A lot of people were surprised to see a story from the BBC and from ITV claiming that the government plan to monitor and store details of electronic communications of everyone in the UK, including emails, web pages browsed, text messages and telephone calls. Many have decided that it cannot be true, especially as it appeared on the 1st of April.
Sadly, it is true and it is not a new idea. The plan was written about in The Telegraph last month but the plans are much older than that. The last Labour government, lover of all things authoritarian, came up with the Interception Modernisation Programme which in its original form would have had details of all electronic communications sent to a central government database. When the government eventually realised that this would be completely impractical they shifted the work to the service providers, who would all have to keep the details of the communications travelling through their networks and give the government access to their database at all times. The service providers realised just how much this would cost and so the government committed £2 billion to cover those costs over ten years. The plan was heavily criticised by the Conservatives, who published a paper titled Reversing the rise of the surveillance state. (Which is still on their website.) It was also criticised back then by the London School of Economics. The plan was shelved in 2009 after opposition from communications service providers and a realisation that it would not be popular with the public.
After the election, though, the Conservatives decided to resurrect the plan, giving it a new name, the Communications Capabilities Development Programme. (CCDP) Questions were raised in 2010 by the Information Commissioner’s Office and it was mentioned in The New Statesman. Now the government are pushing ahead with the CCDP and the queen’s speech will say that they intend to introduce legislation to implement the programme as soon as possible.
There are many things wrong with this programme of spying. It is impractical, expensive, a huge violation of our privacy, it places too much power in the hands of government, a government who we cannot trust. Making the full details of who talks to who available will allow security personnel to trawl through our data on fishing trips instead of requiring some basis for suspicion. Combined with the database for Universal Credit, which will be almost as comprehensive as the National Identity Register that was criticised so much by the Conservatives, and the centralisation of medical records, this provides private information about us all to the government on an unprecedented scale with huge scope for abuse and for life-destroying mistakes.
You should also look at ways of concealing your communications. This works best when you hide everything, innocent or not so that nothing is suspicious. I have written in the past about TOR from the point of view of helping other countries, but it is worth a read giving consideration to using it to protect your own privacy. The more technical might consider reading my thoughts on the concept of a paranoid computer.
Those words were uttered by Scott Mcnealy, CEO of Sun Microsystems, in 1999. It made a big storm at the time in computing circles and left a lot of people outraged. This pre-dated Facebook, Myspace, Twitter, even Friends Reunited and so the age of sharing every intimate detail had not yet arrived but there were signs; in 1997 I and many of my friends at university had personal web sites on which we did share information. In fact, I had my CV available on my web site which I wouldn’t dream of doing now.
In reality, in 1999 privacy was an issue that was both important and not important to me. I was paranoid about my personal email and telephone calls being snooped on and I used PGP to encrypt my email. On the other hand, I happily gave out my name, address, email address, age, girlfriends name, my course at university and more on my university web page and my Tripod web page. Now days I am much more careful with my information and if it is online at all I try to restrict its visibility to just a few people but back then it wasn’t important to me.
I think there are two reasons for that. One reason is simply that web pages were new and exciting technology, and we all got carried away. The other is that individual web pages did not carry the same big-brother overtones that social networks do. When the data is held in one central searchable database it seems very different to many separate web sites. Back in 1999 we barely even had effective search engines, with Google being less than two years old, and so most people looking at a personal web site would be friends, family or colleagues. I first started to lock down my information when I realised that it could have a negative impact in the future. Future employers could easily search the internet for a name and refuse someone a job based on what they see.
With Facebook and other social networks, we are encouraged to share all sorts of personal information. Many people share their complete education history, work history, relationship status, religious beliefs, hobbies, favourite music, film and books, birthday, who they are friends with, status updates and photographs. All this information used to be exposed by default on Facebook, but if you sign up now it will at least mark these things for viewing by friends only. Even so, many teenagers have this information available to everyone and are not even aware that it could be any other way or why they might want that.
