In the need to develop a capacity to know what potential enemies are doing, the United States government has perfected a technological capability that enables us to monitor the messages that go through the air. (…) Now, that is necessary and important to the United States as we look abroad at enemies or potential enemies. We must know, at the same time, that capability at any time could be turned around on the American people, and no American would have any privacy left: such is the capability to monitor everything—telephone conversations, telegrams, it doesn’t matter. There would be no place to hide.
If this government ever became a tyranny, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capability of this technology. (…)
I don’t want to see this country ever go across the bridge. I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision so that we never cross over that abyss. That is the abyss from which there is no return.
—U.S. Senator Frank Church, 1975
” ‘The abyss from which there is no return,’ ” goache and acrylic on A3 paper.
It’s generally accepted in the hacker community today that attribution (of cybercrime) is hard but not impossible. Also that online anonymity is going the way of the dodo and Silk Road. Do these combined assumptions mean that online state-level actors (or attackers) alone can—with good social media opsec like NYPD’s—retain a semblance of privacy for their online personae?
Combatting mass surveillance only goes so far when you (think you) need to use social media to reach large(r) audiences/your social network—and those services tend to block anonymity in various ways. Facebook doesn’t let you create/first access accounts using Tor. Google and Twitter require two-factor authentication, so you need at least a burner email and phone to make accounts with them. Identification standards ostensibly designed to deter cybercrime also deter anonymous expression, dissent, teaching, and resistance.
” ‘The abyss from which there is no return,’ ” goache and acrylic on 36 x 48 cm paper.
So do we assume that resistance is increasingly futile (or likely fake)? Or perhaps that it is too late for known trouble-makers in their own societies—but not for new trouble-makers, if they start out with good infosec? Or is infosec not enough since encryption does you no good on hacked devices, and all our devices are belong to them? Or are good infosec and opsec only always ever imperfect Bandaids that are less about security per se than about buying bigger margins of success and time? Beyond the practicalities of resistance—assuming that some long-game win is still possible—how can there be legal or political accountability for “the abyss from which there is no return” if it’s a big structural condition that’s been 42+ years in the making?
Oils on 40 x 50 cm stretched canvas. So heavy on dark pigments and linseed oil, this type of painting is damn near impossible to properly photograph. You can see the selfie in this attempt. We leave digital traces wherever we go—often without an awareness of how they might later be used to prove who did what.