Professional Documents
Culture Documents
Disad
Top Shelf
money making a product more secure would translate into enough new users to pay for the extra engineering work
reform process. Thats what happened after the eavesdropping scandals of the mid-1970s led to the
establishment of congressional intelligence committees and a special FISA oversight courtthe committees were
instantly captured by putting in charge supreme servants of the intelligence community like Senators Dianne
Feinstein and Chambliss, and Congressmen Mike Rogers and Dutch Ruppersberger, while the court quickly
2NC Uniqueness
2NC-Snowden Effect
Snowden revelations indicate a new movement towards
investment in security technologies-statistics prove
Doctorow 13 (Cory-Technology columnist for the Guardian and Co-Editor of
Boing Boing, a technology blog, We cannot afford to be indifferent to internet
spying, The Guardian, 12/9/13,
http://www.theguardian.com/technology/2013/dec/09/internet-surveillance-spying)
a study of
American Internet users' attitudes towards privacy. Broadly, they found that
Americans had recently taken extensive, affirmative steps to improve their
privacy, but had, generally speaking, failed. Their technology and their technical literacy were insufficient to
accomplish such a difficult end. They evinced a widespread view that privacy rules
were too loose. They reported many instances of bad consequences
arising from breaches of their privacy or the privacy of people close to
them. Not long after this report, Cassidy Wolf, this year's Miss Teen USA, made headlines after it was revealed
In September, the Pew Research Centre released Anonymity, Privacy, and Security Online,
that her computer had been taken over by a creep who took covert nude photos of her using its webcam, captured
her social media passwords, and demanded live sex shows or he would post the compromising photos to her online
accounts. Wolf went to the FBI, and they ran the creep to ground, only to discover that he had dozens of other
only demanded the right to their spy-boxes in the data-centre, they also secretly tapped the fibre leading in and out
themselves to be without any scruple and without any adult supervision. But their job gets a lot harder from here on
There is a moment out there for privacy activists to seize upon, a moment that privacy
entrepreneurs can capitalise upon, a moment that privacy-oriented lawmakers can make political
out.
antivirus, firewall, intrusion detection or encryption, such companies have played a key role in the expansion
of the technology by giving users - individuals and businesses - the confidence to shift more of their activities to the
cloud. But
have pushed cyber-security to the very top of the corporate agenda; the
sector is set to become both a source of innovation and a destination for
investment as a result. This is one of the topics discussed at the recent Advisory Board meeting of the
PictetSecurity fund, which invests in companies that offer innovative solutions to protect individuals, businesses and
governments. IT services have represented one of the main areas of investment since the funds inception in 2006.
The Snowden effect Snowdens revelations that US security agencies had obtained confidential data held by major
US tech companies threatened to irreversibly damage the cloud industry. Leaked documents showed that US and
British intelligence agencies had gained access to huge swathes of internet traffic - users personal data as well as
online transaction and emails stored on tech companies servers - as part of a clandestine data-mining program
named PRISM. Of equal concern were the methods used. It emerged that the NSA had been given complete control
over international encryption standards and that it had used supercomputers to break encryption. Even more
worrying were suggestions that NSA officials had collaborated with technology companies and internet service
providers enabling agencies to insert secret backdoors into commercial encryption software. Although big
technology firms denied they had knowingly provided the government with such backdoors, the revelations were
seen as a threat to the future growth of the cloud as it suggested companies could not safeguard the security and
privacy of their customers. In the immediate aftermath of the leaks, a report released by the Information
Technology and Innovation Foundation (ITIF), a non-partisan think tank based in Washington, estimated that
foreigners distrust in US cloud storage providers since the NSA spying scandal could cost such companies up to
USD35 billion in lost revenues by 2016. Forrester Research, an IT market research company, argued that losses
could top USD180 billion over the same period - a 25 per cent hit to overall IT service provider revenues. NSA leaks
unlock fast growth in the IT security sector Fast-forward nine months and a more nuanced picture is emerging, AB
participants heard. What our panel of security experts report is that while
opportunities for security vendors. Security concerns move higher on corporate agenda
Snowdens revelations have made the cyber-security threat far more
visible, forcing companies to review how their data is stored. If IT security