Search engines are a huge problem for privacy. Type a persons name into Google, and the chances are that you will find their social networking accounts and their photograph. You will also see personal directories such as 123people.co.uk which gather a worrying amount of information from social networks, the electoral roll, public records and so on. These directories and search engines make it very difficult to hide yourself from searches.
Another aspect of privacy is tracking. People have been worried for years about being tracked by advertising networks such as Doubleclick. (Now owned by Google.) A lot of people delete browser cookies on a regular basis to prevent this tracking. It is also possible to opt out of this tracking. More recently many websites have started to select adverts to show the viewer based not only on the tracking information but also on data from websites viewed. For example, last year I searched the Halfords website for toolboxes of a certain type. For about a week afterwards I saw adverts for toolboxes of the type I had been interested in shown to me on many web sites. (I normally block adverts, but I couldn’t at that time.) I could see this being very damaging if it showed adverts for something you wished to keep secret while someone else could see the screen.
In 2008 a company called Phorm tried to go even further. Instead of tracking you only through web sites displaying their adverts, they installed equipment at the heart of the BT network which would look at every web site visited and search made. They would then show adverts on selected websites and those adverts would be selected based on all of your web surfing! Needless to say there was an outcry and even questions by MPs.
Unfortunately the most intrusive tracking is now being entered into voluntarily. The Facebook account seems to have become the universal way to identify someone and lots of websites allow you to sign up or log in through Facebook Connect. The “Like” button has become ubiquitous as sites encourage you to share them with your friends. All of this means that Facebook has a vast knowledge of all the websites that you visit that use these things. This has even extended to a tie-up between Facebook and NHS Choices. The only way around that is to log out of Facebook and delete your browser cookies before visiting any other sites.
Facebook Comments, which allow comments to be left on blogs through your facebook account, are particularly intrusive because they link together your web browsing and your social network. If you enter a comment on a website using this system it will be shared back to Facebook and posted on your wall if you are not careful. That can tell everyone on your friends list what web site you were commenting on and what you said. That may be alright on many occasions, but perhaps more than you want to share on others. The rise of Facebook Comments also means that everyone must use their real name on these web sites. That has led many to ask if it is the death of anonymity. I would imagine that websites discussing sensitive issues are unlikely to use Facebook Comments for this reason. Even Disqus comments, a system which I use on this blog, can allow other people to track your comments from one blog to another. It does at least allow anonymous commenting in most cases.
Etsy and Google Buzz show a typical corporate cavalier attitude to private personal data. When Google introduced Buzz they simply added it to every Google Mail account, and made the personal address books of every user available through Buzz as a contact list. This “on by default” attitude caused a lot of bad press for Google and they quickly changed it to require activation by the user. More recently Etsy has done the same thing. People that signed up to buy and sell “all things handmade, vintage and supplies” suddenly found their accounts visible to all through Etsy’s new People Search. Feedback that they had left on purchases or on buyers suddenly exposed details of items purchased, and these details show up on search engines too. One woman has had some particularly embarrassing information exposed on Google right next to her CV. All this because the owner of Etsy would like it to become a social network.
The trend is towards sharing more and more information on the internet. I think Scot McNealy was right, although a few years ahead of his time. For all our efforts, privacy is dead, and voluntarily at that. I don’t actually see how it can go any other way though – recent events have shown that information cannot be kept secret any more. Fred Goodwin’s super-injunction could not prevent people from announcing that he was a banker. Dictators in the middle east were unable to prevent pictures and news reports from making it to our TV screens.
I believe this marks a cultural shift in attitude to privacy. In the last ten years people have started to live their lives in a much more open way and to share information and events on the internet in a myriad of ways. In a world where it is commonplace to show photographs of a drunken night out to everyone, or to discuss a relationship break up in public, attitudes to past actions must change. Employers searching out potential employees through Google are going to have to realise that everyone is human and no one is perfect. If they don’t see anything about a candidate to put them off, it probably means that the evidence has been hidden well! As a friend said recently, “These are the first generations to publish their entire lives in the public domain. Future leaders will doubtless hold juvenile views that they later discard and regret.” The public will have to realise that things done in the past do not accurately reflect the views of a politician in the present. If a persons entire past can be seen on the internet, people will have to be a lot more accepting.
