Betrayal and the future of surveillance power

Security Tag

We are on the verge of a revolution in government surveillance powers.

Previously it was simple. Governments demanded access to our homes. Then our communications. Then they demanded access to whatever companies held on us. Then they complained that technology was making this harder, and demanded that technology be designed for them. With every step, safeguards were reduced. 

Next governments will demand that companies betray their users and use our technologies to compromise us.

In recent weeks, we've seen the FBI demand Apple to develop a special version of their operating system just for the FBI. A Brazilian court wants Whatsapp to somehow retrieve encrypted messages it no longer possesses. And the United Kingdom Government wants to order a company anywhere to hack its own customers and deliver malware.

So what does future policy and practice look like? Here are the options.

1. Golden keys. Governments order companies to defy the laws of mathematics and common sense and 20 years of lessons on cybersecurity and build secret backdoors or keys, and share it with every UN member state.

2. Old school. Require companies to store all our content on their own servers despite everyone except Google recognising this as an insecure model. In its court filings, Apple had to herald its iCloud device backup services as a reason to avoid the compulsory backdoor.

3. Malicious infection. Order a company to develop and deploy malware to compromise your device, without you noticing. This is quite hard for good security companies, and unfortunately easy for others. This will make everyone concerned that Apple, BMW or GE's latest update for your phone, car, or fridge is actually there to compromise your security rather than improve it. Then the Government or company can access whatever it pleases -- or is ordered to do.

4. GovernmentOS. Companies will create secret versions of their operating systems for Government, that can be installed upon request or directly by Governments. The idea that you 'own' your device is over -- the code that runs it will forever belong to another entity, whoever that may be.

Companies will hopefully push back against all of these, but will need a great deal of inspiring. 

Otherwise, the future is just plain ugly. It will become routine for Governments to have secret operating systems for our thermostats, heart monitors, and televisions. There will be an arsenal of malware for the devices that we bring into our homes and workplaces, our lives, and our bodies. Rather than protecting us from these dangers, governments will actually sponsor and subsidise this internet of ruin.

Put simply, our infrastructure will be even more vulnerable than it is today, and purposefully and intentionally so.