Anybody who’s ever read the iconic MAD magazine would be familiar with the wordless Spy vs Spy cartoon. First published in January, 1961, it features two agents involved in stereotypical and comical espionage activities. One is dressed in white, and the other in black, but they are otherwise identical. A parody of the political ideologies of the Cold War, the strip is now in its 68th year and continues to delight its loyal readers.
Nations spying on one another is as old as the creation of geographical borders. And when the notion of spying entered the public persona, through literature and film, it pretty much followed the same formula. Real (albeit fictional) characters were charged with the task of gathering intelligence on the “bad guys,” and using it to save the world. The Spy Who Loved Me, The Spy Who Came in From the Cold, Tinker, Tailor, Soldier, Spy. The list goes on and on.
In “Cold,” officer Alec Leamas (Richard Burton) offers a harsh appraisal of his profession: “What the Hell do you think spies are? Model philosophers measuring everything they do against the word of God or Karl Marx? They’re not. They’re just a bunch of seedy, squalid bastards like me …civil servants playing cowboys and Indians to brighten up their rotten little lives.”
Not any more
In the Digital era, as has happened in near every occupation – illicit or otherwise – spying has taken on a whole new persona. It’s no longer a secretive, person-on-person, in-your-face activity that might result in a few deaths or a terrifying car chase along the way. Spying in the Digital Age is a mainstream practice that is happening everywhere, every day. It involves sophisticated computers instead of dreary trench coats, keyboards are weapons, and the vulnerabilities that get exploited don’t involve moats, or complex door locks, or hard-to-crack safes. The vulnerabilities that spies use today are inherent in the very networks, and products and protocols that render our world digital. And compared to the risks that characterized the world of spying in the pre-digital age, the risks that stem from digital spying are of a magnitude that could literally destroy our world as we know it. The power grid, our water systems, nuclear sites, our transportation networks, our governments – every mission-critical digital service, application and product upon which the civilized world relies is subject to spying with a single goal in mind – weaken, maybe even destroy the “other guy.”
Here’s the Proof
If by now, you’re thinking that I might be overstating the amount of digital spying that’s taking place in today’s world, consider the following:
Canada (on behalf of 5-Eyes Nations) Spies on Brazil Mining Industry.
That’s right. Canada. And when the mild-mannered, “I’m sorry” nation is in on the spy game, you know for sure industrial and political espionage is rampant. Here’s another one:
China Spies (hacks) on US Navy Undersea Warfare Plans. Well, that’s one way to prevent a sneak attack. That’s akin to one Super Bowl finalist being given the playbook and game plan of its opponent before the big event. It kind of defeats the purpose of preparing a plan in the first place, doesn’t it?
Germany Accused of Spying on Austria.Germany spying on Austria? Really. Can’t we all just hit the hills and have a ski day?
And no surprise here, North Korea is accused of Spying on South Korea, and stealing its neighbour’s “South Korea-USA war plans.”
And of course, no list of cyber spying examples would be complete without some reference to the increasingly chilling US-China relationship, and the mounting concern about giant telecom manufacturer, Huawei, amidst claims that its 5G mobile network technology is filled with back doors, which will facilitate widespread spying by the Chinese government. I’m not equipped to comment on this one way or another. Smarter people than I will determine whether or not the threat from Huawei is real, but what is real is that the company’s 5G technology has already been banned in some countries and the American marketing machine is full bore against them.
Chinese authorities have pushed back on this, but not in the way one might think. As reported in Neikkie Asia Review, China may be spying on the US, but it learned from the best. According to China’s Foreign Ministry, “For a long time, the U.S. has systematically monitored and stolen confidential information from foreign governments, companies and individuals on a large scale through the Internet. That is an open secret.” Tit for Tat. Digital Spy vs Digital Spy.
The Birth of Digital Spying
So really, how is all this spying possible? The answer is pretty simple: via myriad built in technological “backdoors” that allow government security agencies (and spies who have discovered them) to openly spy on anybody using said technology. The practice, which has been denied for years, may have started when the US National Security Agency (NSA) insisted that backdoors be embedded in the world’s first commercial browser, released by Netscape in the mid 1990’s. One can argue that the rationale was solid at the time. The threat of “bad guys” getting access to this technology and using it to secretly communicate evil plans was very real, so it’s understandable that security agencies felt threatened by the emergence of the public Internet.
The practice of the NSA and other national security agencies inserting backdoors in digital technology continued over the years, usually under the banner of plausible deniability, but history confirmed that the practice was widespread and considered standard operating procedure. An article published in Toronto’s Globe and Mail clearly illustrated how the US and Canada’s security (aka spy) agencies worked together in approving and endorsing cryptographic technology that had a well-known backdoor. This technology was used by Blackberry, Cisco, RSA Security and many others, effectively rendering their products vulnerable to anybody who had access to the backdoor (and those clever enough to discover it).
Today, nations aren’t even pretending that backdoors don’t exist. They are banding together, demanding that technology companies open their digital kimonos to their national security forces. The “Five-Eyes” nations – USA, Canada, New Zealand, Australia, and the UK – recently issued a joint memo calling on their governments to demand tech companies build backdoor access to their users’ encrypted data — or face measures to force companies to comply.
Here’s what’s glaringly wrong with this thinking: security researchers have long said there’s no mathematical or workable way to create a “secure backdoor” that isn’t also susceptible to attack by hackers.
So, where does this leave our connected world? In a place that can only be categorized as a Digital Security Dilemma.
The Digital Cake
Hey, security agencies, didn’t your parents ever tell you that “you can’t have your cake and eat it too?” And if that old expression doesn’t resonate with you (or perhaps younger readers), here’s what it means in the context of today’s connected universe:
You can’t eliminate encrypted communication worldwide (i.e. create secret, hidden backdoors) for the sake of catching the bad guys (such as terrorists) when, in doing so, you create opportunities for every digital bad guy (hackers, spies, enemy nation states) to threaten our world by gaining access to those same backdoors. And trust me, the threats posed by the digital cybercriminals vastly outweighs those posed by evil drug dealers, and terrorist groups. The latter can certainly cause significant damage, and senseless loss of life, and that’s definitely of great concern. The former, on the other hand, could destroy our very way of life and kill millions in the process.
So, I believe the world’s leading nations need to make a choice: insist on technology backdoors and make our world even more vulnerable than it already is (because of earlier-created backdoors), or embrace nation-by-nation authenticated and encrypted communication for the greater good. And embracing secure cryptography doesn’t prevent you from tracking the bad guys. Use international laws, treaties and partnerships using good old-fashioned court orders that authorize you to spy on whomever you choose, whenever you like.
It’s the smart choice – the responsible choice.
You can’t have your digital cake and eat it too.
Next Generation of Systems Design at Siemens