Security

Understanding Snowden's impact on IT... in 2 minutes

When Edward Snowden leaked 200,000 classified documents that uncovered the NSA's digital surveillance programs, it rocked the IT world. We break down the three biggest impacts.

When we look back at 2013 a decade from now, the one technology story that's likely to have the biggest long-term impact is the Edward Snowden revelations. 

While there were major password breaches at Adobe, Evernote, and Twitter as well as the Healthcare.gov debacle, nothing rocked the IT world more than the 200,000 classified documents that Snowden leaked to the press, uncovering the NSA's startling digital surveillance programs that reach more broadly across the Internet than even many of the most extreme conspiracy theorists would have feared.

While the U.S. government defends the program as court-supervised and a powerful tool that has thwarted terrorist attacks and protected citizens, there's no doubt that the Snowden revelations have had a chilling effect on the technology world. 

CBS Snowden
 Image: CBS

Here are the three biggest impacts:

  1. Organizations are re-thinking how to effectively encrypt their most sensitive data
  2. International organizations are looking at ways to do less business with U.S. companies, since the NSA has direct backdoors into many of them.
  3. The brakes are being put on cloud computing by some organizations, as they consider whether they want their data so easily accessible to surveillance agencies.

As one IT architect said, "The USA's global surveillance efforts have done more to damage cloud deployments than any amount of FUD."

To dig deeper on this topic, see the links below. Then, join the discussion in the comments.

Resources from TechRepublic

Resources from Tech Pro Research

Tech Pro Research is a joint venture between ZDNet and TechRepublic that includes exclusive in-depth features, original research, ebooks, and IT policy templates, all aimed at helping technology decision makers.

About

Jason Hiner is the Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He is an award-winning journalist who writes about the people, products, and ideas that are revolutionizing the ways we live and work in the 21st century.

20 comments
Jed Stuart
Jed Stuart

@doreen.mallett 5ptsFeatured
Dec 2, 2013,

"All the bigshot countries spy on each other and on people both their citizens and others. The extent is simply a matter of the level of sophistication that they have attained. What's more is that all the leaders know it. They are pretending at being surprised. If I were an American I would be quite mad at Snowdon. 

Anyway what I am most astonished (indeed outraged) at is the looseness in security. How could they have been so careless to let Snowden steal all these documents! This is Third World behaviour!

Indeed I can understand the nervousness in the IT world."

I am so tired of people who say we have no privacy now so, don't worry about it.  Did you miss the part about how international companies are finding ways to not do business with American companies because of all of the back doors.

I am glad Snowden did what he did and I am an American.  It puts it into the public debate where it should have been a decade ago.  If people would like to start protecting their privacy I suggest that they check out epic.org (electronic privacy information center). 

doreen.mallett
doreen.mallett

All the bigshot countries spy on each other and on people both their citizens and others. The extent is simply a matter of the level of sophistication that they have attained. What's more is that all the leaders know it. They are pretending at being surprised. If I were an American I would be quite mad at Snowdon. 

Anyway what I am most astonished (indeed outraged) at is the looseness in security. How could they have been so careless to let Snowden steal all these documents! This is Third World behaviour!

Indeed I can understand the nervousness in the IT world.


adridlee
adridlee

500 years ago, and 5000 years ago, governments had organised methods for conducting surveillance on their citizens (or subjects) at every level. They used people to spy and report on people. Ubiquitously, as far as they felt they needed to. Governments were always able to know stuff to a considerable level of detail about the people within their realms that they identified as potential threats. They always used the excuse of 'the dangerous other' to justify these activities. Of course these giant powerful people all eventually failed in their endeavour to keep the status quo exactly intact - they have all been overthrown in one way or another by the unexpected innovations of people, leading to cut a long story short to our modern world. The technology is different. That's all. It's irritating but ultimately it is surmountable. As per that ole Talking Heads ditty: Don't Worry Bout the Govermint...

Yowye
Yowye

Who really cares... everyone has secrets, I mean.. lets get serious, everyone has always known that there were agencies in every country and every government or organizational system, that has spied in one way or another to get the dirt on someone else. If anyone has thought otherwise... then someone out there really has discovered time travel, due to the fact that you would of had to have been brought out of the ancient past, not to have understood this simple realistic factual truth. Snowden is no more a hero than he is a criminal, no more a savior than an anarchist, no more guilty than he is innocent. What he revealed... everyone already knew, the only difference was that he gave the proof to back it all up. Whippy do da day, Like seriously... who cares... except for the extremely paranoia, and the bad news for them is... there's just going to be more of it.  

mtnman28715
mtnman28715

Snowden is a hero - no questions asked. Anything we can do as IT professionals or as mere mortal citizens to prevent the government from taking away our liberties is our responsibility as Americans. 

cybershooters
cybershooters

The impact I've seen is that people have stopped trusting CAs since the information about GCHQ having spies working at them has come out, because clearly they've compromised the root CA certificates, so lots of people are going back to lengthy pre-shared keys.  Which are a pain, but provided they're done right, brute force is the only way to crack them.