professionals had long suspected that government agencies were involved in systematic electronic spying, there
was scant evidence available. But the Snowden leaks have revealed the full extent of NSA surveillance activities
cyber
security has evolved from a being compliance matter for IT specialists into a strategic
priority for corporations worldwide. The scandal has served as a trigger to
unlock corporate investment in cyber-security solutions. Cyber security companies
and brought to light the collaboration of US major tech companies. Such is the level of concern that
see investment boom Companies with data stored in clouds are upgrading their systems, and are increasingly
engaging the services of cyber-security providers. They are turning to the providers with the most innovative
solutions and in the IT security world, the companies with the hottest technologies are small, very dynamic start-
Intense interest in the sector has helped fuelled a buoyant IPO market and robust share price performance;
companies operating in the sector of cloud security, data management or encryption have attracted particularly
which has
seen a wave of consolidation in recent months as these young security
companies make attractive acquisition targets for their larger rivals
strong demand. Rising valuations may be a reflection of the heated competition in the sector,
http://www.businesscomputingworld.co.uk/is-your-organisation-edward-snowdenproof/)
From a national security point of view, the post-mortem of Snowdens leak
is where attention should be most keenly focused, to determine the veracity of his
statements. But if the claims turn out to be true, it does not automatically mean that other organisations are prone
to the same breaches. Generally speaking, the more powerful an application is, the more tightly it is segmented,
monitored, and controlled. The same is true of security administrators themselves. The more power they are
provided, the more their duties need to be segmented, monitored, and controlled. In the case of Ed Snowden, we
have a very privileged administrator accessing very powerful applications common practice would be to watch
Blocking the attack is obviously a critical part of the equation, but it has to be tied into the context of the data itself,
marketplace: Blackphone, a handset which started shipping on June 30 for $629, and Signal, a free app that
showed the U.S. government harvested enormous amounts of data from the likes of Google Inc, Yahoo Inc, Microsoft
Corp, AT&T Inc and Verizon Communications Inc. Though they have different business philosophies, target markets
easy as possible for anyone to be able to organize and communicate securely, Signal maker Open Whisper
Systems wrote on its blog. Secure communications will be a major topic at two key hacking conferences in Las
Vegas this week: Black Hat, which is aimed at professionals, and Def Con, which attracts many amateurs.
Blackphone uses software from one of its backers, Silent Circle, that allows users to send encrypted voice calls and
texts to one another. Silent Circles software is already available for iPhone and Android phones, but the company
says Blackphone is more secure because it uses a new operating system based on Android that makes it harder
for hackers to take control of the phone and eavesdrop. Silent Circle recently expanded its service by allowing
encrypted calls to landlines. That feature has helped its sales rate triple in the past three months, said Silent Circle
Chief Revenue Officer Vic Hyder. He declined to give subscriber figures but said Chevron Corp and Walt Disney Co
were among the companys major corporate customers. Supported mainly by grants, Signal maker Open Whisper
Systems was co-founded by security researcher Moxie Marlinspike and already has a compatible Android version
called RedPhone. The company said Signal had 70,000 downloads on the first day. Marlinspike said the company
may charge in the future for extra services, but the basic functions of the app should remain free forever. Open
Whisper Systems is a project rather than a company, and the projects objective is not financial profit, he wrote on
his personal blog. An encrypted chat service popular with security professionals is Wickr. The free service relies on
heavy encryption that is considered unbreakable for the foreseeable future if implemented correctly. Wickr does not
use the open-source software that is the industry standard, which means security experts cannot inspect its
software code. But Wickr says it will soon post results of security audits by well-regarded firms, and it is offering
a$200,000 reward for anyone who breaks its system. Wickr Chief Executive Nico Sell, a longtime official at Def Con,
Civil liberties
enthusiasts have welcomed the proliferation of new privacy-protecting
software and services, but some law enforcement and intelligence agents are concerned that they
said she plans to add a desktop version of Wickr soon. Law enforcement concerns
make it more difficult for agents to intercept communications. Its a significant problem, and its continuing to get
worse, Amy S. Hess, executive assistant director of the Federal Bureau of Investigation, told the Washington Post.
