Press "Enter" to skip to content

Since we’re all suspects, anyhow …

One databit that arose out of Edward Snowden’s NSA snooping revelations is one most of us missed. It’s another that comes in the category of tiny, fascinating, but completely unsurprising. To wit (according to The Guardian):

Fisa court-approved policies allow the NSA to …. Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted [emphasis mine], or are believed to contain any information relevant to cybersecurity;

Never mind the “inadventently acquired” bit. That and James Clapper’s “not wittingly” whopper are just cover for the fact that these totalitarians aren’t ready to admit that they’re already grabbing everything that’s within their reach. They’ll make the admission of omni-surveillance later, after they’ve “made it legal” via memo, executive order, or secret-court ruling. And after, of course, some future leaker forces them to reveal it.

The interestingly unsurprising tidbit in the above is that when they accidentally (wink-wink-nod-nod) gather our encrypted communications, they’re “legally” allowed to hang on to them. And presumably to try to decrypt and make use of them, though that isn’t specified.

Once upon a time, say 20 years ago, such illicitly gathered stuff would have been considered “the fruit of the poisonous tree” and beyond rightful government use. But that was when we still pretended to be a nation of laws. That was when we actually dealt with real evidence coming out in court — not secret surveillance resulting in secret evidence and secret busting up of secret terr’ist plots that we’d really be grateful to know were stopped, but if they told us they’d have to then send a Predator drone to our house.

—–

Sadly, I can already hear some freedomistas muttering, “Well, thank heaven I never encrypt” or “See, I told you; encryption only calls attention to you.”

But that misses the point. First of all, you probably do encrypt, whether you know it or not, as a fair bit of modern communication travels under encryption even when we’re not aware of the fact. (Think online banking or shopping.) But an even bigger issue is that, since we’re all criminal suspects in the government’s eyes, anyhow, we might as well enjoy our Outlaw status do even more things to secure our communications.

Because face it, those bastards are scanning your cookie recipes if you send them in the open, and you might as well force them into the extra work of code-breaking if they want to learn whether you use butter or shortening with your chocolate chips.

Still, most people aren’t going to encrypt their emails or phone calls. Even most freedomistas aren’t going to take many steps to protect their communications against snoops. To whatever extent anybody actually notices it, this revelation that encrypted exchanges are right up there with the “threat of harm to people or property” for villainousness will sadly add justification for whatever do-nothingness we’re already inclined to do … er, not do.

The real reasons we don’t do a better job of securing our communications are many and varied. We’re sometimes lazy. We’re ofttimes busy. Secure communication is confusing and time-consuming to set up. Most of us have no way of knowing whether our security measures are actually effective. An awful lot of so-called “security” relies on unproven claims and trust. And once we’ve made a decision to use better security, we find ourselves in a maze of choices and terminology that would stump anyone shy of Linus Torvalds.

The one good thing in the wake of the NSA revelations is that some of that is changing.

More later.

—–

(Tip o hat to S for the heads up about “inadvertently acquired” encrypted communications.)

17 Comments

  1. Travo
    Travo June 25, 2013 3:27 pm

    This is funny, and very revalant….

  2. Claire
    Claire June 25, 2013 3:47 pm

    Travo — that is GREAT.

  3. Kevin Wilmeth
    Kevin Wilmeth June 25, 2013 4:23 pm

    Thanks for the grin, Gravo–I needed that today.

    Long live the stickfinger salute! 🙂

  4. Kevin Wilmeth
    Kevin Wilmeth June 25, 2013 4:23 pm

    Gravo? Sorry, Travo, I apparently have keyboard dyslexia today.

  5. ff42
    ff42 June 25, 2013 6:58 pm

    For those of use with ‘unlimited’ bytes/month internet access I wonder if there is a service we could host or subscribe to that would allow us of our unused bandwidth to exchange encrypted junk with others?

    Anybody know if TOR has a junk filler?

  6. Alchemist
    Alchemist June 26, 2013 5:24 am

    If you want to do one small thing to make their job (maybe) a little more difficult, set up your computer as a TOR relay and leave it on 24/7. There are only about 3500 of them now – more would be better, many more would be much better. A relay can be set up as a non-exit mode to avoid complaints. It can also be set up as a bridge, to circumvent censorship – this may be the safest way to run a relay from home.
    http://torproject.org
    https://www.eff.org/torchallenge/what-is-tor

  7. Dave
    Dave June 26, 2013 8:58 am

    If you use a cell phone it uses GSM.

    GSM uses several cryptographic algorithms for security.

    So, make a call, browse the web, or read e-mail on your phone.

  8. Paul Bonneau
    Paul Bonneau June 26, 2013 11:33 am

    I thought it was funny they said encrypted stuff would be saved. A lot of good that will do them! 🙂

    Great vid, Travo!

    I too am thinking of setting up a TOR relay.

