Sunday, December 15, 2013

My #2 personal privacy and security prediction for 2014: NSA-GCHQ-NRO will dominate

Here is another of the privacy and security predictions I am making for 2014. This is in addition to the ones I contributed to We Live Security where I had the honor of presenting predictions from my fellow researchers at ESET. Note that the following are my personal opinions, which may differ from those of my employer (although my employer has some pretty cool opinions).

The #1 privacy and security story in 2014 will be the NSA

Snowden-sourced papers will continue to leak, further revealing just how thoroughly America's National Security Agency has pursued the goal set by its leadership: make sure no piece of information about any person anywhere is beyond reach. While the NSA has dominated much of the privacy and security news in 2013, the story may evolve into a triple play in 2014, with GCHQ on one side, NRO on the other.

The National Reconnaissance Office has already made a big play for attention with its latest spy satellite, NROL-39, launched in early December sporting a logo that many pundits will claim says it all: NOTHING IS BEYOND OUR REACH.

While NSA and GCHQ are initials known to millions around the world, the NRO has lurked in the shadows, despite having a budget about the same size as the NSA; that's $10.3 billion and $10.8 billion, for the NRO and NSA respectively for 2013, according to the Washington Post.

Note that in the mid-1990s the budgets were $6 billion and $3.6 billion, with NRO spending far-outpacing the NSA and CIA.

Expect someone to put more detailed spending numbers together as the work of these agencies comes under increased scrutiny in 2014. For example, all three have a history of using military employees who are paid out of their respective armed forces budgets. So the total U.S. spend on surveillance and code-breaking activities may be more than has yet been reported.

If the NROL-39 logo is any indication, very little of the NRO budget has gone into public relations and incident response planning. It is hard to imagine more disastrous imagery and sloganeering for a spy satellite launched post-Snowden. No wonder that within a few days we heard loud and clear from the world's technology giants demanding global surveillance reform. (A topic I discussed recently over on Tech Republic.)

My #1 personal privacy and security prediction for 2014: Antivirus will be slandered, again

Here is one of the privacy and security predictions I am making for 2014. This is in addition to the ones I contributed to We Live Security where I had the honor of presenting predictions from my fellow researchers at ESET. Note that the following are my personal opinions, which may differ from those of my employer (although my employer has some pretty cool opinions).

The media will repeat a massive lie about antivirus technology

I predict that in 2014 every major newspaper and magazine will perpetuate, to the detriment of data security and human understanding, the grossly erroneous notion that "for an antivirus firm to spot malware, it first needs to have seen the malware, recognized that it's malicious code, and written a corresponding virus signature for its products."

I predict that, although this assertion is simply not true, and has not been true for many years, that fact will not deter people from repeating it, over and over. This is a bit like Car and Driver or Consumer Reports saying that cars cannot be started without first engaging the crank handle.

True, there was a time, long ago, when crank handles were routinely used to start cars, just as some antivirus programs were, in the distant past, based solely on signatures derived from known bad code. I've got a free t-shirt and more for the first mainstream journalist who breaks rank from the ill-informed herd and points out that any AV app worthy of the name today uses a lot more than signature matching to protect systems from malicious code. 

(With huge hat tip to the guys in Norway who posted that YouTube video of a hand-crank start: they are braver men than me; I've seen how much pain a crank handle can cause.)