Protecting our privacy

July 3rd, 2013 by · 7 Comments

This article was authored by Don Sambandaraksa, and was originally posted on

The responses by the US and UK governments to the revelations made by Edward Snowden have been aimed solely at their electorate. If you are not a US or UK citizen, it would seem that the NSA and GCHQ can conduct their business on you as they please.

Think good thoughts people.

How much of an effect this will have on the way we conduct our lives and business is yet to be seen. Google, Microsoft et. al. have clamoured to petition the courts so that they can reveal the number of information requests made by the intelligence services. To date, even that figure is a secret. All the web companies are panicking and trying to rebuilt trust. Without the ability to reassure their users, a decade of advances in trust in cloud computing risk being turned back.

Who, outside of the US and UK, would trust Gmail or Hotmail with their sensitive personal correspondence anymore? Or Google Docs or Office 365 for that matter?

Can we turn back time and revert to local IMAP email boxes running on a physical server?

When Blackberry took the world by storm, I baulked at the idea of surrendering email security to a third party. The fuss in India with the government there demanding access vindicated my fears. Technology journalism all too often involves corruption in technology procurement projects by government, the very departments that controls these taps.

But what the Snowden affair has revealed is how even supposedly secure channels such as HTTPS can easily be attacked. The NSA supposedly must destroy any data collected after five years but may keep any encrypted data indefinitely.

HTTPS in its default configuration, relies on two keys, a private key of the server, and a session key that is generated for the session. The idea is that by tapping into the fiber optic cables, vast amounts of raw data can be stored and at a later date the server’s private key can be obtained to decrypt the session. Obtained either through brute force and technological advances or more traditional spy techniques, that is.

What Snowden also taught us was that encrypting email with PGP (pretty good privacy) works, but also sets off alarm bells. It is akin to wearing a mask in a busy crowd. If only a few people wear masks, all the CCTV cameras and police will be focused on the mask wearers, which negates the privacy of wearing a mask. Only if everyone wears a mask does privacy follow.

GPG (Gnu Privacy Guard) – the open source implementation of PGP – has long been an option on Android, with a program called Android Privacy Guard (APG) alongside a traditional locally hosted email client called K-9. Compared to Gmail the UI is clunky and search is rudimentary at best. But using APG and K-9 on the phone alongside the Thunderbird Enigmail plug-in on the desktop would seem to be the only way to ensure privacy in this day and age of dragnet surveillance.

As for voice, all of this has led to a renewed interest in end-to-end encryption for VoIP and the ZRTP protocol.

The question is how many will take the NSA files as a wake-up call and start protecting their privacy? How many would prefer to remain blissfully unaware and continue to trust governments and corporations with their innermost secrets?

And it is not as if we were not warned. Back in 2008, Richard Stallman, a staunch privacy advocate and one of the most iconic figures of the free and open source movement, said that cloud computing is worse than stupidity. Five years later, it seems that he was proven right after all.

If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!

Categories: Government Regulations · Internet Traffic · Other Posts · Security

Join the Discussion!

7 Comments So Far

  • Anonymous says:

    Where does it stop?

    • guy fawkes says:

      my guess is it won’t stop anywhere because most people don’t see this as a problem. When liberties are taken away incrementally, the theft doesn’t seem all that meaningful. And, whenever large policy shifts in data collection are necessary, the Federal gov’t need only scare up some unidentifiable threat to rationalize the next liberty heist.

      When someone challenges the government’s practice of stealing more liberty, they’re portrayed as radical or paranoid and instantly marginalized.

      Sunday’s NYT article should frighten everyone, but it doesn’t. That a separate stealth judicial system has been erected right under our noses without any oversight and no lawful procedural challenge mechanism means we are at the mercy of those in charge of undisclosed ever broadening surveillance programs.

      The supreme court has no authority over the FISA court. Consequently, Congress only needs to broaden its definition of what portions of our economy require the watchful supervision of this kangaroo court.

      For example, telecommunication is critical infrastructure which our “enemies” could compromise, therefore, the FCC should roll up to the NSA and the FISA court should preside over all FCC related issues unless the NSA, FIRST, deems the issue outside their purview.

      Banking and the securities industry infrastructure are critical to American capitalism but are vulnerable to attacks by our enemies and therefore the SEC, CFTC, and other Treasury departments should roll-up to the NSA and legal issues should first be vetted by this stealth FISA court.

      Agriculture is also vulnerable to attacks by our enemies and therefore, the NSA and its legal accomplice, FISA court, should have direct supervision over the USDA.

      Our pharmaceutical supply chain is vulnerable to tampering by our enemies, and therefore, the NSA and FISA court should have direct supervision over the FDA.

