In an interview with the South China Morning Post, Edward Snowden revealed that the US had been hacking computers and network infrastructure in Hong Kong and China for some years: “We hack network backbones – like huge Internet routers, basically – that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” he was reported as saying.
It comes as no surprise that the US would have this capability, nor that it could have been engaged in using cyber espionage techniques for some time. According to an article in Wired, US security director General Keith Alexander is said to command a vast cyber warfare capability that can both defend the US against cyber attack but also launch its own offensives.
What the revelations about PRISM have managed to do is make everyone, especially China, look to their own defences and perhaps re-evaluate their reliance on US technologies.
Systematic surveillance by a government on potential targets involves two different aspects. The first is the ability to retrospectively query information about specific communications that have been collected by the multitude of different providers involved: telecommunication companies, software vendors and other businesses.
The recent attempt by the Australian Government to implement data retention by telecommunication companies and ISPs would have facilitated that enormously. Of course, there was an outcry at the time because people did not believe that the Government could guarantee the data would be used only for the stated purposes, nor be compromised in any way.
The other aspect of surveillance is the pre-emptive collection and analysis of data to find unidentified potential threats. This is basically what Snowden was accusing the NSA in the US of doing with the PRISM program.
Imagine then what a government could do if it controlled the entire network that every person and business in a country used to communicate with each other, and the rest of the world. A network such as the NBN for example.
Of course, no one would accuse the Government of constructing the NBN in order to implement total surveillance of the nation. However, it is clear that the capability is there should it wish to do so. In fact, in a document produced by network equipment manufacturer Alcatel-Lucent on the security of the NBN, it discusses these very points. The document considers the security-based responsibilities of government including managing information sensitive to national security; managing personal information on nearly every resident in Australia and; supporting law enforcement agencies.
The document then outlines the convenience of the NBN in providing interception on behalf of network service providers (NSPs):
“NBN will also have an opportunity to provide universal standard lawful interception capabilities on behalf on NSPs (who would otherwise be obliged to each develop and deploy a solution). This will lower the barriers of entry for NSPs, and in turn, this should result in lower costs to the consumer. This might be some way off but with NBN it becomes a real possibility and even likelihood.”
So it is possible that centralised interception of communications could have been considered in the design of the NBN and is certainly a core capability of its centralised architecture.
Of course if the Australian Government could implement systematic surveillance via the NBN, so could others, including the US. Attacks in 2012 of NBN infrastructure and the discovery of malicious Trojans were proof that this was possible.
It is paradoxical that the building of a sophisticated infrastructure like the NBN to support Australia’s future as a technologically advanced country, could prove its Achilles heel in the event of a malicious attack. An argument perhaps for the support of continued development by other companies of infrastructure that is not ultimately controlled and managed by government.