Yet another report has surfaced describing how tools created by the malware-industrial complex are being deployed by U.S. security services. While the coverage surrounding this story focuses primarily on federal agencies it’s important to step back for a moment and view the big picture. In particular, looking at who builds, operates, and profits from mass surveillance technology offers insight into the nature of the global panopticon.
A report published by Privacy International as well as an article posted by Vice Motherboard clearly show that both the DEA and the United States Army have long-standing relationships with Hacking Team, an Italian company that’s notorious for selling malware to any number of unsavory characters.
Federal records indicate that the DEA and Army purchased Hacking Team’s Remote Control System (RCS) package. RCS is a rootkit, a software backdoor with lots of bells and whistles. It’s a product that facilitates a covert foothold on infected machines so intruders can quietly make off with sensitive data. The aforementioned sensitive data includes encryption keys. In fact, Hacking Team has an RCS brochure that tells potential customers:
“What you need is a way to bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are, even outside your monitoring domain”
[Note: Readers interested in nitty-gritty details about RCS can check out the Manuals online.]
It’s public knowledge that other federal agencies like the FBI and the CIA have become adept at foiling encryption. Yet this kind of subversion doesn’t necessarily bother high tech luminaries like Bruce Schneier, who believe that spying is “perfectly reasonable” as long as it’s targeted. Ditto that for Ed Snowden. Schneier and Snowden maintain that covert ops, shrouded by layers of official secrecy, are somehow compatible with democracy just so long as they’re narrow in scope.
But here’s the catch: RCS is designed and marketed as a means for mass collection. It violates the targeted surveillance condition. Specifically, a Hacking Team RCS brochure proudly states:
“’Remote Control System’ can monitor from a few and up to hundreds of thousands of targets. The whole system can be managed by a single easy to use interface that simplifies day by day investigation activities.”
Does this sound like a product built for targeted collection?
So there you have it. Subverting encryption en masse compliments of Hacking Team. The fact that there’s an entire industry of companies just like this should give one pause as there are unsettling ramifications regarding the specter of totalitarian control.
Corporate America is Mass Surveillance
“I really don’t think there’s any more important battle today than combating the surveillance state [my emphasis]. Ultimately, the thing that matters most is that the rights that we know we have as human beings are rights that we exercise.”
There’s a tendency to frame mass surveillance in terms of the state. As purely a result of government agencies like the CIA and NSA. The narrative preferred by the far right is one which focuses entirely on the government (the so-called “surveillance state”) as the sole culprit, completely ignoring the corporate factions that fundamentally shape political decision making.
American philosopher John Dewey once observed that “power today resides in control of the means of production, exchange, publicity, transportation and communication. Whoever owns them rules the life of the country,” even under the pretense of democratic structures.
Dewey’s observation provides a conceptual basis for understanding how business interests drive the global surveillance apparatus. Mass surveillance is a corporate endeavor because the people who inevitably drive decisions are the same ones who control the resources. For example, the backbone of the internet itself consists of infrastructure run by Tier 1 providers like Verizon and Level 3 Communications. These companies are in a perfect position to track users and that’s exactly what they do.
Furthermore when spying is conducted it’s usually executed, in one form or another, by business interests. Approximately 70 percent of the national intelligence budget end up being channeled to defense contractors. Never mind that the private sector’s surveillance machinery dwarfs the NSA’s as spying on users is an integral part of high tech’s business model. Internet companies like Google operate their services by selling user information to the data brokers. The data broker industry, for example, generates almost $200 billion a year in revenue. That’s well over twice the entire 2014 U.S. intelligence budget.
From a historical vantage point it’s imperative to realize that high tech companies are essentially the offspring of the defense industry. This holds true even today as companies like Google are heavily linked with the Pentagon. For decades (going back to the days of Crypto AG) the private sector has collaborated heavily with the NSA’s in its campaign of mass subversion: the drive to insert hidden back doors and weaken encryption protocols across the board. Companies have instituted “design changes” that make computers and network devices “exploitable.” It’s also been revealed that companies like Microsoft have secret agreements with U.S. security services to provide information on unpublished vulnerabilities in exchange for special benefits like access to classified intelligence.
In a nutshell: contrary to talking points that depict hi-tech companies as our saviors, they’re more often accomplices if not outright perpetrators of mass surveillance. And you can bet that CEOs will devote significant resources towards public relations campaigns aimed at obscuring this truth.
A parting observation: the current emphasis on Constitutional freedom neglects the other pillar of the Constitution: equality. Concentrating intently on liberty while eschewing the complementary notion of equality leads to the sort of ugly practices that preceded the Civil War. In fact there are those who would argue that society is currently progressing towards something worse, a reality by the way that the financial elite are well aware of. When the public’s collective misery reaches a tipping point, and people begin to mobilize, the digital panopticon of the ruling class will be leveraged to preserve social control. They’ll do what they’ve always done, tirelessly work to maintain power and impose hierarchy.
Bill Blunden is a journalist whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including “The Rootkit Arsenal” and “Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” Bill is the lead investigator at Below Gotham Labs.
 The Later Works of John Dewey, 1925-1953, Volume 9: 1933-1934, Essays, Reviews, Miscellany, and A Common Faith, Southern Illinois University Press, 2008, page 76.