A common feature of oppressive regimes is control of information. In Egypt recently the government not only blocked television signals from the likes of Al Jazeera, but they actually resorted to almost completely shutting down the internet across the whole country in an effort to prevent protesters from organising. In China, Iran, Syria, Cuba, Yemen, Saudi Arabia, and many other places, the governments block access to sites that they consider a threat to either the government or to the moral values of the people. This usually includes social networks like Facebook and Twitter and news organisations like the BBC and Al Jazeera.
While a partial connection to the outside world is available, there is a way to get full access – with the Tor project which you can find at www.torproject.org. Tor makes use of a network of volunteers across the world to smuggle information across the borders. The Tor website describes it like this:
“Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.”
Any person in any country can run Tor software on their own computer. When someone in, say, Iran wants to get access to Facebook, Tor sends their request to someones personal computer in the UK or USA, which passes it on to Facebook or perhaps through another couple of computers first. The authorities in Iran will see only a connection between two personal computers and they will not know what web site is accessed, if they notice anything at all. Tor is aimed mostly at web browsing and instant messages as there is not enough bandwidth to allow file sharing and video streaming.
Tor relies on volunteers in “safe” countries to run their software in order to give access to the people in oppressed countries. This is where you can help. It doesn’t take long to download the software, and following the guide you can be helping people get access to subversive information in no time.
What are the drawbacks?
Tor can be used by anyone, to transfer any information. There is no guarantee that people you don’t like will not use Tor. If you run Tor on your own computer, it is likely that information that you disagree with will pass through your computer. This could be of any nature, including information helpful to terrorists, pornography, or other distasteful matters, and it is possible it could be appear to come from your computer, although it will only ever exist in passing and will never show on your computer later. It could have the same legal consequence as allowing others to use your WiFi. This is a drawback, but if we are to ensure freedom of speech then it is something that must be dealt with in ways other than by blocking their connections. In the end this is an ethical question which you must make up your own mind on.
Tor uses some of your bandwidth. If you have a download limit, Tor could use up that limit quite easily. It can also be inconvenient if Tor is using too much of your connection when you want to use it. You can limit the speed (bandwidth) used by Tor so that it does not intrude on your usage, but you cannot set a download limit other than by turning off the relay yourself if too much is downloaded.
It is not illegal to run Tor in most places outside of those oppressed countries. It might, however, break rules set by your employer, internet provider or parents if you use their connection. This may or may not be a reason to change your mind on running Tor, or you might be running Tor to break through restrictions set by those people.
Some people think it is possible that there might be a “backdoor” in the software that would allow US government agencies to track down users of Tor. Tor was originally created for the US Naval Research Laboratory before being sponsored by the Electronic Frontier Foundation, and then becoming an independent non-profit organisation. Tor is open source, that is, anyone can look at the code behind the software to check for things that shouldn’t be there. I personally think it unlikely that there is a backdoor. The Tor project have this to say about it:
“There is absolutely no backdoor in Tor. Nobody has asked us to put one in, and we know some smart lawyers who say that it’s unlikely that anybody will try to make us add one in our jurisdiction (U.S.). If they do ask us, we will fight them, and (the lawyers say) probably win.”
What about elsewhere?
Tor is not just useful in countries known for oppression, but could also be useful in other places. Australia wants to censor connections against a list of bad websites. In the USA the president is talking about getting an “Internet off switch.” If that is implemented badly, then Tor may get around it. The UK already censors connections through the Internet Watch Foundation. (IWF) Our government want to filter all connections for pornography by default, and is even now attempting to keep records of of all our communications. Not the contents of them, but a record of every phone call made, every email sent, every web page looked at. Using Tor to help those in other countries can have the added advantage of erasing your own records should the government ever decide to take an interest in you.
