3 October 2015

Surviving under ubiquitous surveillance

To protect their psychological health and to be free citizens, people need to encrypt their electronic communication.

“Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect' where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”

The mass of electronic surveillance details revealed by the CIA analyst and private contractor Edward Snowden in 2013 establish one indubitable fact: the NSA in the US, and GCHQ in Britain, want access to all diplomatic, commercial and private electronic data from their own countries and from the rest of the world. To that end, they have built facilities that hoover up electronic data in transit; they have hacked into telephone networks and in some cases have planted spyware into computers. If the correspondence of the average citizen - the recipes, shopping lists and notes to granny - are not sorted and stored, it is only because the spooks have decided not to retain it. Yet the mere fact that what one expects to be private is not private at all has deep psychological implications for the average citizen. We browse the net for private information and stimulation, and we communicate electronically for a myriad of purposes: writing love letters, talking honestly with friends about our workplaces, neighbours and teachers. Our surveilled data, even if of no interest to the spooks, lies copied on several servers with the danger of it falling victim to malicious hacking multiplied.

However, for people who are, were, or might wish in the future to be active politically, the damage is more immediately felt. If we take the now established fact that British police have over the last few decades embedded over 1200 long term double-life spies in civic organisations at a cost of millions of pounds each year, it would be absurd to assume that the much cheaper practice of collecting, sorting and storing the electronic communication of those who engage in politics is not endemic.

The law governing surveillance offers little protection. The fact is that by one means or another our data can become available to the institutions of the state. Only when the state needs to make public that it has our data (e.g. for a prosecution) does the issue of the legality of the state possessing it in the first place arise. It is thus reasonable to believe that the annual two and half million requests by police to access our data legally is only the tip of the iceberg - or the icing on the cake - of surveillance.

And who is targeted, legally or otherwise? Today, it is reasonable to think that at the very least the members of the Green Party and now Jeremy Corbyn and his supporters in the Labour Party, as well as host of other campaigning groups, are under active surveillance - along with all those who campaigned for Scottish independence. Indeed, there are documented cases of police surveillance of people in these legal and democratic organisations.

Yet citizens do not stand completely naked before the state. And if one wants privacy, be it a matter of principle, for psychological health, or to campaign for political goals with as little state surveillance and impediment as possible, then people need to encrypt their data and communication. David Cameron has gone on record saying he wants to outlaw encryption for which the state does not have a backdoor, but without the help of the US, that is a non-starter.

When Alice sends an email to Bob the email travels through cables and is then stored in servers at Google, Yahoo or wherever. Scanning it at any point takes a microsecond, so the content is simply there for the taking. And until recently that was all the spooks had to do, but with the rise of https (the green text and the padlock icon), used by Google, Facebook and others, the content is encrypted between the user's browser and the service provider. But we can’t be sure that the spooks don’t have a backdoor to the encryption, that the service provider doesn’t hand over content, maybe unwillingly, or that the storage facilities have not been hacked or corrupted in some way.

But if Alice encrypts her email before it even leaves her computer with open-source algorithms and keys which are under the control of her and the recipient, the spooks are stymied. Hence Cameron’s concern. What is intercepted or stored on the service provider’s server is indecipherable. Alice and Bob can do this by using encryption software on their computers, such as PGP - or they can use web-based end-to-end encryption services, such as ProtonMail or Tutanota - or, of course, both in conjunction.

All that leaves the spooks with only one option: to hack your computer. Unless you take several complicated precautions they can probably do this, but they must want to target you personally as an important person because they will need to devote time an effort to the job. In other words the cost to the spooks of surveillance increases exponentially and the number of people (if they use encryption) that they can monitor falls dramatically. And even then their surveillance is not fully effective because you might be using several devices. So unless the state is really after you, the encryption of your communication and stored data is probably enough to maintain your privacy.

So fight for your privacy and encrypt.

No comments: