Recently, there have been various articles on the NSA and GCHQ (Britain’s Government Communications Headquarter) collecting date from “leaky apps”, including data from Angry Birds, Google Maps, Facebook, Flickr, or Twitter.
Surprise? No!
Look at another story in that context: There have been extensions to Google’s Chrome browser that have started to spam users with advertisements. What happened? Advertisement companies acquired the extensions and used them in a way unintended by the original developers. Once installed, there is no control over what extensions are allowed to do or not. The extensions are updated automatically. How simple would it be for criminals or for national intelligence services to do the same? Clearly, they would not push spam, but pull information.
Back to the apps (by the way, the same applies to the traditional web counterparts of these services, if there are ones)… The combination of a lack of security and the excessive collection of data about users and their behavior is what we would call a “gefundenes Fressen” in German. A ready-to-serve meal for the NSA.
Simply said: NSA and the others just piggyback on these services. Without companies such as Facebook, Google, or Apple, NSA would have a much harder play. The Reform Government Surveillance Alliance, driven by AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter, and Yahoo, probably is the most hypocritical alliance these days. Why did Apple not implement more user control of the collection of data by apps from the very beginning? Less data would have been available to the NSA. Instead of doing that, they removed apps helping the user in controlling app behavior from their appstore. Why did Twitter, Facebook et al not encrypt traffic from the very beginning? Some of the service providers do now, but most started far too late. NSA then still could have requested access to data, but it would have made the life and work of intelligence services tougher.
With more user control, more user consent, more built-in security, and options for the user to choose between free services (paid in the “privacy” currency) and paid services that ensure privacy, this situation would change. Yes, the companies would have to re-think their business models. But that is what will happen anyway, after Edward Snowden has opened the Pandora’s Box. Attention is still mainly on the behavior of intelligence services. But that will inevitably change.
When talking about hypocritical behavior, there are others to blame as well. The users that naively assume that there is such a thing as a free lunch when using free services on the Internet. There isn’t. If you know and accept this, fine. But then you shouldn’t blame the NSA for using that data as well.
However, my favorite example of hypocritical behavior is another one. My daily newspaper – and yes, I still read a print newspaper – is the local “Stuttgarter Zeitung”. Recently, they devoted the entire page 2 to the loss of privacy on the Internet. On the other hand, a few days ago they applauded themselves for having passed the number of 5,000 (or so) Facebook friends for their online presence. They have a Facebook plug-in on the website of their online edition. They support registering for commenting on articles in the online edition based on your Facebook account. Isn’t that the perfect example of hypocritical behavior: on one hand letting Facebook collect more data and on the other bashing on them?
It’s the decision each of us must make, which currency he wants to use to pay for services. However, we should have a choice. And the ones who are the enablers for the NSA collecting masses of data shouldn’t blame NSA – NSA just piggybacks on their business model. They could change this, starting with encryption of traffic and collecting only the minimum of required information, and ending with providing alternatives to “paying in the currency of privacy”. But we should end this hypocrisy. Bruce Schneier recently published two interesting articles that fit in the context here and here.