Wither Privacy?

The media has been atwitter of late with countless stories about how “they” are snooping on our private data. A recent story in the Guardian loudly proclaimed the “Death of the Internet as We Know It” since the big cloud services such as Google, Microsoft, Apple and more were all in the back pocket of the NSA and therefore not to be trusted and would soon be abandoned by all their users.

     May I ask when has ANY communications media ever been private? I mean seriously, what period of time, what era, can we point to wherein one's communications was private? Even the earliest days of electronic communications was an open book to anyone who cared to look. There were laws against such snooping, a sop to privacy to be sure, but laws rarely prevent crime.

     I might even argue that despite the current flap, our personal conversations and communications are today more private than they have ever been in recorded history. The advancement of technology has made it much harder to engage in casual snooping, relegating such activities to entities with deep resources and deeper pockets.

     In the early days of the telegraph, confidential messages were openly sent in clear text. The telegraph operators at each end of the line, and any relay points between destinations obviously saw, and could read the messages. Many a pioneer town Marshall routinely snooped around the telegraph office to keep track of what the “bad guys” were up to. One of my favorite historical westerns, HBO's Deadwood, devoted several plot twists to the interception of confidential messages carried by the “Black Hills Telegraph Company”. Partly fictional, to be sure, but firmly entrenched in reality. Schemers and businessmen have always obfuscated their communications with a fascinatingly complex series of codes and ciphers. An order for “ten pounds of bananas” might as easily be ordering someone's death as ordering fruit supplies for the local grocery merchant. Whether banker or Mafioso, the communications medium has always been considered untrustworthy, for good reasons.

     This was nothing new with telegraphy. Codes and ciphers obfuscated all manner of secret doings long before electrons played any role in communications. In the court of King Henry VIII, a note delivered to a paramour had best be delivered personally if secrecy be paramount.

     The advent of the telephone changed not a thing. Just as did Telegraphs, Telephones had operators, and growing up in the era when the operator might easily be listening at any moment one learned to be careful divulging secrets. Also in common with telegraphs, early telephone systems often were “Party Line” arrangements, and in these cases, not only operators but one's very neighbors could be listening at any time.

     Early cordless phones transmitted our conversations in the clear using analog radio. Anyone with a cheap scanner could routinely listen in on their neighbors calls, and often did. Analog cell phones likewise carried their voice signals openly and could be routinely listened to on any TV with an analog UHF tuner. In January of 1997, a private cell phone conversation between the House Speaker and his strategists was illegally intercepted and taped by Democrat operatives, making headlines and embarrassing the politicos. That such a “private” phone conversation was in fact so public caused barely a ripple then, but today we are supposed to get excited because our government spooks might be looking at our “private” communications while searching out would be terrorists and murders. I admit that the idea that my personal communications might be scrutinized bothers me on some visceral level, but I am hardly surprised.

     That J. Edgar Hoover might take an interest in our private affairs was far more remote and far less concerning than what Gertie Hornswaggle the town gossip might overhear. Those with secrets to be kept found ways to do so. Those who failed found their assignations featured in Gertie's gossip, or even in the national papers as happened to the unfortunate House Speaker.

     Party lines have disappeared, telephones have gone digital and we have stopped talking to operators. Gertie is deeply frustrated because the advancing technology has made her snooping a lot more difficult. We have lost sight of the human involvement in our networking and somehow we have lost our concerns about privacy. Just because we did not interact with a live operator any more or hear our neighbor's ring code, did not mean our calls were suddenly truly private. Harder to intercept, to be sure, but not that difficult for those with the means. We developed an expectation of privacy that was unwarranted.

     When computers came along, they were big, expensive solitary machines in locked rooms. Computer security once meant locking the door! Then computer networks were invented and security went right out of the window. The idea that any data stored on any computer connected to any network is somehow inherently secure is laughable. Pretty much anything you read, write, say or do on a computer is logged somewhere. If you truly want to keep it a secret, DON'T PUT IT ON A COMPUTER!!

     There is no privacy fairy. If you wish to truly keep secrets, you have to work hard at it, and in spite of your best efforts, there is always a level at which your secrets can be breached. If you put your data on an encrypted thumb drive and store that thumb drive in a bank's safety deposit box it really is not safe from the prying eyes of a government busybody if they are motivated to look. Deposit boxes can be forced open and encrypted files can be decrypted with sufficient effort.

     Troublemakers of all sorts have long known how to keep secrets. The current flap about privacy is far more about inflaming a gullible public than about any real privacy issues. Getting the “Low Information” citizen excited and demanding action serves a variety of ends, not the least of which may be electing someone to power based on promises to “fix” the unfixable.

     Unlike the schemers of Deadwood, we have today numerous tools to encrypt our data. While no encryption is 100% proof against being unlocked, it can be made extremely difficult to do so. As long as the difficulty exceeds the resources of one's adversary, it is sufficient.

     A secret folder encrypted with a 4092 bit key and stored on a Skydrive, or in a Dropbox folder is fairly secure, even against the NSA. If you use appropriate tools you can keep your secrets. Mostly. The thing is though, the NSA is not really interested in your data files, be they personal financial records or your porn collection! While there may be some exceptions, their overwhelming interest is not what is in your data but who you are communicating that data with. Codes and ciphers might hide the actual data, but do not hide the sender and recipient. It is not that you have stored this encrypted folder on a cloud service, but whom you give access to it that is interesting. That is why there is so much interest in the so-called “meta-data” about calls, texts and emails. They are about conspiracies and conspiracies involve two or more individuals. As soon as that data is communicated over an electronic medium, your darkest secrets are revealed, even if the actual data is not.

