Echelon: a global system for the interception of private and commercial communications

Conspiracy theory, right? Something like this would never happen in our free, democratic world…

Well guess what. I borrowed the title of this post from a European Parliament report, published in 2001!

Here is a copy of the report in English: “REPORT on the existence of a global system for the interception of private and commercial communications (ECHELON interception system) (2001/2098(INI))” [PDF]

This report gives us a very high degree of confidence that such a global interception system has been operational since the 1990’s.

Think about that the next time you think to yourself “Nah, the current snooping legislation and practice is fine – intelligence services around the world could never monitor and collate all this chaos of information”.

Using your taxes to monitor you

Oh wait… government doesn’t really need to do that.

As explained by Charles Farr, head of the UK’s “Office for Security and Counter-Terrorism” while giving evidence for the new Communications Data Bill in the UK:

• it’s easier (faster, cheaper) to get your emails, chats, web pages visited, people you talked to etc straight from communications service providers (CSPs) such as Google and Facebook. Why bother relaying SSL or launching man-in-the-middle attacks against our citizens when we can just our friendly Googles, Facebooks, Apples, Microsofts and Yahoos of this world to simply hand us over the data? As the article’s subheading says: “We fully expect Google, Facebook and Twitter to hand over your data”
• If that fails, we have DPI (Deep Packet Inspection) technology that the government would need to deploy in so-called “black boxes”, like the FBI “Carnivore” system in the USA… but wait, Internet Service Providers (ISPs – BT, Virgin, O2 etc) are already using such black boxes “as a matter of course”. So no problem, the technology is there, all we need to do is align the law to make it completely legal for the government to tap into this valuable source of surveillance information as well.
• On the issue of how much Internet users (also known as citizens) can hide their personal communications, Farr said: “Not very much […] If you have the right kind of data, issues of anonymisation cease to be a problem. […] If people take greater efforts at anonymisation, it could become a problem […] but I’m satisfied by the techniques being developed. Many workarounds can be defeated […]” Farr admitted “there will still be workarounds” but claimed by 2018 that that gap could be tightened with a new law.
• Over £900m is being budgeted for storage – presumably to keep historical communication information. That kind of money can buy the government a lot of space to keep our emails, discussions and online habits on file for a long time.

Source: http://www.theregister.co.uk/2012/07/11/communcations_data_bill_joint_committee/

What can you do to protect yourself from this wholesale surveillance?

1. Act. Speak. Make people aware. Don’t fall for the popular myth that you’re surrounded by apathy. You’re not.
2. Think. Do you really need to use Google Mail and Google Chat? Do you really need to interact with your friends on Facebook and talk to them over Facebook Chat? Ditto for Yahoo!, Hotmail, Skype, Apple services… you ought to know that you are speaking in a room full of microphones and cameras, and what you say and do is recorded for a very long time and made available to governments and private corporations alike.
3. Seek alternatives. Expect that it won’t be easy. This is a multi-billion industry you’re trying to escape. For chatting online, use Off The Record technology (built into chat programs like Jitsi, Pidgin, Gibberbot for Android, ChatSecure for iPhones/iPads etc). For Skype alternatives (for voice/video chatting) use ZRTP products like Jitsi and Zfone
4. Smarten up on the broader issues of how you are constantly under surveillance when using your phone or computer. Read up on EFF’s Surveillance Self Defense guide.
5. Demand change from your leaders. Employing countermeasures that enforce your privacy will only be cumbersome in the long run. The law needs to change. Engage with your local community and reach out to groups like the Electronic Frontier Foundation (USA), the Open Rights Group (UK), La Quadrature du Net (France) and EDRI (EU) to get started.

A Skype alternative worth its salt: Jitsi

I’ve been using Skype, Google Talk and Facebook chat for years to communicate with friends and family. They’re all convenient, reliable and easy to use. But there is a big problem: They are all very easy to record and monitor by 3rd parties. We now know that:

• Microsoft (owner of Skype) keeps records of who talked to whom and for how long. We also have very good reason to believe that there are tools out there (built by private companies and sold to governments) that can eavesdrop on Skype voice calls. Skype executives have been unable to deny that they comply with local law enforcement requests to eavesdrop on Skype calls.
• Google definitely record all of your text chats. They don’t deny they do that, even when you use the “Go off the record” option in Google Talk. We’re not sure what recording they do with voice calls but can be certain that they comply with the law – therefore building “legal intercept” capabilities into their products.
• Facebook record and analyze all of your text chats and will report you to the police if they see anything “suspicious” (source: Reuters). We don’t know what they do with voice/video calls, but again can be certain that they comply with the law – therefore building “legal intercept” capabilities into their products.

So if you happen to live in a surveillance state (think countries of the Arab Spring, think UK with their repeated attempts to introduce surveillance of their citizens, think USA with their record-breaking demands for your personal data from all of the above service providers (Microsoft, Google and Facebook)) then you can expect that all your online communications with your loved ones (voice calls, video calls, text chats) are recorded and stored, or at least eavesdropped upon. They’re all great free services that allow you to keep in touch with people, with one caveat: the government is listening in.

If you have no problem with that, perhaps because you subscribe to the flawed “I have nothing to hide” school of thought, read no further.

If you feel that being spied upon constantly, and having no reasonable expectation of privacy for your online life is not cool, read on.

The work of thousands of visionaries (starting with people like Richard Stallman in the 70’s) has today given us the free tools to protect our online communications to a reasonable degree. These are not tools to stop a police investigation against you from succeeding – these are tools that empower you to opt-out from the surveillance-by-default communications channels most of us use, and instead keep your private thoughts and words only between yourself and your loved ones.

The easiest one to get us started is Jitsi.

Jitsi gives you voice calls, video calls, instant text messages and group chats. It therefore covers 100% of the communication capabilities of Microsoft’s Skype, Google Talk, Facebook Chat, IRC channels and the like. Use Jitsi, and you don’t need to use any of these again.

Why switch to Jitsi?

Because it protects your privacy as much as possible. If you and your loved ones use Jitsi, you can:

• Have end-to-end encryption of your voice and video calls – guaranteeing that nobody is listening in or recording.
• Have end-to-end encryption of your text (instant messaging) chats with Off The Record (OTR) technology – the world’s finest in preserving your privacy with unique features like Perfect Forward Secrecy and Deniability.

As an additional benefit, it’s great to have all of your instant messaging contacts in one window, and Jitsi gives you that. It also runs on Windows, MacOSX and GNU/Linux.

Start using Jitsi instead of Skype, Google Talk and Facebook Chat and stop corporations and governments collecting, storing and analyzing the thoughts you share with your loved ones.

PS: You can only have private communications if both ends of the chat/voice/video call support this. If both you and your loved ones use Jitsi, voice & video calls are private by default. For text chats, you will have to click the lock icon in your chat window (as shown below) until it displays a closed “lock” state.

PPS: No “lock” icon? That probably means that the person you are chatting with is not using Jitsi or a similar program that can protect your chats with OTR. You can only have a private conversation if both ends support OTR.

PPPS: Looking for something like Jitsi for your smartphone? For private text messaging (using the Off The Record protocol) look at ChatSecure for iPhones or GibberBot for Android phones. For private voice calls on the Android, look into csipsimple and Moxie Marlinspike’s RedPhone. Remember, both ends of the conversation need the same technology to create a private channel.