A Reasonable Discussion Regarding Digital Privacy

Setun

With Glenn Greenwald's reports into the US National Security Agency making international frontpage news, I thought it might be worth attempting a reasonable discussion here in After Hours about how people feel this impacts their 'digital lives', if at all. Yes, I've stuck around on boards since joining in 2005, and perhaps I should know better than to start such a discussion on AH, but please prove my repressed cynicism wrong Anyway - there are a few reasons why I think it is important to have an open, serious discussion about this. Firstly, there is the idea that these events are 'over there', "they don't affect us in Europe" etc, which is essentially an illusion. Geographically, the US occupies a very important position in terms of the physical internet - a massive amount of traffic is routed through US territory, even if the data itself is not actually hosted there. This means that this data is fair game to be monitored, retained, and analysed by the NSA. This leads on the next question - so what?

Well, the NSA sniff/scrape two types of data:

Firstly, Greenwald's Verizon report a few days ago states they are collecting metadata, so not the actual content but its circumstantial information (location, phone numbers, call length etc). This type of information is incredibly valuable and quite powerful when it comes to predicting mass behavioural trends, for example - it's a significant reason why Facebook is worth its (arguably overinflated) share price.

Secondly, reports today state that the NSA is scraping actual private content from Gmail, Yahoo, Microsoft, Facebook, Apple, and so on. I would imagine that this content would have to be monitored and analysed by an automated system, possibly looking for 'red flag phrases' etc, so I'm not sure what level of human contact there is with the retained information. Having said that, the content that is being collected by the NSA can certainly be considered to be personal information, and before the US began its "war on terror", this type of data-mining would have been illegal.

So I'm curious if the retention and analysis of this type of personal information actually bothers anybody on here? And if it does, will it change how you behave online?

bacon n eggs

See, you went wrong with reasonable and after hours in the one sentence.

The Backwards Man

As I've said in other threads, if the technology exists, it is being done anyway, whether covertly or overtly, so there's not much point worrying about it.

Kichote

Encrypt the hell out of everything using the strongest encryption available (ssl is useless by the way). Its the only way to be sure

You cant trust the government or companies with privacy policies to agree not to spy on you

Also, in before the nothing to hide crowd show up. Everyone has something to hide
And the definition of something to hide changes on politician's whims

Dravokivich

BRB, I'm gonna go talk to a guy who never looks up.

Duggy747

Some people complain about online privacy while at the same time revealing every tidbit about themselves on Facebook and regular updates on Twitter. A bit of key word Googling and you could find a person's digital footprint across various sites pretty easily.

A few years ago, a guy created this website that focused on how much info people put on Facebook / Twitter and that, in theory, you could figure when they left their house and rob it.

bumper234

Setun wrote: »

With Glenn Greenwald's reports into the US National Security Agency making international frontpage news, I thought it might be worth attempting a reasonable discussion here in After Hours about how people feel this impacts their 'digital lives', if at all. Yes, I've stuck around on boards since joining in 2005, and perhaps I should know better than to start such a discussion on AH, but please prove my repressed cynicism wrong Anyway - there are a few reasons why I think it is important to have an open, serious discussion about this. Firstly, there is the idea that these events are 'over there', "they don't affect us in Europe" etc, which is essentially an illusion. Geographically, the US occupies a very important position in terms of the physical internet - a massive amount of traffic is routed through US territory, even if the data itself is not actually hosted there. This means that this data is fair game to be monitored, retained, and analysed by the NSA. This leads on the next question - so what?

Well, the NSA sniff/scrape two types of data:

Firstly, Greenwald's Verizon report a few days ago states they are collecting metadata, so not the actual content but its circumstantial information (location, phone numbers, call length etc). This type of information is incredibly valuable and quite powerful when it comes to predicting mass behavioural trends, for example - it's a significant reason why Facebook is worth its (arguably overinflated) share price.

Secondly, reports today state that the NSA is scraping actual private content from Gmail, Yahoo, Microsoft, Facebook, Apple, and so on. I would imagine that this content would have to be monitored and analysed by an automated system, possibly looking for 'red flag phrases' etc, so I'm not sure what level of human contact there is with the retained information. Having said that, the content that is being collected by the NSA can certainly be considered to be personal information, and before the US began its "war on terror", this type of data-mining would have been illegal.

So I'm curious if the retention and analysis of this type of personal information actually bothers anybody on here? And if it does, will it change how you behave online?

