If you don’t live under a rock (though you may want to now) you probably saw yesterday’s article from Spiegel that revealed the NSA has its own catalog for spy gadgets. Today they released an interactive graphic with the catalog’s contents, and even if you’re not a regular reader of Hacking & Philosophy, you’re going to want to take a look at it. I recommend glancing over IRATEMONK, in the “Computer Hardware” category. As the article explains, IRATEMONK is
An implant hidden in the firmware of hard drives from manufacturers including Western Digital, Seagate, Maxtor and Samsung that replaces the Master Boot Record (MBR).
It isn’t clear whether the manufacturers are complicit in implanting IRATEMONK in their hardware, or if the NSA has just developed it to work with those drives. Either way, it raises an important question: how do we know we can trust the hardware? The short answer is that we can’t. According to the text accompanying the graphic, the NSA
…[installs] hardware units on a targeted computer by, for example, intercepting the device when it’s first being delivered to its intended recipient, a process the NSA calls ‘interdiction.’
We’re interested to hear your responses to this: is the situation as bleak as it seems? How do you build a system that you know you can trust? Are there any alternatives that better guarantee you aren’t being spied on? Read on for more.
As for alternatives, I want to pose one scenario as presented by [Hasan Elahi]. You’ve probably seen him on television or his TED talk; he’s the guy who flooded the FBI with data about himself.
He came to my university to give a lecture on his experiences with the surveillance state and made some interesting points worth repeating. The first of which is that information is a commodity, and access to your personal life is valuable. By providing these agencies with large amounts of personal data, you’re essentially “flooding the market.” If everyone shared their data to this extent, he thinks the surveillance state couldn’t keep up (and if you haven’t seen [Elahi's] talk, it goes WAY beyond Facebook: he takes pictures of every meal he eats, every toilet he uses, every hotel room…everything).
It’s an interesting idea, and if we truly are becoming a culture of sharing, such a future may be inevitable. Perhaps it’s possible to saturate cyberspace with information to the point where our true selves are buried in the noise, and I agree that information overload on a person/individual may paint a very strange misrepresentation—or no clear representation—which could work in your favor. For [Elahi], it’s about reclaiming a sense of control, and that’s something he definitely achieves. Toward the end of his TED talk he shares his server logs, pointing out which government agencies visit his site and when. Perhaps it’s an illusion of control, but [Elahi] is absolutely creating and hosting his own archive rather than wondering whether the government is doing so. (They probably are).
Here’s where I break with this strategy: during his lecture at my university, [Elahi] seemed to suggest that interested governmental entities (NSA, FBI, etc.) sort through this data with people, who—when faced with the overwhelming mountain of pointless photographs—will give up trying to profile you. It’s not a person sorting through your data, though. It’s a machine, and it doesn’t care how many thousands of pictures are out there: that’s more material for it to use to make assumptions about you. Their data collection is automatic, global, and seemingly limitless. I suspect they’ll gladly integrate anything you provide and file it away for reference.
Let us hear your responses in the comments: is it hopeless? has the list of manufacturers in the catalog influenced your future purchasing decisions?