Ever since the first revelations of massive NSA surveillance against U.S. citizens, foreign citizens, companies, governments and even several dozen world leaders were first revealed in June 2013 and the months that followed, the tech and digital security worlds have been in an uproar.
What had for years been dismissed as paranoid conspiracy theorizing was soon revealed to be completely factual, thanks to documents released by whistleblower Edward Snowden and made public with the help of Guardian journalist Glenn Greenwald and other publications such as the Washington Post and NY Times.
The sheer magnitude and diversity of the surveillance conducted by the NSA, the British GCHQ and their overseas partners in the governments of the “Five Eyes” partners (Australia, Canada and New Zealand) has astonished a lot of people who formerly wouldn’t have believed that these types of programs had operated on such a wide scope.
Watching the Masses
Some of the earliest leaks, published by The Guardian even before Snowden’s identity had been publically revealed, demonstrated that the NSA had been (and presumably still is) obligating large communications companies through its Foreign Intelligence Surveillance Courts (FISC) to hand over the metadata of phone calls made overseas by millions of Americans. The company specifically named in the documents was Verizon.
Shortly after this, the slowly released Snowden files revealed the NSA’s PRISM program, which gives U.S. spooks access to the servers of numerous major technology and data companies, including Yahoo, Google, Microsoft and Facebook. Since the companies in question were also literally legally obligated to keep quiet about how much they had cooperated with the NSA, the best they could do was deny that the revelations were as serious as they looked.
Over the following months, numerous new leaks followed one upon the other, each hammering the vast international surveillance/security apparatus to a historically unprecedented degree. Snowden had opened the floodgates and shown to the world that the U.S. intelligence community and its partners were not only spying on the data of millions of innocent people, but were also working to compromise all of the major digital security protocols that keep the internet’s communications private and secure.
Efforts to compromise the integrity of systems such as the TOR Project, most online public key cryptography, email security platforms such as Gmail and numerous commercial security products by placing secret backdoors in them were all opened up by the Snowden revelations.
Furthermore, the spooks in the intelligence community have also developed mechanisms, such as TAO (Tailored Access Operations), which were designed to pry at the end-point security of the actual computers that people use to send and receive their private communications. This plethora of infiltration tactics has been designed to work regardless of whether a user was working with a Windows, MAC OS, Linux or iOS operating system on their device.
The Snowden files showed more than anything just how widely breached and weakened many digital security products and encrypted communications platforms had become thanks to a mix of the spooks’ surreptitious efforts and cooperation from the sellers of major security/communications systems.
These are just some of the many security breaches that the NSA and its partners such as the British GCHQ had prided into the world’s “secure” digital communications platforms. Of course, since Snowden handed over several thousand pages of documentation to reporters, new revelations are still in the works and doubtless are going to provide more shocking communications espionage examples still.
In addition to the massive surveillance of millions of people’s and companies’ private communications, the Snowden leaks also revealed the deep extent of targeted surveillance of high-level targets not just among U.S. enemies but also friends and supposed allies of the country.
According to information revealed by The Guardian, the agency had also received the phone numbers of over 200 high-profile international targets and began covert observation of their personal communications. Among these 200 were some 35 world leaders including Angela Merkel, the German chancellor.
Other revelations about spying on the private email of both the former and current Mexican presidents and surveillance of phone records belonging to millions of French citizens have also shaken diplomatic relations between the U.S. and its own close allies.
What This Means for the Digital Security and Tech Industries
Depending on what side of the playing field you’re on, the impact of the NSA revelations can be either damaging or profitable. One very certain outcome of all that’s come since Edward Snowden spilled the beans is a hefty weakening in the confidence that international businesses and individuals have towards American digital services companies.
According to just one study conducted recently by the Cloud Security Alliance, some 10% of officials at non-U.S. businesses have decided to cancel or not bother seeking contracts with American vendors of data security products. And a heavy 56% of surveyed foreign business executives claimed they were wary of using U.S.-based data storage platforms and security systems.
Another analysis, done by Forrester Research, goes as far as to predict U.S. digital technology and data security market losses of over $180 billion on potential business by 2016 thanks to the NSA revelations.
Given that the federal spooks and high-level federal executives are still acting deeply cagey about effective and openly conducted debate on what changes they could make to the laws that let them breach commercial data security systems, the sorts of financial losses indicated in these kinds of studies could become a very serious reality for U.S. security product sellers.
One thing the public is definitely going to see more of is a growing dependence on open source, non-commercial security software by those who need and want robust data security for their needs. Moreover, they’re going to see a lot of protest and paranoia-based movement away from major centralized providers of communications solutions. This may happen slowly at first, but it’s a trend that has a high likelihood of picking up pace.
However, since open source can be more complex to use and less streamlined than its commercial counterparts, there will also likely be a growth in the development of companies based offshore, using open source backbone technologies for their security products and promising that their non-U.S. location makes them immune to pressure from U.S.-based data disclosure laws.
Most importantly, it’s very likely that a lot of companies will be signing up for these kinds of services simply because they see no straightforward way to be sure that a U.S.-based seller of security products is “clean.”
On the other hand, while a lot of international business no longer trusts U.S.-based security products themselves, they do still have a lot of faith in American expertise. This is where providers of digital security consulting and forensics services such as LWG Consulting, operating inside the U.S. itself, have the potential to profit heavily from the NSA leaks.
Instead of providing potentially compromised communications security, they can offer consulting and related services that give trustworthy advice to both foreign and domestic businesses who want to remain secure.