Friday, May 4, 2012

Privacy in the time of Google

The recent and controversial changes to Google's privacy policy have reignited many of the old disputes about Google's privacy policies.  Even beyond the issue of Google itself, more and more people are sounding the alarm that our rights are being put gravely at risk by the new technologies.  And they sure have a point: threats are emerging on all levels.  More often then not, those who warn of the threats also suggest solutions, some better than others, and I think that it would be helpful to take a bird's eye view of these new threats to classify them in general categories and then to see which of them affect each one of us.  Notice that I speak of threat, not of danger.  'Danger' is a diffuse concept, whereas 'threat' is specific.  You cannot counter a danger, but you can counter a threat.  I will therefore try to be as specific as possible in identifying the specific threats which threaten our privacy and rights.

Actors:

First, there are basically three type of entities which might threaten us:

1. Governments.  Regardless of their specific technological sophistication or financial resources, all governments have two features which, when combined, makes them unique: governments have larger resources than individuals and they have the law on their side.  Sure, sometimes governments break laws (often, in fact!), but the cops and the courts are basically on their side and that gives them a big advantage over everybody else.

2. Corporations.  The technological and financial resources of corporations are often larger than the ones of governments, and the corporations often have a cozy relationship with governments, but they do not have the quasi automatic legitimacy which governments have and they cannot brake laws as brazenly as government do.  Corporations also pursue a different primary goal.  If governments are about power, corporations are about money.  The two are, of course, very closely linked, but they are distinct, and they can imply different goals and methods.

3.  Individuals.  That is pretty much everybody else, from the pimply script-kiddie, to the jealous husband, to the savvy computer hacker or cracker - all of which can threaten your privacy and rights.

So the first question which each person has to answer for himself/herself is this: whom am I concerned about, against whose actions am I trying to protect myself?

Offensive strategies:

There are two fundamental type of offensive strategies which any attacker will use to threaten you:

1. Targeted attack: this is the situation in which you, personally, as an individual (not as a member of a group) are the target.

2. Group or "dragnet" attack: in this case the effort is primarily aimed at identifying you.  This attack will typically be directed at some identified group and its main purpose will be to isolate the few real target from the many false-positives.  Individuals thus identified then become the subject of a targeted attack.

Penetration paths:

There are many possible entry-ways for somebody to penetrate into your private sphere and the much talked about "hacking into your computer" is only one of many other such paths.  The widest open and most used one is not even technological:

1. Social engineeringDefined by Wikipedia as "the art of manipulating people into performing actions or divulging confidential information" is by far the most likely venue by which your privacy will be compromised.  Since it is wholly non-technological in nature, I will not discuss it here, but please do keep it in mind as the biggest threat of all, at least for most people.  Then there are also the type of attacks which most people are worried about:

2. Your personal computer devices: desktops, laptops, home wifi, routers, modems, etc.  Most people assume that these are the only ones worth worrying about, but they forget two no less important ones:

3. Smart-phones: it would not be an exaggeration to say that a smart-phone is an ideal spying device and most people totally fail to realize the amount and type of information which is located on, or transits through, a typical smart-phone.  The other mostly overlooked source of danger, however, is

4.  The remote computer.  There is probably far more data about you on remote computers which you do use (deliberately or not) than on your personal computers.  When John Gage was working as Chief Researcher and Vice President of the Science Office for Sun Microsystems, he coined the expression "the network is the computer".  That is now true even if your workstation is running MS Windows, whose connectivity is pitiful, or a PlayStation.  For all practical purposes, all computers are nowadays connected to other computers, mostly, but not only, to the Internet.  Even home appliances can now connect to the Internet and be used to spy on you.

The defensive strategies:

There are two basic defensive strategies to any combination from the above matrix of actors, strategies and penetration paths.

