Watching me watching you
p2pnet news view | Freedom:- In the late 1970’s the United States was still recovering from Watergate, the scandal that forced President Richard Nixon to resign after revelations of a dirty-tricks campaign against his political rivals which involved illegal surveillance.
Partly in response to the crisis Congress passed the Foreign Intelligence Surveillance Act (FISA) in 1978, limiting the president’s freedom to monitor US citizens without a warrant while providing a fair degree of freedom to bug foreigners or the agents of foreign powers when they were on US soil.
The goal was to strike a balance between people’s freedom to go about their daily lives unobserved and unhindered, and the need to investigate serious crime, stop terrorism and keep those same people safe.
Finding the restrictions rather too onerous in the atmosphere following the September 2001 attacks on New York and Washington, President Bush allowed the National Security Agency to monitor phone calls and other communications from US citizens believed to have a connection to al Qaeda without going to the trouble of getting a warrant.
And when the legality of this ‘warrantless wiretapping’ was challenged he persuaded Congress to amend FISA by passing the Protect America Act, which became law on August 5th.
It is the latest piece in a jigsaw of new laws, regulations and interpretations of existing laws and even the US Constitution which, taken together, provide a legal basis for the most extensive programme of domestic and international surveillance ever undertaken by a government.
And over the years to come its coverage, both electronic and non-electronic, will extend to millions or even billions of people, few of whom will have any real connection to terror or even criminality.
The US is not alone in wanting to collect this sort of information, of course. EU governments want phone companies and ISPs to retain information on their customers for months or even years so that police and the secret services can have access to it when investigating terrorist offences.
But even hardline countries like the UK only want to keep what is called ‘traffic information’, a list of websites visited or emails sent and received. Nobody is suggesting that the content of every email or the data entered on every web form should be retained or monitored.
The US authorities will not be so reticent, we can be sure.
Coupled with the vast increases in network speed, data storage capacities and computer processing power, the well-funded National Security Agency will soon be able to read and perhaps even store every email or instant message that crosses over a US-based or owned network.
And the resulting databases will be used for purposes far broader than the stated goal of countering terrorism and keeping the US safe from attack, because once the data has been acquired and stored and collated there will be so many other useful things to do with it.
Back in 2000 the European Parliament reported that data gathered using the Echelon covert surveillance programme, which incidentally features heavily in the new CIA thriller ‘The Bourne Ultimatum’, was being used for industrial espionage by US firms.
We can be sure that new systems will also be exploited for the commercial as well as the political advantage of the US, although the target may in future be China rather than Europe, reflecting the shifting balance of the world’s economy.In light of the wholesale surveillance of online activities, putting information about my friends and business contacts onto Facebook seems rather tame, but knowing what is going on should encourage us all to take a more cautious approach to what we say and do online.
Reading about the new US laws and the extensions to RIPA induces a state of network paranoia, where I’m convinced that everything I type is being sent to the NSA, and wonder whether the little camera in my laptop is even now secretly transmitting an image of my furrowed brow to the secret police.
But I’ll get over it.
As we all know, it is impossible to live in a state of constant suspicion, and we will adapt to this new reality just as we have adapted to the presence of CCTV cameras on the streets and in the shopping malls where we spend so much of our time.
I’m writing this in a cafĂ©, and looking up I can see the clear plastic dome of a camera set inconspicuously in the ceiling, watching me as I type. My phone is sitting next to me, telling anyone with access to the cellular network that I’m here too.
And I’ve just told Twitter where to I am so that my friends can find me.
It may not seem worth worrying if the NSA, CIA, FBI and every other secret agency in the world wants to join the party.
But it does matter.
I can choose to live without a mobile, avoid cafes that insist on spying on their customers and stop using Twitter. I can campaign against the local authority’s decision to install CCTV in my town, argue with my local MP about the limits of the state’s right to watch what I’m doing, and influence the debate in this country or even more widely in Europe.
But I have no control, influence or even clear understanding of what the government of a supposedly friendly superpower is doing with the information it gleans from Google, Facebook, Linden Labs, Yahoo!, MSN, Apple and the many other US corporations that service my online life.
Perhaps we need to think again about our reliance on the US for our network services, if the government there persists in treating every non-US citizen as a source of intelligence data rather than an individual with their own rights and freedoms.
