I just finished reading “No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State” by Glen Greenwald. My review: Wow! That about sums it up, I think.
Now we all know who Edward Snowden is; but, do you know Glen Greenwald? He’s the journalist that Snowden contacted and passed (along with Laura Poitras) all the NSA documents..and Greenwald worked with The Guardian to publish stories about the documents Snowden gave him. I thought it fitting for this post as it’s been right at a year since we learned about the Prism program and other revelations.
I’m not a literary critic nor knowledgeable about journalism or privacy to appropriately review the book. However, as a normal IT professional it is a pretty amazing read! The first half of the book gives a play-by-play of how Snowden contacted him and how it all went down. The second half of the book details more about the NSA programs and government reaction to the stories (and attempted retaliation). From the perspective of an IT person, my jaw was left hanging open at the scope of the data collection…even by clearly illegal means. For example, I’m no lawyer but intercepting Cisco routers during delivery to install a device to copy data to the NSA covertly and repackaging it with a factory seal MUST be illegal!
Greenwald wrote a book that is incredibly dense with details of the mass surveillance programs that span government administrations (started with Bush and continued – even expanded – with Obama). It leaves one with the distinct sense that you’re being watched all the time…and in fact, provides a nice review of the power of surveillance to control people. Kind of scary, huh? Not yet, OK…
So let’s run this down:
- First, all your data is being collected by the government for who knows what reasons
- Then we have criminals trying to steal your identity from Target, TJ Maxx and other cybercrime is on the rise
- China is trying to hack us too
- All this costs the US around 100 billion a year…and 575 billion world-wide (and increasing)
A hacker is a hacker – it doesn’t matter if its the government or not, right? So if the government is out to get all our data and thieves are more advanced that many organizations (they are “winning”) then all is lost, right? I don’t think so…it’s definitely a low point for security in this country but I think it’s because no one wanted to really deal with security in the past.
Security has been the elephant in the data center for too long!
While everyone pays lip service to security and does the basic things, it’s difficult to really focus on getting better and staying good with security. Too many times I’ve been in conversations where encrypting data at rest has been unpopular because of perceived performance problems or some other excuse.
We all must commit to not backing down on the basic good things we all know to do: Encrypt data at rest, use SSL (encrypt in transit) and consistently apply security patches to all your servers. There, that’s not so hard, is it?
Fortunately, there are pockets of improvements…for example, Google encrypted all its data last fall. There is also a Reset the Net movement to increase security. The main approach is: encryption. It still appears to be the best security tool we have…so let’s use it!!