The question no one’s asking: how secure is PRISM?

Online security

Online security

Many are concerned about the National Security Agency (NSA) collection of data on US companies and individuals and the very real possibility that it has a way of directly accessing the servers of the world’s largest computing platforms: Google, Facebook, Microsoft, etc.

It’s certainly a situation that deserves attention and concern. But what’s missing in this discussion is this: how secure is the NSA’s spying system?

If a foreign entity wanted to spy on US companies or individuals, would it try to tackle the problem directly by targeting the specific company or individual in its electronic spying attempts? It might, but that’s a lot of work for an uncertain payoff.

A much more efficient approach would be to hack into a surveillance system that already has access to the information. Far better to hack into the NSA spying system at Google, or at Facebook, or at Microsoft (if such an NSA system exists, of course).

In early 2010 Google discovered that Chinese hackers had gotten into its systems. Who did it call to help deal with this problem? The NSA.

This puzzled me tremendously, why would Google, with its enormous brain trust of the world’s top computer experts call on the NSA? Why didn’t Google have the means, the expertise, to deal with this problem directly and solely?

It makes sense if it was the NSA’s spying system that got hacked within Google.

The search giant knows its own systems and how they can be protected but it doesn’t know the NSA’s computer systems and how they protect themselves. It makes perfect sense to call in the NSA to help plug this hole because it’s a hole created for the NSA which the NSA might have left vulnerable in some way.

The NSA also employs the world’s top computer experts but it’s not infallible. Everyone knows that there’s no such thing as a completely secure system. The greater danger in the NSA’s spying activities is not from the NSA itself, but from the many nefarious foreign national, and international criminal enterprises, that find a way to exploit the existing spy systems so thoroughly crafted, and so thoroughly extensive, that have been built by the NSA.

The danger from allowing the NSA to have deep access into the data systems of US companies is that that very system creates an enormous vulnerability that would not have existed. Hack into part of the NSA spy network and you have access to a mass of private data that would be near impossible to collect in any other way.

It’s ironic that the NSA’s activities to improve the security of the US have created the nation’s largest security risk of them all.


This article by Tom Foremski originally appeared on Silicon Valley Watcher, a Burn Media publishing partner.

More

News

Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.