The information disclosed by Edward Snowden to the world created a diplomatic incident between Washington and Brasilia. The Brazilian government is fed up with the United States because it seems that our friends from the north are spying on us. We don’t know the real extent of the espionage endeavors, but the press – notably The Guardian’s reporter Glen Greenwald – is saying that Americans are lurking President Dilma Rouseff, her closest interlocutors and Petrobras, the Brazilian state oil company. But why is it so absurd and what can be done to prevent it?
Let me start by explaining what is not absurd: countries spying on each other. Well, that is just how reality is. All countries have intelligence agencies that, among other things, are responsible for gathering information that can be used to take security measures and also to make economic decisions. The diplomats will deny it, specially the economic espionage. The ones who were spied on will pretend to complain. The spies will pretend to change their methods. It is the diplomacy game. It is well known that states naturally tend to expand behavior and control to outside their boundaries. That is basic lateral pressure theory, commonly used on International Relation studies.
The first real absurd about this story is the fact that an employee, in the position of Snowden, could have access to that kind of piece of information. This is just bad information management and security. It is obvious that the United States government is not protecting highly classified information in a proper way. The second point is that they are not using this information effectively. The huge amount of data the NSA collects doesn’t seem enough to prevent attacks like the unfortunate incident in Boston earlier this year. The last absurdity, and more important in my opinion, is what governments didn’t do to prevent espionage as well as information leaks. The open source software community has been ringing this alarm for years. Jon Hall wrote a nice open letter to President Rousseff about this. Open source should be a crucial element for information and technological sovereignty. States as well as its citizens must know how the software used by public administration works exactly. The code must be auditable. Otherwise we are just asking for trouble. Otherwise we are blind.
I have been working with information security for a while now and I am under the impression that people in general don’t care about security until something really bad happens. Don’t do like our governments. Don’t wait until someone steel your data. Of course there isn’t a system or method 100% secure but risks can be minimized in great degree. We live in an information age and we need to take care of our data, and so does the governments.
And please… stop disabling SELinux!