It's time to stop whining about the NSA and start building solutions
Ever since Edward Snowden dumped his load on collaborating journalists more concerned with stickin' it to The Man than with the needs of mankind, the IT industry has been taking it on the chin.
You have to admit, we've had a rough year.
This is an arms race. Willing or not, the tech industry is now a front-line combatant.
It's not just the never-ending blizzard of Snowden flakes flowing over the NSA, it's everything else, too. It's the ginormous breach of credit cards at Target. It's the allegations of spying by the Chinese, culminating in a Justice Department indictment of Beijing officers. It's breach after breach after breach.
And then comes the big revelation. The one that goes beyond "this far and no farther," the straw that broke the camel's back and opened up a can of worms. Yep, Cisco.
Glenn Greenwald, the Snowden flak who made his career this last year on the back of America's security, has a book to hawk. In it, he releases yet another revelation from the Snowden archive. For those of you keeping track, Greenwald's first revelation came on June 6, 2013, which means he's been flogging this horse for 347 days now.
Tech Pro Research
The book contains pictures of so-called "upgrade stations," where the NSA supposedly intercepts Cisco's supply chain and "upgrades" the company's gear so the NSA can gain back-door access.
Even though, as ZDNet's Larry Dignan points out, "links to the actual source information are hard to come by," the damage is done. True or not, Cisco, one of America's greatest technology firms, is under the gun. And, as Cisco boss John Chambers said in a letter to President Obama, "Trust with our customers is paramount, and we do everything we can to earn that trust every day."
Even before Chambers sent his letter to the White House, Cisco general counsel Mark Chandler wrote a similar comment in a blog post, saying, "...We have built and maintained our customers’ trust. We expect our government to value and respect this trust."
Chandler even goes on to quote IBM's general counsel Bob Weber, who wrote in March, "Governments must act to restore trust."
Here's the thing. It ain't gonna happen. That train has left the station. That dog won't hunt. That horse has left the barn. That goose is cooked.
Trust ... of the international, geopolitical variety anyway ... is no longer an asset you can include in the goodwill column of your balance sheet. Give it up.
Look, I'm not saying this is a good thing. I'm not saying it's a bad thing. Those arguments and debates will be ranted about in the blogosphere for years to come.
No, what I'm saying is you're tilting at windmills. You're fighting a force of nature.
Special Feature
I'm not just talking about the NSA. I'm talking about the GCHQ. I'm talking about all of the intelligence agencies in all of the major countries in the world. Nations spy on each other.
In our world, with increased cyberterrorism, with real, physical terrorism, and with Putin's apparent desperate wish to go back to the USSR, America and the other nations are not going to -- no way, no how -- give up their key intelligence resources.
It would be stupid and irresponsible for them to do so.
So, no matter how much Cisco (and the rest of the tech industry) may be concerned that government spying (or "upgrading") may "undermine the confidence" of customers, polite letters to presidents (and for sure, blog postings) aren't going to change anything.
This is, quite simply, an arms race -- and the tech industry is now, willing or not, a front-line combatant. We can't count on the world going back to the way it was, with American gear used everywhere just because it's the gold standard. We can't assume questionable competitors like Huawei will never get get a leg up simply because they're not born in the USA.
The world is changing. Fortunately, the tech industry does one thing very, very well: innovate in a changing world.
Do you want unbreakable encryption? Don't whine about the NSA tapping your email. Develop unbreakable encryption technology like covert pulse-position modulation that makes the very existence of a message undetectable.
Explore cryptography that occurs at the quantum level and almost magically disappears if observed without the proper key. This type of research is already underway in labs and universities.
It's doable. Scientists and spies have been developing and defeating encryption and decryption technologies for thousands of years. It's going to keep on happening.
Likewise, consider the concern about the integrity of American technology's supply chain.
Featured
Back in 1982, seven people living near Chicago died because their Tylenol capsules were laced with cyanide. Their killer was never found. In the month following the Tylenol deaths, the FDA recorded more than 270 additional incidents of product tampering. Tylenol was removed from shelves across the country.
Product trust was at an all-time low. But, as TIME reported, "In the wake of the Tylenol poisonings, pharmaceutical and food industries dramatically improved their packaging, instituting tamperproof seals and indicators and increasing security controls during the manufacturing process."
Yes, product safety standards and legislation was also put into place. But it was the industries themselves, in response to customer fears, that instituted innovative safety measures that has, pretty much, kept the public safe.
This can and should be a model for the IT industry.
Bad people are out there. Criminal organizations are out there. Rogue nation states are out there. Our own governments -- and our allies -- are out there. All of these actors will do their best to meet their agendas without regard to how that might damage our industry.
Whine all you want. It's a force of nature. It will happen. There will be spying. There will be tampering. There will be supply chain interruptions.
Spies will be spies.
There is a defense: innovate around it. Build tamper-proof supply chains. Build the equivalent of CRC checks into hardware packaging. Do everything possible to insure the integrity of security code -- whether closed or open source.
Work with governments -- within limits -- as partners because it is in the best interests of your shareholders, your customers, and your fellow citizens to do so. Terrorists need to be stopped.
It's important though, to not throw out the baby with the bathwater. In the quest to stop terrorist attacks, we cannot destroy our own most innovative industries and thereby cause irreparable damage to our economy.
It's a game of balance. But it's also a game where the most innovative will win. No industry is more innovative than the tech industry. We have everything we need to win, regardless of the terrorists -- or the politicians.
So, yeah, go ahead and write letters to the President or to the local representatives in Congress. But when we're done spitting into the wind, it's time to man up. It's time to go back into the lab and build solutions to this problem.
After all, that's what we do isn't it? Build solutions.
What's your solution? Share in the TalkBacks below.
By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.