1.  Active Denial.  That is the one most people focus on: use encryption for your emails, use an operating system which is secure out of the box (basically, any modern operating system except Windows), encrypt your home directory on your laptop, use anonymous remailers, use the Tor network, use some form of private browsing, firewall your router, firewall your laptop, use anonymous proxies, use solid logging and check your computer logs regularly, and many other options.  All these techniques do require a minimal understanding of technical issues.  If such understanding is lacking, they just give a false sense of security.

2. Passive Denial.  Simply do not use the technologies which could threaten your privacy or rights.  Sounds ridiculous?  And yet there are a lot of tech-savvy folks who do not use any Google service on principle, some even refuse to own a smartphone.  One of the smartest and tech-savvy men out there, Eben Moglen, refers to smartphones as "spying-device" and he is quite correct, this is what they all are, by their very nature.

Frankly, both approaches are rather problematic, in my opinion.

The first one implies a rather high degree of understanding of technological issues, something which most non-techie people simply do not have.  Furthermore, even for a self-professed "geek" it would be highly presumptuous to hope to beat government or corporate experts at this game.

The second one is rather impractical.  No Google, no smartphone, why just not give up on laptops while we are at it, or even stop using the Internet?  Can we do without these technologies?  Many probably can - and they do - but most of us probably are unwilling to do so. As H. L. Mencken pointed out "for every complex problem there is an answer that is clear, simple, and wrong".  Besides, there is a largely overlooked solution which I would like to suggest here:

3. Concealment

By concealment I mean "camouflage" or, even better, the idea encompassed by the Russian word maskirovka (маскировка): A set of procedures designed to confuse, mislead, and camouflage oneself from the enemy (Wiktionary).  They key word here is *procedures* as opposed to technologies.  The motto of that approach could be either "there is safety in numbers" or "don't stand out from the crowd".

The main weakness of this approach is, of course, that it is utterly useless against a targeted attack (Offensive strategy #1 above).  But ask yourself the following question: how likely are you to already be identified as a target by your potential attacker?  In all likelihood, if you are the object of a targeted attack the attacker is an individual (Actor #3 above) and chances are that basic security measures (Defensive strategy #1 above) will be sufficient to deal with the threat.  But if your concern is Google or Uncle Sam, then you are mostly likely to be concerned about a "dragnet" kind of attack.

It is when you are targeted by a government or a corporation that the concealment strategy really shines because it denies them their main advantage: their formidable means (technical and financial) to engage you.  Paradoxically, concealment mandates that you do not use any costly or complex active or defensive defensive strategies simply because by the mere fact of using these active defensive strategies you place yourself on the radar screen of your enemies.  In fact, for the concealment strategy you want to look as transparent and clueless as the next guy.  You want to be spied on, recorded, photographed, filmed, classified, etc.  Your purpose is not to avoid governmental or corporate databases, your purpose is to remain invisible inside these databases.  That is surprisingly easy to do: do not conceal yourself, only conceal a very small amount of key information about you.

The 95%

First, you probably have something like 95% of information/data about you which you really would not care if it feel into corporate or government hands.  Think about it: what does Google (or any other corporation) really want from *you*?  Does Walmart or Ford care about your private life, your intellectual pursuits, your political views or your religious affiliations?  Of course not - what they want to know is in which marketing group you belong, they want to know what kind of music a person your age and gender listens to, where a family with your income spends its holidays and other such aggregated data.  Corporations are not interested in you as a person.  Governments are.

The real risk is, of course, that governments can easily patch themselves into corporate databases and then run the collected data through sophisticated data-mining applications (such as Able Danger).  Combined with specialized packet-sniffing applications (such as NarusInsight).  This is what Uncle Sam attempted when he created of the (now "officially defunct") Total Information Awareness (TIA).  Furthermore, the government can also create front corporations which are technically not subject to the type of legal restrictions which government agencies are operating under.  Lastly, the government can even contract foreign entities to conduct spying operations against its citizens inside its own borders.  Just check the mind-boggling number of US software, data-mining, telecommunications and other companies which are Israeli or run by Israelis (such as Narus I mentioned above, but also the infamous Amdocs or Comverse companies).  It would not be an exaggeration to say that Israel has a total informational awareness of what is going on inside the USA.  (Thanks AIPAC!).

