Today is The day we fight back.

The day we fight back” is a international day of activism, held on the anniversary of Aaron Swartz‘s death. Swartz was an American computer programmer, writer and political activist who was driven to suicide by bullying from the US government, after he attempted to make public a number of scientific journals (the copyright wars now have a body count, read more, it’s horrific.)

On this day we commemorate Swartz’s death by holding an international day of protest against the illegal mass surveillance programs, conducted by the NSA and GCHQ (as well as others), that are used to invade the private lives of everyone on the planet, as revealed by whistle blower Edward Snowden.

The NSA and GCHQ, among other things, have attempted to subvert the technologies that we all use – to keep our medical records safe, to communicate in private about sensitive matters, to shop and bank securely online. In short, they have conspired (and succeeded) in making the internet a less safe place for you and your family, so it is fitting that today is also Safer Internet day.

So, today, do something to make the Internet a safe place for you and your family to work and play. Fight back.

The UK Government snooping bill will apparently “handle” HTTPS and encrypted communication protocols like Skype.

More clarification is clearly needed, but to me this is concerning and means on of the following:

  1. Nothing new, and this was just hand waving: The bill already plans to monitor connection data, so even with HTTPs which encrypts content an observer can monitor requests at the domain level. The page request and any payload is encrypted, but the fact that you’re visiting a given site is not, meaning that an observer will be able to see that you visited https://foo.com, but not which pages therein.
  2. They have site/tool level back doors: More worrying is that the snoopers have muscled back doors into sites like gmail and facebook, and protocols such as skype.

    Rumours about Skype back doors have previously been circulated, but have been denied. Skype’s own websites state that all communication is encrypted and that no transport node on the network has access to the unencrypted data, but since the tool is proprietary it is impossible to independently verify this. In my view this damages the tool’s credibility as a tool to conduct business communication securely.

  3. Compromised root certificates: Most concerning would be if the snoops had managed to strong arm certificate providers into compromising the SSL root certificates, allowing them to perform a man in the middle attack without the usual warnings. This is particularly alarming and puts at risk our entire eCommerce and banking ecosystem when these are inevitably left on a train.

Urgent clarification is needed, but to me this casts doubt on centrally issued certificate based encryption and proprietary protocols, for the time being at least.

Image “GCHQ” by James Stringer.

As you are probably aware, Nosy-parker in chief Theresa May wants to record all the internet activity and emails of everyone in the UK, just in case you do something the government thinks is wrong (or decides is wrong sometime later down the line should you become “Politically inconvenient”).

One wily UK citizen recently did a very British act of defiance and, using the Freedom of Information Act, requested CCDP like information for just one UK individual, namely Theresa May.

Since she is so keen on snooping on the rest of us, I’m sure she wouldn’t mind.

After a certain amount of back and forth the request was unsurprisingly denied. What I find interesting is that the request was denied on cost grounds due to the breadth of the request. This begs the obvious question: if the cost of obtaining this information for one person proves too costly to comply with a simple FOI request, and that by their own admission the request is too broad, how on earth can they justify doing the same for ~65 million people?

As a government minister, much of the requested information would almost certainly be recorded anyway as a matter of course.

My suspicion of course is that this request was never going to be complied with, as always there is one rule for us and another for them, cost was just a convenient excuse. In the words of Lance-Corporal Jones, “They don’t like it up ‘em”.