    Also you can use VPN servers. I use a company called ibvpn.com, just $5 a month (paid month by month if you wish) for access to up to 3 servers. You can have all your internet access go through the server and everything between your computer and the server is encrypted. I suggest using one server in Canada for performance, and another in a country like Netherlands for best privacy (Dutch privacy laws are very strong). Ibvpn is a Romanian company so the US govt has little leverage.

    I use Linux and the ibvpn setup for it, while not as convenient as Windows, is not too bad.

  9. Paul Bonneau
    Paul Bonneau June 26, 2013 11:40 am

    Oh, one thing about VPN. Some websites present their web pages (or parts of them) in the language according to the ip address. If you access them through VPN they will assume you speak the language in the country where the VPN server is. Not a big deal if the server you use most is in Canada, but for those high security sessions you might want to brush up on your Dutch. 🙂

    Actually it is just a small inconvenience.

  10. Woody
    Woody June 26, 2013 2:59 pm

    A question fro the resident geeks here: Does launching the TOR browser from inside a VPN provide another layer of anonymity? Does stacking VPNs do anything to improve privacy?

  11. JdL
    JdL June 26, 2013 3:17 pm

    Not to minimize the evilness and rottenness of the thugs in government, but they can hang onto anything that’s well encrypted from here till doomsday if they like; they won’t be able to crack it. So encrypt away, folks! Better yet, use steganography, which hides the fact that you’re hiding anything from the criminals in government.

  12. jed
    jed June 26, 2013 4:34 pm

    Uh, Dave. That GSM encryption is only from your handset to wherever it is the mobile stream enters the mainstream. Somewhere in there, probably in a routing facility operated by your wireless carrier, it get decrypted. Plain text on the internet from there, with a point of origin easily tied to Verizon, Sprint, or whoever. I assume that voice also is decrypted when it hits the phone network, because otherwise, the handset at the other end would have to have the encryption key used by my phone to encrypt, and that would mean that every handset has to have a shared key. And that would mean that such encryption would be worthless. No, I’m not an expert on mobile comm stuff, but the notion that using your phone provides you with any security? Nope.

    Also, don’t get overly reliant on TOR.

  13. Paul Bonneau
    Paul Bonneau June 27, 2013 6:17 am

    Yes, it’s true TOR exit nodes can read all traffic, so there is a huge incentive for NSA et. al. to sign up as an exit node. I don’t know how the TOR folks vet their exit node volunteers.

    I thought this was very clear on the TOR website. Hard to believe people have not taken care to understand how it works.

    If you want true unbreakable encryption in email you need to use PGP or GPG or something similar. To avoid snoops still collecting the metadata you need to post your encrypted messages publicly on an offshore server for the person you are communicating with to pick up – and I still don’t know if that is sufficient.

    Using VPN is like using TOR but sending your traffic direct to the TOR exit node. The difference is that you get to pick the exit node and their business depends on their reputation, unlike TOR; so in that sense VPN may be superior to TOR.

    Maybe TOR anonymizes the metadata? At least your metadata? It clearly can’t anonymize the other end of the conversation, if NSA owns an exit node; although it certainly can’t own all of them so it can only collect part of your traffic.

    This stuff makes my head hurt. I think the bottom line is that TOR and VPN add a lot of difficulty for the snoops and can potentially anonymize *most* of your traffic, but if you need true security you have to go further.

  14. Claire
    Claire June 27, 2013 7:02 am

    “This stuff makes my head hurt. I think the bottom line is that TOR and VPN add a lot of difficulty for the snoops and can potentially anonymize *most* of your traffic, but if you need true security you have to go further.”

    Precisely my take on it, too.

    Personally, I’m not trying to “hide things from the government” but to declare my privacy rights as firmly as I can — and as a sidelight, make life harder for totalitarians.

  15. Alan
    Alan June 28, 2013 4:19 pm

    I am writing this using the JonDoFox anonymizer extension (they call it profile) for Firefox. Very easy to set up. Hides your IP adress etc. and passes you through multiple servers. Could not access your blog at first because the Backwoods Home system thought I was in France and blocked access. The software has a nifty feature that allows you to choose North American or US servers. It also seems much quicker than TOR. Would be interested to see other folks opinion.

  16. Claire
    Claire June 28, 2013 6:28 pm

    Alan — Never heard of that, but great idea. Especially for BHM readers who get shut out when their other proxies make it appear they’re coming from abroad.

    I’m definitely going to give that a try & it may be a great candidate for a “Privacy Protection of the Week.”

  17. Alan
    Alan June 29, 2013 11:15 am

    Note that when you first setup JonDo it will give you a trial access code which gives you full functionality for 80 MB of usage, than you have the option to buy the premium service which includes a “socksifier”so that you can watch Flash videos anonymously. If you don’t need to do that, the service is free.

Leave a Reply