It would perhaps be better if I called this piece Where is my paranoid computer? – Well it’s here (well sort of and only under certain conditions) as we don’t yet have something that meets all of the requirements.
Before we start let’s remind ourselves of the requirements for a Paranoid Linux. These are:
Random anonymous routing
End-to-end encryption of all traffic such as web pages, email, chat and voice
Digital signatures and proof of identity
Fake internet traffic (Chaff) to provide a decoy and hide real information
latentexistance then suggests some technologies that could meet these requirements.
After some research and searching I have managed to identify a Linux live system – this is a system which can run off either a CD or a USB memory stick – that has most of these technologies built into it. This is The (Amnesic) Incognito Live System [T(A)ILS] https://amnesia.boum.org/ T(A)ILS is designed to preserve your privacy and anonymity – all outgoing connections to the Internet are forced to go through the Tor network and no trace is left on local storage devices (the computer it’s plugged into) unless explicitly asked.
It includes the following software and services:
Tor and the Vidalia graphical frontend
Claws Mail e-mail client, with user-friendly GnuPG support
Pidgin preconfigured with OTR for Off-the-Record Messaging
Aircrack-ng for wireless networks auditing
Gobby for collaborative text writing
onBoard virtual keyboard as a countermeasure against hardware keyloggers
Shamir’s Secret Sharing using gfshare and ssss
CD and USB images for T(A)ILS can be downloaded from their website (note that you may receive a security certificate error when accessing the site but it’s fine to accept an exception in this case). I’d recommend the USB distribution as you can save files to the stick.
What it does not include is mesh networking. However some work is being undertaken at present to look into providing mesh networking. The issue is that mesh is not cheap – think of it as being a mobile phone network – if you want to provide it across any significant area. For those who wish to explore providing small scale mesh networking open source systems are available that can be ‘plugged’ into existing hardware. A detailed look at this is beyond the scope of this piece but I could have my arm twisted if enough people ask!
Hey, I’m not a Linux geek I want to run stuff on My Windows PC or Mac (or even my mobile or mobile devise)
This is less easy (for this read very hard) if you don’t want to leave traces of your activities all over your computer or mobile.
As a basic you could install Tor http://www.torproject.org/index.html.en on Windows, Mac or mobile device (Tor supports Android-based phones, tablets, computers; test packages are vaialble for iPhone, iPod Touch, iPad and experimental instructions are available for Nokia Maemo/N900).
An additional basic step is to install email encryption. Many email clients – although it’s easier to install in some of the free /open source packages like Thunderbird – support encryption.
The next possible step is to run your applications from a USB stick, although this will still leave traces of activity on the host computers hard disk. There are a variety of pendrive applications available:
An interesting alternative is MojoPac http://www.mojopac.com which can be installed on any USB mass storage device, even an iPod. Depending on who you believe practically everything, or everything, personal (bookmarks, documents, etc) is kept within MojoPac, always with you and never touching the host computer. Currently this only works with Windows XP systems as the host.
Calling for a system that can be used to start a computer that will automatically connect to the internet through random nearby computers, will encrypt everything that is sent over the internet, will send said information on a random untraceable route through the internet, and produces emails and documents that are provably written by a certain person and not tampered with.
I wrote a few weeks ago on the importance of secrecy. I also reviewed a book by Cory Doctorow, Little Brother. One of the things that caught my eye while reading the book was a version of Linux with an interesting description.
“Paranoid Linux is an operating system that assumes that its operator is under assault from the government (it was intended for use by Chinese and Syrian dissidents), and it does everything it can to keep your communications and documents a secret.”
