By Shaun Maximusp
Pardon me but I do have misgivings about this Defence Cyber Organization that was announced but only days ago.
Let’s not mince words, I’m wary of this Defence Cyber Organization (DCO) that is about to begin operations. It is a signals intelligence (SIGINT) organization. Other than for the publicly stated purpose (e.g. of protecting and securing the SAF and its personnel ostensibly because of the theft of personal data belonging to some 850 of our national servicemen) as well as the unstated i.e. possibly clandestine (espionage and counterespionage and in keeping with our alliance with Uncle Sam and events stemming from the recent Terrex and Spratlys fiascoes, the People’s Republic of China as the principal protagonist), it’ll be equipped with the means to do a lot more damage. Please read on.
Not merely that in time (if not right from the onset) any an ordinary Singaporean can be at risk simply if he or she is deemed “suspect”. As it is with the murky nature of intelligence work i.e. the near absolute absence of transparency and accountability (not to us mere peasants anyway). If similar signals intelligence (SIGINT) organizations abroad e.g. the American NSA and British GCHQ are anything to go by, I think it is safe to say that the DCO will be equipped with the means to developing “security-related applications” for “our collective benefit” e.g. antivirus, secured online commerce, etc., and through saturated mass media hype, induce the gullible to unreservedly download and install onto their systems. That is but one of numerous options and means in which e.g. rootshells, backdoors can be, with our acknowledgement and permission, planted in any of our WWW connected devices e.g. phones, lappies and PCs that will allow them to snoop around, eavesdrop, intercept and more e.g. boobytrapping, sabotage. And tada! Welcome to the Police State!
Be very careful online from hereon. Truth is, there has always been a DCO around albeit one under civilian control (i.e. the Cybercrime Command as part of the CID, Singapore Police Force) and a smaller unit – the SAF Cyber Defence Operations Hub (CDOH) – within the structure of the SAF.
However with the coming online of the DCO under MINDEF, knowing the murky nature of the military in general i.e. the almost absolute total lack of transparency and accountability where anything to do with the Army is concerned, especially an organization staffed by some 2,600, I am really worried as to where this will lead us to. A fully fledged Police State where the authorities can just wantonly snoop around, eavesdrop, intercept, sabotage our private communication and communication systems (if and when they want or are instructed by the powers that be to do so) anytime they want? I am surprised that almost no one has remotely raised even the slightest disquiet at the prospect of a looming police state, at least in regards to ensuring that their very own privacy and online security be respected, ensured and enhanced.
I am pleased to note that while not exactly pertinent to the DCO, the WP have spoken up on related issues in the recent past. E.g. Leon Perera in a parliamentary debate over the Government Technology Agency Bill on 16 August 2016 had queried if GOVTECH – an agency who in its own description, is en-tasked with “harnessing info-communications technology and related engineering for public sector transformation” – would coordinate the assessment and induce other “public sector agencies” to likewise coordinate and assess for impact on privacy on the population.
Of equal relevance, Mr Low, to his credit, had also in Committee of Supply 2015 debate delivered on 9 March 2015 asked for an update on the transition to the then new Cyber Security Agency (CSA) i.e. in how it plans to safeguard cyber security and how it will integrate into and interact with the rest of our security framework. Mr Low also wanted to know how the National Cyber Security R&D Programme will complement existing efforts in safeguarding cyber security. I am still curious if you folks are satisfied with and appeased by the government’s replies. In particular, to the questions on Privacy Impact Assessments posed by Leon Perera. Are you?
However, the possible impact on political discourse and freedom of expression, thought and speech wasn’t explored nor dissected in detail in either of the 2 debates identified above. I am unsure if we genuinely appreciate the fully the latent monster that is or will become of the DCO in the wrong hands or a DCO perverted towards the political objectives of the party in government. We are talking about a SIGINT organization capable of both protecting our online assets and presence but also possessing the capacity to conduct in unwarranted surveillance and inflict much potential uneasiness, distress, even harm. What safeguards are there in place or planned to guard against misuse, abuse – malicious or otherwise by the authorities in question? Are you, will you the people be satisfied with such guarantees? What course/s of redress does anyone of us have should the safeguards fail? Think hard people! Think!
For what it is worth, the advent of the DCO, does, on one hand makes the intelligence community whole i.e. in that we’ll possess more or less, the full complement of all the arms to intelligence work e.g. domestic intelligence and surveillance – ISD; external intelligence and surveillance – SID; internal and external military intelligence – MIO; and now for signals intelligence (SIGINT), we have the DCO. However I question the timing, the need, and the true motivations behind the DCO’s creation. It’ll also be interesting to know what or where its true priorities and loyalties (e.g. to the State or to a certain political party) are.