The US government can’t protect its dirtiest laundry, so what makes anyone think a government is capable and willing to protect data about you?
Governments collect insane amounts of data about ordinary people, and officials get caught red-handed again and again using governmental surveillance networks to stalk private relations. It’s been the NSA, it’s been the FBI, and now it’s the police abusing collected data. The U.S. government has shown it can’t even protect its own dirtiest laundry, so what makes anyone think any government is willing and capable of protecting the data of a random citizen?
Yesterday, there was yet another story breaking about abuse of surveillance, as police was discovered abusing law enforcement surveillance to spy on basically anybody they were personally interested in. It’s not the first story and it won’t be the last.
We’ve heard all the assurances over the years intended to soothe fears of surveillance abuse and data collection abuse. Those assurances are always re-parroted whenever new surveillance is introduced: there will be strict access control, you have to trust your government, it’s on a need to know basis, and so on. For some reason, these assurances always fall flat on their face: not only does the access control not work, it is often not even implemented at all, or added as an afterthought after some time of live operation, or as some optional logbook which is never used. Optional access control is no access control at all.
But even if there were technical access control measures, they won’t work. At the end of the day, all access control comes down to the systems administrators, who – by definition – are their own access control. And it was one of those thirty-or-so systems administrators for the NSA that copied every document of the world’s most secretive agency and took a flight to Hong Kong to show the world how the man behind the curtain was abusing his power in all the ways at once.
As we know now, it turned out that the NSA was frequently abusing surveillance to spy on ordinary people, even love interests. This abuse is so common there’s even an intelligence abbreviation for it, LOVEINT (as opposed to signals intelligence, “SIGINT”, and others). And yesterday, it turned out that police surveillance officers do the exact same thing: stalk private relations using official surveillance. Why is anyone surprised about the same patterns of abuse appearing in the exact same activities?
Further, the most powerful government in the world can’t protect its dirty laundry from outside threats, either, as proven by two(!) recent data intrusions into the Human Resources File Cabinet of Top Secret Cleared Staff in the US. (That’s not the real name of the office, which is Office of Personnel Management, but what this office does is hire such personnel.) As part of getting hired, top-secret-cleared personnel had to specify everything and anything that could be used against them in an extortion scenario. This data – this data, detailed instructions on how to extort every single current or former US government employee with top secret clearance – leaked to unknown people (Chinese alleged). I don’t think most people realized at the time – or still realize – how much worse this leak is to the United States government than the NSA leak by Edward Snowden.
As recent history has shown, the most powerful nuclear nation on Earth is completely incapable of protecting its own dirtiest laundry from leaking into the wrong hands. What makes anyone think a government is capable or even willing to give a rat’s ass about protecting the private details of an ordinary person?
Officials in the United States are not alone in this poor handling of responsibility, of course. In 2007, an employee at the German Bundesnachrichtendienst – the NSA equivalent – was caught using the bureau’s interception equipment to read the e-mail of his wife’s lover. It’s easy to conclude that abusing surveillance power and disregarding security is a human characteristic, not an American one. It should be expected to happen everywhere, all the time, based on the indicators we have today.
There is exactly one way to not have collected private data abused, and that is to not collect it in the first place.
Privacy remains your own responsibility.