Thursday, September 19, 2013

Privacy



So... I don't know about you, but I find the furore surrounding Edward Snowden's revelations regarding the NSA and big tech companies betrayal of it's users and their data astounding. I mean we used to joke that privacy on the internet was a thing of the past and now we know conclusively that it really is.

Edward, we ALL owe you a beer, and probably a LOT more.
I realised we were living in a surveillance-state online only about 8-12 months ago when I began to use Ghostery in addition to adblock in my web-browsing activities. In using these tools I learnt more about online advertising's pervasive intrusions into our everyday web-surfing habits involving cookies, image tags, HTML mail with triggers pointing back to companies letting them know when their message had been even simply opened by me, and more. But I still thought that my communications were basically safe, let alone un-interesting enough that I wasn't really concerned that it might be true that someone, somewhere could be reading or listening in. I wasn't using encryption beyond https or SSL and the idea that I might want PGP or anything else seemed like an unnecessary encumbrance.

"If you have nothing to hide you don't need any rights."

Things have changed dramatically in a few short months. The online landscape has forever altered. US spying programs with names like PRISM, Five-Eyes, Xkeyscore, Tempora and more yet to be revealed are illustrating [much to the US' chagrin] just to what extent ALL our communications are being hoovered up 24/7 in rolling caches of searchable records. And individuals like NSA head General Keith B. Alexander are struggling to stay on top of the leaks and are forced to engage in a comedic cat and mouse game of leak vs assurance in what increasingly is a massive abuse of the trust of the every American citizen.

And it's not just the US. The UK have a three-day rolling store of pretty much everything going in and out of the United Kingdom in electronic form. And metadata storage for up to 30 days. Metadata can be more revealing in analysis than the actual conversation in your phone call. Information about who and when you spoke to someone and for how long can be manipulated in ways that yield connections between parties otherwise invisible at first glance.


New Zealand

Here in New Zealand, the ongoing saga of Kim Dotcom being illegally spied upon by the NZ government simply won't seem to lay down and be quiet. This is likely because the GCSB and NZ Police force used PRISMs data supplied by the NSA in their efforts to raid his Auckland home and place him in police custody on behalf of the US government. If the NZ government is using PRISM to look for copyright offenders where do they draw the line with your information? PRISM was designed to facilitate US government surveillance of foreign intelligence targets "reasonably believed" to be outside of the United States during the Bush era, not spy on what music you might be downloading.

"The Internet interprets censorship as damage and routes around it."

This famous quote by activist John Gilmore from the Electronic Freedom Foundation seems to suggest that the internet can heal itself and work around problems like censorship. Organisations or governments that wish to know what your internet connection is carrying use technology like deep packet inspection and internet filtering that are designed to detect the nature of traffic on the internet. However in the wake of the knowledge that the NSA and GCHQ actually fibre-tap the very cables that cross undersea between our countries before they come into contact with your countries different landing points and ISP's, this sentiment now seems more like a wistful, rose-tinted vision of the pre-Snowden era that we'd now like to magically come true. And it's really not going to.


Laura Poitras and Glen Greenwald


The two reporters chosen and initially contacted by Edward Snowden are now under tremendous pressure from multiple governments and go to great lengths to protect themselves electronically. They are at the pointy end of the very tools they are exposing and the measured pace with which they reveal each new piece of information is vital in keeping these issues on the tip of public awareness. If they revealed everything in one release WikiLeaks style, the scandal would likely froth over and the US would quickly return to pointless outrage over Miley Cyrus' VMA costume choice or other such matters, and it'd soon be business as usual.


Sympathy for the devil?

Google, Microsoft, Facebook, Yahoo, AOL, Skype and most recently Apple...

We all use something from one of these companies in some shape or form, right? And they all let the NSA in the door and they all share data with the US government. They are now clamouring for permission from the US government to reveal the amount and type of data requests placed upon them in an effort to own up to their part in the information hoovering. I find it very hard to have sympathy for them at this point and indeed so it seems does Europe and other large parts of the world. Confidence in cloud-based storage products is taking a bashing as anything connected to the internet is vulnerable. I'm not about to trade-in my cellphone for paper and pen but it makes me think twice about *free* services like Gmail or Facebook.


Now the conversation about real privacy begins.

I think we're lucky that the debate is happening. I believe we're lucky that a democratic world-leading country is at the heart of these revelations and is attempting to deal with them in any sort-of public fashion. I find it hard to imagine many other countries owning up to the nature and extent of programs like that which the NSA are engaged in and discussing ways of backing up and out of the current situation. I acknowledge that there are necessary lengths that governments need to go to in order to protect it's people and I don't pretend to know where that line gets drawn. But it simply does not include my internet t-shirt orders by default, right? Or your phone call to order pizza? Or our drunken text messages from last night? Or your Facebook status update about how you just fed your cat. Or indeed the photos of your cat on your cellphone.

So now the rush to build proper NSA-proof encryption begins as it's revealed that the NSA has worked hard to undermine established encryption standards so they can peer into hidden communications. Discussions and tips about how to remain unseen by the NSA and secure online are highly informative. Can you reliably use TOR or not? And who wants to? Who wants to have to jump through all these hoops to protect our privacy? What is it worth to you or me who previously took it for granted that no one was listening?

I'm not sure but we are going to find out. Sooner rather than later thankfully.

-j


No comments:

Post a Comment