Morning Must-Read: Daniel Davies: Every Single IT guy, Every Single Manager…
Daniel Davies: Every single IT guy, every single manager…: “In the general debate on email spying and… NSA/Snowden…
…people who want to dismiss the whole thing as ‘no big deal’ are… totally underestimating the… blind trust… required of them…. Even opponents of ubiquitous surveillance… assume that the institution which has access to your information is the institution which collected it. But that’s not necessarily the case at all. The Leveson Inquiry… demonstrated that the Police National Computer could be accessed by more or less any tabloid journalist with a phone and an account with a crooked detective agency…. Manning and Snowden… have made it clear that mid-level employees can get access to huge amounts of top secret data as long as they’ve got the wit to smuggle it out on a thumb drive. So the question is not so much ‘do you trust the CIA/NSA/MI6/etc?’. It’s “Do you trust every single sysadmin… analyst… middle manager?”. The CIA might not be interested at all in my dull mobile phone conversation metadata, but someone else might–the Leveson inquiry was told how the UK’s PNC was used by one copper to check out his daughter’s new boyfriend…. The policies which might prevent [our data] from being accessed by blackmailers, tabloid journalists, nosey neighbours and basically anyone else, are themselves top secret and not subject to any sort of legal oversight. This isn’t a conspiracy theory…. It’s based on the fact that big and complicated systems are set up to malfunction, particularly if they are able to declare themselves above any regulation…. And the way in which this particular system is set up to malfunction is easily predictable and potentially very damaging to innocent people. I am personally not at the stage where I trust every single person who might be hired for a low level IT job in a security agency, and I’m not sure that I trust an entirely opaque set of safeguards with no accountability either.