It's time to stop whining about the NSA and start building solutions

It's time to stop whining about the NSA and start building solutions

Summary: The world is changing. Fortunately, the tech industry does one thing very, very well: innovate in a changing world.


Ever since Edward Snowden dumped his load on collaborating journalists more concerned with stickin' it to The Man than with the needs of mankind, the IT industry has been taking it on the chin.

You have to admit, we've had a rough year.

This is an arms race. Willing or not, the tech industry is now a front-line combatant.

It's not just the never-ending blizzard of Snowden flakes flowing over the NSA, it's everything else, too. It's the ginormous breach of credit cards at Target. It's the allegations of spying by the Chinese, culminating in a Justice Department indictment of Beijing officers. It's breach after breach after breach.

And then comes the big revelation. The one that goes beyond "this far and no farther," the straw that broke the camel's back and opened up a can of worms. Yep, Cisco.

Glenn Greenwald, the Snowden flak who made his career this last year on the back of America's security, has a book to hawk. In it, he releases yet another revelation from the Snowden archive. For those of you keeping track, Greenwald's first revelation came on June 6, 2013, which means he's been flogging this horse for 347 days now.

The book contains pictures of so-called "upgrade stations," where the NSA supposedly intercepts Cisco's supply chain and "upgrades" the company's gear so the NSA can gain back-door access.

Even though, as ZDNet's Larry Dignan points out, "links to the actual source information are hard to come by," the damage is done. True or not, Cisco, one of America's greatest technology firms, is under the gun. And, as Cisco boss John Chambers said in a letter to President Obama, "Trust with our customers is paramount, and we do everything we can to earn that trust every day."

Even before Chambers sent his letter to the White House, Cisco general counsel Mark Chandler wrote a similar comment in a blog post, saying, "...We have built and maintained our customers’ trust. We expect our government to value and respect this trust."

Chandler even goes on to quote IBM's general counsel Bob Weber, who wrote in March, "Governments must act to restore trust."

Here's the thing. It ain't gonna happen. That train has left the station. That dog won't hunt. That horse has left the barn. That goose is cooked.

Trust ... of the international, geopolitical variety anyway ... is no longer an asset you can include in the goodwill column of your balance sheet. Give it up.

Look, I'm not saying this is a good thing. I'm not saying it's a bad thing. Those arguments and debates will be ranted about in the blogosphere for years to come.

No, what I'm saying is you're tilting at windmills. You're fighting a force of nature.

I'm not just talking about the NSA. I'm talking about the GCHQ. I'm talking about all of the intelligence agencies in all of the major countries in the world. Nations spy on each other.

In our world, with increased cyberterrorism, with real, physical terrorism, and with Putin's apparent desperate wish to go back to the USSR, America and the other nations are not going to -- no way, no how -- give up their key intelligence resources.

It would be stupid and irresponsible for them to do so.

So, no matter how much Cisco (and the rest of the tech industry) may be concerned that government spying (or "upgrading") may "undermine the confidence" of customers, polite letters to presidents (and for sure, blog postings) aren't going to change anything.

This is, quite simply, an arms race -- and the tech industry is now, willing or not, a front-line combatant. We can't count on the world going back to the way it was, with American gear used everywhere just because it's the gold standard. We can't assume questionable competitors like Huawei will never get get a leg up simply because they're not born in the USA.

The world is changing. Fortunately, the tech industry does one thing very, very well: innovate in a changing world.

Do you want unbreakable encryption? Don't whine about the NSA tapping your email. Develop unbreakable encryption technology like covert pulse-position modulation that makes the very existence of a message undetectable.

Explore cryptography that occurs at the quantum level and almost magically disappears if observed without the proper key. This type of research is already underway in labs and universities.

It's doable. Scientists and spies have been developing and defeating encryption and decryption technologies for thousands of years. It's going to keep on happening.

Likewise, consider the concern about the integrity of American technology's supply chain.

Back in 1982, seven people living near Chicago died because their Tylenol capsules were laced with cyanide. Their killer was never found. In the month following the Tylenol deaths, the FDA recorded more than 270 additional incidents of product tampering. Tylenol was removed from shelves across the country.

