Mikko Hyppönen: “You should not be worried about PRISM. You should be outraged”

Mikko Hyppönen
@
@mikko

Mikko HypponenMikko Hyppönen is one of the best known names in the anti-virus industry.

In this article he argues that there is a danger that we are accepting blanket and wholesale surveillance from one country onto the rest of the world.

When the internet became commonplace in the mid-1990s, the decision makers ignored it. They didn’t see it as important or in any way relevant to them.

As a direct result, global freedom flourished in the unrestricted online world. Suddenly people all over the world had in their reach something truly and really global.

Sign up to our free newsletter.
Security news, advice, and tips.

And suddenly, people weren’t just consuming content; they were creating content for others to see.

But eventually politicians and leaders realized just how important the internet is. And they realized how useful the internet was for other purposes – especially for the purposes of doing surveillance on citizens.

The two arguably most important inventions of our generation – the internet and mobile phones – changed the world. However, they both turned out to be perfect tools for the surveillance state. And in a surveillance state, everybody is assumed guilty.

PRISMInternet surveillance really become front page material when Edward Snowden started leaking information on PRISM, Xkeyscore and other NSA programs in the summer of 2013.

But don’t get me wrong. I do understand the need for doing both monitoring and surveillance.

If somebody is suspected for running a drug ring, or planning a school shooting or participating in a terror organization, he should be monitored, with a relevant court order.

However, that’s not what PRISM is about.

PRISM is not about monitoring suspicious people. PRISM is about monitoring everyone.

It’s about monitoring people that are known to be innocent. And it’s about building dossiers on everyone, eventually going back decades. Such dossiers, based on our internet activity will build a thorough picture of us.

And if the powers-that-be ever need to find a way to twist your hand, they would certainly find something suspicious or embarrassing on everyone, if they have enough of their internet history recorded.

United States intelligence agencies have a full legal right to monitor foreigners. Which doesn’t sound too bad – until your realize that most of us are foreigners to the Americans.

In fact, 96% of the people on the planet turn out to be such “foreigners”. And when these people use US-based services, they are legally under surveillance.

When the PRISM leaks started, US intelligence tried to calm the rest of the world by explaining how there’s no need to worry, and about how these programs were just about fighting terrorists.

EU / UNBut then further leaks proved United States was using their tools to monitor the European Commission and United Nations as well. It’s difficult for them to argue that they would be trying to find terrorists inside the European Union headquarters.

Another argument we’ve heard from the US intelligence apparatus is that everyone else is doing internet surveillance too.

And indeed, most countries do have intelligence agencies, and most of them do monitor what other countries are doing.

However, United States has an unfair advantage. Almost all of the common internet services, search engines, webmails, web browsers and mobile operating systems come from USA.

Put in another way: How many Spanish politicians and decision makers use American services? Answer: all of them.

And how many American politicians and decision makers use Spanish services? Answer: none of them.

All this should make it obvious that we foreigners should not use US-based services. They’ve proven to us that they are not trustworthy. Why would we voluntarily hand our data to a foreign intelligence agency?

US-based servicesBut in practice, it’s very hard to avoid using services like Google, Facebook, LinkedIn, Dropbox, Amazon, Skydrive, iCloud, Android, Windows, iOS and so on. This is a clear example on the failure of the Europe, Asia and Africa to compete with USA on internet services.

And when the rest of the world does produce a global hit, like Skype or Nokia, it typically ends up acquired by an American company, bringing it under US control.

But if you’re not doing anything wrong, why worry about this? Or, if you are worrying about this, what do you have to hide?

My answer to this question is that I have nothing to hide… but I have nothing in particular that I’d want to share with an intelligence agency either.

In particular, I have nothing to share with a foreign intelligence agency. If we really need a big brother, I’d much rather have a domestic big brother than a foreign big brother.

People have asked me if they really should worry about PRISM. I’ve told them that he should not be worried – they should be outraged instead. We should not just accept such blanket and wholesale surveillance from one country onto the rest of the world.

Advancements in computing power and data storage have made wholesale surveillance possible. But they’ve also made leaking possible.

That’s how Edward Snowden could steal three laptops which contained so much information that printed on paper it would be a long row of trucks full of paper.

Leaking has become so easy, it will keep organizations worrying about getting caught over any wrongdoing. We might wish this would force organizations to avoid unethical practices.

While governments are watching over us, they know we’re watching over them.


Mikko Hyppönen has been working with malware since 1991. He's currently the Chief Research Officer of F-Secure.

5 comments on “Mikko Hyppönen: “You should not be worried about PRISM. You should be outraged””

  1. Spryte

    Just like the peeper at someone's window, the US government has no right to be looking into the world's electronic windows.

    "All this should make it obvious that we foreigners should not use US-based services."

    Exactly what I've been saying.
    Use Google Drive, ICloud and Skydrive for you jokes, porn and rants about cyber security.
    Make sure everything on the cloud is encrypted. And you email too.

    Put your valuable files on a local server.

    "I have nothing to hide… but I have nothing in particular that I'd want to share with an intelligence agency either."

    1. Mechanics · in reply to Spryte

      "Make sure everything on the cloud is encrypted.
      And your email too." Encryption, no matter how high level
      it is, does not save you from being hacked or monitored by the NSA.
      All the encryption algorithm are nothing but a huge joke to the
      intelligence agency.

  2. A really good summary article, thank you. I have just been reading James Bamford's "The Shadow Factory" (NSA) and Tom Weiner's "Legacy of Ashes" (CIA), and what I don't understand is that the basics of what Edward Snowden revealed were publicised back in 2002 – 2007, including the duplicity (i.e. lying) and incompetence of the government agencies involved. No-one seems to have taken much notice back then (although the books were best-sellers), but in the light of the information in the books, what has emerged is not really surprising.

    The danger now is that what seemed to happen back around 2007-9 happens again now, i.e. the whole issue fades from the public consciousness as the shock news becomes old news. As Edward Snowden said, "The greatest fear that I have regarding the outcome [for America] of these disclosures is that nothing will change."

  3. But is there any way to put these to a stop.If I have to stop American services,well it's almost like stop using internet altogether.

  4. slow john

    Lord-God is the ULTIMATE PRISM.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.