Breaking what’s becoming far too frequent radio silence, and I do apologise for that but life keeps happening, to mutter about John Snowdons revelations. I’m going to try and do the tricky thing and not talk about Mr Snowdon or his plight but concentrate on what he revealed.
The revelations about operation Prism remind me of a long time ago in the earlier days of the internet and the rumours abounding about something called “Echelon”. This was a supposed system whereby the US government collected and snooped on everyone’s emails and everything else they did. This led to people adopting spook attractor blocks as a easier alternative to encryption. The idea being that if we all littered our e-mails and news articles with words likely to trigger pattern recognition the system would be rendered unusable. There wasn’t as much e-mail back then, but on the other hand computers, bandwidth and storage where also a lot more expensive. Fast forward mumble years and we have leaks about Prism where it seems that with the collusion of some of the biggest names in IT the US government has in fact been doing just what they were rumoured to have been up to all those years ago. The most impressive thing about this whole affair to me is that it’s been kept quiet so long. Now it may be that my experiences haven’t been typical but IT types quite like to talk about their project and new toys to other IT types especially over a few beers, and getting as much equipment in place as would seem to be needed and having so many people processing all that data without serious leeks is really quite an accomplishment. Now of course it turns out that mainly they’re grabbing traffic logs which makes for smaller data requirements but even so it’s quite an accomplishment.
What’s also quite an accomplishment is to get most of the world to react to being told that their every communication is being spied on with a global Gallic shrug and a sigh of “meh”. Just think about that we’ve all just been told that (for most of us) a foreign government has been tracking who we talk with, what web sites we visit and most of our papers haven’t seen fit to mention it (thank you D-notice) and most people just aren’t fussed. Yet still we wonder how atrocities can happen with the population turning a blind eye. The US government has excelled itself in double think by claiming both that it isn’t news and that everyone does it whilst also demand Mr Snowdons head on a spike for revealing such crucial secrets (that aren’t a big deal because everyone does it) – really that’s quite a feat.
So anyway back to the technology, it seems we can’t trust Facbook which isn’t surprising (yes I still use it). But also we can’t trust Microsoft (no surprise), Yahoo, Google (No surprise again), PalTalk (who they?), YouTube (see Google), Skype (see Microsoft), AOL (Never did I remember the September without end) nor Apple (No surprise).
All this surveillance that we’re told is vital to track serious threats is really only actually useful to tracks the like of you and me. Look at that list above, would you plan any serious terrorist event using services from those companies (assuming that the spooks don’t actually have back doors into windows and MacOS – and that you’re not clever enough to use OpenSource)? Might it not be the harmless but politically active sorts like occupy that are far more likely to get monitored via those sources? Might it not be people trying to organise public and popular protests that would use such open platforms and wouldn’t encrypt their communications? But even if all they track is who talks to who and not what’s said it’s quite impressive as to just what that reveals just look at what just the call records and public data revealed about a German politician, or consider the case of Paul Revere. If you’re in any doubt as to the value of being able to track phones, try and buy a pay-as-you-go phone with cash -it’s a fun challenge.
So what can we do? Actually quite a lot
we can take care of what data we give to the likes of Facebook (via all sources). I won’t suggest we stop using them altogether the convenience is at the moment hard to escape, but we could start moving to the likes of Disapora, we can deploy tools like Disconnect me, change search engine to the likes of Duck duck go or IXQuick even if not all the time the more we use them the more it interrupts the surveillance. As I’ve muttered before it’s not difficult to run your own services and retake control of your own e-mail and much else of your on-line life. It’s much harder for the spooks to secretly get data direct from your mail server if you run it yourself, unlike it seems from the likes of the big companies who give near real time access when required. Of course they can still spy on the fibre to know where traffic is going but that can be seamlessly and securely encrypted with little effort. I would note that the companies listed in that article as implementing this security already it seems hand data directly over to the US government so our communications with them being secure isn’t much of a comfort. That snooping on fibre also explains why the US are happy to work with the UK government an awful lot of European traffic goes through the UK. Fortunately the number of tools available to us to move away from such government friendly companies grows every day, and really needn’t be that painful to adopt.
All of the companies that we know to be colluding with the spies are very keen to lockdown the web by abandoning open API’s and constantly changing the API’s they use and the hoops you have to jump through to use them. Not to mention Googles frequent practice of adopting a technology (e.g. RSS) getting to a dominant position so there’s scant competition and then dropping it. We sadly have an appalling track record of falling for such bait and switch ploys.
Ultimately if we get spied on is up to us the spooks are out of control, the big companies have no incentive (and possibly not much choice) to not roll over and do as they’re told. We can ignore this scandal and play more angry birds or we can take action both by talking to our politicians but also by changing how we use the web so that not protecting user privacy starts making poor economic sense. The revelations regarding the level of collaboration are already causing major ripples in the world of cloud computing (as a non-US company would you want your data on a US controlled cloud*). A consumer move away from companies that collaborate with covert and illegal data gathering could easily upset the cosey arrangements, or we can swap privacy and democracy for an easy way to exchange pictures of cats with captions on them. To coincide with July the 4th the Internet defense league are taking action – see banner at the top of the page (unless it’s past that date in which it may be gone).
* I must admit to feeling smug about this, as I’ve been playing Cassandra every time the idea of using the cloud has come up ever since it was invented – almost entirely based on the impossibility of ensuring data confidentiality.