Sunday, June 23, 2013

Surveillance and Google Apps

What intrigues me about the reaction to allegations of government surveillance is how little people understand about the nature of the internet.

Perhaps the worst offender is the technologist who thinks they're unaffected because they don't use 'cloud services'. This is usually wrong for two reasons.

1. If you are connected to the internet, you are in the cloud. The term cloud is a euphemism for the internet and once you are on it, you are part of it, wherever your server or computer is located. 

2. If governments have persuaded Google, Apple and Microsoft to allow back door access to the software on their hosted servers, why not the software they provide for us to run on our own servers?

Windows Server; Windows 8; MacOS; Exchange; Sharepoint; Outlook; IE; Chrome; Safari; etc are provided by the same companies being accused of opening up their cloud systems to US government. And Linux is rarely distributed without a repackage. Do you really know what's in the source code of your VPN solution?

I've met more than a few IT professionals who say they would never use a US based cloud service to run email, yet the secure alternative they advocate involves an operating system, email service and firewall provided by the same companies. 

So, this isn't a question of security, or cloud vs onsite. This is about whether we can trust technology providers like Google, Microsoft, Amazon and the like not to break the law on behalf of government.

The early claims about PRISM allowing government back door access to Google and Microsoft servers have been denied, but the interest of government in data transmitted over the internet is without question.

Much as I'd like there to be a technological solution, beyond not using the internet and third party software, I think the best we can do is educate users (and that includes technologists) about the inherent implications of working on any network based system.

We've also got to hold software firms and governments to account, because however much we'd rather not, we still depend on them (and need to trust them) if we are going to use the internet in any shape or form.