For now, at least, companies don’t have to worry that government is monitoring their every move and transmission. However, the IT community should be worried about losing its battles with the government—specifically the National Security Agency (NSA)—over encryption technology if a major terrorist attack happens again in the U.S.
“They have incredibly increased the technical capabilities to collect information,” said Seymour Hersh, a renowned investigative journalist who writes regularly for The New Yorker. “The rub is, they can’t do much with it.”
Speaking Wednesday before an international group of security professionals, Hersh was the keynote speaker for Gartner's annual “Information in an E-Business World: Coping with the Threats,” held June 5-7 in New Orleans.
Since the fall of the Berlin Wall in 1989, the NSA has suffered budget cuts, a major flux of talent and experience, and an evolving mission that includes investigating bribery and helping fight the war on drugs, Hersh said.
“The NSA isn’t getting the people it needs,” Hersh said. “Private enterprise is.”
Too much information?
The NSA operates an information-collection effort named Project Echelon. The international press has theorized that, through this project, a network of satellites allowed the NSA to monitor all overseas transmissions and spy on individuals on a level that would match Hollywood’s depiction in “Enemy of the State.”
After investigating the NSA and interviewing officials on and off the record, Hersh—the journalist who shattered John F. Kennedy’s Camelot image and exposed the My Lai massacre—said he doesn’t believe it.
“Just the idea that all transmissions that are made abroad, for instance, are being targeted on a broad basis, I don’t see it,” he said in an interview with TechRepublic after the convention. “I don’t think [companies] have to worry about the NSA or any other intelligence agency picking up or breaking through their security, particularly not in overseas communication.”
This doesn’t mean businesses can do as they wish without fear of being caught. If the NSA targets you, it certainly is capable of collecting information, although it is more likely to use more traditional means—such as finding someone inside your company who will talk—than technology, he said.
The encryption battle is not over
In January, the Clinton administration eased rules on the export of encryption software despite concerns from both the FBI and the NSA.
Hersh dismissed an audience question suggesting that the NSA only surrendered on the encryption issue because it has already figured out how to break encrypted messages.
”Believe me, the NSA did not want encryption to be widely distributed because it absolutely impacts dramatically [the U.S.’s] ability to monitor information,” Hersh told TechRepublic. “The government’s always going to be behind the eight ball on this issue. It’s never going to be able to stop people from communicating with security, which means [the NSA] can’t intercept everything they want.’
And this victory doesn’t mean the IT industry will never have to battle encryption restrictions again.
“Right now, industry has won, but the government is not done with this issue,” he said.
If there is a major act of terrorism in the U.S., he predicted the government would wage a major public relations campaign against the IT security community.
“I think the government would really begin attacking, slugging away at you guys in your community, after an incident, and would get a lot of public pressure on you, and the press would go along,” he said.
Hersh recommended that the industry engage in a dialogue about how it will handle such a crisis. He suggested IT professionals consider the role of national security and how that relates to privacy rights and the rights of corporations to protect their communications.
“I think the community ought to be thinking in terms of some sort of potential posture,” he said.
Would you give up private, customer records if the government told you it was a matter of national security? E-mail us your answer or post below.