The biggest lie in 2013 was not “If you like your health care plan, you can keep it.” This was just a politician telling a deliberate lie. One that anyone who spent one minute contemplating the impact of a 2,700 page health care act on existing insurance policies would have instantly recognized as a lie. In particular, the “grandfather clause” in the Affordable Care Act allowed existing policies to continue only if they followed all of the new rules.
No, the biggest lie was “No, sir.” This was General James Clapper, director of National Intelligence, under oath to Congress, in response to a question from Senator Ron Wyden during a Senate Select Committee on Intelligence hearing. The question: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” The NSA is one of seventeen agencies and organizations under General Clapper’s command.
In reality, the NSA has the ability to record every phone call, text, email and US Postal Service message you send. They have computer systems that analyze the content of those emails and texts, and probably can do the same with voice messages. This applies to your company’s communication as well as your personal communication.
Internal NSA documents indicate that the NSA “sometimes” intercepts new computers purchased on-line and installs malware so they can completely monitor and control that computer. In addition, documents leaked by Edward Snowden show that the NSA infected more than 50,000 computer networks worldwide with malware in 2012, and another NSA program gives the agency full control of Apple’s iPhone.
When asked, some antivirus companies have explicitly stated that they have not received a request from the NSA to “whitelist” (i.e., ignore) state-sponsored malware, and state that they would not comply. California based Symatec and McAfee did not respond to the general question, but do detect and repair a number of specific malware products created or used by NSA and other countries.
Keep in mind that some of these government-generated and distributed malware products have flaws in them that enable other parties to piggyback on them, increasing the risk of exposing your corporate data to cybercriminals.
As part of the Patriot Act, the FBI is the police force for the NSA. The new director, James B. Comey, plans to increase the bureau’s efforts in that area, harking back to the J. Edgar Hoover days. Any of us around in the 1950s, 1960s or 1970s remembers the FBI’s heavy-handed treatment of protesters of any ilk, illegally monitoring thousands of people simply because they belonged to an organization or spoke out in public with the “wrong” view, in the opinion of Director Hoover. Consider that the FBI has branded hip hop duo Insane Clown Posse’s entire fan club as gang members because of the unrelated actions of a few of the fan club’s members. If this isn’t an example of police state activities, I don’t know what is.
With the “procedural changes” in the Senate, the President now has the ability to appoint federal judges that will let him do what he wants to. The three-legged stool of American government has an ineffective congress and is on its way to a rubber-stamping judiciary. We now live in a police state that would be the envy of Hitler, Stalin, Mao, or any other of your favorite despots. The powers of the US government to determine what you or your company is doing or even thinking about are amazing, and the potential for abuse is unprecedented.
You may trust this administration, but will you trust the next one, or the one after that? There are tens of thousands of employees and contractors with access to your and your company’s information. I do not recommend trusting every one of them. The government has a bad security record from individuals like Snowden and many others with less visible breaches, plus almost constant abuse by individuals for personal reasons. According to the Ponemon Institute, each week over 10,000 laptops are reported lost at just 36 of the largest U.S. airports, and probably most of those are “found” by TSA personnel.
Expect some announcements this year of corporate secrets stolen by one of these employees or contractors for personal financial gain. The real different between security at Target or Neiman Marcus is that the retailers are required by law to tell you when they abuse you. The government has no requirement, and feels no obligation.
I hate to end on a sour note, but there are several reports that the Affordable Care Act web site is actually less secure today than it was in October. All of the changes that were made to make it “work” were made without proper security design or testing. A cybercriminal’s dream.
The last word:
What should you do?
- Read the Bill of Rights. Read them again, and remember why they were written: to protect the citizens of the new United States from the government of the United States. If you don’t believe this, go research that first session of the US Congress and why that was the most critical item on the agenda for most of those first representatives.
- There is a congressional election this year. Contact your representative. If one of your senators is up for reelection, also contact him or her. Tell them that the Bill of Rights is important to you, and you vote. Ask what they intend to do to reverse the abuses of power from the NSA, TSA, FBI, and EOP (Executive Office of the President which includes the cabinet officials). Help make sure the Senate is not a rubber stamp for President Obama’s awful judicial appointments.
- Buy your laptops, tablets and smart phone from a brick and mortar store. Make sure you get something that is in stock at the store, not has to be ordered. At least until the NSA forces every manufacturer to build their malware into the delivered system, this will help protect your corporate secrets.
- Direct your IT security staff to monitor closely all outgoing traffic from your network, and block traffic to unknown sites.
- Keep your malware up-to-date on all of your computers. Investigate the effort and cost necessary to switch to a non-US company’s malware solution. I don’t think you need to do it now, but watch the news and be ready. Even at this point, the Russian’s government malware is probably safer for your company than the US government’s malware.
- If you have really sensitive proprietary information to deliver to someone too far away to drive, use FedEx or UPS overnight delivery service. At least so far, there is no report of NSA trying to intercept those, and no time when your package is not under the physical control of the delivery service. If NSA were to try, I suspect there would be at least one UPS or FedEx employee brave enough to spill the beans.
- Reread George Orwell’s 1984. Many government organization and most legislative bills have names that are examples of Newspeak, especially if “Security” or “Patriot” is part of their name. Mr. Orwell badly underestimated the ability of our government to monitor and eventually control the people.
- Consider joining Rand Paul’s class-action lawsuit against the government’s warrantless searches and seizures.
Keep your sense of humor.