be worried about the lack of any public debate at all.
Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA)…
“It’s not just a US problem. The UK has a huge dog in this fight,” Snowden told the Guardian. “They [GCHQ] are worse than the US.”
Guardian, Friday 21 June 2013
But where is the public debate in the UK? It doesn’t exist.
To understand why, you have to consider the nature of the two countries. America was founded on a distrust of government (ironically, specifically the British government). Protection against government authority is built into the American Constitution. And to this day, Americans instinctively distrust big government.
Britain is different. Its democracy has grown slowly and peacefully over a thousand years. Brits instinctively believe that their government is good; Brits instinctively trust big government.
The result of Snowden’s revelations is that both governments are trying to justify their surveillance practices; but while the American government is on the defensive, the British government is decidedly offensive.
Meanwhile, in Britain, prime minister David Cameron accused the Guardian of damaging national security by publishing the revelations, warning that if it did not “demonstrate some social responsibility it would be very difficult for government to stand back and not to act”.
NSA Files: Decoded
Meanwhile, in Britain, government agents forced the physical destruction of the Guardian disks containing Snowden files:
The intelligence men stood over Johnson and Blishen [Guardian staff] as they went to work on the hard drives and memory chips with angle grinders and drills, pointing out the critical points on circuit boards to attack. They took pictures as the debris was swept up but took nothing away.
NSA files: why the Guardian in London destroyed hard drives of leaked files
Meanwhile, in Britain, Glen Greenwald’s boyfriend David Miranda was detained at Heathrow for 9 hours and had his computer equipment confiscated because he was suspected of being a terrorist:
At the time I said that all the police had to do was justify the suspicion that Miranda was a terrorist as defined in the Terrorism Act; which would be easy.
Britain: the Miranda detention proves it is a police state in action
Meanwhile, in Britain, an emergency debate in Parliament did not discuss GCHQ overreach, but instead discussed the Guardian’s support for terrorists:
This debate, however, focuses on a narrower and darker issue: the responsibility of the editors of The Guardian for stepping beyond any reasonable definition of journalism into copying, trafficking and distributing files on British intelligence and GCHQ. That information not only endangers our national security but may identify personnel currently working in our intelligence services, risking their lives and those of their families.
Parliamentary debate: National Security (The Guardian)
Incidentally, Paul Flynn (a Labour MP) attempted a ‘point of order':
On a point of order, Mr Caton. You are the guardian of the reputation of this debate, and so far it has demeaned Parliament’s reputation, because we have had two speeches that were written and read with no attempt to engage us in debate. This is McCarthyite scaremongering that disgraces Parliament.
Meanwhile, in Britain, the government’s pet poodle paper (The Daily Mail, if you hadn’t guessed) attacked the Guardian:
Stupendous arrogance: By risking lives, I say again, the Guardian is floundering far out of its depth in realms where no newspaper should venture…
Stephen Glover, 9 October 2013
Put quite simply, the British government has very successfully managed to turn attention away from its surveillance programmes and against, instead, the newspaper that exposed it. The message is irrelevant, it suggests — it is the messenger that should be shot.
It is time, I suggest, for the British people to understand that its government cares not a jot for the British people, nor for democracy, nor freedom, nor liberty. It cares more for secrecy; and demands to be left alone to carry on unchecked. It is time for Brits to learn to distrust their government.
To find the criminal, you must follow the money. To find the collaborator, you should follow the favours.
Now, if this principle holds true, we’ve got a good game to play – finding which security firms collaborate with government agencies by looking at which companies ingratiate themselves most, and which companies receive the most government favours.
Remember, this is a game. The rules are similar to those used by law enforcement agencies in their own game called Find the Terrorist: one red flag if the suspect denounces the invasion of a foreign land; two red flags if he or she accuses the government of lying or expresses sympathy with Anonymous; three red flags if a Moslem country is visited and so on. Six red flags and you’ve found a terrorist.
In our game, the following are worth one red flag:
- production of absurd statistics that support government policy (such as the cybercrime cost figures generated by McAfee and BAE Systems Detica)
- continuing success against all natural market forces (such as Microsoft Office, when there are better free products such as Open Office and Google Docs)
- purchase of key personal data companies that are outside of core business (such as EMC buying RSA, and Microsoft buying Skype)
- existing accusations of collaboration (such as BT over Tempora, and backdoors in Windows)
- directly accusing foreign governments of involvement in specific cybercrimes when in reality their can be no objective proof (such as Mandiant’s famous accusations against Comment Crew, and various firms’ terminology that implies that ‘hackers in China’ really means ‘Chinese government hackers’).