The other thing is that I know govt. agencies that already had policies forbidding the storage of documents in the cloud, e.g. Skydrive, but that was more about not losing documents when the employee left.  Now it's gone from being a minor issue to a major one, no-one wants anything stored in a data centre in the US.  If you set up a website for example, people want to know which country the host is in.

I think Google is the one that gets hurt the most because people are now saying things like Google Apps are untrustworthy, because GCHQ has apparently tapped the lines through the Irish Sea.  The more people hear about it, the more concerned they get, for example I can think of several people who've switched to Yandex.  I can't see how Google can walk a tightrope between co-operating with agencies and telling everyone it's all secure, they're going to have to choose one or the other and only give up information when legally compelled to do it.

mr.biscuit
mr.biscuit

Quicker explanation of impact:

A fifth grader ran into the kindergarten class and announces "There is no Santa Claus!" and shared some of Dad's pilfered porn stash of Hustler magazines with them, too.

And now the adults have to smooth things over and hope the kids forget seeing a mons venus and go back to innocently watching cute animals and chatting in that "world watched over by machines of loving grace" that Santa brought them for Christmas.

Welcome to the real world, kiddies ... and pay no attention to the code behind the portal.


JonathanPDX
JonathanPDX

It's so typical of government bureaucrats to shift the blame for their complete and utter failure away from themselves and onto Edward Snowden. And it's too bad he has to suffer the consequences for exposing such ineptitude rather than those actually guilty of betraying the trust of Americans (and pretty much everyone else as well.)

So now, instead of owning up to their mistake, apologizing and righting the wrongs, the government is going to brand Mr Snowden a criminal while doing nothing but finding better ways to hide their illegal activities. That just shows exactly how much the government really fears truth and transparency.

Better that the government should grant Mr Snowden amnesty, get the documents back and move on. Naturally that won't happen because the government will never be able to recover sufficiently from being caught with their proverbial pants down to do the right thing.


Snak
Snak

If every other person was a Snowden, there'd be no war on this planet. Corrupt governments would be a thing of the past, and, as all governments  would effectively be transparent, no more distrust. Any government who DID hide behind electronic secrecy would stand out like a sore thumb and their obviousness suspicious.

How many times are we told that honesty is the best policy? This is simply because, it is. Deception will always be found out and its existence can only perpetuate suspicion, accusation and military reaction. Surely we are advanced enough now to do away with 'national identity', and consider ourselves inhabitants of Planet Earth. or Sol 3, or whatever you want to call it.

I don't care how 'American' you are, or how 'British' I am. National boundaries are artificial constructs anyway and first and foremost, we are Humans, from the 3rd rock. All of us. Patriotism is effectively bigotry, really.

Idealist view agreed - but idealist ideas are usually good ones, and only unworkable because of attitude  ......

TechrepLath
TechrepLath

The title is wrong. It should be "Understanding NSA's digital surveillance programs' impact on IT".


granitep
granitep

Thank you Matt - excellent comment

matt.durcan
matt.durcan

For the first time I have realised the fundamental incompetence of an agency which allowed an employee to download 200,000 documents without alarms being sounded. I hope heads have rolled - this has little to do with Snowden and a lot to do with the standards of security within NSA.

It has little to do with whether the NSA acts legally or morally - just to do with whether it acts competently. If I'm going to have my metadata, emails etc logged, I'd like it done securely please!

Why was the download totally unreasonable? - assume it takes 10mins on average to read a document (wild guess) then it takes some 33,000 hours to simply read them -  10 hrs per day for some 15 years - not to mention the day job!  It's pretty much a lifetime's work to read, interpret and catalog the material... so why did an IT Administrator "need to know" this stuff, why wasn't access controlled and logged so that he had no access and if he did get access, why was it not logged, flagged and acted upon.

And the Agency realised that it had a problem after he left? Exactly how do they manage to find their way to work without their moms helping them onto the school bus? Enemies of "democracy" rejoice, the "war against terror" is being fought by children.

The US wants to act against Garry McKinnon who gained access to secure systems a few years ago - but the NSA has demonstrated that the US has failed to get its act together since. It appears that Garry was harmless, but Ed is not.... well, NSA - you were warned! 

Perhaps we should celebrate Edward Snowden as the man who gave NSA the second wakeup call before it did any more harm through its incompetence.... and as far as we know Ed didn't get any nuclear missile launch codes - but the next person....????

ADorsai
ADorsai

Snowden may have stolen 200,000 sensitive documents, but so far only about 500 of those have been revealed.  What happens to the rest depend on what happens to Snowden, or so it's claimed.

flotsam70
flotsam70

@doreen.mallett

"All the bigshot countries spy on each other and on people both their citizens and others."

Yeah, so let's all just lay down and take it.


"If I were an American I would be quite mad at Snowdon."

Thank God you're not an American. The U.S.A. already has too many "Americans" that hate the U.S.A. Note: U.S.G. != U.S.A.


"This is Third World behaviour!"

ROFLMAO. You should try reading that a few more times. You must live in a parallel universe where third world nations can fund and staff vast high-tech surveillance operations.


Snowden did the world a favor by unselfishly outing the tyrannical practices of the NSA.