     Recently we learned that the government is photographing the front and back of all our US Mail. They are not so much interested in the contents of our letters as who we are writing to, and who is writing to us.

     If you are not conspiring to overthrow the government or commit acts of violence, you probably do not care who knows your associates. If you want merely to keep the contents of your personal data private, it is reasonably possible. There is no privacy fairy, but there is encryption. Used judiciously, encryption can protect valuable files from prying eyes. Remember though, encrypted files stand out like a sore thumb, screaming “here I am I have big secrets” to anyone interested. And encryption is a bit of a pain to use.    There are numerous tools available for anyone interested in encryption.

     It is beyond the scope of this treatise to provide a How-To tutorial in the use of such things, but I will recommend a few tools. The grand-daddy of personal encryption tools is a little thing called PGP, which stands for “Pretty Good Privacy”. Despite the understated name, the privacy is more than “Pretty Good”. PGP implements the openPGP standard, and is a commercial product sold by Symantec, the same people who market anti-virus software. An open source set of tools that some consider even better is called “GnuPG” which stands for Gnu Privacy Guard.

     Encrypting hard drives is a need for which there is simply no better tool than TrueCrypt. TrueCrypt is also Open Source and freely available. For the casual encrypted file, the open source archiver 7Zip offers some nice features.

     It is one thing to simply put a password on a file, or an entire hard drive. You only have to not lose that password, and you can recover the data intact. Although in this simple case it is not obvious, there is another function happening deep under the covers. Encryption is more than obfuscation. Of course it obfuscates, or hides the data from private eyes, but it does more than just keep data secret. It also authenticates the data, verifying that the data is intact and has not been altered. Encryption vs. Authentication. Authentication is just as important, if slightly less obvious. Recovering encrypted data is useless if you do not have assurance that the data is in fact intact and unaltered.

     If you need to share encrypted files, these two distinct requirements become separated, in a sense, and the distinction becomes more obvious. You need to be able to encrypt your data in such a manner that only the intended recipient can read it, and you also need to authenticate that you are in fact the author and that the data has not been altered. This separation of functions is accomplished by, in a sense, separating the functions into two distinct parts via a technique known as “Public Key Cryptography”. Do not let the techie name intimidate you, as it is really a pretty simple thing.

     A full treatment of this topic is beyond the scope of this short treatise, nonetheless it is a very simple process. In Public Key Cryptography, every participant has two keys. The public key you tell to the world, and the private key you keep, well, private.

     There are several ways these can be used, but the general gist goes like this. You write a document, and encrypt it with your private key. Anyone who has your public key can decrypt it and KNOW that it came from you and has not been altered. This accomplishes the authentication function and is all well and good as far as it goes, but does not really keep anything secret since the public key used to decrypt the data is easily and widely available. Authentication that something was in fact written by who it was claimed, and was not altered is a valuable service, but the end result is the data can be read by anyone. So you effectively have Authentication without really having Encryption.

     If on the other hand you want ONLY one person to read it and no one else, you encrypt it with THEIR Public Key. Now only their private key will decrypt it. In fact you cannot decrypt it with the public key used to encrypt it. It is a one-way process! Once encrypted it is locked until the recipient unlocks it. Your secret makes it to their eyes, and only their eyes. That sounds good, but how do they know it really came from you? You have, effectively, Encryption without Authentication. After all, the whole world has the Public Key and anyone could encrypt a file and claim it came from you.

     The solution is a two-step process. Encrypt the file with both their public key and your own private key. Then you have a file that can only be read by the intended recipient, and can only have been sent by yourself. Anyone else can neither authenticate it nor decrypt it.

     If someone knows you have a secret and can bring enough force to bear, they can compel you to give it up. Supercomputers can, given enough time, break any encryption. Threats and legal action can compel you to reveal the passwords. The best way to avoid this situation is to not appear to have any secrets worth revealing. One way to do that is to encrypt virtually everything, including trivial things.

     If forced to give up passwords, give up passwords to trivial stuff freely, and convince your adversary that you will easily give up everything because you really have no secrets. A single encrypted file on a hard drive is like a red beacon drawing attention to itself, but a thousand or two hides the one that is actually important.

     This brings us to another facet of the secrecy puzzle, “Plausible Deniability”. Rather than feigning complete innocence, allude to a much lesser incrimination than that which you are suspected of. For example, if you are suspected of hiding incriminating industrial secrets, leak the password to your porn collection. Your adversary may chide you for the porn, but miss the much more interesting espionage you are really hiding.

     TrueCrypt implements this idea in the disk encryption software. A disk encrypted using this option has two partitions, one of which is always hidden. Give one password, and the porn collection is revealed, yet a different password yields the really incriminating secrets. When asked why you have an encrypted disk, the porn collection is reason enough, and there is a good chance your adversary will look no further.

     Don't get too smug however! This is a well-known concept in spook circles, and a true computer forensic expert can easily spot such subterfuge. If you're really into nasty stuff you had best find more elegant ways to hide your affairs.

     Remember that in the world of secrets, it is not so much what the secrets are, as who you are telling them to that the spies and spooks are interested in.

     And that is another problem entirely.