Tag Archives: gchq

Posted on
by

It was recently revealed that the NSA and FBI have been using the US Patriot act to conduct blanket, unwarranted, surveillance of US citizens (and anyone who happens to talk to a US citizen), and of course comes as no surprise. The fact that major companies, Google, Verizon, Apple, to name but a few, were complicit in this, is very disappointing.

In the UK, the security services already track your phone calls, RIPA makes it a criminal offence to refuse to decrypt data (or what they believe is encrypted data) on the government’s request, and with plans to re-introduce universal internet surveillance (shamelessly capitalising on the tragic murder in south London of a young man, re-branded as “Terrorism”), we are taking the lead in creating the “Cradle to Grave” Surveillance State.

History shows that the greatest threat to an individual’s liberty comes from the state itself, rather than some foreign actor. My good friend Ben Werdmuller recently coined a new “Second Amendment”, which I thoroughly agree with:

Privacy being necessary to the sanctity of a free state, the right of the people to own and encrypt data shall not be infringed.

Of course, it is easier said than done. You can’t trust cloud based services to protect you; Apple, Google, Twitter, Facebook, your phone company and ISP are all complicit.

Wider use of encryption would be a start, but that’s hard to do in isolation. Email encryption is a microcosm of the problem; I’ve had a public key available for over a decade, but the grand total of encrypted emails I’ve received can be counted on the fingers of one hand. This is not because encryption or key management is necessarily complicated, it’s just that there is no motivation for me to use it if nobody else is as well.

It is useless in isolation.

Newer technologies fare better, without the need to carry too much legacy baggage, they can afford to switch on encryption from the get-go. Many, especially IM clients, have another advantage in that they are synchronous, and so could do content negotiation ahead of time. So, perhaps a mail client/webmail client with Webfinger support, and wider adoption of that?

Might help.

However, I think the biggest issue is that society at large tolerates the state doing this sort of thing. Perhaps “We the people” should start presenting a more unified opposition.

Posted on
by

I asked this question over on Hacker News, as well as Quora, but I thought I’d also ask it here…

The UK plans to intercept all electronic communication. They currently don’t plan to snoop on content, but as noted elsewhere connection data is just as invasive.

To me this is both a civil liberties and business risk problem. I view my list of business contacts as confidential information and I don’t trust the government not to leave this information on a train somewhere.

Legal solutions are one thing, but the snoops keep raising their heads, so my feeling is that we need to actually find a way to make this sort of thing technically impossible.

Content encryption is already largely solved, although for email we still need a critical mass of people using PGP or similar.

VPNs just seems to push the problem to another jurisdiction, and if this is an agenda all governments will one day pursue, this will become decreasingly useful.

What can an individual do to protect content and connection data? Onion routing for mail servers? Do technical solutions rely on everyone doing it and so are unlikely to get much traction?

So what are your thoughts? What can we build?