Here is the part of the latest Guardian Snowden release that made my hair stand on end:
To help secure an insider advantage, GCHQ also established a Humint Operations Team (HOT). Humint, short for “human intelligence” refers to information gleaned directly from sources or undercover agents.
This GCHQ team was, according to an internal document, “responsible for identifying, recruiting and running covert agents in the global telecommunications industry.”
If you’re sitting in a cubicle somewhere in Silicon Valley, Reston, Bethesda, Cambridge, you need to be asking yourself, “is this my neighbour? …is it me?!” Are company officers now wondering if they have to defend against internally created vulnerabilities? Are they liable? If you’re running an online banking system, for example, you should be nervous. Really nervous.
It’d be really nice to see some of these weasels outed, or coming forward burned by their conscience… not holding my breath.
The rest of the leak is incredibly shocking (if not particularly well reported) but it’s now hard to be surprised. Conversations i’ve had over the last few months have pretty much assumed that everything released today is happening. When it comes down to compromising the core infrastructure of the internet in the hunt for the boogeymen (you’re more likely to be killed by your furniture than by terrorism, etc) the security services are taking massive risks. That they think that they can get away with is either extremely arrogant, or naive.
As Bruce Schneier remarked elsewhere, at this point we’re pretty much playing the odds.