Cory Doctorow (Little Brother, 2008)
In the story, activists had put together an alternative operating system based on Linux and called Paranoid Linux. An operating system is the software that tells the computer how to behave, where to store information, and determines what software or ‘Apps’ you can use. Paranoid Linux took the form of a Live CD, that is a CD that can be used to startup a computer and work without storing anything on the built in disk. The interesting thing about Doctorow’s description of Paranoid Linux is that it brings together a number of technologies that when combined make a persons activities on the computer and on the internet completely anonymous, untraceable and unreadable to anyone not intended to see them, and yet completely trustworthy and verifiable as the person they claim to be to the intended recipient. The technology described also allows a person to turn on their computer in any reasonably populated location and be connected to the internet wirelessly by hopping through other computers in a mesh network to find an internet connection.
Another facet of the story is that Xboxes were given away for free in order to sell software. (The razor blade model) The availability of free computers is a powerful temptation, and so crackers had broken the security that allowed the Xbox to only play official games, and produced a version of Paranoid Linux that allowed the free Xboxes to be used as full computers. Through a combination of freely available hardware and underground distribution of CDs containing Paranoid Linux, it because ubiquitous and allowed people in close enough proximity to form a mesh network.
The amazing thing about the technology described is that it all exists. The frustrating thing is that no one has managed to bring it all together in the way described in the story. An attempt at modeling some of it had been started with a real world Paranoid Linux project, but that has since ceased development and no one else has taken up the challenge.
So what are the technologies involved?
Random anonymous routing
End-to-end encryption of all traffic such as web pages, email, chat and voice
Digital signatures and proof of identity
Fake internet traffic (Chaff) to provide a decoy and hide real information
Mesh networking is a way of linking up computers in an ad-hoc way so that a computer at one side of the group could send a message via computers in the middle all the way to the other side. Since all computers in a mesh network are linked, if one has a connection to the internet then all of them can use it. Mesh networks provide a way for people to get on line in rural areas with few internet connections, and has been implemented by the One Laptop Per Child ($100 laptop) project for use in third world countries. Mesh networks are not yet popular, but if they became so then they could be used to extend any free public WiFi points far beyond their current reach.
Random anonymous routing has been implemented in the Tor project. With Tor installed on a computer, web pages and other communications are bounced through computers belonging to several other Tor users, picked at random, before reaching the desired server. Tor is in popular usage right now in places like China and Iran to allow ordinary people to get around censorship imposed by the government. Tor is recommended by organisations like indymedia and the Electronic Frontier Foundation as a way to safeguard the privacy of their members. Tor is also recommended for whistle blowers to use when communicating with journalists. Even governments use Tor. From the Tor website:
“A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.”
Encryption is already used on web pages for activities such as shopping and sometimes when logging in to a website. (The padlock symbol that we are all trained to look for means that encryption is in use between the web browser and the server.) Encryption can be added to other communications such as email using software like Pretty Good Privacy (PGP) or the free open source equivalent Gnu Privacy Guard. (GnuPG)
Both PGP and GnuPG use what is called Public Key Encryption where every user has a public and a private key. Anything encrypted with the public key can only be read using the private key, which means that it is possible to send information securely without having to exchange keys in secret. Conversely, anything can be signed with the private key, and anyone that has the public key and trusts that it is the right one, can be certain that the person that signed that document is who they say they are and also that the document has not been modified since then.
I could not find any software that provides fake internet traffic (Chaff) to cover up the real communications. People have talked about it but few have bothered to create any tools to do it. Perhaps this one is not so necessary.
Another technology that I would want to add to the mix is an Intrusion Detection System that looks out for malicious attacks on the computer via the internet and watches operating system files to make sure that they are not modified by malicious software or by outside agencies attempting to spy. This software should provide a warning if a system is compromised.
So why do we need all of this privacy? The tools that I have described here are already in use all around the world. Most often they are used to hide from oppressive governments in places such as China and Iran, but they are useful for many other people. Journalists, whistle blowers, activists, celebrities avoiding publication of their information, people working in sensitive jobs, and many others can all make use of these privacy tools. Everyone has sensitive information, many transmit that over the internet. Privacy tools can be used in any location to help secure information. For example they would be useful when using open public WiFi which are otherwise easily subverted to spy on the end users.