      Sounds crazy for sure, but is it? 15 years ago, I couldn’t imagine our government building a database of CDRs, emails, financial transactions, EZ pass records, etc. You may say, SO F’N WHAT!! What are you hiding?

      I’m sure if you read this far, it’s been out of sheer entertainment just how crazy this sounds and I must be.

      Am I?

      Your daughter is attending UVA. She’s dating a sr. whose roommate, an electrical engineering major just like you were, is best friends with someone who the NSA suspects is socializing with individuals the NSA believes are associated with elements of some radical muslim group. The NSA picks you up and brings you into a meeting where they show you information that you failed to fully disclose on your tax returns income you generated from some ebay sales over the last 5 years, also a NY Giant playoff ticket you sold through Craigslist when you had a business trip where they also have a picture of you and another woman.
      Because this meeting with the NSA is covered by the Patriot Act you are told that you are not permitted to discuss it or acknowledge it took place under penalty of law (which, if it comes to it, will be adjudicated by the FISA court). They tell you to offer your daughter’s boyfriend’s roommate a job.

      When they release you from the meeting and you return to your office, you begin to wonder if this has happened to any of your colleagues. Out of fear of penalty, however, you don’t ask or mention the meeting to anyone. You simply see the world a lot differently and wonder how we got here.

      This is hardly Jason Bourne stuff here. Sadly, when you give the government this much authority to collect every data point about your life, government engineered outcomes like this will, inevitably, arise.

  • beetlejuice says:

    I notice that the two of you are still using the internet….

    • guy fawkes says:

      beetlejuice, not sure i understand your point. Are you somehow suggesting that I’m a hypocrite because I rail against the government’s blatant disregard of the 4th amendment and its construction of a dangerous shadow judicial system whose authority sits outside the scope of our constitution but continue to use the Internet? (I also don’t like the New York Yankees, but I go to NYC all the time.)

      I don’t get the connection. I merely pointed out how dangerous these surveillance programs and the unchecked FISA court are and the blind faith we all seem to have in a government that most people will describe as inefficient and incompetent. Yet somehow we see no danger or risk of abuse in this same government collecting every morsel of data about our lives in clear violation of the 4th amendment.

      If you’re keeping score, I still fly, use my credit card, have an EZ pass, email accounts, smart phone and various other tools that provide information our government hoovers.

      Sadly, your response is precisely why your government can incrementally take away your freedoms with little to no reaction. More disturbing, with the FISA court solidly in place they can regulate the speed at which they take those liberties by simply enlarging the potential danger of an amorphous enemy.

  • beetlejuice says:

    I merely point out that if you believe it is so dangerous, you haven’t done much to curb their ability to carry out their devious behavior.

    You assume my stance as well: I am deeply libertarian, and this is a huge affront to everything I believe. Although not a topic for this forum, I wish I would be joined by the same people who decry some metadata trolling when far more invasive behavior takes place with all our applause. Its for our safety and good, after all (like healthcare or banking “reform” or most all fiat rulings from three letter agencies such as the EPA or FCC).

    But for some reason, suddenly the “its for your safety and our wellbeing” has this different ring to it when its a pet project of progressivism. Europe does it after all, so whats the matter with us??? But damn those spy agencies!!! They recorded the phone number I called last night for pizza. Now… which IRS address do I send my medical records to? I need to get that done fast… they tell me its going to make everything better and we will all live longer.

    • Guy Fawkes says:

      Beetlejuice, I don’t know what could be more antagonistic to a democracy than its government collecting, analyzing and storing every movement, transaction and communication of its citizens.

      Your reference to Romneycare or Obamacare, whichever, is an obfuscation and distraction to the far more insidious behavior of a government spying on its citizens.

      Like you I disdain the nanny-state programs but I include in that category the endless corporate welfare obtained through political patronage that grossly distorts markets and leads to suboptimal capital allocations.

      Social nanny-state programs are not responsible for spying on citizens while political patronage by the corporate sector that profits handsomely from public investment in an extravagant surveillance industrial complex is.

      Since 2001 we have created this new multi-billion dollar surveillance industrial complex that is incentivized to keep the fear and danger levels elevated and, at the same time, develop more multi-billion dollar sophisticated and invasive surveillance tools. Given the massive public investments in the programs that support these activities and the political patronage that accompanies them, it is hard to imagine the government ever rolling back its citizen-spying.

      Unless elected officials understand that their constituents believe the bill of rights is sacrosanct and that politicians willing to steamroll them will be voted out of office, these programs will continue to flourish.

  • mtsmark says:

    I don’t worry as much about employees using information for personal gain as much as I do those in political power using information to dig up dirt on those that are political challengers.

Leave a Comment

You may Log In to post a comment, or fill in the form to post anonymously.

  • Ramblings’ Jobs

    Post a Job - Just $99/30days
  • Event Calendar