At what point did the wired world become so inextricably intertwined with everyday life, so much a part of, well, everything else that it started to seem absurd to separate out news about cyber-technology, the Internet and online life from news about, you know, life?
Maybe that point was 2014.
A review of important stories about technology, privacy, surveillance and cybercrime for 2014 is actually a gargantuan task, and probably should date back to 2013, with the beginning of the reporting on the leaks from Edward Snowden on the United States’ spiderweb of electronic spying, and with the hacks that exposed the personal and credit information of millions of consumers (notably, first, at Target). But, in 2014, it felt like those stories became less the surprise bombshell, and more just the stuff of any news day. From more consumer hacks (Home Depot and JPMorgan Chase stand out) and NSA revelations, through the struggle to preserve net neutrality and the (yes, still) ongoing SOPA fight, the anti-surveillance demonstrations, Keith Alexander’s protection racket, failed attempts to pass the FREEDOM Act and, finally, the hack of Sony Pictures — which took down the entertainment giant’s entire network, exposed mega-reams of private emails to gossip-hungry eyes (via, of course, the Internet) and almost deprived the world of a seminal work in the Seth Rogan canon — 2014 seems like one of those years you’re going to write about in 2024.
Or, how about now — is now a good time?
In 2014, thanks to the information provided by Snowden, we learned that the NSA could hack into computers, even when offline; that U.S. intelligence spied on climate negotiations; that the United Kingdom’s GCHQ tracks Facebook posts and “likes;” and that their Joint Threat Research Intelligence Group (JTRIG) spread false propaganda and set honey traps for perceived adversaries, including teens believed to associate with Anonymous. It was revealed that U.S. drone attacks were targeted largely on NSA analysis of cell phone metadata and geo-location rather than human intelligence, that the NSA runs a malware shop of “industrial” proportions and, as was confirmed with the release of the Senate Select Committee on Intelligence torture report summary, U.S. intelligence agencies do not brief Congressional oversight panels on all their doings, in violation of their legal obligation.
In Congress, limping attempts to restrict the kind and amount of data collected by U.S. intelligence collapsed before they reached the finish line. Sen. Pat Leahy, D-Vt., thought his PATRIOT Act reforms — packaged in the eerily acronymized USA FREEDOM Act — enjoyed enough bipartisan support to pass in November’s lame duck session. But de rigueur opposition from Republicans on the Hill and critiques from privacy advocates outside of Congress meant Leahy could only muster a simple majority, not enough for cloture in the “cooling saucer of democracy.”
That pushes the matter to the next Congress — and therein lies an interesting battle. For, while the zeal for intelligence reform might not seem strong among the new GOP majorities, if nothing is done, key intelligence-gathering provisions in the PATRIOT Act — most notably Sec. 215, used as part of the legal justification for the NSA’s sweeping collection of personal data (something confirmed by the Snowden leaks) — will expire in June. Will Republicans in leadership find common ground with the White House and overcome the objections of privacy advocates on the left and right? Will GOP attempts to renew PATRIOT provisions be so full of other surveillance-friendly provisions that it inspires Democratic opposition? And will this month’s fuss and fury over the Sony hack again swing the pendulum toward the spymasters?
The New Year’s hangover from the December cyber-excitement should be a big story in 2015. Hollywood is already using the Sony breach as a reason to reanimate the corpse of SOPA — the Stop Online Piracy Act — calling on government to exert more control over the Internet, even though Sony’s nightmare before Christmas likely started with an email.
“Companies are still staggeringly bad at protecting information,” said Lisa Lynch, associate professor of journalism at Concordia University and research fellow at Princeton’s Center for Information Technology Policy. “Sony was hit by malware, but their data breach was helped along by the fact that Sony kept thousands of sensitive passwords in a file marked ‘password.’”
The JPMC hack, Lynch said, could have been prevented with simple two-factor identification.
It remains to be seen how well the “Be less careless with data Act of 2015” will fare in Congress, but even before Sony, the attacks on Target and Home Depot reveled how messy the line is between government and corporate cybersecurity. Analyst Brian Krebs traced the origins of the malware used on the big box retailers to code developed by hackers opposed to U.S. intervention in Libya, Syria and Ukraine.
And the summer saw more than a few raised eyebrows when retired Gen. Keith Alexander used his long tenure as head of the NSA as justification for his seven-figure consulting fees. Though Alexander denied any impropriety, he traded on his deep connections inside the national security establishment, and his deep knowledge of malware variants of something called “Wiper,” which have financial institutions quite nervous. Wiper, it should be noted, is itself a variant of Stuxnet, the virus used to damage the Iranian nuclear program. It was developed by the National Security Agency and Israeli intelligence while Alexander was atop the NSA. (The U.S. has never officially acknowledged its involvement with Stuxnet.)
So, does all of this make the coming year a more dangerous time for the increasingly wired world?
“Certainly the average American probably feels that their data is a lot less safe from either government or criminal intrusion than it might have been a year ago,” Lynch said.
Whether or not that is actually true, Lynch believes the extra attention paid to the risks is a good thing. “It makes us more proactive about protecting data, and helps spur more research on privacy protection.”
But Lynch also worries that too much aversion to risk will paralyze innovation and growth — to say nothing of the casus belli it gives government to further spy on individuals and shackle the Internet.
The Snowden leaks have already shown many where that can lead — and there are still untold volumes of that information awaiting release in 2015.