PhilippeV
PhilippeV

@mtnman28715 At least the world knows that they cannot trust the NSA which was better thought as alerting us of security issues and help solve them, rather than create them !

Now we can see the damages made by the NSA : by forcing various US providers to open lots of securitty breaches in their softwares, they've not only open the backdoor allowing them to spy everyone they want, but also facilitated a lot the many abuses made on the internet.

The NSA is directly liable for lots of damaged caused everywhere in the world by abusers, malware authors, and of the many billions stolen everywhere in the world by jhackers. The NSA has ruined the whole internet for years, and should be condamned to pay billions to many banks, and many people that and companies had their assets stolen !

The NSA is criminal, alied with criminals everywhere in the world that give them a thank you. We can now prove this fact. And USA should now be sent to an international court of justice for trial and to pay billions to many countries.

And yes we can no longer trust any "cloud" solution. Only one good solution: disconnnect the maximum you can from the internet, with physical separation (software solutions or even hardware appliances can no longer be trusted at all).

Also it's high time to deprecate fast all the US encryption algorithm: my opinion is that even the FIPS standard is broken in all its algorithms, including SHA-256 (or more), AES 256, all variants of DES, all RSA algorithms, because these algorithms must have been designed using another algorithm allowing in order that all passwords or encryption keys or signatures are cracked immediately by the NSA without even knowing the secret elements. The world has still not been able to revert engieneer how these algorithms were creates, but we can suspect that they were ALL designed with a hidden backdoor.

Time to go with other algorithms developped separately (e.g. European algorithms), or combine them in a way where a single SHA or RSA or AES algorithm will not work with their highly probable backdoor (not working in combination with another algorithm).

This means: 

- don't use SHA alone, use also Whirlpool (or similar) and check the two signatures simultaneously

- don't use DES or AES encryption alone, use another non-US encryption on top of it, with their own separate keys.

- don't trust program certificates that use only US algorithms

- dont trust programs only because their full source code is provided: compilers or standard libraries of OSes may alter the installable binaries generated from these sources.

- Windows is highly at risk of being completely broken. Time to go with Linux kernels, and with GCC compilers (don't trust Microsoft or Intel compilers, they are certainly inserting backdoors in the generated binaries, even when they are digitally signed with strong certificates, and even if these certificates use multiple check algorighms)

But more omportantly, now we can think about the inheret security of processors, which may already contain their own backdoors. Time to develop with open-sourced processors : abandon the x86 family made by Intel or IBM/AMD, or processors built by Apple, Motorola, nVidia...

A good solution: don't run native code software, run code in a managed VM like Java (but let's keep an eye on its standard core libraries that the VM must support, this means avoiding the Sun/Oracle implementation of Java, and even the Google/Dalvik implementation which is even weaker in its isolation mechanisms), at least this should avoid the native processor backdoors. Time to promote GNU Java.

May be this will mean a small decrease of performance, but computing performances have progressed so much and so rapidly that this small decrease will be forgotten very soon and will remain unnoticed for most applications (except for gamers looking for the best FPS rates, but they have little secrets to share when most games are played now on public Internet).


Papa_Bill
Papa_Bill

@Snak 
If national boundaries are artificial constructs, are also the desires for local self-government? Would that desire, and the support of it be bigotry as well? Is there any one philosophy that will serve the desires of all of us? Are we selfish to prefer a life in a community of like-minded people? Can we not respect the lifestyle of those who may not agree with ours? Can we accommodate other communities who wish likewise?
And, can we tolerate each other without finding mistrust to be mandatory?

Yeah, I know, questions, questions, questions...

cybershooters
cybershooters

@matt.durcan Well because he was the guy who was supposed to check up on security and put it in place.  I get the impression some of the stuff he got was out of browser and scanner caches, something an IT admin would need access to, just identify whose computer is whose, give yourself NTFS permissions on the folders and you've got everything, all you've got to do is wait for them to access or scan it.  You can only stop that by not allowing IT admins to do their jobs, really.  Might be able to turn off browser caches to some extent but it's got to be cached while they're physically using it.  At the end of the day all security depends on trust in someone, there's no computer program that can be turned over to.

mr.biscuit
mr.biscuit

@matt.durcan Good point.  The big question is not whether the NSA was/is operating legally, but rather why is the NSA so cavalierly unconcerned and incompetent about guarding and protecting both the gathered information and who gets access to the process.  The NSA is responsible for national security - not for creating a clearing house to distribute the nations secrets.  Did their folks gloss through the parts about  'bi-directional' properties in game and communications theory?

techrepublic
techrepublic

@ADorsai Russia will decide when to release the remaining documents. By the way, when another Power Point slide show is released with Snowden's name on it, is it really coming form Snowden? And if it is, how do we know it is accurate? He obviously has an agenda - don't be so sure you know what it is. I am an Australian and I don't trust Snowden any more than I trust Assange and I certainly don't believe Putin is interested in my personal liberties. Russia and China have an axe to grind with the USA. They would love to see less surveillance in the USA and more terror attacks - it makes them look better when they jail people for protesting.

info
info

@PhilippeV You make some good points but your solutions are nowhere close to being "secure".  Where are you from, may I ask?