Recent revelations about the NSA spying on everyone has caused many people from the tech community reconsider the state of the information security. I have spent time over the past months discussing and thinking about this with many people and I want to offer my thoughts on the subject.
There are already many reports about the NSA's actions and about the implications of PRISM. Therefore I will refrain from doing the same here. Instead, I want to focus on the people who are involved (which happens to be everyone).
The NSA is not a single human being, although this seems to be overlooked by other reports. Rather it is a large organization of human beings who are not aware of the whole picture due to strict access control. Secrets are generally on a need to know basis and while we do not know the entire structure of the NSA, it is most likely controlled by a handful of people [Obama is a bad source] who are fully aware of the extent of the Thought Police [Need Citation]. They too[thought police?] are human beings, subject to everything that the rest of us are. We can assume that the vast majority of those working for the NSA are fundamentally "good" and likely are not aware of the workings of PRISM and would condone such actions if they were aware.
This situation, while vastly different from the threats we learned in cryptography class at first sight, is actually really not that different.
In cryptography class, we learn that there is a small minority of people who have malicious intent and are the ones that we need to defend against. They are also subject to the same limitations as the good guys. Although in this case the bad guys are not subject to the same limitations as we are. They have a huge advantage of being well funded and well established. They probably use the same kind of technologies as we do and are therefore "reasonable" hackers. They likely can't do the things that we think they can't do and are subject to the limitations that we are subject to.
And perhaps, if we were to give Eve (the eavesdropper from crypto class, for those of you who are unfamiliar with the subject) the benefit of the doubt, her original intention may not have been bad. It may have been what she said it is when her acts are revealed to the public. However, as we know, power corrupts and her original intention has been/could be replaced by a different one that only benefits herself and harms everyone else.
Ultimately, PRISM (and other programs) are created by people and these people have the ability to think for themselves and make their own judgments on what is right and what is wrong.
In the wake of PRISM, we should ask ourselves: should we really work for the NSA (or similar agencies) if given the opportunity? Sure, they can try to lure you in the slogan of protecting your country, but will you really be protecting your own country? And even if so, at what price? Sure, they can lure you with high salary and benefits, but will you feel good about taking that money? And even if so, can you really ignore the implications of what you are doing?
There is a fine line to walk on here. There are legitimate scenarios where technologies should be used in order to locate the "bad guys". However, this must be done with strict oversight as it is ultimately a double edged sword. We really have to think about this, as a society, if this does more good than harm, or vice versa.
In my opinion, programs such as PRISM will cause more harm than good. Since these databases are stored forever, we cannot say for sure if these records won't be pulled out in the future. For example, it is possible for someone in the future to pull out this data and play your private calls on tv. The attitude of not caring about your private information being stored without permission is just wrong as we all have something to hide.
So maybe the solution to this problem lies with the people. Everyone should stand up for themselves and fight for their own rights, rather than letting laziness take over. If enough people are loud enough about the matter, the government will have to respond. We often forget that they are working for us, or at least in theory. We, the people, can do this.
Also, there are some of us out there that have the technical expertise to create fantastic technologies. These people need to think about what they are doing and consider the consequences. Help creating a 1984 like future is probably not what you are taught to do. Instead, you should do the right thing instead.
Complementary video ahead:
Thanks to ZzBomb for his fantastic editing!