Product trust was at an all-time low. But, as TIME reported, "In the wake of the Tylenol poisonings, pharmaceutical and food industries dramatically improved their packaging, instituting tamperproof seals and indicators and increasing security controls during the manufacturing process."

Yes, product safety standards and legislation was also put into place. But it was the industries themselves, in response to customer fears, that instituted innovative safety measures that has, pretty much, kept the public safe.

This can and should be a model for the IT industry.

Bad people are out there. Criminal organizations are out there. Rogue nation states are out there. Our own governments -- and our allies -- are out there. All of these actors will do their best to meet their agendas without regard to how that might damage our industry.

Whine all you want. It's a force of nature. It will happen. There will be spying. There will be tampering. There will be supply chain interruptions.

Spies will be spies.

There is a defense: innovate around it. Build tamper-proof supply chains. Build the equivalent of CRC checks into hardware packaging. Do everything possible to insure the integrity of security code -- whether closed or open source.

Work with governments -- within limits -- as partners because it is in the best interests of your shareholders, your customers, and your fellow citizens to do so. Terrorists need to be stopped.

It's important though, to not throw out the baby with the bathwater. In the quest to stop terrorist attacks, we cannot destroy our own most innovative industries and thereby cause irreparable damage to our economy.

It's a game of balance. But it's also a game where the most innovative will win. No industry is more innovative than the tech industry. We have everything we need to win, regardless of the terrorists -- or the politicians.

So, yeah, go ahead and write letters to the President or to the local representatives in Congress. But when we're done spitting into the wind, it's time to man up. It's time to go back into the lab and build solutions to this problem.

After all, that's what we do isn't it? Build solutions.

What's your solution? Share in the TalkBacks below.

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at

Topics: Government US, Government, Privacy, Security


David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • This is so wrong...

    You are guaranteed that your government will not spy on you without a warrant. Giving up means you do not deserve to be free. Free or slave. There is no other state of man.
    Tony Burzio
    • 4th amendment is flawed in the digital age

      What good is it to deny the government access when everyone else in the world has it, and you voluntarily gave it to them?

      Normally I'm against whatever position David Gewirtz is advocating simply because I see him as being pro-government. But in this case he's right. Accept that they, along with everyone else, are going to be snooping on your communications. Adopt countermeasures because there's no way to guarrantee protections legally.

      Which means we can not allow the government to implement restrictions on our using those countermeasures. If you lock your phone, the Border Patrol can't demand you unlock it. If you encrypt your hard drive, the cops can't demand you log them in. If the feds are trying to remote image your house, they can't demand you not install a faraday cage around it to block them. Yeah, it IS an arms race; the people against the government, the corporations, and everyone else on the planet.
      • What?

        If you leave your doors open to everyone, government still can't search your house unless they either have warrant of your explicit permission ("May we come in?")
        • Rights Gone

          That is so past tense. No knock warrants, secret wire taps, customer loyalty cards, Google etc. Your privacy is gone.
    • What constitutes "spying"?

      That such a broad term in today's world.

      Is having a software program scanning millions of emails looking for keywords like "bomb", or other such term be considered spying when neither the software program retains or understands anything about the previously scanned emails, and no human at the agency ever looks at it or knows that it exists?

      I'm not saying it's right or wrong, I'm wondering if it's considered spying, as when Google does the exact same thing, it's called "advertising".
      • What constitutes "spying"?

        You don't seemingly understand their concept, as they vacuum everything

        and then may sift them at their leisure.
        • That's not how it's done, as why I asked the question

          they don't collect everything and read it all, they do exactly what Google does (as I read they did help the NSA develop the technology)

          They have a program that scans everything looking for keywords. Not a human reading each one, just a computer algorithm scanning everything.

          Sure, they'll read the ones flagged, and I would say that's being spied apon, but the unread ones? No, not being spied on.

          Like I said, Google does the exact same thing, but without the reading part. Are they spying, or advertising?
    • The question is...

      ...what is to be done about it? David is right that sitting and complaining isn't going to do anything at all.
      John L. Ries
      • How about...

        admitting it first? As long as David (supposed to be a journalist) hold the opinion that Glenn Greenwald "made his career this last year on the back of America's security" - nothing will change... Until NSA, CIA, FBI, etc. stop lying to congress - nothing will change. Until intelligence committee keeps stops justifying surveillance and stops calling Snowden "traitor" - nothing will change. What David calls "whining" is part of the process of changing minds and opinions of people on the subject.
        • Neither of us...