fascist USAPATRIOT Act when it was introduced, with the backing of US Representative James Sensenbrenner who
was largely responsible for the latter monstrosity but as the establishment stalled enough time had passed for it to
be gutted. The intelligence committee chairpersons of the House and Senate, respectively the right-wing talk radio
bound fanatic Mike Rogers and the always ghastly Dianne Feinstein would be there to protect the warrentless mass
surveillance and data-mining in all of its Constitution trashing glory because the protection of criminality is the main
prolific security blogger Marcy Wheeler of Emptywheel has brilliantly pegged as the USA Freedumber Act
present himself as a champion of the American people by fixing the system and the business of getting all of the
phone calls, financial data, images, book purchases, associations, family information, political affiliation, blog traffic,
internet searches, sexual orientation, religious preferences, text messages and thousands of other data points to
sock away in their massive storage facilities like the one out in Utah. Then Obama can get about the business of
avenging the injury to his ego when Vladimir Putin prevented a war in Syria and Russia provided asylum to Snowden
saving him from a US torture chamber and starting a new cold war which will ensure that military contractor money
rolls in for the next election cycles. Barring the promised bombshell revelations from journalist Glenn Greenwald which are taking forever and making many (although not myself, at least not yet) nervous that he sold out to
billionaire Pierre Omidyar and that the real stuff is never going to see the light of day - are so shocking as to make
According to a New York Times article entitled "Internet Giants Erect Barriers to Spy Agencies" that was published
steps.
After years of cooperating with the government, the immediate goal now is to thwart Washington as
well as Beijing and Moscow. The strategy is also intended to preserve business overseas in places like Brazil and
Germany that have threatened to entrust data only to local providers. Google, for example, is laying its own fiber
optic cable under the worlds oceans, a project that began as an effort to cut costs and extend its influence, but
now has an added purpose: to assure that the company will have more control over the movement of its customer
government and the implied threat of terrorist attacks is tech companies do not allow the NSA to proceed with
impunity. The NYT piece cites an Obama administration official who invokes the 9/11 card once again: Robert S. Litt,
the general counsel of the Office of the Director of National Intelligence, which oversees all 17 American spy
agencies, said on Wednesday that it was an unquestionable loss for our nation that companies are losing the
willingness to cooperate legally and voluntarily with American spy agencies. Just as there are technological gaps,
there are legal gaps, he said, speaking at the Wilson Center in Washington, that leave a lot
of gray area governing what companies could turn over. In the past, he said, we
have been very successful in getting that data. But he acknowledged that for now, those days are over, and he
predicted that sooner or later there will be some intelligence failure and people will wonder why the intelligence
agencies were not able to protect the nation. Companies respond that if that happens, it is the governments own
fault and that intelligence agencies, in their quest for broad data collection, have undermined web security for all.
BINGO on that last statement - the government to this day has yet to fire anyone who was on the job and failed to
protect the nation on the morning of September 11, 2001 - why is that? Power will not be surrendered willingly and
2NC Link
content of online communications to the NSA, said longtime independent surveillance researcher Marcy Wheeler. "It
There is no possible ability for actual privacy reformlegislation is like rearranging chairs on the titanic
Stanley 15 (Mark-Director of Communications and Operations at Demand
Progress DEMAND PROGRESS AND CREDO MOBILE BLAST USA FREEDOM ACT,
Demand Progress, 4/28/15, http://demandprogress.tumblr.com/post/117623640615/demand-progress-and-credo-mobile-blastusa-freedom)
A vote for a bill that does not end mass surveillance is a vote in support of
mass surveillance. The way to end mass surveillance is to end mass
surveillance. Everything else is window dressing. Rather than reauthorizing section 215, Congress should let
this dangerous provision expire and pass much-needed reforms, including ending mass surveillance under section
702 of the FISA Amendments Act, Executive Order 12333 and other authorities, and enhancing Congressional
oversight of secret intelligence agencies. CREDO and Demand Progress would support legislation enshrining the
reforms demanded in this just-released letter, signed by 60 organizations, businesses, and prominent national
security whistleblowers. http://demand-progress.tumblr.com/post/117018009995/letter-to-congress-end-masssurveillance Furthermore, the organizations support likely efforts to amend the legislation to ban warrantless
wiretapping of U.S. persons. Its
2NC Impacts
previously assessed, the director of national intelligence, James Clapper, told the Senate Armed
Services Committee during the 2015 presentation of the Worldwide Threat Assessment of the U.S. Intelligence
Cyber Command). The report says that Russias cyber command will also be responsible, again similar to its U.S.
counterpart, for attacking enemy command and control systems and conducting cyber propaganda operations.
