The latest Snowden revelations about a hack by the NSA and the GCHQ into Gemalto’s computer network reportedly to steal sim-card encryption keys have understandably caused a bit of a global panic. Local mobile telecoms service providers such as NetOne, who are clients of Gemalto, have also likely been affected, and a concern persists whether their sim cards might be transmitting users’ information to the foreign government agencies.
The whole idea behind the Gemalto hack was to allegedly enable the US and British spy agencies to monitor a significant portion of global voice and data cellular communications by harvesting massive amounts of encryption keys for sim cards distributed to all corners of the world. It is basically an issue of privacy and security.
It is quite ironic though that Gemalto, arguably a global leader in digital security, did not anticipate a possible breach of their network, or think to secure the process of transmission of encryption keys between themselves and their global clients.
Nevertheless, one could wonder why any foreign spy agency would have an interest to drop eaves on the communications of ordinary people, particularly ones located here in Africa, and specifically Zimbabwe. The truth is, they may or may not have any direct-targeted interest here. For now. We know from these latest revelations, for example, that they have ‘priority targets’. This means that at any point in the near future, any country or individual can just wake up one day and suddenly be a ‘priority target’.
But what does this entire growing obsession to nicodemously collect people’s information mean?
Just recently again, we found out about Lenovo’s screw-up with the pre-installed superfish adware that was intended to create a security hole for the purposes of spying on users for advertising purposes.
Prior to that in December last year, Google’s Executive Chairman, Eric Schmidt, surprised many people when he declared that our information was safest in Google, even though we know that this is a fib, because it is not safe from Google itself. Google’s interest in our information is comparable to that of a pedophile’s benevolence to babysit your child. The relationship most people have with Google in particular is like that of a child still living under his parents’ roof and they tell him that his room is private and he can lock it and take away the key. But the child knows that his parents have a spare key and can always get in there at any point. It is the kind of privacy akin to that of glass walls; basically non-existent. You simply cannot control privacy, when you are using a medium that you have no control over, and without privacy we have no security.
Essentially, everybody that is somebody seems to be after getting their hands onto our information, albeit for different reasons. We are at the mercy of big corporations and governments in different ways, and there seems to be a strong realization that whoever controls the data, controls the future.
The NSA and the GCHQ are both government spy agencies. All governments worth their salt have intelligence ‘arrangements’ of spying on citizens and non-citizens alike for the purposes of combatting real or perceived national security threats, fighting terrorism, or for purely selfish reasons of simply monitoring potential trouble-makers, also known as ‘persons of interest’.
So, should Zimbabwean citizens be concerned that the NSA and GCHQ might be tapping into some of their communications? Probably. But it is also important to be aware of the bigger threats existing in our own backyards.
Closer to home, a bogeyman (the Zimbabwean government), is mulling a Cyber Security bill that will, among other things, have clauses that gives it blanket powers to snoop on the communications of individuals deemed to be ‘persons of interest’.
In 2013, the government enacted Statutory Instrument 142 on the Postal and Telecommunications Regulations (Subscriber Registration), which is problematic in many ways but mainly, how it endeavors to permit security agencies to spy into people’s telecommunications in ways that infringe on the right to privacy of communication. SI 142 also notoriously compels telecoms companies to sustain central databases of subscriber information as well as disclose subscriber information upon demand by government or law enforcement agents, without any process of adjudication or judicial oversight.
Along with this, the Interception of Communications Act (ICA) – requires Internet service providers (ISPs) to install – at their own expense – some hardware and software required for the state to carry out surveillance. A 2013 research report by the Zimbabwe NGO Forum on the surveillance on human rights defenders in the country suggested that majority of the ISPs have already complied with this requirement. Needless to say, the sheer naming of the ICA Act alone is chilling.
If all these local issues aren’t scarier than the NSA or GCHQ’s interests, I don’t know what is. There are many other things happening locally around the issue of surveillance that ordinary Zimbabweans aren’t engaging with. Therefore in this context of increased surveillance, perhaps the better question becomes: what should ordinary people do?
Taking measures to protect one’s privacy should no longer be just the preserve of the super-paranoid or those that perceive themselves to be ‘persons of interest.’ Indeed a wide range of free and open source mobile security software and tools can empower individuals to protect their communication through text and voice encryption, among other things.
However the fundamental issue here is about being aware of the existing threats not just overseas but locally, and taking steps to engage accordingly. In as much as foreign interests may affect us, perhaps we should first concentrate our energies on confronting and protesting the raping of our new Constitution and our rights to privacy.
Natasha Msonza is a digital security trainer and privacy advocate. She currently works for Her Zimbabwe, a non-profit organization that advocates for gender equality and seeks to bring important commentary to women’s issues.
image via howdonkey.com