But remember, you don't care that they have access to your truly private 95% of information, right?  Sure, it bothers you, it is a violation of your civil rights, but this is not something anyone of us can fight.  Yes, there are organizations like the EFF which does a wonderful job trying to fight these SOBs in court, and I fully support them (by being a contributing member), but I don't hold my breath.  Let's face it - Uncle Sam has long ago stopped paying attention to such trivial matters like the law of the land or the US Constitution.  So while we can protest and object to the violation of our 95% of theoretically protected privacy, we all can also agree that what really matters to us is the remaining 5%.

It is, in fact, easy to confuse or mislead the big corporations.  All you need to do is present them with a moving target: use various email accounts, try to develop many credible 'Internet identities' with plausible sounding names and even addresses (its not illegal to advertise a fake address on the Internet), share Internet identities with a few close friends, etc.  Use these Internet entities when posting on forums and don't use wannabe hacker aliases like #xOPc84xx but rather choose a banal "Ed Taylor".  You can also use the names of existing people as long as you do not steal anything from them and as long as you do not make fraudulent payments (in fact, by using their name you help them by confusing the bad guys!).  The more credible "Internet identities" you establish, the harder it will be for any snooping corporation to find out who is who.

This is all fun and marginally effective at misleading the corporate world, but they still hold a trump card: payments.  It is almost impossible to pay for something anonymously (there is a reason why the otherwise excellent Bitcoin system is opposed by both corporations and governments) and in most situations it might even be illegal.  Likewise, using a fake delivery address is complicated.  So here, again, I think the countermeasure is not to worry about 95% of your purchases and focus only on the 5% which you want to keep private.  For them, exclusively use cash, the only private payment method out there.

The 5%

The obvious way to keep your 5% information (emails and other data) private is to encrypt them.  The problem with that is that by the mere fact of sending a strongly encrypted email you are triggering an alarm in Uncle Sam's spying infrastructure.  Some countries make it illegal to use any type of encryption without a system of "key escrow" in which the government holds a "unlock key", but few would actually prosecute you for using encryption.  The key approach to defeat that kind of threat is also very simple: encrypt as much of your communications as possible.  You will need a friend who is minimally tech-savvy and who understands the social and political rationale to justify encrypting even the most common emails.

Think of encryption as an envelope over your letter and unencrypted emails as postcards (which everybody can read).  If you only put an envelope around letters which contain the 5% you really want private, you might as well advertise on them by writing in big red letters "information I am trying to hide from you".  That would be silly.  But what if *all* of your letters are sent in envelopes, who will the bad guys spot which ones contain the 5% and which ones do not?

Speaking of encryption.  Here are two basic rules that you must absolutely follow:

a) only use encryption algorithms which are public ( free and open source)
b) only use encryption software which is public (free and open source)

While I generally recommend using only free and open source software, in the case of encryption this is absolutely mandatory. Do *not* use some presumably super secret proprietary products as they will inevitable have bugs, backdoors or flaws in design.  The only truly secure computing is 100% free and open source because only this type of software is carefully examined by highly skilled coders and system admins all over the planet because, as Eric Raymond put it, "given enough eyeballs, all bugs are shallow".

So, use as many credible Internet identities as possible and encrypt as much of your communications as possible.  Both of these techniques saturate the system.

One thing which does not saturate the system is the so-called "Jam Echelon word lists".  The idea behind those is to include a list of "trigger words" in each email, stuff like "kill the President" or "bomb US Embassy" in order for the Echelon system to zoom in on every banal email.  The intention here is good (to trigger false positives), but the execution is sloppy.  By using the same worldlist it is very easy to filter out such messages.  Uncle Sam could, for example, program its snooping software to reject any email with more than x number of trigger words.  Besides, while Echelon and others do sniff/record every single communication, they also probably use internal filters to zoom in on specially defined addresses, IPs, names, countries, groups, etc.  So I would not bother with such word lists.

