Today marks the first anniversary of the release of files relating to mass surveillance of people and businesses by the US National Security Agency (NSA).
On 6 June 2013 it was revealed by a number of news agencies, including the New York Times and the Guardian, that the NSA monitored user activity on Google, Facebook, Apple and other US internet giants, while 24 hours later it was revealed that the UK was not so innocent, with the UK's GCHQ were cooperating with the Prism software, and had access to the system since at least June 2010.
The revelations were of course made by former government contractor Edward Snowden, then a consultant at Booz Allen Hamilton, and later one of the most wanted men in the world. Despite still living in exile in Russia he has made appearances, speaking via seven proxy servers at this year's SXSW conference in Texas, and on Channel 4's Alternative Christmas message.
Snowden the super-spy?
So a year on, what have we learned from Snowden's expose in the past year? Calum MacLeod, VP EMEA at Lieberman Software, said: "I'm not sure who's more confused today about Snowden. Is he a mild mannered hero seeking freedom, truth and the idyllic American way; carrying out a one man crusade against injustice and devilish practices, or has he now morphed into super-spy?"
MacLeod said that many already suspected that the US government, along with virtually every other government, was using the internet to spy, and perhaps we should be comforted by the ancient words that there is nothing new under the sun.
"Maybe this is why Caesar used encryption to send messages back to Rome from Gaul, did he by chance suspect that he had Snowden's ancestors hiding in the ranks, looking to expose his dastardly deeds to the enemy?"
Tom Cross, Lancope's director of security research, said that it is very important to substantiate things that some people suspect may be true. "For example, the fact that phone companies in the United States were turning bulk meta-data over to the government had been reported in the press in 2006, but the phone companies denied that this story was true, and that denial, coupled with a new law ensuring that surveillance programs would be reviewed by the FISA court, put to rest much of the discussion over the issue," Cross said.
"Although some people suspected that the program was real, without proof, there was no room for further debate. Now that proof is available, that debate is proceeding, and serious questions have been raised about the wisdom of the program as well as the correctness of FISA court rulings that authorised it."
On the same point, Michael Sutton, VP of security research at Zscaler, commented that nation states have engaged in espionage in the name of security and financial gain for decades, but it didn't always involve smartphones and Facebook accounts.
"The security community has long known that the US government engaged in offensive tactics, but eyebrows have been raised even among the most well informed given just how deep some of the programs ran.
"Whether tapping directly into the backbone of a data centre or intercepting and backdooring hardware shipments, the tactics went beyond the keyboard hacks that were expected."
As Cross said, it was always suspected that we were being watched by the federal agencies, but it was the mind control conspirators who always believed that. Have they been proved right? Will aliens land on earth next to prove the next set of conspirators correct also?
From a European perspective, it is a tricky one to manage as research has shown that almost nine in 10 IT decision-makers are changing their cloud buying behaviour following the revelations about government surveillance.
Sutton said that European nations have implemented far stronger personal privacy protections for some time. "This has always been a challenge for US-based technology companies that need to appease European customers and assure them that privacy protections will be respected," he said.
"This concern has been heightened by fears that US spies will take advantage of American laws to access private data in the name of national security. However this is a challenge that impacts any global technology company, not just US-based technology firms as US laws must be respected by any entity doing business on US soil."
Cross also commented that Europeans have become more sceptical of American hosting providers for fear that their data may be accessed by the US government, but he stressed that it is important to emphasise that the US government is not the only government that may be interested in getting its hands on your data.
He said: "The internet has become a platform for international espionage, electromagnetically connecting every spy in every country in the world directly to all of their targets. Many countries are playing this game, and the emphasis for organisations should be on how they can protect their data from a variety of different sophisticated threat actors."
The US government is the loser
MacLeod suspected it has changed the view of the American government from the other side of the Atlantic, but mainly as we now realise that we likely have a lot more in common with our American cousins than we realised. "However as far as the security industry is concerned, it has provided a goldmine. Every vendor is selling Snowden. He should have employed an agent before getting on the plane to ensure that he got paid royalties for the use of his image!"
MacLeod suspected that every organisation is being told it probably has a 'Snowden' working for them, yet the threat to our everyday life of identity theft, corporate attacks on intellectual property, and the rest go on unabated. "What Snowden has done is provide a distraction that allows many vendors to sell more FUD, and solve fewer problems," he said.
Sutton said that if there is a loser to be declared in the Snowden revelations, it's the US government, as no longer can we point the finger at China and the US is no longer able to throw stones in a glass house.
"Make no mistake, this cat and mouse game will continue indefinitely and Governments around the world have the upper hand," he said. "If an individual intercepted and backdoored computer hardware en route to its destination, it would be a crime. Yet when it's done by the government, it's a necessary component of national security. In the long run, citizens will benefit."
Is that the end of the government intervention then? Sutton disagreed saying that even though government spies will ultimately adapt and develop new techniques that may have been temporarily neutered by the revelations, the eyes of the public have been opened.
MacLeod said: "Certainly some of Snowden's revelations have shed light on the fact that actually there are some really clever geeks in the NSA, who are able to do some really cool stuff, and to show how totally ineffective most of the technology is, that is being foisted on an unsuspecting market."
Edward Snowden: Hero or Villan?
For one final question, I dared to ask if Edward Snowden is a hero or a villain? He was cheered at SXSW even though he was only on a screen, and his case has been held up by internet freedom fighters.
Dwayne Melancon, CTO of Tripwire, said than rather a straight decision, this is far more of a political issue than a security issue. "Security has benefitted some from the increased public awareness of cyber security, but much of the conversation is centred around 'right vs. wrong' which is inherently emotional," he said.
Sutton said that history will decide, but the court of public opinion is clearly uncomfortable with what they've learned about the tactics of the US government.
Cross said that the situation cannot be strictly viewed in black and white terms, but there is no question that the documents Snowden disclosed have materially advanced the public policy dialog in the United States regarding mass surveillance.
"However, he also disclosed a lot of information that could harm the national security of the United States but does not contribute significantly to the public interest, and people are understandably angry with him about that."
On 4 June, 2013 we suspected surveillance happened, but had no proof. On 5 June we learned more, and on 6June and 7June the world was watching and getting angrier. Will we learn from this and admit that privacy is lost, or take a stand against intervention?
In June 2015 we will have had another year to decide.