Surveillance, privacy (NSA, PRISM, ...) and encryption

It's been now a while that the "whistle-blower" Edward Snowden caused heated discussions about the NSA and it's PRISM program. Privacy since then got a big issue for many.

Some of my friends consider to close down their Facebook accounts, their Google Accounts and think of refusing many other internet activity.

That could be a good idea - if you want to have more spare time with your children, your family or your hobby - but to avoid being spied out they ignore a root problem:
  • Most of them use Windows: As long as you are using Windows and that machine somehow is connected to the internet you are at risk. As long as there is a feature in the operating system kernel to harvest your data that can be done already before encryption happens. Linux is Open Source and can be checked by everybody who understands the programming language (C). And indeed nations are interested in having an operating system that is secure so even the NSA has contributed code to Linux (SELinux). They want to spy out others but they are not interested in getting spied out themselves by others. ;-)
  • They don't refuse email: EMail is like sending a post card. Everybody (postman or IT guy) that sits between the sender and the receipient can see the content/text of the letter/mail.
    OK: Now, the more informed people are not thinking of using PGP. They usually find out after a while that while I can help them setting up their PGP encryption they need to have their peers also having the required software. While it is very easy to get started using PGP in Thunderbird using enigmail it might get a little more difficult to get Gpg4win to run smoothly not to talk about webmail <your favourite product here>. Oh, on Android you can use K-9 Mail and APG to send and read encrypted mails on the go.
    Apart from that even less people know that using PGP only the email content is encrypted, but not the header information like sender, recipient or subject. So when sending private encrypted mail it makes sense using a nonsense subject like "Thank you for the fish" ;-).
In many cases it is not a practical short-term solution to ditch Windows completely and switch to Thunderbird + encrypt all your mails. And you should also stop using your mobile phone (you can be tracked not only via GPS but also via antenna mast your mobile phone connects to). But as long as you don't do that and also do not encrypt any other data that you have saved somewhere in the cloud, it is quite irrelevant if you close down some of those accounts. Sincerely: Are you writing serious stuff in Facebook or Twitter that may really hurt your privacy if it would be made public for everybody?

There is always a tradeoff in having security and so is in having privacy. To avoid beeing hacked you can close down as many ports and sites as you want, but in the same time you loose access to features that might boost your productivity. We can be private and secure but then you wouldn't be able to use the benefits that the technical solutions offer.

Related posts: Pros and cons of cloud solutions, Administrator ethics, Social networking sites, Your holy machine, IT Dependencies.


Martin Wildam said...

See also: http://en.wikipedia.org/wiki/National_security_letter

Uwe Seeliger said...

Setting up PGP on MAC OS is also very easy, it's well integrated in Mac Mail and comes with PGP Services so that you can very easily encrypt any file (befor storing them on any cloud drive).

Anonymous said...

I am sure, at the end we wil not spy but will be maximal transparent when we transform from our competing to to collaboration society. And that we habe to transfrom is a must. The techniques for spying and securing are exponetial increasing in cost.
But much more inportant is our blocked thinking and behavior due to the spying. We have to stop this as oon as possible.

Unknown said...

The Outlookprivacy Plugin from Enigmail now works great even on office 2010 and office 2013 :)
So pgp in Exchange is possible and works mostly out of the Box!

Martin Wildam said...

I agree with you, that transparent collaboration may produce better solutions, but I guess you don't want to take your daily showers in the public for example.

Having technical possibilities to gain transparency and improve communication (reach and performance) is one thing. The other thing is: Who can control those technologies?

What today is legal, tomorrow might be illegal or misfit what the political or economic leaders want. And then suddenly you might be labeled as a potential danger for the country.

I don't fear transparency, but I worry about the ethics of our leaders - those who also can gain control over the technologies that can be used to control you. While technology can be used to improve cooperation or to prevent crime, it can be misused also. I have talked to eyewitnesses who lived before and during the second world war and I can see analogies in todays evolvement of things.