Citizenlab's Ron Diebert lays out the terrible contradiction of putting spy agencies -- who rely on vulnerabilities in the networks used by their adversaries -- in change of cybersecurity, which is securing those same networks for their own citizens.
The world doesn't need more dingo babysitters.
There are other ways we can proceed. A different approach could focus on the securing of communications systems as a function of the preservation of human security and on the basis of widely respected international human rights, regardless of territorial boundaries. Starting this way would result in different points of institutional emphasis: a much greater role for civilian agencies compared to military and intelligence; the prioritizing of distributed centres of early warning and information sharing, and a model in which such information sharing is insulated from national rivalries. Such an approach would put checks and balances around law enforcement and intelligence front and centre while giving greater power and authority to independent commissioners and public advocates. We would need to extend these principles to the private sector because of how much data they now control about our habits, movements, social relations, and intimate thoughts, and ensure that what they do with those data, with whom data are shared is transparent and accountable to users. We need to assert the widespread use and adoption of encryption at every point of the network, and encourage continuous open, peer-reviewed research to ensure encryption standards are robust.
Yes, there will still be acts of wickedness, organized state violence, subterfuge to be dealt with — and for that we will always need highly equipped law enforcement, defence, public safety, and intelligence agencies. But we cannot let their priorities overwhelm and subsume those which they are ostensibly designed to protect in the first place.
Historians like to remind us that intelligence is “the second-oldest profession.” But in the past decade, we have accorded extraordinary powers and capabilities over society to mammoth military-intelligence agencies that are unprecedented in human history. Their overarching prominence and power have begun to undermine core values upon which our societies rest while exposing us and our communications to widening risks. It is time we address squarely this syndrome for what it is: the most important threat to cyber security today.
The Cyber Security Syndrome [Ron Diebert/Open Canada]
(Image: We're the NSA, Kaz Vorpal, CC-BY-SA)