Bill Thompson – andfinally.com
[Thompson is a UK-based writer and broadcaster. He has a weekly column on the BBC WebWise site, and contributes both on and off-line to The Guardian, The Register and The New Statesman, among others. His "inappropriately-titled 'billblog' "appears weekly on BBC News Online in the technology news section.]
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
August 28th, 2007 at 10:56 am
TrueCrypt thrawts RIPA III
The UK government is going to deprive honest an law-abiding citizens of their liberties while criminals can carry on theirs businesses as usual, with just a little software upgrade.
Free software like TrueCrypt can conceal encrypted material in a way that prevent its detection.
In case the Police forces you to reveal your password, TrueCrypt provides and supports two kinds of “plausible deniability”:
1. Hidden volumes. The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created* and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.
2. It is impossible to identify a TrueCrypt volume. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any kind of “signature”). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted.
FreeOTFE also offers similar features.
Off-the-Record (OTR) Messaging, offers true deniability for instant messaging.
August 28th, 2007 at 10:58 am
FreeOTFE can be found at http://www.freeotfe.org/
Off-the-Record (OTR) can be found at http://www.cypherpunks.ca/otr/
TrueCrypt can be found at http://www.truecrypt.org/
August 28th, 2007 at 10:59 am
TrueCrypt’s “aleatory” defence against RIPA
TrueCrypt provides an “aleatory” defence against RIPA, and, indeed, against any similar legislation. This defence works because TrueCrypt makes encrypted material indistinguishable from pseudo-random data. And before the authorities can insist that you hand over an encryption key, they would first be obliged to prove to the satisfaction of a court that you were in possession of encrypted material. Depending on how TrueCrypt is set up it might be obvious that you have some pseudo-random data in an atypical location on your computer, and you might well be asked how it got there. Now, there are many computer processes that produce pseudo-random data, and you are not obliged by the legislation to account for the origins of every file on your computer that contains such data given the tens of thousands of files on the average PC this would be an impossible task. However, TrueCrypt can also provide you with an excellent and highly plausible reason as to why you possess such a file of pseudo-random data irrespective of where it is found.
August 28th, 2007 at 11:00 am
Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR provides perfect forward secrecy and deniable encryption.
1. Perfect forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.
2. Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person.
August 28th, 2007 at 11:01 am
DriveCrypt Plus Pack and “plausible deniability”?
I believe it may also be possible to use DriveCrypt Plus Pack to achieve “plausible deniability”
DCPP is supposed to enable the user to hide an entire operating system inside the free disk space of another operating system. Two passwords are required: One password is for the visible operating system, the other for the invisible one. The first “fake” password grants access to a pre-configured operating system (outer OS), while the other gives grants access to the real working operating system. This functionality is extremely useful if the user fears that someone may force them to provide the DCPP password; in this case, the user simply gives away the first (fake) password so that the snoop will be able to boot into the system, but only see the prepared information that they wishes them to find. The attacker will not be able to see any confidential and personal data and he will also not be able to understand that the machine is storing one more hidden operating system. On the other hand, if the user enters the private password (for the invisible disk), the system will boot a different operating system (the working system) giving the user the access to all the confidential data.
The creation of a hidden operating system is not obligatory and as such, it is not possible for anyone who does not have the hidden OS password to know or find out, if a hidden operating system exists or not.
–
August 28th, 2007 at 11:08 am
Concerned individuals/groups should consider encrypting Email, Instant Messaging, and VOIP (Internet telephony), and employing anonymity technologies.
For more information;
http://www.panta-rhei.eu.org/news/newsportal-0.36/article.php?id=94218&group=alt.privacy#94218
http://www.panta-rhei.eu.org/pantawiki/SecurityAndEncryptionFaq
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
http://en.wikipedia.org/wiki/GNU_Privacy_Guard
http://en.wikipedia.org/wiki/Off-the-Record_Messaging
http://en.wikipedia.org/wiki/Hushmail
http://en.wikipedia.org/wiki/Zfone
August 30th, 2007 at 12:04 pm
But, wouldn’t the use of these encryption programs automatically cause the government to start scrutinizing you closely, whereas they may have previously ignored you as benign? After all, it is the philosophy of the government that you have no reason to hide anything unless you have “something” to hide.
I would think the use of these programs and methods would only serve to call additional, unwanted attention to yourself.