Oh wait… government doesn’t really need to do that.
As explained by Charles Farr, head of the UK’s “Office for Security and Counter-Terrorism” while giving evidence for the new Communications Data Bill in the UK:
- it’s easier (faster, cheaper) to get your emails, chats, web pages visited, people you talked to etc straight from communications service providers (CSPs) such as Google and Facebook. Why bother relaying SSL or launching man-in-the-middle attacks against our citizens when we can just our friendly Googles, Facebooks, Apples, Microsofts and Yahoos of this world to simply hand us over the data? As the article’s subheading says: “We fully expect Google, Facebook and Twitter to hand over your data”
- If that fails, we have DPI (Deep Packet Inspection) technology that the government would need to deploy in so-called “black boxes”, like the FBI “Carnivore” system in the USA… but wait, Internet Service Providers (ISPs – BT, Virgin, O2 etc) are already using such black boxes “as a matter of course”. So no problem, the technology is there, all we need to do is align the law to make it completely legal for the government to tap into this valuable source of surveillance information as well.
- On the issue of how much Internet users (also known as citizens) can hide their personal communications, Farr said: “Not very much […] If you have the right kind of data, issues of anonymisation cease to be a problem. […] If people take greater efforts at anonymisation, it could become a problem […] but I’m satisfied by the techniques being developed. Many workarounds can be defeated […]” Farr admitted “there will still be workarounds” but claimed by 2018 that that gap could be tightened with a new law.
- Over £900m is being budgeted for storage – presumably to keep historical communication information. That kind of money can buy the government a lot of space to keep our emails, discussions and online habits on file for a long time.
What can you do to protect yourself from this wholesale surveillance?
- Act. Speak. Make people aware. Don’t fall for the popular myth that you’re surrounded by apathy. You’re not.
- Think. Do you really need to use Google Mail and Google Chat? Do you really need to interact with your friends on Facebook and talk to them over Facebook Chat? Ditto for Yahoo!, Hotmail, Skype, Apple services… you ought to know that you are speaking in a room full of microphones and cameras, and what you say and do is recorded for a very long time and made available to governments and private corporations alike.
- Seek alternatives. Expect that it won’t be easy. This is a multi-billion industry you’re trying to escape. For chatting online, use Off The Record technology (built into chat programs like Jitsi, Pidgin, Gibberbot for Android, ChatSecure for iPhones/iPads etc). For Skype alternatives (for voice/video chatting) use ZRTP products like Jitsi and Zfone
- Smarten up on the broader issues of how you are constantly under surveillance when using your phone or computer. Read up on EFF’s Surveillance Self Defense guide.
- Demand change from your leaders. Employing countermeasures that enforce your privacy will only be cumbersome in the long run. The law needs to change. Engage with your local community and reach out to groups like the Electronic Frontier Foundation (USA), the Open Rights Group (UK), La Quadrature du Net (France) and EDRI (EU) to get started.