I love a good conspiracy theory. It should have sufficient by way of checkable references to have a veneer of credibility while pandering to the prejudices of the listeners. The more that emerges about “PRISM”, the more it appears to be a non-story. If it is correct that under 100,000 requests a year are received by Apple, Facebook, Google, Microsoft and Yahoo, added together, that “the most commmon of these relate to fraud, homicides, kidnappings and other crminal investgations“, not to FISA and that these need to be de-duplicated (e.g. collating requests to several providers covering the on-line activities of the same individual), then the numbers actually under surveillance may be as low as 25,000 in the course of a year. For a nation with over 2 million in Jail and 800,000 missing person reports a year this seems remarkably low. I would suspect it is dwarfed by the number of requests from those seeking to hunt down music and video “pirates”.
So why the hysteria? What is the story from which it is attention is being diverted?
Is it that the majority of Americans and Britons are like the majority of Chinese. They value security above privacy, would like both and do not understand why they have to choose?
Is it the growing pressure to take effective action against the rising tide of computer pornography, violence even more than sex, that is corrupting the young?
Is it the trial of Bradley Manning and the issues it raise with regard to the criminal insecurity of the systems whose contents he passed to Wikileaks?
Is it how major defence and security providers bidding for US and UK cybersecurity spend (including identity assurance) have had their files copied by hackers?
Is it the impossibility of securing big data systems, such as an NHS patient record database to which one in fifty of the population has access?
Or is it related to the budget spats between the NSA and the FBI, (and their UK equivalents), with the former relishing in publicity that implies they are doing more to help secure the nation against its “enemies” and should not, therefore, have their budgets cut or transferred?
I believe in the value of competitions to help progress debate. Hence my strong personal support for the Cyber Integrity Challenge for ideas that will help rebuild genuine trust in the on-line world. I am delighted that the Rt Hon David Blunkett has agreed to be a patron and that the Earl of Erroll, whose ancestor was bodyguard to Robert the Bruce and who is the only member of either House of Parliament who is an information security professional in his own right, has agreed to chair the judging panel. Lord Erroll will also be leading discussion on how to harvest some of the best ideas via the Digital Policy Alliance and its partners. It is one thing to winge about what is wrong. It is another to find effective ways of improving reality and ensure that good ideas get traction – whether political or commercial.
In the mean time, I am offering a bottle of Ledaig (the Tobermory Distillery) for the best conspiracy theory as to why there is so much hype for a non-story about the security services doing what we pay them for. I may recently have been very sharp about whether current approaches address the challenges of today as opposed to those of the past, let alone give the best value for the funds available, but some of the current cover is just plain silly.
P.S. Entries should be posted to this blog as comments, I will accept those from pseudonyms which get pass the registration routines for posting, but if you do not separately tell me who you are I will give the bottle to who-ever helps me identify the winner, provided they say how long it took and will let me tell you. I will not say who helped or how they did it, but I would l also like to use the exercise to test some of what I being told about the security, or otherwise, of well known pseudonymisation reoutines – perhaps involving some of the students from the sixteen universities that have already signed up to the Cyber Integrity Challenge. If your organisation is serious about wanting to help rebuild the trust that has been so damaged by the disinformation around this story, then do contract Mal via the e-mail at the foot of competiton cover page or contact any of the participating Universties direct. One by one they are putting up their own web pages. The first was City . I expect those for Cranfield and de Montfort to be the next. Lancaster will be added to the list on the website shortly.