The Log4j vulnerability has demonstrated the importance of supply chain security. In this blog post we consider the best course of action that companies can take to protect their software supply chain.
“We the public are at one of the last points that we will have to make a difference in how normalised the culture of mass surveillance becomes.”
Following the cinema release of Oliver Stone’s latest biopic, Snowden, these words spoken by Edward Snowden himself remind us of what drove him to take controversial action in the name of privacy that made him the polarizing figure he is today.
Three years ago Snowden decided to take a moral stand against the authorities that employed him and lift the veil on how the U.S. had quietly turned itself into a surveillance state under the pretext of security.
We are still living with the repercussions. Speaking at the Black Hat and Defcon conference in August, Dan Kaminsky, a veteran tech security expert, claimed that “half of all Americans are backing away from the net due to fears regarding security and privacy.”
In this climate businesses have never had a more compelling reason to ensure they use all means at their disposal to safeguard the privacy and confidentiality of their data.
The good news is Virtual Private Networks (VPNs) remain a tried and tested aid to Internet privacy that has stood the test of time.
It is tempting to think of the Internet before Snowden as an age of innocence. A virtual world where consumers could browse unobserved and companies traded in confidence 24 hours a day in the global economy.
Of course it was never thus.
The bad guys with their scams and their hacks were never far away. Google, Facebook and others were tracking your browsing habits so they could push advertising at you.
But at least there was the illusion that as an ordinary, law-abiding citizen the Internet afforded you a degree of anonymity.
In 2013 that illusion was brutally shattered when Edward Snowden decided to hand over details of the U.S. administration’s mass surveillance program, known as PRISM, to journalists.
Since then the public have been divided in their views about the trade-off between security needs and personal privacy. Government surveillance concerns remain an issue, but there is also significant apprehension over how businesses collect, use and store personal data.
In general the public accepts the government’s need to monitor the Internet activities of nation states and individual suspects known to the authorities. Yet, according to the Pew Research Center, 57% said it was unacceptable for the government to monitor the communications of ordinary U.S. citizens.
Furthermore some 86% of Internet users have taken steps online to remove or mask their digital footprints. Many more would do so but are unaware of tools they could use.
One of the key revelations to emerge from PRISM was the U.S. National Security Agency’s (NSA’s) forcible involvement of major technology giants in their spy program. It was feared that this would do untold damage to their reputations overseas.
The disclosure acted as a collective jolt to the technology industry.
Three years on from Snowden's initial leak, the likes of Apple, Google, Microsoft and Facebook have all toughened up encryption and other security aspects of their services. At the same time they have become some of the biggest proponents of consumer privacy.
Apple for example upgraded its mobile operating systems with stronger encryption. It also showed a very public determination to stand up to the FBI and courts demands for a backdoor after the San Bernadino shooting.
Encryption is now a battleground.
On one side U.S. Senators like Richard Burr and Dianne Feinstein have introduced a bill requiring all tech companies to decrypt customer data at a court’s request. They argue authorities “need to know when terrorists are plotting to kill Americans.”
On the other, technology companies are decrying the move on the grounds that it threatens the progress businesses have made with regards to security. In particular, it undermines encryption which they contend is vital to the future of America’s fast-growing digital economy.
Anyone reading this that would prefer the state not to spy on their business dealings should consider using a business-grade VPN. VPNs can help business keep sensitive communications with customers or remote workers confidential.
Unauthorised outsiders, including the NSA, are unable to see anything beyond the VPN provider and its IP address. All communication over VPN is private regardless of whether it is transactional data, client information, credit card details or sensitive work files.
In summary, the legacy of Edward Snowden is that the cloak of privacy we might have felt when browsing the web prior to 2013 has been lifted. In its place we are left with feelings of distrust and naked vulnerability.
Snowden himself is currently the subject of a noisy debate between those who would like to see him sent to jail and those who ask that he should be pardoned.
Whichever way things go businesses can take comfort in the fact that VPNs will remain an important tool for safeguarding the privacy of their Internet communications.
As we take heart from this it is only fitting that Edward Snowden should have the last word, “Privacy is for the powerless, not for the powerful, and that was what we did not know had been lost.”