česky | english
The Secret Cells of Intelligence Agencies - An Introduction
Recent revelations in the media concerning NSA corruption of major IT companies in the USA, and their data and their customers' data, has caused a lot of concern and angst. Especially, the topic of 'secret cells' has been aired as being a potential way that the NSA uses to breach these companies. As a threat to commercial operations, it is somewhat well known but has traditionally been considered tin-foil hat conspiracy theory more than reality.
What is a Secret Cell? A secret cell is a tiny group of people that exist within a much larger organisation that work to pervert the security of the organisation to the benefit of a single attacker. In CAcert's context in particular the members of the group might conspire to help efforts to mass surveillance, or to issue fraudulent certificates, or to weaken our effectiveness.
Large companies might have underestimated the likelihood of the threat. This is highly important to CAcert, as we have long recognised its presence as a real threat, and we have developed systems and procedures to mitigate or reduce the impact to us and our members.
What to do? For our part, we can offer some observations about how CAcert has dealt with the threat in the past. Successfully or otherwise is open for you and history to judge.
Why now? In the past we have been subtle about this area. It does nobody any good to broadcast where our conspiracy theories lie, what tin-foil hats we wear, what boogeymen keep us awake at night. As it is now reasonable to assume that the secret cell attack is going on, being shy about being called a tinfoil crackpot is less of an issue. We might now render a service, both to our people and to others, by laying out our assumptions, logic and conclusions. And our defences.
That said, our story is laid out thusly: