Online surveillance: we all have something to hide

Planet Earth (openDemocracy) – Why continuing to shrug at mass data collection is lazy, irresponsible, and borderline stupid.

We’ve all got secrets. We’ve all done things we’re ashamed of. We’ve all done things we’re worried about. We’ve all done things we’re embarrassed of.

Yes, we’ve all got something to hide.

Despite Edward Snowden’s 2013 revelations of a secret US/UK mass electronic surveillance program worldwide, it’s almost every other day that I still come across otherwise intelligent minds who insist that they do not fear online privacy invasions because they’ve either ‘done nothing wrong’ or have ‘nothing to hide’.

In order to try and bring closure to these long-iterated arguments, a string of organisations from the likes of the Electronic Frontier Foundation (EFF) to journalists such as Glenn Greenwald have long made the case as to why, in an era when we’re increasingly connected by machines to a worldwide network, bulk online surveillance is a danger to us all.

The central argument disseminated is that privacy and freedom from government surveillance is the fundamental premise of individual determination: the right to choose, to think, to ask and to pursue on our own terms – free from recorded, analysed and interpreted thoughts.

Hacker Image Source: Dennis Skley, Flickr, Creative Commons

Hacker
Image Source: Dennis Skley, Flickr, Creative Commons

Yet even after the overwhelmingly subtle language that’s been used to make the case, particularly to the non-technical among us, the same old, lame excuses of having ‘nothing to hide’ appear to be as preponderant as ever.

Nothing to hide? Done nothing wrong?

I have a tendency to counter these excuses with a widely-used argument.

So, it doesn’t bother you that the government has logged, collated, deciphered and indefinitely stored your entire internet browsing history and habits – what websites you visited, what you posted on social media and chat forums, your search engine queries and even what you watched.

It also doesn’t bother you that they have at their disposal the whole content of every single call and text you’ve ever made, instant messenges, Skype and normal telephone calls in addition to their metadata – who you have called, how and when you called them, the location you called them from, and how long you called them for.

After all, only if you have done something wrong, or if you have got something to hide should you be worried, right?

Oh, in that case then, could you please kindly do something for me?

I want you to voluntarily send me all of your passwords, a copy of all your text messages, work and personal emails, your browsing history together with your bank and medical records just so that I can have a quick ‘gander’ through them.

I’m not telepathic, but I already guess the nuanced response: ‘err…no.’ That’s none of my business.

Exactly!

So why do you continue to voluntarily give the government, or more exactly individual security agents sitting at their desks within the confines of the GCHQ or NSA, a carte blanche to collect, analyse and store this information without your permission?

Now, think again.

Is it really of no bother to you that your lifelong internet and telecommunications history, every single call you’ve made, every single button you’ve ever pressed, all the explicit, flirtatious, sexy or saucy texts, emails, chats or naked webcam sessions you’ve ever had with your now spouse, your ex-lover or once partner – have been intercepted and stored indefinitely in a giant data bank?

Is it really of no bother to you that this giant data bank collates, stores and makes readily available to the prying eyes of individual agents the most personal of personal exchanges you had with your late sibling? Cancer-stricken mother? Now-divorced wife?

Is it really of no bother to you that this giant data bank collates and stores your entire communication history and thereby potentially allows for determined hackers to blackmail you with the threat of exposure?

What exposure?

Perhaps those disparaging messages you’ve been circulating about the boss or company procedures? Perhaps that secret extra-marital affair you’ve been having in the office? Or how about revealing to your peers those embarrassing health or sexual questions you supposedly posted anonymously on Yahoo’s chat forums?

Is it really of no bother to you that with possession of your lifelong Internet and electronic data, government security agents can behave like arbiters who determine who you are, where you will likely go, what you’ve thought about and even try to predict what you might think at any given point in time?

The point being made here is that online privacy is not about hiding illegal activities and content.

Privacy is about having the right to determine who controls information about us. It’s about being able to confidently discuss matters of personal or familial privacy with our near and dear. It’s about ensuring the electronic equivalent of pillow talk remains private. It’s about ensuring that privacy remains private.

A mammoth task?

“That privacy matters in the internet age is a forgone conclusion.” Perspecsys Photos/Flickr. Some rights reserved.We all carry a tracking device that makes us susceptible to mass surveillance at all times – our mobile phones. These pocket-sized gadgets, by default, automatically report their (and our) locations along with usage data to respective telecom companies, which in turn are required to retain that data by law.

To add to this, there is the internet itself. Security agencies – whether working on government orders or not – have at their disposal the power to carry out mass electronic surveillance on every unwitting internet user worldwide, all at once, no matter which device they access the internet through.

When you combine the two, the danger is multiplied.

Edward Snowden confirmed an ‘open secret’—that far from being able to snarf regular internet-based activities, agents can also remotely listen into physical location conversations, be they pillow talk or boardroom meetings, by surreptitiously turning on the device’s microphone – even if the user has turned it off.

If that were not bad enough, he also revealed that the device’s camera can be remotely switched on to allow agents a real-time peep at individual activities, location and settings.

Yes, that also inadvertently means the ability to watch your 12-year-old daughter in the bathroom. But let’s not go there.

The obvious question Snowden’s revelation has prompted is how to ensure concerned individuals have the means to best counter these intrusions?

As far as communications via your mobile phone are concerned, the work of Open Whisper Systems and their Signal Protocol, which is used in their own Signal messenger app and now WhatsApp, is clearly the privacy-minded tool of choice – and something that Snowden has promoted too.

It is free, uses end-to-end encryption and the code is open-source meaning that experts can inspect it in order to look for flaws, and so on.

In addition to this it supports what’s known as ‘forward secrecy’ meaning that if a hacker somehow manages to steal your encryption key, they are still deprived of the ability to go back and decrypt messages that they may have audaciously collected in the past.

In saying this, it must be understood by the layman that no security or encryption software is 100% secure. But Signal Protocol undoubtedly goes the furthest way in the realm of secure messaging to ensure mass surveillance never becomes a simple norm for the powers that be.

As for the everyday internet user, making use of the Tor Projects browser bundle has consistently proved to offer users the best possible protection – although with limits to what you can actually experience, relative to a regular browser.

Whether you are an investigative journalist, political activist or simply a privacy-conscious individual, Tor’s brilliance lies in its ability to protect the bulk collection of your online browsing habits, search queries and metadata of communications by making you anonymous.

This is a particularly important tool to counter online traffic analysis: the process of intercepting the source and destination of your messages in order to deduce information from the patterns in your communications.

Additionally, Tor also allows you to reach destinations and content otherwise blocked by your Internet Service Provider (ISP), and gives you the ability to communicate with anonymous email addresses and participate in chat forums – all without revealing your true IP address and thereby compromising your identity.

That privacy matters in the internet age is a forgone conclusion.

There is a reason why even those of the ‘I’ve got nothing to hide’ mentality have lock-screen pins or patterns on their new smartphone, have passwords on their email and social media accounts and refrain from allowing last night’s private drunken song and dance to be uploaded on YouTube.

For those that champion the right to mass data collection by security agencies, whose raison d’etre is to ‘keep us safe’, perhaps a few words of caution from one of the most renowned cryptographic researchers today, Moxie Marlinspike, might reverberate in their ears when they next orate this right.

In his words, intelligence or law enforcement agencies are “not capable of managing those secrets, they’re getting hacked everyday…and so it’s not realistic to think that if they have like the key to the kingdom, they’re gonna somehow be able to simultaneously use it and keep it safe from China or random hackers.”

This report prepared by Mohammad I. Aslam for openDemocracy.