Does not really bother me so that much (gave up the horse porn when i hit the 40s:D) But it is getting to a stage where we are going to be living a la Will Smith in enemy of the state where our every move is tracked by spy agencies. Saying that if someone had said 20 years ago that we would all be voluntarily carrying around a chip that allows the government to track us to within 3 feet we all would have laughed and said no way.

I have been reading up a bit on this and although i understand the need for intelligence agencies it seems lately that America throws the word "TERRORISM" into every second sentence and expect us all to nod our heads and agree with them. Terrorism (the threat of) is not really an excuse imo to trample over peoples civil liberties and privacy.

IM0

will I need my tinfoil hat for this, aliens abducted my last one

GarH

Kichote wrote: »

Encrypt the hell out of everything using the strongest encryption available (ssl is useless by the way). Its the only way to be sure.....

No. No. No.
Nuke the site from orbit.
That's the only way to be sure.

mathie

Kichote wrote: »

Encrypt the hell out of everything using the strongest encryption available (ssl is useless by the way). Its the only way to be sure

If it can be encrypted it can be decrypted.

Welcome to the internet.

humbert

I think people fail to recognised the difference between doing it covertly/illegally and doing it with explicit legal consent.

Setun

Duggy747 wrote: »

Some people complain about online privacy while at the same time revealing every tidbit about themselves on Facebook and regular updates on Twitter. A bit of key word Googling and you could find a person's digital footprint across various sites pretty easily.

That's the tricky part - many of these services have such a monolithic presence online that it is hard not to be a participant in them. I'm not on Facebook for example, but I do use other services (boards.ie, for one) that would have similar privacy policies. If I was to totally withdraw from social media, it would probably make my job a bit harder to do!

Also - I want to make it clear that I'm not trying to start a tinfoil hat rant, I'm just curious whether or not people are bothered at all by these reports.

Seachmall

bumper234 wrote: »

Terrorism (the threat of) is not really an excuse imo to trample over peoples civil liberties and privacy.

That's essentially the core of it. You can't have absolute privacy without sacrificing your security.

The problem is the bad guys are more than aware of the efforts the various intelligence agencies are going to and so are reverting back to the sneakernet to pass messages. Everything from the location of Bin Laden to organising the Boston Marathon Bombings were kept out of the digital world.

The security we're gaining is becoming less and less while our privacy is slowly being eroded away.

Of course, if we stop progressing in these areas the bad folk will readopt them.

mathie wrote: »

If it can be encrypted it can be decrypted.

Except for one-way encryption.

tommy2bad

Well isn't this a bit like complaining about being overheard in a cafe or street. The internet is a public place, phone calls are private. Letters (remember them?) are private. Not saying that private is anymore unacessable to someone who want to know but in principal private is protected by laws and governments are as bound by those laws as anyone. Or should be.

As to how effective gathering so much data can be, I doubt they could cope with the sheer amount of information they will gather and have no faith that this information will do what they claim it will, i.e. protect us from stuff. The Wollich attackers were known to police but that didn't stop anything happening.

I think this is an example of opportunism on behalf of security types to extend their remit and so protect their jobs rather than anything else. Our biggest protection from these types is their incompetence and our biggest threat from terrorists is that same incompetence.

Setun

tommy2bad wrote: »

Well isn't this a bit like complaining about being overheard in a cafe or street. The internet is a public place, phone calls are private. Letters (remember them?) are private. Not saying that private is anymore unacessable to someone who want to know but in principal private is protected by laws and governments are as bound by those laws as anyone. Or should be.

As to how effective gathering so much data can be, I doubt they could cope with the sheer amount of information they will gather and have no faith that this information will do what they claim it will, i.e. protect us from stuff. The Wollich attackers were known to police but that didn't stop anything happening.

I think this is an example of opportunism on behalf of security types to extend their remit and so protect their jobs rather than anything else. Our biggest protection from these types is their incompetence and our biggest threat from terrorists is that same incompetence.

Some interesting points raised, although I partially disagree.

Certain spaces online can be considered public, like this forum. People may have to sign up to contribute, but guests can view this content without any further obligations. An email, on the other hand, should be considered to be a private conversation, analogous to a letter. Many people use their email with the notion that it is a person-to-person correspondence, and so they will communicate within that context, adjusting their language and opinions accordingly. Similar with "private messaging services", DMs, and so on. In a public space such as this, we may have to go to greater lengths to justify ourselves (as I am doing now!) as we are aware that people who know little or nothing of our backgrounds will be reading what we write.

Regarding incompetence - yes, the folly of the conspiracy theorist is that "the government" is a well-oiled, infallible machine whereas in actuality, it's basically full of people trying to get away with doing a little bit less than what they're paid for, like in most workplaces The issue here is that incompetence can lead to major **** ups, for example information leaks, abuse of power, or perhaps accusing the wrong person as being a terrorist. The latter has of course happened as long as there has been a judicial system in society, but in my own experience with everyday governmentality, the assumption is almost always that the human - not the computer - has made the error, which is a dangerous default response I think. As part of the War on Terror, there does seem to be an adjustment in the 'guilty until proven innocent' dictum.

Seachmall

Duggy747 wrote: »

Some people complain about online privacy while at the same time revealing every tidbit about themselves on Facebook and regular updates on Twitter. A bit of key word Googling and you could find a person's digital footprint across various sites pretty easily.

For me it's not entirely about my privacy but privacy in general.

The breakdown in privacy isn't directly an issue for me nor for the vast majority of people but it could cause problems for those who want to criticise or blow the whistle on the government. In the US, where privacy is more or less a joke at this stage, I wouldn't put it past them to be collecting data on people (such as journalists) who pose no threat to the public but might pose a threat to the public's perception of the government.

Even here we had the recent issue of Alan Shatter attempting to attack the credibility of a critic, Mick Wallace, by making a piece of seemingly insignificant data public. And while that was a tiny issue it demonstrates that there people in power who would use collected data in a manner that it was not intended for.

I'm not suggesting we all strap on tinfoil hats or that we live in a country controlled by some oppressive Jewish conspiracy but you can not support a democratic system without also supporting the tiny details that are required for a democratic system. One of those details is the ability to criticise your government without fear of reprisal, and you can't guarantee that without having some level of privacy.

hatrickpatrick

humbert wrote: »

I think people fail to recognised the difference between doing it covertly/illegally and doing it with explicit legal consent.

This. I hate it when the argument about "if you use Facebook this shouldn't upset you" crops up. There is obviously a huge difference between a company using your data for commercial purposes and a government using it for political purposes (let's be honest, the phrase "national security" means nothing, it's just a catchall to excuse civil liberty violations). We already know about incidents such as the US Chamber of Commerce paying government contractors to spy on Occupy activists, anyone who seriously believes this stuff is only being used to protect people from terrorist attacks is extremely naive.

I personally couldn't really give a f*ck if advertising companies build a commercial profile of me in order to sell me stuff, but as a political activist the idea of the government being able to sift through my private messages, emails, etc makes my skin crawl.

By the way, the NSA is building a data centre in Utah with enough capacity to literally image the entire internet. Nobody knows what they want to use it for and they refuse to discuss it, but it is widely suspected that this is a dragnet which is going to attempt to capture every single internet packet which is sent inside or through the United States. That might sound absurd but the capacity of this thing is so terrifyingly gigantic that it's difficult to imagine any other purposes for it.

http://en.wikipedia.org/wiki/Utah_Data_Center

Kim Dotcom said it earlier this year, it's time for everyone to encrypt the f*ck out of everything they send or transmit online.

tommy2bad

Setun wrote: »

Some interesting points raised, although I partially disagree.

Certain spaces online can be considered public, like this forum. People may have to sign up to contribute, but guests can view this content without any further obligations. An email, on the other hand, should be considered to be a private conversation, analogous to a letter. Many people use their email with the notion that it is a person-to-person correspondence, and so they will communicate within that context, adjusting their language and opinions accordingly. Similar with "private messaging services", DMs, and so on. In a public space such as this, we may have to go to greater lengths to justify ourselves (as I am doing now!) as we are aware that people who know little or nothing of our backgrounds will be reading what we write.

Regarding incompetence - yes, the folly of the conspiracy theorist is that "the government" is a well-oiled, infallible machine whereas in actuality, it's basically full of people trying to get away with doing a little bit less than what they're paid for, like in most workplaces The issue here is that incompetence can lead to major **** ups, for example information leaks, abuse of power, or perhaps accusing the wrong person as being a terrorist. The latter has of course happened as long as there has been a judicial system in society, but in my own experience with everyday governmentality, the assumption is almost always that the human - not the computer - has made the error, which is a dangerous default response I think. As part of the War on Terror, there does seem to be an adjustment in the 'guilty until proven innocent' dictum.

Yeah that's right, email phone calls and private messages are all covered by privacy laws and still are, if they want to see any of that they need a court order. What is being monitored is source and destination of calls, email and such. This is used to generate a network of usage. A bit like traffic volume but on a personal base. If OBL sends me an email and I have a contact list of 20 other people that I pass it on too, then we are all 'persons of interest'. Until someone becomes a person of interest only traffic is visible, Get on their list and then they have to get a court order to look or listen to the coripondence.

Of course their is nothing to stop them misusing the data but theirs nothing to stop them doing that illegally anyway.
We are inclined to think because we are at home that the internet is as private as other things we do at home. It isn't, hell even what you watch on TV probably isnt private anymore other than in the sense of 'not for publication'. It certainly isn't something only you know though.

Genuinely I think this could help twart terrorism but unfortinuatly it will be used to do a Shatter on Prime time .

The volume of info is hard to handle and the temptation to misuse it is too strong.

At this stage the cat's out of the bag, over the wall and halfway to the next parish as far as preventing misuse other than abandoning electronic communication completely. Which I would never use for something illegal anyway, too easy get caught.

Setun

tommy2bad wrote: »

Yeah that's right, email phone calls and private messages are all covered by privacy laws and still are, if they want to see any of that they need a court order. What is being monitored is source and destination of calls, email and such. This is used to generate a network of usage. A bit like traffic volume but on a personal base. If OBL sends me an email and I have a contact list of 20 other people that I pass it on too, then we are all 'persons of interest'. Until someone becomes a person of interest only traffic is visible, Get on their list and then they have to get a court order to look or listen to the coripondence.

I think today's revelations were that it in fact is not only the metadata, but the actual content of the communication that is being targeted by the NSA. Obviously the statistics are essentially impossible to come by, but I begin to wonder how effective it actually is. For example, the military and CIA use of drones are stated to be a necessary measure to combat an 'uniformless, stateless enemy' - i.e. an enemy that cannot readily be identified and takes advantage of the mutability of networks for political leverage - but the more you read into it the more you realise that they are in fact not a terribly efficient way of solving this problem.

KyussBishop

We have no idea what our secret service (yes, we actually have one) gets up to in Ireland, and we know for a fact that there was illegal wiretapping in Ireland in the past.
I think it would be quite naive, to believe that precisely this kind of illegal spying doesn't go on in Ireland.

Doesn't even have to be limited to government either: With the telecoms equipment available today, and the total lack of regulations (the DPC is a neutered joke) and lack of transparency in telecoms institutions, it is likely not hard for people with the right resources in an ISP, to tap into anything they like undetected (most stuff is transmitted unencrypted anyway).


Anyone interested in this topic, I recommend searching for some talks by William Binney, an ex-NSA official who was in charge of designing the entire country-wide Internet surveillance system in the US, before 9/11; it is scary stuff, the breadth of information that can be learned about you, and the entire network of people you come in contact with, and how complete the surveillance is.

What they are doing now in the US (such as with the Utah datacenter mentioned above), is permanently storing enormous amounts of analyzed Internet traffic from literally everyone, so that they have years worth of records that they can reach back into, to retrospectively analyze anyone who comes to their attention.

tommy2bad

Thinking about this some more it strikes me that as most criminals use 'burners' as phones tracking the phones is useless unless it not crims they are targeting. Like the legislation to kill the mobile network the target would seem to be protesters more than bomb detonators. Think about it, most states see their citizens as the biggest threat, not outside forces. Remember that phone traffic is just that; traffic, information from it includes location and travel patterns.
Oh an btw emails are not private in law until they are read, well US law, don't know exactly about here or the UK but even the UK are looking into similar laws as the american ones.

My name is URL

I really don't get how people can be so flippant regarding digital / online privacy. It's as if they don't see it as being as important as 'physical' privacy. Imagine someone calling to your house every day and looking to inspect you and your belongings.. I bet not many people would say 'fair enough, I've nothing to hide'. You don't need to have anything of particular interest to hide before you encrypt your hard drive. Saying otherwise is like saying there's no need to lock your car doors if there's nothing worth stealing inside.

Some useful stuff -

TrueCrypt - 'Free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux'

Link - http://www.truecrypt.org/

Guide - http://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt/

---

Tails - 'A live system that aims at preserving your privacy and anonymity'

Just install it to a USB drive and you can boot a fully amnesiac OS from any computer without leaving a trace behind. Anything you save while using it will be automatically encrypted and hidden on the USB stick. It utilises TOR and a locked down version of Firefox for ultimate online privacy. Also has a rake of ultra secure utilities for IM, eMail etc

Link - https://tails.boum.org/about/index.en.html

---

LastPass - 'Password manager & generator'

Link - https://lastpass.com/

Firefox Addon - https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/

Guide - http://reviews.cnet.co.uk/software-and-web-apps/how-to-protect-your-passwords-with-lastpass-50008316/