There has been a lot of hullabaloo in the media today about the US admitting using web and telecommunication giants like Verizon, Google, Facebook, Skype, YouTube, Apple, Microsoft, Yahoo, PalTalk and AOL amongst others to help the US Government intercept and collect data on virtually every form of electronic communication including telephone calls supposedly involving “foreigners” whatever that means. Similarly data relating to all electronic financial transactions is apparently being collected.
There’s more than one program that does it but the main one divulged so far is called “Prism” – we wondered if it was a misspelling of “Prison”! Seriously though Prism is but one of many such information exchange systems – remember one country’s foreigners are other countries’ citizens. There are dozens of prism equivalents all over the world and we have seen them at work as explained below.
There are many articles about this on Google and the breaking news is covered well in this article in the Guardian (a leading British newspaper). Why the hullabaloo you might ask? Well, since the US Director of National Intelligence James Clapper admitted it was true last night it is not surprising it has been taken seriously.
Basically any data relating to any electronic communication you are involved in is at the very least gathered by several countries and it’s obvious which ones those are if you think of the United Nations Security Council for starters. If it isn’t legally easy for the UK to check on a UK citizen then it seems they can just call Washington or vice versa – again see yet another article in the Guardian, this time about GCHQ in the UK.
Other countries probably won’t even bother with such pointless adherence to their laws if any exist. No matter what though they all leave billions of footprints or trails in cyberspace which show where they went and came from – any scout with a cyber-map, a cyber-compass and an LED torch could follow the trails!
In addition, the odds are stacked against you that the country you live in and its neighbours also collect all the data created by you electronically. Incidentally, if you live in an impoverished country, don’t think you are immune. Your Government will typically pay a pittance to more sophisticated countries to do it for them and, of course, the more advanced countries will retain a copy of all such data collected too.
This is hardly news as we have reported before on these matters but is it for the general good or not? We’re not in a position to opine on that. There is no straightforward answer as to how much you should erode civil liberties to protect the many from the few real bad guys including terrorists out there. Ab initio you might not recognise the bad guys for what they are anyway and agree that they should gather all data until you end up in one of their concentration camps.
We do have firsthand experience of this data gathering though and thought some of you might be interested in it. What follows exemplifies what actually happens albeit all the details given are generic to protect those concerned.
At Faire Sans Dire we are not alone in finding ourselves at the heart of cyberspace feeding frenzies by governmental agencies from all over the world trying to intercept email and other electronic communications.
Faire Sans Dire receives many emails, telephone calls and texts from clients relating to what appear to be reasonably normal legal cases concerning frauds or malpractice and are asked to prove what has gone on more often than not in several countries. We help obtain the proof and our clients win their case or the guilty are later imprisoned, reprimanded and/or fined and their ill gotten gains are taken from them and so on.
However, during the course of such investigations on occasion we discover that the criminals are using organised crime gangs spread around the world to launder their money for them. At first it is not always obvious because typically we would only be looking at one or two transactions through one company or person. However, later we can quickly learn that the “one company or person” must be up to something much more heinous.
Our suspicions about that would normally be raised when we noted our electronic communications were being interfered with and/or intercepted. Of course, to do this is not something you normally learn at school or university so many of you including purportedly cyber-literate IT directors may not know how and we are not going to explain.
Typically at first we would clock onto one source that was intercepting our communications, then another and so on. On one occasion we actually counted about 130 organisations from in excess of two dozen countries intercepting our electronic communications relating to one assignment we were undertaking. Some were obviously acting for other countries and most used well known national or global Internet Service Providers or IT businesses as fronts; others were using satellites and some even ships like aircraft carriers or possibly submarines.
What happens is that rather than monitor all data across the globe some countries simply monitor as best they can what other countries’ “agencies” are doing and hence as more join in trying to intercept communications in cyberspace you end up with a feeding frenzy. It’s rather like a school of sharks smelling blood.
Usually in hindsight we find the reason why this has occurred is because our investigations lead us to an individual or business that just so happened to be connected to an organisation like Liberty Reserve which was last week associated with the funding of arms procurement for countries on various Governments’ blacklists.There are of course other reasons why Governments are genuinely interested in what investigatory firms like Faire Sans Dire are looking at for their clients. Whether those reasons are reasonable depends upon your point of view but there is nothing any one can do to stop it as it is so prevalent – it would be like telling the USA it had to disband its navy or Russia its army or China its air force even though every other country was entitled to keep its own.
This may shock many of you but, in terms of electronic communications, at Faire Sans Dire we assume we live in a goldfish bowl. If other investigatory organisations (no matter how large or full of know it all IT or ex military intelligence officers et al) tell you a different story our advice would be to ignore them and go elsewhere as they clearly don’t know what they are talking about. Firewalls don’t prevent water seepage.
As a footnote you can always try and encrypt your communications but what you’ll find is that just attracts more attention and breaking purportedly indecipherable encrypted electronic codes is not that hard nowadays.
Our concern is of course with corruption – for example, if we and others are using electronic communications to support plaintiffs’ or prosecution cases what’s to stop a corrupt cyberspace agency worker in say “The Republic of Atlantis” from selling our clients’ or others’ sensitive internal or external communications to the defendants or tampering with them in transit through some (purportedly) highly secure well respected Internet Provider or internal communications system with firewalls as easy to breach as those that are meant to be the strongest such as say those of the UK’s Ministry of Defence or the FBI’s or … the list of top security websites unwanted visitors have walked into off the street is very long indeed.
No doubt you are thinking you have really secure systems – after all your IT Director said so and your auditors backed him up – go tell that to some Governments and they’ll burst out laughing. They won’t send you a copy of your most embarrassing email or most secret files the next day but they could. Of course, there exist an infinite number of ways unlawfully intercepted electronic communications relating to all sorts of subjects can be exploited but for most people it doesn’t matter as their secrets are of little interest to Governments.
So far as any data stored or sent electronically is concerned the word “secret” can sadly no longer be applied as noted by some expert commentators reporting on the current Chinese and US cyber-security talks in Palm Springs, California. The trouble is any one of the major forces in cyberspace may have a deal to exchange data with our mythical Republic of Atlantis whose staff spend their time looking for data they can use for extortion, blackmail or worse.
Disinformation is one useful way to get round it as long as those you communicate with actually understand the disinformation which is not always as easy as it sounds – in the first instance how do you check your communication hasn’t been tampered with? We recommend that you write letters in long hand or use other means of communication that don’t rely on electricity – like Winnie-the-Pooh or Percy the Pigeon maybe?
This article was first published on 7th June 2013 and last updated on 8th June 2013.