Cameron may make the same mistake as the NSA by prioritizing offense over defense
David Cameron is planning to make the same mistake the National Security Agency made years ago: exploiting new technologies instead of working to defend them. In addition to his proposal to ban encrypted software in Britain, the prime minister is also expected to ask President Obama to pressure tech companies in the United States to work more closely with British authorities.
All this despite the revelation of a secret cybersecurity report in which the US warned the Government Communications Headquarters (GCHQ) intelligence agency that encryption is critical to the protection of the private data intelligence agencies want to protect. The report, written in 2009, was provided to the Guardian by Edward Snowden in June 2013.
This report is just the latest example of mounting criticism over the NSA and GCHQ's decision to prioritize offensive capabilities over defensive actions. The NSA in particular has been roundly derided for stockpiling security vulnerabilities which could be used to snoop on Americans just as easily as they're used to surveil people in other countries.
Perhaps the most compelling argument for these agencies to focus on defense rather than offense comes from Snowden. As the former NSA contractor-turned-whistleblower told author James Bamford in a video interview about "cyberwar" conducted in June 2014:
What we’ve seen over the last decade is [...] a departure from the traditional work of the National Security Agency. They’ve become sort of the national hacking agency, the national surveillance agency. And they’ve lost sight of the fact that everything they do is supposed to make us more secure as a nation and a society.Then, later:
The reality is, when you make those systems vulnerable so that you can spy on other countries and you share the same standards that those countries have for their systems, you’re also making your own country more vulnerable to the same attacks. We’re opening ourselves up to attack. We’re lowering our shields to allow us to have an advantage when we attack other countries overseas[...]The argument for intelligence agencies to focus on improving digital security didn't change much between the 2009 cybersecurity report and Snowden's 2014 interview. Some data needs to be kept secure, and in order for that to happen, governments must accept encrypted software tools which discourage others from conducting surveillance.
In his rush to increase the British government's surveillance capabilities in the wake of the Charlie Hebdo shooting, Cameron is about to make the same mistake the NSA (and the US national security apparatus in general) made after the World Trade Center attacks in 2001. This could eventually come back to bite him -- and us -- right in his undefended ass.