Tuesday, April 15, 2014

Who does the NSA serve with Heartbleed?

The tech world is abuzz with word of the Heartbleed bug, a bug that makes OpenSSL, the software that makes your shopping safer with Amazon, susceptible to attack. Responses in the media and blogosphere range from outrage and paranoia to "ho-hum, another bug - did you update your computer yet?"

Two sources seem to have confirmed that the NSA has been exploiting the bug for a couple of years since it was introduced, Bloomberg and Wired Magazine. Wired Magazine quotes Bloomberg, but has more details on what the bug is about. This is a server side bug, which means that if the server is configured to use the Heartbeat service for OpenSSL, clients connecting to the server may not have a secure connection if the Heartbeat code is unpatched. Proffered solutions abound.

The NSA has been consistently hunting for and exploiting bugs in software for years in an effort to fight the so-called war on terror. I've heard it said by the NSA that if they save even one life from an act of terrorism, that all of their surveillance is justified. Yet, the NSA and other surveillance agencies are not reporting the bugs they find to anyone, not as far as I know, nor have they suggested that they have any responsibility to do so.

Their attitude suggests that as long as the rest of us are insecure, they can maintain security for the people they serve. So, who exactly do they serve? The 60% of the population that owns 2.5% of the wealth in this country? I submit that they are not serving most of us, that they have a higher interest in mind: the 400 hundred families that own most of the wealth in this country.

Ordinary people like you and me did not vote for candidates for federal office with 24/7 surveillance in mind. We did not elect our government to watch everyone and everything. Some of us are even aware that if the moneyed interests want privacy, oh, they'll have it, at the expense of everyone else.

There will always be bugs in software, even very important software like OpenSSL, the software we've come to rely upon when we're shopping on the internet, sending out business proposals to our clients, or merely sending a job application to an employer. But just because the bug is there doesn't mean security agencies get a free-for-all blank check to read and record everything just because they think they might need it to fight terrorism. Why don't you get a warrant like you're supposed to?

The odds of dying from a terrorist attack are about 20 million to 1. The odds of dying from a natural disaster that is a result of global warming are rising every day, albeit slowly. "Extreme weather" has become a phrase of common usage in the media and in culture. Remember Hurricane Katrina?

The war on terror is about control over energy, people and information. The priorities of the 1% are clear: money and control before the environment. We no longer live in a democracy. We live in an oligarchy. We can talk about where you're going to live, later.

No comments: