The public seems to have grown increasingly wary of online privacy issues. But are people aware that the greatest threat to their privacy may be coming from their own government?
At some point during Wikileaks’ last press conference, on December 1st 2011 at City University London, Julian Assange asked the audience: “Who here has an Iphone? Who here has a Blackberry? Who uses Gmail?” Seeing many hands raising, he announced: “You’re all screwed.” That prediction was met with a few chuckles by the audience. But pessimistic as he may seem, Julian Assange is probably right. It is very likely that we are indeed all screwed.
Since Facebook became open to everyone over 13 years old in 2006, the public has grown increasingly aware of privacy matters on the Internet. The urban legend of the guy who got fired after his boss saw pictures of him partying while he was supposed to be sick spread, and users learnt to adjust their privacy settings (or at least they tried).
But the public may not necessarily be wary of the newest threat to privacy, which is coming from our very governments.
On the day of their press conference, Wikileaks had released more than 287 “Spy Files” documenting the mass surveillance industry. They mainly focused on the case of Middle-East dictatorships spying on their own people thanks to specifically designed software that enable them to track citizens’ online activities, but also to break into their phones and take complete control of the device. One of the most striking examples was that of Eagle, a piece of spying software that was sold to Gadafi’s government by the French company Amesys. Eagle is a stream analyser that could be used to monitor everything that went in and out of Libya online.
The industry of mass surveillance soared in 2001, after the attacks “provided a licence for Western nations to develop spying systems that affect all of us”, according to Assange. These systems can now be used to monitor the people and identify political opponents. Jacob Appelbaum, a hacker, free software activist and researcher at the University of Washington (and, according to Rolling Stone, “the most dangerous man in the cyberspace“), had very little doubt about the purpose of this kind of surveillance in Middle East dictatorships: “these systems are used to hunt people down and murder them.”
It would be easy to think that these things only happen in dictatorial regimes, and that Western democracies are pretty safe. But really, they are not, and they have not been in a while.
Since the 1980s, the UK has been a part of the Echelon program, a global surveillance system that was started by the American National Security Agency. In 2000, Mike Frost, a former Canadian spy, claimed on CBS that Margaret Thatcher had used the system to spy on two of her ministers, whom she felt “weren’t onside”. That same year, the Regulation of Investigatory Powers Act was enacted, and it is still in force today. It forces broadband suppliers to keep a trace of what their customers have been onto on the Internet, just in case.
“Officially, that kind of Internet surveillance was conceived to fight against terrorists, drug dealers, and paedophiles; in reality we know that they are also (if not mainly) used for spying purposes and political repression”, said Jean-Marc Manach, a French surveillance expert who worked with Wikileaks during the publishing of the Spy Files.
So far, nothing shows that the retention of logging data has been used for that aim, “but we don’t know what Echelon has been or is used for.” In October 2011, the Guardian also reported that the Met Police had been monitoring mobile phones thanks to a technology that enabled them to spy on communications, switch off devices remotely, and collect data about the many users in the area.
Of course, the kind of political repression that results from surveillance in Western democracies is not as drastic and obvious as it is in dictatorships. “We have as many chances to be spied on in our own countries, but we are far less likely to get tortured”, said Manach.
In that context, protecting one’s privacy could become a citizen’s duty. Perfectly honest people who have nothing to blame themselves for can still be willing to keep their government from meddling with their surfing habits or their private phone conversations. But reaching an absolute level of privacy has become impossible, and chances are it will become increasingly difficult to protect one’s own data, whether it be online or by phone. Manach said: “The problem today is not, as Warhol used to prophesy, to be world-famous for fifteen minutes, but to know how to become anonymous for fifteen minutes.”
Still, several tools can be used to grant the user a certain level of privacy. Take emails, for example, which have to go through a vast number of intermediaries before they reach the final recipient, who may be able to read the content of your message. The most popular protection method is Secure Sockets Layer (SSL) cryptography, which encodes the exchanges between the user and the messaging server (this is what happens, for example, with ‘HTTPS’ pages). The Electronic Frontier Foundation created a Firefox extension, ‘HTTPS everywhere’, that systematizes that kind of encryption when it is available. As SSL cryptography may not be secure enough on its own, it may be wise to also use the GNU Privacy Guard (GPG) method. It enables one’s interlocutors to leave a message that will be encrypted thanks to a generic public key, but that will require a private key (that only the user knows) to be decoded.
As for instant messaging, Off-The-Record is a program that enables the user to encrypt their conversations automatically. Tor and Freenet are two perfectly anonymous platforms for file exchanges, even though they can be really slow to use.
Despite the presence of such tools, pursuing complete online privacy now seems as absurd as chasing rainbows. Having worked with Wikileaks, Pierre Romera, a 23-year-old computer programmer, knows every trick in the book, and even he admits: “Protecting one’s online privacy is almost nonsense today. […] You just need to have a certain level of hygiene on the Internet to limit the risks.”
Photo: author’s own