report points out that the United States will not have to fear debilitating strategic cyberattacks on a large scale:
Rather than a Cyber Armageddon scenario that debilitates the entire U.S. infrastructure, we envision something
a hint that we may see an increase in naming and shaming campaigns, similar to the cyber espionage charges
against five Chinese military officials accused of hacking into U.S. companies back in May 2014. The report argues
that the muted response by most victims to cyber attacks has created a permissive environment in which low-level
attacks can be used as a coercive tool short of war, with relatively low risk of retaliation. In addition, the report
notes that identification of perpetrators has become a lot easier in the last few years. Perhaps this is the reason
why the U.S. intelligence community chose to go public at this stage. U.S. intelligence agencies have known for
head of the web security firm Taia Global and author of the book Inside Cyber Warfare, emphasized in an interview
last year. Carr added: Russia certainly has been more active than any other country in terms of combining cyberattacks, or cyber-operations, with physical operations. The Russia-Georgia war of 2008 was a perfect example of a
combined kinetic and cyber operation. And nobody else has ever done that China has never done anything like
that. In another article back in 2014, Carr stated that the United States has neglected to keep track of Russias
ever growing cyber power. If you want to properly assess a threat, you need to understand your adversarys intent,
capability and opportunity, Carr wrote. The U.S. government has not kept current on Russian technical
advancements which means that we cannot estimate capability accurately. Back in 2010, in a report for the
EastWest Institute, my colleague Greg Austin and I proposed cyber military exercises between the United States
and Russia as a vehicle for trust building. While the idea may seem far-fetched, it perhaps might have allowed for
both countries to become more familiar with each others capabilities and helped reduce tensions. This could have
it is
almost impossible to stop the spread of sophisticated attack tools in
cyberspace or to keep them secret for too long. In his article The Democratization of
happened without reducing ones side capability for waging cyber war. Bruce Schneier emphasizes that
Innovation I/L
Investment in IT security is key to technological innovationspecifically cloud computing
P.A.M. 14 (Pictet Asset Management- Investment management firm part of the
independent wealth and asset manager group Pictet, News from the Advisory
Board Security Post-NSA leaks, a new cyber security landscape, Pictet Asset
Management, May 2014,
http://www.pictetfunds.fr/files/Focus_du_mois/Contributions/Pictet-Security_AdvisoryBoard_201405.pdf)
the industry is witnessing a profound shift in the
behaviour of cloud users, who are now focusing less on protecting
infrastructure but more on protecting data. A new privacy industry is
emerging as a result, with demand rising for technology to browse the
web privately and encrypt emails, mobile phone calls and text messages.
The NSAs mass surveillance programme has accelerated the development of a range of
tools for individuals and corporate users, from NSA-proof messaging apps to Boeings Black
In the view of experts on the AB panel,
phone, an Android phone for government agencies and contractors which will self-destruct if its hardware is
tampered with. This is just as well, since most of the data-gathering capabilities detailed by Snowden may be
Competitiveness I/L
Snowden leaks have set off a gold rush for security companies
increasing competitiveness
Ungerleider 14 (Neal-reporter for Fast Company, MANDIANT AND THE
CYBERSECURITY GOLDRUSH, Fast Company, 1/7/14,
http://www.fastcompany.com/3024445/mandiant-and-the-cybersecurity-goldrush
2014 was celebrated in the cybersecurity world with a massive, billon-dollar acquisition. Mandiant, a security firm
best known for conducting forensics on alleged Chinese military attacks against the New York Times, was acquired
that for cybersecurity, they'd have to go it alone: Closer ties between tech firms and the government could hurt
foreign sales due to non-U.S. consumers fearing U.S.-based companies are in cahoots with American intelligence
agencies. There were even post-Snowden fears by foreign-owned companies working on American soil that the NSA
might be spying on them as well. These weren't just idle fears; Reuters recently offered good evidence that security
firm RSA let the NSA put a backdoor in one of their software tools as part of a secret $10 million contract. In 2013
and 2014, it's deeply out of fashion to discuss increased collaboration between the government and cybersecurity
For said security firms, this means a gold rush of mergers and
acquisitions. The combination of a higher volume of digital attacks, more
clients being aware of the need to protect themselves, and government
paranoia means security companiesmany of which are on the small sideare in a good
place to be purchased for large sums of money. Mandiant, many of whose
employees reportedly come from the intelligence community, was acquired for more than $1
billion in cash and stock. They're only the latest in a string of cybersecurity
acquisitions over the past year. Websense was acquired this past spring, IBM acquired financial
firms.
security firm Trusteer last summer, and Cisco acquired SourceFire in July for a reported $2.7 billion dollars.