There is a possibility that using tools to allow anonymity and privacy could draw attention to the people using them. If only a few use such tools then it could be possible to identify the internet connections with obfuscated traffic and therefore find their addresses. The answer lies in making sure that there are legitimate uses of these tools and persuading as many people as possible to use them. When all internet traffic is secured then nothing will stand out from the crowd to be tracked.
Would this get in the way of police investigations? Undoubtedly the answer is yes. Routine encryption and obfuscation of internet traffic will prevent the police from keeping tabs on suspects. And I have sympathy for them. The ability to read the email of a bomber before he does damage is very helpful in investigations, just as is the ability to tap their phone. But realising that this will make it harder for police investigations does not cause me to change my mind about it. The police and the myriad of government agencies have been routinely trawling the commmunications of many people. That is not seen as a problem when it leads to an arrest before a bombing or a kidnapping, but people should have a different opinion when the ones being observed are not planning any crime, but simply to oppose the government on illiberal laws or cuts to services, or support the publication of information. Those in power are not meant to go on fishing expeditions for our data, they are supposed to obtain a warrant from a judge on those occasions when a suspects communications could provide evidence to prevent a crime or to prosecute.
A would love to have a new edition of Paranoid Linux which bundled all of these privacy tools and made them easy to use straight out of the box. Perhaps it could be built as an offshoot of one of the existing distributions of Linux such as Ubuntu, which already has the ease of use that would be required. I see no reason why these tools could not be distributed as one installable package that could be added to an existing operating system. There could even be a version for Windows. The key thing is to make the tools available to all, easy to configure and use, and above all to make people aware of their existence and the reasons to use them.
Addendum: The non-technical summary
What I want is a system that can be used to start a computer that will automatically connect to the internet through random nearby computers, will encrypt everything that is sent over the internet, will send said information on a random untraceable route through the internet, and produces emails and documents that are provably written by a certain person and not tampered with.
“If you have nothing to hide, you have nothing to fear.”
If there is anything that you need to fear, then that famous statement is it. Everyone has something to hide. For a start, people want to hide financial and security information. Their bank balance, salary and passwords. People want to hide embarrasing things about themselves, such as personality traits, sexual preferences (and not just gay or straight) and their body. People want to hide little habits that are perfectly innocuous but make sense only to themselves. People want to hide their hidden insecurities, their weaknesses and their flaws. People want to hide secrets that have been told to them in confidence. How often have you asked someone “Can you keep a secret?”
People want to hide things just because it’s none of anyone else’s business.
Think about passing through an airport. The security guard picks you to search. How do you feel as he goes through your bag? As he touches your toiletries, handles your underwear, looks through the book you are reading. Do you feel happy? Comfortable? Or, more likely, slightly embarrassed and resigned to it happening? Worse, you might be selected for a pat-down, or if you’re in America and really unlucky, one of the new TSA open-handed pat-downs.
The truth is, we have everything to hide. Take the aftermath of the case of Paul Chambers and his famous tweet about an airport. Now that it has been found ‘menacing’ by a judge, I catch myself thinking every time I write anything, could this be misinterpreted? Could some bureaucrat see this and decide to question me on it? My friends and I have little joke conversations about taking over the world. About blowing things up. About getting revenge of some kind. And that’s all they are. Jokes. But now there is the risk that I will have to explain those conversations to some government official that just doesn’t get it. It’s not their fault, their mind is just not on the same wavelength as me and my friends, but the result could be that they decide we really are planning to install an evil overlord with a white fluffy cat and sharks with frikken laser beams and hold the world to ransom until they promise to stop being stupid. And that, I really don’t want to have to explain to the police. (Clever me, putting all this on a blog post, eh?)
The famous “nothing to hide, nothing to fear” is insidious. It opens the way for gentle intrusions in to our privacy in the name of protecting us from the bad people. But it leaves us at the top of a treacherous slope and the climb back is not easy. Once we give away our right to privacy we live in a different world, once every bit as bad as any totalitarian state that you might have read about or seen in films.