Sophos Cloud Optix
One of the most enjoyable aspects of working on Naked Security is reading and joining in with the discussions at the end of our articles.
If you spend enough time reading our comments you’ll come to understand that different subjects attract different audiences and excite different passions.
After a while you get a feel for how the conversations that follow different articles are likely to go.
The best technical Q&As tend to follow our Anatomy of… articles while just mentioning Anonymous can get our readers drawing lines in the sand.
Positive comments on articles concerning Facebook or Microsoft are as rare as unicorns and the conversations that follow Talking Angela articles are bizarre almost beyond description.
As you might expect we’ve had some good reasons to research and write about privacy and surveillance in the last year.
The closest thing to a nailed-on certainty in a discussion about Snowden or the NSA is that, almost regardless of what’s being reported, somebody is going to compare the situation to George Orwell’s 1984.
Orwell’s hugely popular work of fiction concerns a population dominated by a command and control government that’s intent on watching and manipulating its citizens’ every move.
You can see why it’s a popular point of reference.
Shared stories and narratives are powerful social tools that act like maps by rendering new territory into a familiar form. Like all the best stories, Orwell’s is emotive, easily understood and well known.
But no matter how good a map is it should never be mistaken for the territory it represents.
Unfortunately, as a map, George Orwell’s 1984 is not accurate and it isn’t helping to show us the way.
We’re so busy looking for Big Brother we’re ignoring the landscape as it really is.
For example, before we had concrete evidence of NSA spying most of us acted as if it didn’t happen (even if we’d heard the rumours about Echelon that had been doing the rounds for years).
But the NSA is not the only agency with the means, motive and opportunity to spy on us – they’re just the first one with a whistle blower in their IT department.
That doesn’t make what they’re doing any more palatable but it should change the way we respond to it.
That’s why in my article about Reset The Net I made the point that expanding the use of encryption is more important than changing the law – it protects you from all the agencies (or anyone else for that matter) trying to spy on you.
Governments, by and large, centralise power and do as much spying as they can get away with.
I’m not particularly happy about that situation but I do know that it didn’t start with Snowden.
Little Brother
What’s changing most rapidly, what really is new, isn’t the power wielded by governments, it’s the power in the hands of everyone else.
Surveillance technology is no longer the preserve of all-powerful state apparatus, it’s a commodity in the hands of many, many governments, organisations, collectives and individuals.
The unpleasant side effects of the recent proliferation in data gathering, sensors, cameras and connectivity include everything from Glassholes to cyberbullying, baby monitor hacks, revenge porn, Twitter mobs and the Talking Angela hoax.
That isn’t Big Brother, that’s The Crowd.
Perhaps the most striking example of the democratisation of surveillance are the events that followed the Boston Marathon bombings.
The number of mobile phone cameras in use at the scene meant that, thankfully, police had a vast cache of pictures and video footage of the event.
The amount of footage (and therefore the chances of the bombers having been caught on camera) was much greater than if the police had been reliant on a fixed, centralised CCTV infrastructure.
That kind of decentralised, blanket surveillance is unprecedented and entirely new.
The police weren’t the only ones making use of Little Brother’s eyes and ears though.
Conspiracy theorist and radio shock jock Alex Jones scoured the footage and used it to back up his claim that the bombings were a false flag exercise conducted by undercover navy SEALs – a claim syndicated to hundreds of radio stations and uploaded to a YouTube channel with almost a million subscribers.
Mobs on Facebook, Twitter and, most notoriously, Reddit, were pronouncing a succession of entirely innocent people guilty of a truly horrific crime.
I’ve argued elsewhere on Naked Security that data privacy is more important now than it’s ever been.
Things have changed dramatically in the last few years and we have a lot to discuss. We can do better than resorting to old clichés.
It’s been a year since Snowden lifted the lid on PRISM and everything that followed. We’ve spent a year focusing on Big Brother government surveillance while at the same time we uploaded ever more of our lives into the care of giant media corporations and pointed an ever-increasing battery of smaller and better cameras at each other.
There’s good and bad in our information revolution but the one thing it most assuredly is not is Orwell’s vision of the future.
So let’s mark the anniversary of Snowden’s first blow of the whistle by looking at the problems as they are and retiring our 1984 reflex.
Godwin’s law
Godwin’s law dealt with the inevitability of somebody invoking the Nazis during the course of a Usenet discussion. The law reads:
As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one
By common convention, the person who invokes the Nazis must retire in shame having ended the discussion and lost the debate.
That sounds just what we need.
So, with apologies to Mike Godwin:
As a
Usenetdiscussion about surveillance grows longer, the probability of a comparison involvingNazis or Hitler1984 approaches one
Image licensed under Creative Commons.
“That’s why in my article about Reset The Net I made the point that expanding the use of encryption is more important than changing the law – it protects you from all the agencies (or anyone else for that matter) trying to spy on you.”
Have to ask why encryption really matters when the people freely hand over their data to mega corporations who then make it available to the agencies? Unless the communication is between two entities who truly want to keep it secret, encryption is a waste of time, and I just don’t see the corp’s having the best interest of the users in mind. And lets not even get started on all of the data you hand a bank….
oh…. and 1984 is here!