Aff Answers
infrastructure is that all the data is in one basket," says Mr Holland. "In
if a hacker could compromise the big data container they could
get everything." Key to the door The use of encryption to protect data from
intruders is also important, but Anton Chuvakin, a security expert at Gartner, points out that when
hackers get on to a network and aren't detected quickly there's a risk that
they will be able to steal the keys required to decrypt any data they steal.
with big data
many companies,
"The problem is that encryption is very easy, but key management is hard. How do you manage the keys so that
they are always available to every legitimate user that needs them, but never available to criminals?" Nonetheless,
encryption - and other security measures such as network segmentation - are valuable
because they make things harder for hackers. They present obstacles which, while not
insurmountable, hamper their progress. "What companies need to be doing
is switching away from trying to prevent hackers from getting into their
networks," Mr Chuvakin says. null Encrypted data is opened using a key - if hackers
get into your network, how do you stop them getting hold of it while
ensuring staff have access? "Thinking about how they can slow hackers
down so they can catch them is much more sensible. If hackers steal your encrypted
he believes that
data but then have to spend three days searching for your encryption keys then you have a much better chance of
nearly 75% of its enterprise resources were affected). This incident should be a wake up call for enterprises
throughout the world that internal and external data security is critical to ongoing business operations. The Aramco
The
Target data breach that exposed millions of customer financial records
appears to have been triggered by stolen 3rd party contractor login
credentials. Managing data security in enterprises requires the proper approach to data security and
incident is reported to have been started by an internal individual with extended access to the network.
vulnerability management by identifying possible vectors, classifying the existing threats to enterprise data, and
limiting the access to information and resources internally and externally in the organization. 4 Key Areas for
hardware vendors deploy digital certificates for hardware device security. Along with certificate-based security for
data encryption and access control, administrators should also consider the role that BYOD policies should play in
their organization to protect network resources from external, possibly compromised devices infecting network
software users can install on corporate systems and only trust software from reputable vendors. Microsoft has gone
a step further in helping enterprises deal with the growing data security threat by requiring all third party
developers of Windows applications to use an EV Code Signing SSL Certificate for any Windows-based application.
The EV certificate verification process requires application developers to go thorough background identity checks,
filtering out malware developers and also preventing the unauthorized repackaging of popular software.
susceptible to known security vulnerabilities are a prime target for cyber criminals and hackers. The free cloud
security monitor Certificate Inspector, for example, can identify potential system security problems like weak keys,
outdated ciphers, or even expired certificates. Cert Inspector utilizes a unique, proprietary algorithm to grade
certificate installations and also server configurations by connecting to a public website online. It also offers internal
organisations have identified the business risks that are causing concern,
then they can target their security investment appropriately. There is also
a cost-benefit discussion to be held achieving maximum security may
require a disproportionate spend. The report warned that some of the
digital security offered by IT departments may become misaligned with
organisational priorities. Security has become synonymous with
compliance, and response frameworks have been too focused on
technology and bolt-on upgrades. Lines of accountability may be unclear,
particularly in terms of who is responsible for a response to a breach .
Boardrooms increasingly recognise this isnt just a matter for technologists, but for them too, said Brown.
NSA Surveillance
Allowing the NSA to continue to spy just means they
circumvent new encryption
Bamford and De Chant 15 (James and Tim-Reporters for PBSs NOVA,
Exclusive: Edward Snowden on Cyber Warfare, NOVA Next, 1/8/15,
http://www.pbs.org/wgbh/nova/next/military/snowden-transcript/)
Its becoming less
and less the National Security Agency and more and more the national
surveillance agency. Its gaining more offensive powers with each passing
year. Its gained this new Cyber Command thats under the director of NSA that by any measure should be an
entirely separate organization because it has an entirely separate mission. All it does is attack. And
What we see more and more is sort of a breakdown in the National Security Agency.
thats putting us, both as a nation and an economy, in a state of permanent vulnerability and permanent risk,
because when we lose a National Security Agency and instead get an offensive agency, we get an attack agency in
its place, all of our eyes are looking outward, but theyre not looking inward, where we have the most to lose. And
this is how we miss attacks time and time again. This results in intelligence failures such as the Boston Marathon
bombings or the underwear bomber, Abdul Farouk Mutallab (sic). I n