Another Reason Adopting 'Collect It All' Was A Bad Idea: China May Now Be Applying It To US Citizens' Personal Data

from the this-is-why-strong-crypto-is-your-friend dept

At the start of the year, we wrote about an important point made by Bruce Schneier and Edward Snowden concerning information asymmetry in the world of spying -- the fact that the US and the West in general have far more to lose by undermining security in an attempt to gain as much information as possible about other countries, than they have to gain. A fascinating analysis from Bloomberg indicates that this also applies to the "collect it all" mentality. The article raises the troubling possibility that both the huge OPM data breaches were not only the work of Chinese state actors, but part of a much larger plan: Some investigators suspect the attacks were part of a sweeping campaign to create a database on Americans that could be used to obtain commercial and government secrets.



"China is building the Facebook of human intelligence capabilities," said Adam Meyers, vice president of intelligence for cybersecurity company CrowdStrike Inc. "This appears to be a real maturity in the way they are using cyber to enable broader intelligence goals." The Bloomberg article suggests that China started gathering first travel records, then health records, Social Security numbers and other personal information on Americans in an attempt to build an increasingly complete picture about huge swathes of the US population. Whether or not that new "collect it all" approach was directly inspired by the NSA's espousal of the idea is a detail: it was certainly brought to prominence by General Alexander's statements, and is now part of the common currency of surveillance.

It is made possible by lax security, even for huge datasets, as the OPM fiasco shows. That means it is entirely plausible for the Chinese secret services -- and for those of other nations -- to try to collect information about every US or EU citizen, as people's lives move online, and their most personal data is stored in Internet-accessible databases.

Standing in the way of achieving that is the strength of the security protecting that information -- something that governments around the world are now threatening to undermine in the name of their own offensive surveillance capabilities. How many hundreds of millions of personal records must be lost before the authorities wake up to the fact that if they compromise encryption, the only thing they are certain to achieve is to make the task of "collecting it all" easier for China and other nations?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: china, collect it all, dossier, espionage, privacy, surveillance