The following are worth two red flags:
- preferential treatment that does not make economic sense (such as government insistence that costly products – eg MS Office – are used in government departments, schools and examinations – in preference to free products like Open Office)
- sudden increase in direct government-inspired attacks against the major competition (such as those against Google – so who is Google’s primary competition? Note, this doesn’t mean that Google is innocent.)
The following are worth three red flags:
- direct government ‘approval’ (such as the elevation of Mandiant, Detica, Cassidian, and Context to CESG’s Cyber Response Scheme)
- active support for proposals that will make government surveillance more simple, such as support for the Communications Bill in the UK, or the Trusted Computing Platform anywhere.
There aren’t any…
…because you can’t lose. All security firms collaborate with government to one degree or another. If they don’t do it willingly, they do so under coercion; and if they don’t do it yet, it’s because they haven’t been told to, yet. But they do or will do it. The only way for a company to avoid collaborating with government is to shut down – like Lavabit.
Is it safe to carry on using Dropbox (post Prism)? Yes and No: Part III
Is the anti-virus industry in bed with the NSA – why do CIPAV, FinFisher and DaVinci still defeat AV?
Is Windows 8 an NSA trojan?
Am I a terrorist?
When the UK government talks about ‘transparency’, it means being transparent with our data, not government behaviour. Transparency doesn’t mean telling the people what the government is doing, or providing proof to justify its actions – it means selling the personal information of ordinary people to the highest bidder.
And when it doesn’t have enough personal data it furtively sets about getting more. Like secretly collecting the private communications of everyone. Like planning a national DNA/ID database hidden within the National Health Service.
A year ago, the government asked “Stephan Shakespeare, Chair of the Data Strategy Board and CEO of YouGov, to look at our progress so far on opening up public data and set out his assessment of how the Government should best use PSI [public sector information] to support economic growth… Stephan consulted with leading industry experts, businesses and academics in the field as well as undertaking a comprehensive market assessment of PSI.”
But he didn’t talk to you and he didn’t talk to me. And ‘public sector information’ is our information not his, and not the government’s.
Here’s a flavour from Shakespeare’s report:
In our consultations, business has made clear that it is unwilling to invest in this field until there is more predictability in terms of supply of data. Therefore without greater clarity and commitment from government, we will fail to realise the growth opportunities from PSI.
It is important to note for such a strategy that the biggest prize is freeing the value of health, education, economic and public administrative data.
Quite clearly, without any consultation with the people, the government is being urged to be transparent with business on exactly what it is willing to sell; and that the most valuable data is our personal health records, our educational records, our economic status, and other information held about us by the local authority.
And the government’s response to this? One word:
This is government transparency – selling our privacy to the highest bidder. Are we really happy to just let this happen?
For most of my life I have been opposed to proportional representation. I had been swayed by my politics tutor as a student: PR leads to weak governments and the people need a strong government.
That may have been true in the past. It is not true today. Years ago, politicians were basically good. Today, politicians are basically bad. The art of lobbying has become an efficient science; and vocational politicians have been replaced by money-worshipping, expenses-fiddling, favour-selling careerists.
It is possible to get very rich through a career in politics, but only if you achieve high office. Backbenchers are poorly paid. The higher the office, the greater the rewards – so all backbenchers aspire to ministerial positions. This is basically achieved by brown-nosing the PM and Cabinet; and the PM to stay in the Cabinet.
The result is inescapable: we do not have government by Parliament, nor even government by Cabinet: we have government by the Prime Minister. And this is precisely where and why we do not need a strong government. A strong government simply means that the Prime Minister is free and able to do whatever he wishes.
Democracy now needs a weak government. But the first past the post electoral system used in the UK makes it very difficult for any more than two parties to gain the number of parliamentary seats that reflects the number of national votes – and almost impossible for fourth and fifth and sixth parties to get any seats at all.
Normally we get a left-of-centre Labour government or a right-of-centre Conservative government with very little difference between the two and no chance of new ideas like environmental protection (Greens) or European secession (UKIP) or internet freedom (Pirate Party) being seriously heard.
Instead we get the whim of the PM steam-rollering the wishes of the lobbyists through the Conservabour party. A case in point is the Communications Data Bill – a bill that is wanted by the copyright holders and the intelligence agencies but just about nobody else.
The current government is a coalition; but only just. That coalition has forced the prime minister to think again about the Bill (he still wants it, and he’ll still get it, of course). But that is precisely why we need multi-party coalition governments – to stop the steamroller and make the prime minister horse trade over his (or her) more ridiculous and draconian wishes.
The irony is that weak governments make for strong democracy – and we’ll only get that in the UK with proportional representation.