Hello everyone! I have been at Enterprise Management Associates for a couple of months now and decided that it is time to write an introduction and blog. For those of you who have been following the blog from Scott Crawford, I hope you will find my blogs stimulating and possibly entertaining. I tend to throw a few zingers in on occasion for a little humor as sometimes security writing can come across a little dry.
I have been in the security business for almost 20 years, which makes me feel as old as my kids say I am. In that time, I have worked outsourcing operations and internal Information security for fortune 100 through local government to SMBs in multiple verticals. I am also a part time educator for Capitol College out of Laurel, Md. You can see my full bio here.
Please feel free to follow me on twitter where I try to focus on relevant and timely security technology, issues, and articles (not my current lunch menus or the color of a house…) @SecurityMonahan
There is always a lot going on in security, which is good for those of us in the field. On this particular occasion I had some thoughts on the recent article from the Washington Post with the latest revelations from Snowden on the NSA tracking of US citizens. (Warning! It is a long article.)
The first thing I have to say is, why is anyone shocked about this?!? Governmental law enforcement and intelligence agencies have been doing this for years.
Various organizations and their precursors were involved in unsanctioned and/or questionable, rights infringement surveillance on US domestics well before the Internet – back in the 1950s during the Red Scare and McCarthyism. The law enforcement and intelligence communities are voracious and insatiable information consumers so you have to expect it to be tapped into the Internet backbones and data centers to “feed the need”. Since the Information Age has begun, there have been programs such as FBI’s Carnivore (fall of 1997) gathering data from Internet and other communications. Given the historical examples and functional purposes of these organizations, no one should be in the least surprised.
A common justification for these types of surveillance is, “If you have nothing to hide then you shouldn’t care.”, or something similar. These arguments are intrinsically flawed. With bulk data
(actual or meta) gathering, comes privacy loss. Going with the presented argument, those who say bulk surveillance should be allowed are by extension saying that recording of lawful activities in our bedrooms and bathrooms is ok. Though there may be no illegal activities going on in those locations, no one wants them recorded because they feel entitled to privacy during those activities. Our phone conversations don’t usually contain illegal communications but they are ours and meant for the intended recipient only.
We have an expectation of privacy without illegal activity.
I welcome thoughtful comments and discussion.
In Part 2 I will speak further on this and ultimately how we can improve our privacy on the web.