          ...has any control or even significant influence over David Gewirtz or Glenn Greenwald. We do have some control over ourselves, however, which was my point.

          And you can disagree fully with David Gewirtz on the nature of the US government in general and intelligence agencies in particular and it wouldn't in any way negate David's point in this article, which was that those concerned about spying should be working to defend their data and otherwise doing things to address the situation, instead of just complaining about it; and on that point at least, I think he's absolutely right.
          John L. Ries
          • No...

            I think you missed the point entirely john... there is absolutely NO real accountability at this point and the ONLY way to convince courts (and some politicians) is to constantly bring up the abuses! But the most alarming is that this same author wrote previous articles on negativity to Snowden (whistleblower, NOT traitor) and now wants to the media to just move on... NO! I see no apologies for being niave, dumb or cynical... do you? And for some folks in the agencies (yes, that is plural)... some liars, abusers and down-right preeks are STILL there, in power. They may have a "retired" in their label.. but don't let the wool mask over your eyes! We need accoustability and prosecutions first! THEN we can move on! I so tired of this Obama mentaility... let's just move on! Screw that! I'm about to go postal! lol.
          • And how is that going to happen?

            Are you hoping for a liberator?
            John L. Ries
          • re: Neither of us...

            > David's point in this article, which was that
            > those concerned about spying should be working to
            > Defend their data and otherwise doing things to address the situation

            David is speaking to the tech industry, to "go back into the lab" and build solutions. But I might note that before Snowden the tech industry was hand-in-glove with the NSA. It's irrational to trust the tech industry and it's not feasible for individuals to go back into the lab and build their own solutions. While you can't just whine forever, it is a good place to start. The whining has been heard in DC after all.
            none none
          • We are the tech industry

            It doesn't mean that all or even most of us are self-employed, but we do have influence which we can use as we think proper. And we have the tools to build things on our own initiative after hours.
            John L. Ries
  • "American gear used everywhere just because it's the gold standard"

    Agreed. You've managed to do a good job of ensuring that companies do good due diligence and weight up all the options worldwide before plumbing for Cisco equipment built pre-installed NSA spy-ware............
    • Sorry so far all we has is some flake

      with a picture that can't be verified or confirmed. Might as well be an internet new story...
  • Whining? WHINING?

    So, in Gewirtz's book I guess having concerns about wholesale violation of the Constitution is "whining". Rampant data collection by an agency with no accountability is "whining".

    Until we get real answers and not simple placation, I think we should whine a little louder.
    • This is why

      Political shills shouldn't be posing as tech experts...Mr. Gewirtz should just crawl into Obama's bed and be done with it.
      Iman Oldgeek
    • Try looking at the entire environment

      What good does it do to have the government steadfastly following the 4th amendment when everyone else on the planet is snooping on you and consolidating, correlating and analyzing your data? Realistically, the federal and state governments don't even need to snoop on you directly; they can just snoop on the commercial and private snoopers.
    • Sadly - you are still whinning, and making so much noise

      you are missing the point. If you step outside of your nice free living room and job and food on the table, and stop being ignorant, you will realize there are 100's if not 1000's of people out there willing to do bad to this country and it's freedom's and they could give a rats rear about you and your constitutional right, in fact it's that freedom and documents that give them anger to begin with (do a little research). What he is saying is bottom line you can complain all you want to but to give up spying and intelligence is a recipe for disaster and it's going to happen you moaning about it or not. What he is saying is you be smarter and go around those things. We are so ignorant to think that we are the only country doing this. Even the messed up EU countries are doing this, so while you think you are losing your freedoms you can go else where and lose them faster. The problem is we are late to the game. We will ALWAYS need to spy and gather intelligence. And sadly because we are so free to come and go it has to be done here. To think that should go away and not happen is just plain stupidity. And the thing I find funny is if something happens again the people moaning about the rights will be the first people to say "why did you do something about this!" We have NO idea how crazy the world is and scary - my family works for the FBI - trust me you would crawl in a hole if you knew what was going on out there.