Has PRISM broken trust in IT security?

It always comes as something of a shock when Orwellian style conspiracy theories start coming true. This is exactly what happened recently when the PRISM scandal broke, revealing how US government agencies have for years been effectively spying and monitoring everyone – individuals and companies – without any kind of permission ever being sought. The extent of the activities PRISM covers include broad brush access to all sorts of saved and stored information, data and voice traffic, social networking activities and file transfers – so basically just about everything that we do online. Whilst many have gotten used to the constant threat of being under attack from cyber fraudsters in this way, most of us just don’t expect this kind of intrusive stalking from government agencies.

Although reassurances have been provided that PRISM is really only targeting terrorists and criminals, most of us are aware enough to know that this kind of justification could be used very widely if necessary and could easily catch innocents (we’ve all seen the Bourne Trilogy after all…). This has opened up serious questions about whether or not equipment we use that comes from countries involved in this information gathering can really be trusted? The large proportion of all online searches go through one search engine, smart phones are made and distributed by a select group of companies, many cloud storage systems come from the same place and the operating systems we use on our computers are really only drawn from two main industry names. If you really wanted to get knee deep in conspiracies here, that kind of control over technology by a handful of players seems a little one sided to say the least.

Given the extent of the reach of PRISM, how simple it seems it was to introduce, and the lack of justification apparently required to access all that personal data should we now be seriously concerned about what use might be made of such a goldmine of data? Although it would be nice to believe that every one of the 800,000 people who hold a top security clearance in the US would never dream of using this kind of privilege for personal gain, let’s be honest it’s not as if it hasn’t happened before. We all know that 2013 is the year of ‘big data’ and the worry is that this kind of project is offering access to the biggest data haul of them all and the financial benefits of exploiting that are mind-blowing.

In the light of this, it may be time for a tightening of network security, particularly in a business context where valuable data is gathered every day. Perhaps we also need to start looking at the risks of government related surveillance and reconsider our dependence on the big name businesses for all our technology. ITC Security can offer a comprehensive review of your networking and security systems, including firewall and intrusion prevention and vulnerability management – for more information and contact details see our website.