“The internet as we once knew it is officially dead.” Ronald Deibert, in Black Code
Although born of the military (see Origins, from the archives of this blog), in its infancy, the internet was seen as a force for democracy, transparency and the empowerment of individual citizens. The whole open source, ‘information wants to be free,’ advocacy ethos emerged and was optimistically seen by many as heralding a new age of increased ‘bottom up’ power.
And to a considerable extent this has proven to be the case. Political and economic authority has been undermined, greater public transparency has been achieved, and activist groups everywhere have found it easier to organize and exert influence. In more recent years, however, the dark, countervailing side of the internet has also become increasingly apparent, and all of us should be aware of its presence, and perhaps we should all be afraid.
Certainly Ronald Diebert’s 2013 book Black Code: Inside the Battle for Cyberspace should be required reading for anyone who still thinks the internet is a safe and free environment in which to privately gather information, exchange ideas, and find community. Diebert is Director of the Citizen Lab at the Munk School of Global Affairs, University of Toronto, and in that role he has had ample opportunity to peer into the frightening world of what he terms the “cyber-security industrial complex.” In an economy still operating under the shadow of the great recession, this complex is a growth industry that is estimated to now be worth as much as $150 billion annually.
It consists of firms like UK-based Gamma International, Endgame, headquartered in Atlanta, and Stockholm-based Ericsson, makers of Nokia phones. What these companies offer are software products that of course will bypass nearly all existing anti-virus systems to:
- Monitor and record your emails, chats and IP communications, including Skype, once thought to be the most secure form of online communication.
- Extract files from your hard drive and send them to the owners of the product, without you ever knowing it’s happened.
- Activate the microphone or camera in your computer for surveillance of the room your computer sits in.
- Pinpoint the geographic location of your wireless device.
These products can do all this and more, and they can do it in real time. Other software packages offered for sale by these companies will monitor social media networks, on a massive scale. As reported by the London Review of Books, one such company, ThorpeGlen, recently mined a week’s worth of call data from 50 million internet users in Indonesia. They did this as a kind of sales demo of their services.
The clients for these companies include, not surprisingly, oppressive regimes in countries like China, Iran and Egypt. And to offer some sense of why this market is so lucrative, The Wall Street Journal reported that a security hacking package was offered for sale in Egypt by Gamma for $559,279 US. Apparently the system also comes with a training staff of four.
Some of these services would be illegal if employed within Canada, but, for instance, if you are an Iranian émigré living in Canada who is active in opposition to the current Iranian regime, this legal restriction is of very little comfort. Those people interested in whom you’re corresponding with do not reside in Canada.
And even in countries like the US and Canada, as Edward Snowden has shown us, the national security agencies are not to be trusted to steer clear of our personal affairs. As Michael Hayden, former Director of the CIA, told documentary filmmaker Alex Gibney, “We steal secrets,” and none of us should be naïve enough to believe that the CIA, if they should have even the remotest interest, won’t steal our personal secrets.
All of us have to get over our collective fear of terrorist attacks and push back on the invasion of our privacy currently underway on the web. The justification for this invasion simply isn’t there. You are about as likely to die in a terrorist attack as you are as the result of a piano falling on your head.
Neither should any of us assume that, as we have ‘done nothing wrong,’ we need not be concerned with the vulnerability to surveillance that exists for all the information about us stored online. Twenty years ago, if we had thought that any agency, government or private, was looking to secretly tap our phone line, we would have been outraged, and then demanded an end to it. That sort of intervention took a search warrant, justified in court. It should be no different on the web.