Beware the Hackers, Not the Bureaucrats

Protecting data from malicious actors is difficult, even for the government

However, people should not be so worried about the possibility of governments using their personal information against them. Security agencies are unlikely to solely use internet traffic as evidence to suggest that one has been involved in criminal activity. Additionally, stringent judicial processes are required and a fair hearing in court is also mandatory. As mentioned before, the governments of Western democracies are unlikely to oppress its people like China or North Korea, which some people outlandishly claim.

Nevertheless, people should still be worried about the government collecting their information. The internet has become a pernicious environment where anybody using it can be vulnerable to cyber attacks. The government is by no means exempt from this reality. For example, in June 2015 the US Office of Personnel Management suffered from cyber attacks that resulted in data of millions of government employees being leaked.

Central banks have too, recently, suffered from cyber attacks, exposing the loopholes in the systems they use to work with other banks around the world. It also shows that nobody on the internet is completely safe from such attacks. Cybercriminals and hackers constantly remain one step ahead of the defences meant to defend against them. Thus, with mass surveillance programs collecting vast amounts of data, it creates a gold mine of data of which hackers can use for a range of unpredictable and malicious means.

If a hacker is able to infiltrate government databases, they can deploy a range of different attacks to victimise potentially millions online. For instance, if cybercriminals were able to access the masses of website metadata, which the Investigatory Powers Bill would allow the UK government to do, then it could use the list of websites visited to construct dangerous social engineering campaigns. Hackers could identify the most popular websites people visit in the UK, and then portray themselves as legitimate businesses, via email, looking to buy ad spaces from those websites. Once acquiring these ad spaces, hackers could then place bogus advertisements directing anybody who clicks on them to infected webpages or initiate downloads of malicious software onto their devices. This process, known as malvertising, is just one example of how hackers can use the data collected by governments to cause havoc in cyberspace.

Both the US and the UK government have claimed that their electronic surveillance strengthens public safety. Yet, if the data centres consolidating all the information collected and intercepted by these programs were to be hacked into, public safety would be weakened.

This also extends to the private sector with narrow-minded legislation. While the Investigatory Powers Bill may help security agencies to obtain more information to crackdown on crime and terrorism, it also requires technology companies to essentially weaken the security parameters of their products, which may expose its users to the dangers of cyberspace. Weakening security does not have the eventual effect of making it stronger.

This, therefore, presents another important argument in favour of greater privacy; governments cannot guarantee that they can keep the data they collect safe from cybercriminals, and so should give greater consideration to preserving privacy and security instead.

NEXT | Who Wins?

Should privacy prevail, or does national security trump all?

BACK | Freedom to Search and Click

Mass surveillance can threaten intellectual innovation and creativity online