GCHQoogle: so much for "Don't be evil"

Using the Paris attacks as an excuse, governments around the world are clamping down on free speech, and the tools that make that speech possible in the digital age.

Cameron, who clearly read somewhere that it doesn’t matter what you say, so long as you sound decisive, has declared war on cryptography.

I talk a bit about this in a rant I recorded earlier:

A secure internet secures us all, and despite having never so much as got a parking ticket, I feel deeply uncomfortable in the UK – which is officially the most spied on country in the “free” world. Where every car journey is tracked, where people are recorded (both audio and video) in virtually every public space, where every text message, email, phone conversation and website is recorded and analysed.

Where, if Cameron has his way, it will soon be a crime to use tools to resist this ever watchful eye.

Not knowing if you’re being watched, and not knowing what conclusion some faceless spook or bureaucrat will make from the activity of your day to day life is stressful and socially damaging. People will always say “if you’ve nothing to hide, you’ve nothing to fear”, but really it’s all about context.

Granted, there are crazies out there, but the gunmen in the Paris attack were known, and they communicated openly with each other. Why weren’t they picked up? Well, the French already stated, that it is simple not possible to investigate every possible lead – so throwing the net wider and making the haystack bigger, while sounding good in an election campaign, can only make it less likely that you’ll spot the next attack.

Destroying freedom in order to protect it is not winning, Mr Cameron. We lived for decades under the threat of Christian terrorists, and the threat of US/USSR nuclear annihilation, without shredding the constitution.

Putting the whole country under surveillance in a modern reboot of East Germany is not going to protect us. Destroying the UK’s IT sector is not going protect us either.

Christian Payne and Cory Doctorow say this much much better that I did.

Perhaps trying to get to the reasons why so many poor people are angry and turning to religious fanaticism and violence might be a better idea?

But of course you won’t. You need to appear Tough. You need to Lead. To support your backers.

The Cheltenham eye of Sauron is being turned inwards, not to protect UK citizens from terrorists, but to protect the interests of your super rich friends from the dispossessed and increasingly angry poor, as you strip away their freedoms, education, healthcare, houses and livelihoods.

My blood is boiling again, so I think it’s time to sign off and go drink some herbal tea.

I’ll leave you with a video by Russell Brand. No matter what your personal views are on this guy, his video on the Charlie Hebdo massacre hits the nail absolutely on the head.

Peace.

Today is The day we fight back.

The day we fight back” is a international day of activism, held on the anniversary of Aaron Swartz‘s death. Swartz was an American computer programmer, writer and political activist who was driven to suicide by bullying from the US government, after he attempted to make public a number of scientific journals (the copyright wars now have a body count, read more, it’s horrific.)

On this day we commemorate Swartz’s death by holding an international day of protest against the illegal mass surveillance programs, conducted by the NSA and GCHQ (as well as others), that are used to invade the private lives of everyone on the planet, as revealed by whistle blower Edward Snowden.

The NSA and GCHQ, among other things, have attempted to subvert the technologies that we all use – to keep our medical records safe, to communicate in private about sensitive matters, to shop and bank securely online. In short, they have conspired (and succeeded) in making the internet a less safe place for you and your family, so it is fitting that today is also Safer Internet day.

So, today, do something to make the Internet a safe place for you and your family to work and play. Fight back.

The UK Government snooping bill will apparently “handle” HTTPS and encrypted communication protocols like Skype.

More clarification is clearly needed, but to me this is concerning and means on of the following:

  1. Nothing new, and this was just hand waving: The bill already plans to monitor connection data, so even with HTTPs which encrypts content an observer can monitor requests at the domain level. The page request and any payload is encrypted, but the fact that you’re visiting a given site is not, meaning that an observer will be able to see that you visited https://foo.com, but not which pages therein.
  2. They have site/tool level back doors: More worrying is that the snoopers have muscled back doors into sites like gmail and facebook, and protocols such as skype.

    Rumours about Skype back doors have previously been circulated, but have been denied. Skype’s own websites state that all communication is encrypted and that no transport node on the network has access to the unencrypted data, but since the tool is proprietary it is impossible to independently verify this. In my view this damages the tool’s credibility as a tool to conduct business communication securely.

  3. Compromised root certificates: Most concerning would be if the snoops had managed to strong arm certificate providers into compromising the SSL root certificates, allowing them to perform a man in the middle attack without the usual warnings. This is particularly alarming and puts at risk our entire eCommerce and banking ecosystem when these are inevitably left on a train.

Urgent clarification is needed, but to me this casts doubt on centrally issued certificate based encryption and proprietary protocols, for the time being at least.

Image “GCHQ” by James Stringer.