You have a point but your conclusion is a bit extreme.
My whole point is that we shouldn’t be worried about just one agency. Giving up on encryption because the NSA can read your data at rest is just as bad as not encrypting because you think the law will protect you.
The NSA might have a back door into US-based Google data centres but do the Chinese? The Israelis? The Russians? What about companies involved in industrial espionage? Or organised criminal gangs?
And not all data is available in the way you suggest and encryption reduces the attack surface, even, from what we know, for the NSA.
The Snowden files showed that the NSA used things like Google Analytics cookies (a unqiue id that users share with multiple websites) to track where people were going online. The only way to get that information is on-the-wire and if the wire is encrypted you can’t get it.
You are right that the weak link seems to be data ‘at rest’. I suspect we’ll see more initiatives to deal with that when the low hanging fruit like TLS between mail servers and HTTPS for web browsing become more common.
You certainly can’t minimize the legal aspect of the issue. Just look at places where encryption is made illegal or “nerfed” to the point of being useless against government surveillance. The right to shield your data online can be voted away as easily as anything else, as always, for the “greater good”
For ordinary people the whole ‘NSA is watching you’ thing is at best misguided.
Take this point – ‘the NSA used things like Google Analytics cookies (a unqiue id that users share with multiple websites) to track where people were going online’ Does that mean the NSA are tracking me using that technique? (Google surely does)
Why would NSA choose to expend their resources doing that to me rather than use the same resources tracking a person who just uploaded a jihadist beheading video recently shot in Syria? What would they gain by determining that I just went from the BBC news site to sophos?
Taking the same logic outside of the online arena … should I be concerned about a predator drone launching a hellfire missile on me? Do I need to adopt counter-surveillance techniques in my back yard so the video feed from the UAVs can’t identify me? CIA has certainly used that capability – just not on an average person sat watching big bang theory in rural leicestershire.
I can’t work out whether representing a genuine capability of NSA – used on suspected terrorists etc – as a realistic threat for ordinary people is just honest misinterpretation or whether people are deliberately doing it for malicious reasons.
The agency involved (in this case the NSA) and the technique involved (subverting Google Analytics cookies to reveal your browsing history) is not material to my point.
I was giving a simple example of where data on-the-wire is not available at rest.
As to your point about adopting anti-surveillance techniques to avoid the NSA; my entire article was about *not* focussing on the NSA.
In my opinion hackers, criminal gangs, corporations and your peers pose a much greater material threat to you than the NSA. It so happens that good privacy and security practice works on all of them.
Hackers, criminal gangs, corporations, people I know etc a greater threat to me personally than NSA?
Totally with you on that.
I think the 1984 analogy still holds. One of the themes of 1984 was the loss of privacy not only as a result of government but from the society it created. I think your point regarding everything being recorded or monitored by someone proves that point. Additionally your earlier poster makes the valid point that it just makes the job of the surveillance agencies easier.
I think that one simple maxim can be used to describe this:
Privacy is dead
It has been for some time, and we helped to kill it
If that’s the only reason for keeping it you might just as well choose Maoist China as your analog for the modern world.
I agree with you, Daryl.
With all the monitoring done by the NSA & various social websites in the name of “marketing,” privacy is becoming a dismissed right that may one day NOT be guaranteed by our Constitution.
The correlation between Big Brother and what the NSA does is still valid even if the writer does not agree with it.
I can cancel my Facebook account. I can delete my cookies from my browser. I can use non-google search engines to help protect my privacy.
But I have no control over the NSA. They may (or may not be) watching me, right now.
They may or may not be recording my words as I type this. They may have every web-search I have ever done but I will never know this because what the NSA does is secret and by its nature; They are nefarious, clandestine, and self-serving.
If that’s not Orwellian, I don’t know what is.
I think the best description for nefarious, clandestine and self-serving is exactly that; nefarious, clandestine and self-serving.
My reading of history would suggest that these traits are common, if not inherent, to governments and spies the world over and have been from time immemorial.
The various police forces or state security ministries of wartime Germany, Maoist China and the former Soviet Union have a much better claim on Orwellian.
They monitored what people were doing, got citizens to monitor each other and ruthlessly controlled the free flow of ideas and speech.
I don’t like the NSA’s blanket spying but I understand that I live in a society that is unusual in allowing me to read about it, write about it, discus it, acquire tools to prevent it and vote for people who can (at least in theory) do something about it – all without fear of punishment.
What this guy did was what we believed to exist only in fiction. In truth, the information contained in the documents disclosed by Snowden is nothing more than that execreção U.S. Government in agreement with your reliable: England, Australia, New Zeland, Canada and Israel. It is shameful that a government like that spread all he did and does so far is to protect its citizens, outright lies, what he wants and force its consolidation as the ruling government in the world, but fortunately this command no longer belongs to them. Americans live an illusion; think they own the world and everything in it. Their utopia; is to sell the image of country open to those who want to win a dream soon, even if it has to sell his soul to the Devil. Thing many are realizing that it is not worth.