Glass houses

Issue 25/2019

When it concerns foreign threats, the "five eyes" of Australia, Canada, New Zealand, the United Kingdom and United States are paranoid about their respective national security. Fair enough, too; there's no doubt that the North Korean, Russian and Chinese governments (and probably plenty others) actively develop and maintain an assortment of potentially malicious tools designed to compromise "the West's" critical infrastructure.

But it's concerning when their efforts to protect national security actually weaken it.

You may have read about the recent ransomware attack in Baltimore, where for around three weeks hackers have effectively held the city hostage by encrypting critical files, refusing to release them unless a ransom is paid - something Baltimore has so far refused to do.

It turns out that the tool used to compromise Baltimore's systems was developed by none other than the National Security Agency (NSA):

"Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.

It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders."

If the five eyes were really concerned about the threat that hackers may have on national security, they should pay more attention to their own backyards by implementing governance frameworks that ensure their systems are as secure as possible. Baltimore could have been prevented with some relatively minor changes - in this case, making sure Windows was up to date - just as Allentown and San Antonio didn't have to happen.

They could also consider unwinding the practice of 'backdooring' software, where only the government has key (until it leaks/is cracked), a practice Australia wrote into law late last year.

But no, they're going after Huawei, a hardware supplier with no proven history of violating people's privacy. In terms of threat levels, protecting against security holes/malware that can be exploited to ransom data is far more important - and controllable - than the likes of Huawei, where even if its hardware was backdoored (there's no evidence it is) it would be relatively easy to circumvent by properly securing data at rest and in transit, something that every company/government should be doing anyway.

But none of this has ever actually been about national security. The attack on Huawei is pure politics; China needed to be 'taught a lesson', and hitting one of its largest multinationals that also happens to be leading the technological race to 5G was seen as a win-win. If Huawei were a legitimate threat, there's zero chance that it would be included as part of a trade deal with China, something President Trump said was a possibility only a few days ago.

If Huawei is a danger to national security then the NSA is the greatest threat on the planet, with Baltimore just the latest in a long series of attacks made possible by the US government's blasé attitude to cyber security. Yet it wants us to believe - without evidence - that Huawei is the real threat. Yeah, right.

Enjoy the rest of this week's issue. Cheers,

— Justin


The bits


Where to now for Elon?

Elon can't take a trick of late. Telsa is in deep trouble and that's before the large car companies (that actually know how to churn out cars on time) blast it with their pure electric vehicle alternatives in late 2019/2020. And as for the hyperloop? Yeah, turns out two years of 'hype' resulted in... a regular, old fashioned car tunnel. Hmm.

Learn more:


Huawei needs a trade deal

The reach of the United States is enormous and Huawei is starting to feel the pinch. How China responds from here will be telling, although it seems the most likely outcome is for a face-saving deal for both parties that includes Huawei. So much for national security.

Learn more:


Tech regulation hurts small players more than big ones

Issue 1/2019 has become reality:

"What happens to the small start-up that hopes to one day replace Facebook by competing on a slightly different margin if it needs to raise tens (or hundreds) of thousands of dollars to comply with the new regulations?... Broad-based “social media” regulation will nip such start-ups in the bud before they can ever see the light of day."

Learn more:



Image of the week

View source

GDPR in numbers

This is an issue we give a lot of attention to and for good reason: big tech regulations, such as the GDPR, may sound good on paper but in reality have perverse effects, such as this:

"Smaller firms — whose fortunes were of special concern to the framers of the region’s privacy revamp — also have suffered from the relatively high compliance costs and the perception, at least among some investors, that they can’t compete with Silicon Valley’s biggest names."

Big companies can hire lots of lawyers and accountants to comply with and/or game the system. Smaller competitors? Not so much. Mark Zuckerberg saw how GDPR worked and decided that actually, he loves regulation and wants Facebook to be regulated. Next stop, regulated monopoly status!


That's all for now. If you enjoyed this issue, feel free to share it via email


Issue 25/2019: Glass houses was compiled by Dr Justin Pyvis and delivered on 28 May, 2019. Feel free to send feedback, suggestions for future issues, ideas, insults, or pretty much anything that crosses your mind to his Keybase or Twitter account.