- Error
-
- The template for this display is not available. Please contact a Site administrator.
Data leaks and what they could mean for business
There has been large and on-going coverage of the leaks made by the NSA contractor Edward Snowden and the revelations regarding collection of huge amounts of telephony and internet data by the US and UK’s intelligence services. This has further escalated the debate about the over-reach of the intelligence services’ mandate in the “War on Terror”, its proportionality and its effect on privacy.
There has been large and on-going coverage of the leaks made by the NSA contractor Edward Snowden and the revelations regarding collection of huge amounts of telephony and internet data by the US and UK’s intelligence services. This has further escalated the debate about the over-reach of the intelligence services’ mandate in the “War on Terror”, its proportionality and its effect on privacy.
At ICC Commercial Crime Services we have been closely monitoring this story and its ramifications for private business. For a number of years this kind of monitoring has been an open secret of which we regularly warned delegates of our regular Internet Intelligence courses. The recent revelations have confirmed both the size and scope of the data collection that has been going on.
Much of the debate has been about the governments monitoring private citizens, and how that can be balanced with the need for monitoring terrorists and organised criminals. There has been little said about the impact on private business, though the ramifications here are substantial.
Companies need to be able to keep parts of their business secret, to protect their intellectual property, in particular during investigations of criminals and fraudsters trying to harm their business. Recently developments have been unsettling, with the voluntary closure of encrypted email service Lavasoft and encryption service Silent Circle removing their encrypted email services stating that: "e-mail as we know it today is fundamentally broken from a privacy perspective". Encryption is not just of used by terrorist and organised criminals and if encrypted emails can no longer be thought of as secure where does that leave private business?
Part of the leaks included revelations that any encrypted data the NSA finds is captured and stored indefinitely until technology has advanced enough to decrypt this data. With the on-going developments in quantum computing the prospect of all this data being decrypted may not be far off. Companies who value their IP may be concerned to think that everything they have ever securely emailed is sitting somewhere on the NSA servers waiting for a time it can be decrypted.
“One argument in favour of this kind of data collection is that the US and UK governments are only looking to stop terrorists and organised criminals, not spy on innocent people and companies,” says ICC Counterfeiting Intelligence Bureau Assistant Director Max Vetter. “However, one of the clauses used for this data collection includes “economic well-being”, an arbitrary catch-all clause could mean anything at all. Could this mean the “economic well-being” of a US based company, and therefore the US, over that of a Chinese or British one? This could blur the line between data collection for “economic well-being” and simple corporate espionage.”
Another important question is who can we trust with this data? In the US there are reportedly a mind-boggling 4.9 Million people who hold a security clearance, and 1.4 Million of them who hold “top-secret” clearance.
“The US knows to its chagrin (with Bradley Manning and Edward Snowden) that not all of these people can be trusted to keep this data secret. It is not too difficult to imagine that some of these people have less moral and more financial interests in this data, and secret data breaches are far easier to hide if they do occur” continued Mr Vetter.
Another area of concern is the close relationship between the US defence industry and its private sector clients with a proven revolving door of employment opportunities between the two. These companies may well be looking to have advantage over their competitors in the market place, and having access to large amount of data held for “economic well-being” could well be the advantage they need.
The ICC Commercial Crime Services runs a bi-annual Internet Intelligence course. This course teaches delegates to find better information online in less time, at less cost, with less risk TM. The course also deals with encryption and meta-data techniques that are even more applicable given recent news coverage. For more information go to www.icc-ccs.org/IIcourse.