Monday, 14 April 2014



The Heartbleed of America


Years ago a friend of mine e-mailed me a link which I clicked on. Attention: You have reached the very last page of the Internet. We hope you have enjoyed your browsing. Now turn off your computer and go outside. I laughed; I spat coffee. The absurdity of the joke is profound.


Last week we learned there was something behind and beyond the endpapers of the great grid. The Internet has had a wide open back door into many reputedly secure sites for the past two years. The bug, as you know, is called Heartbleed. Its genesis is a coding flaw, perhaps an incorrect alpha-numeric sequence mis-hunted-and-pecked on a QWERTY keyboard by a tired programmer. Simple as that.


More disturbing was Friday’s revelation that the post-9/11 and now massive ‘peculiar service’ infrastructure of the United States, specifically the National Security Agency (NSA), Washington’s signal intelligence (SIGINT) ‘listeners,’ knew the screen door was unhooked and banging in the breeze from the get-go. There must’ve been other crepe soled feet on the porch. It stands to reason that Communications Security Establishment Canada (CSEC) was either aware or made aware by the NSA of the delicious scents wafting out of the figurative kitchen. It’s possible therefore that the three other countries comprising the allied SIGINT Five Eyes, the United Kingdom, Australia and New Zealand, knew about the Heartbleed bug too. And if our spooks did, well, you can bet the Chinese and the Russians and other interested parties were right there.


Nobody in the secret world breathed a word. The Heartbleed bug was something to exploit, not patch as a public service. Agencies like the NSA and CSEC are supposed to be on our side.


What is the price of mandated silence? For General Motors, bailed out by the governments of two countries in the wake of the 2008 financial meltdown, the toll is 15 customers dead because being tight lipped for a decade over a faulty $5 part seemed to be the prudent course of inaction. Heartbleed is not a life and death matter, though it’s indicative of the fundamental conflict in the Information Age: an individual’s right to privacy versus a state’s requirement to know.

Maybe we really should get offline and get out more.

No comments:

Post a comment