What about the remainder 5%?  Here a very sound approach is to use the defensive strategy #2 above (passive denial).  Simply put, if you want to place an order for a pound of marijuana don't use the Internet.  Write a simple letter and post it.  Yes, in the age of the Internet and Google, posting has become much safer.  If you want to have a private conversation with somebody, make sure that there are absolutely no smart-phones anywhere near you.  If you want to pick up something Uncle Sam might not approve off, do not use a car with an electronic toll collection system transponder or, better, use public transportation (but be aware of cameras).  Basically, spend your life swimming on the surface, but do engage in an occasional "dive" under the surface when needed.  But do not, repeat, not, only swim underwater.  If you do not have a smartphone, if you do not use the Internet, if you have no credit cards, etc. you look more suspicious to the bad guys then if you do.  So coming across as a lamer, a naive ignoramus is good.

If you absolutely need to use the Internet to communicate, then you can combine several simple techniques.

First, encrypt your message with GnuPG (if you are using a public-key system) or Bcrypt (if you prefer using a symmetrical-key cipher like Blowfish).  Then transfer the file to a laptop or smartphone already encrypted.  Find a public wifi hotspot (but be aware of cameras) or, better, an open wifi network, then upload it to some minor but free email service located outside the USA (the Russian Mail.ru or the various providers in Asia for example) and send it to your correspondent's email address (ideally on the same network).  Your correspondent will download the file using the same methods as you did to upload.  A smartphone being far more discreet than a laptop, I recommend using it for such communications.

If you need to chat in realtime with somebody, use online games, ideally the MMORPGs.  Use the free ones, the ones that you do not pay for.  Most of them provide some chat or chatroom capability and these are not monitored.

Another good option are the file-sharing sites such as Mediafire or Rapidshare.  Upload your encrypted text and have your correspondent download it.

All of these will provide you a reasonable degree of security against pretty much any threat with the exception of a targeted attack by a major government.  But if you suspect that you have already been singled out by a major government as the target of a determined and sustained monitoring operation then you pretty much should give up on using the Internet.

Bottom line: using a balanced mix of responses

There is no one size fits all solution.  The optimal approach to use depends on your individual circumstances, the likely threat, they type of information you want to protect, etc.

The basic first steps are really simple: unless you are very tech-savvy, do not use any of the version of Microsoft Windows.   It is possible to have a reasonably secure workstation (or even server) with Windows, but it requires a lot of of expertise, whereas a computer running GNU/Linux, FreeBSD or even (to a much lesser degree) OSX is pretty secure coming out of the box.  If you have to use Windows, try to not to use it to connect to the Internet.  If you have to use Windows to connect to the Internet, then use one computer for that purpose and another for all other tasks and do not use MS Outlook, Outlook Express or Explorer.  Another thing you definitely want to do is to change the default password on your wireless network and secure it with WPA.  Lastly, use halfway decent passwords. That's about it for the basics.  This should keep most script-kiddies and viruses away.

Don't worry too much about your 95% - this information will most likely not be used against you as an individual.  Simply assume that all your emails are parsed for information, not only be Google, but by everybody out there.  Consider their contents as de-facto public knowledge.  And try not to to land on some list of "suspicious individuals" (which for Uncle Sam includes Ron Paul supporters, peace activists, nature lovers and all sorts of equally 'dangerous' categories).

As for the remainder 5%, either you want to keep it away from any computer networks, or upload it encrypted and in a way that cannot be traced to your identity. 

If you do that, then I think that using Google, a smartphone and Amazon is fine, there is no need to be paranoid about it.  Remember, there is safety in numbers, and it is only when you stand out that you really are threatened.

The Saker

PS: I am not a IT security expert at all, so I might have missed something or otherwise gotten it wrong.  So, as usual, I invite you to share your comments, opinions and criticisms with the rest of us by posting them in the comments section below.  Any good ideas or advice on how to protect ourselves against Big Brother are also most welcome!

Many thanks in advance and kind regards!