Why do we care?

Dec 2016

In a word, privacy. Without privacy you can't have a free society. You can't have free speech, you can't have justice, you can't have free democracy.

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."

"The UK has just legalised the most extreme surveillance in the history of Western democracy".

-- Edward Snowden

"Too many wrongly characterize the debate as 'security versus privacy.' The real choice is liberty versus control."

-- Bruce Schneier

Ask yourself, do you have curtains on your bedroom window? If you do then you have something to hide and you care about privacy. Would you mind if all your post was opened and read before you received it? If you would, then you care about privacy. That is what is happening to all your phone calls and emails.

See also Glenn Greenwald's TED Talk


The Spying State

My interest is in state surveillance. The UK has some of the most intrusive electronic surveillance in the world. This started with the use of CCTV. In the 1990s half the World's CCTV cameras were in the UK. The UK is one of the most surveilled nations in the world.

In 2000 the Labour Party introduced the Regulation of Investigatory Powers Act, which allowed wholesale monitoring of internet and phone communications. This massively increased the scope of state surveillance.

When Edward Snowden revealed the NSA's illegal activities in 2013 it became clear that the UK was far exceeding the activities of the NSA, in both legal and illegal spying.

Rather than limit this criminal activity, recent UK legislation has legalised it. There was hardly any opposition in Parliament to the Investigatory Powers Bill 2016, but MPs did manage to exempt themselves from the surveilance. However, the exemption is weak and data on MPs will still be collected. They think they are safe. They are not.

Spying opens the door to coercion and blackmail in public life. If you've ever wondered why politicians change their tune when in power, consider this : is anyone else pulling the strings? There is a history of this sort of coercion in UK politics. Coercion has been a key tool used by those in power to ensure compliance from MPs. Just search for "dirt book" and "Whip". It is a very ugly story. The new legislation makes it much more likely. More dirt, more coercion.

One of the crucial failures of all this legislation is lack of judicial oversight. Warrants can be issued by ministers of state, making the spying political, not judicial.

How can we have a free democracy when the Government can spy on everyone? We have seen cases where campaigning MPs have been monitored by the Police, for example this article in the Guardian : Police anti-extremism unit monitoring senior Green party figures. If the Home Secretary can read all emails, how can you have effective opposition?

State spying can also be used to undermine justice by breaching the privileged communications between lawyers and their clients. In this example from 2014, internal MI5, MI6 and GCHQ documents reveal routine interception of legally privileged communications. If the state has access to the private communication between a defendant and their lawyer, how can we have justice?

In the hands of a malevolent state, unlimited state intrusion becomes a very dangerous tool. Given the current instability of Western democracies, is it a good idea to hand these extreme powers to a potentially repressive state?

We've seen what happens when a surveillance state goes bad. The Stasi in East Germany pioneered the blanket surveillance of citizens. It led to a brutal oppressive authoritarian regime that ruthlessly suppressed freedom. That is what happens when you spy on the public. There was an excellent film released in 2006, dramatising the impact of Stasi surveillance on an individual's life, The Lives of Others.

How bad is the Investigatory Powers Act? Very bad. See this article in The Register : The UK's Investigatory Powers Act allows the State to tell lies in court. The undermining of our justice system by allowing deliberate lies and the withholding of evidence, cannot be understated. The advent of secret courts, where defendants don't even hear the charges or evidence against them, means that our justice system is fatally flawed and no longer fit for purpose. The state can simply arrange for you to have an unfair trial. All your protections in law have been removed. This legislation has been passed with the overwhelming support of both the Government and the opposition party, with barely a murmur in the press.

We've seen cases where Police have worked closely with companies involved in human rights abuses, war crimes and environmental destruction. The citizens campaigning against them have been treated as terrorists. Anti-terror legislation has routinely been abused in cases completely unrelated to terror. But corporate abusers are left alone, or are even supported at the highest levels of Government. The Stasi state magnifies this problem immensely. It enables abuses of power and provides the tools to evade responsibility and prevent justice.

If the Government are collecting all our personal data and sharing with a wide range of agencies it is inevitable that data will be leaked. The NSA failed to prevent Edward Snowden from leaking large amounts of incriminating evidence. Government agencies have a poor reputation for data security. If they are collecting your personal data, it will leak.

The law requires ISPs to spy on their customers and keep all the data in a log that can be accessed by a wide range of government agencies. Every website you visit, every email you send or receive, will be logged. Everything.

So, and I hate to say this, do not trust US or UK providers of communications technology. Even if they want to provide a safe service, they are forced to give up data and can then be compelled to lie about it. They operate in an untrustworthy regime and are inevitably tainted by it. If you are looking to buy US or UK security products, you have to assume that they are compromised.

See this Wikipedia entry on the US webmail company Lavabit for an example. The regime in the UK is much worse than in the US. For more on the terrible treatment of Lavabit's founder, Ladar Levison, see Secrets, lies and Snowden's email: why I was forced to shut down Lavabit.

In my work as a software engineer I have been asked to deliberately cripple encryption tools on a commercial product. GCHQ required weakened crypto before the (UK) company could obtain an export license. I have come across this in two companies I've worked for. I have always refused to do this, but it alerted me to the dangerous practice of government agencies deliberately weakening encryption; forcing companies to put back doors in their products, using the threat of withholding export licenses to bully exporters. It is a very bad idea.

Spying seriously undermines our technology industry. The revelation that the NSA were hacking into Cisco equipment severely damaged their reputation and cost them millions in lost orders. Cisco's CEO, John Chambers wrote to President Obama asking him to stop the NSA hacking into Cisco equipment. Cisco and IBM between them lost more than $1.7bn in lost sales because their reputation was undermined by the NSA.

Here's Bruce Schneier on The Importance of Strong Encryption to Security. A concept that Governments both sides of the Atlantic seem to have difficulty grasping. I still see politicians make appallingly ill informed comments on this. If you weaken security, you increase the risk that other people will find and exploit it. If you weaken security products to make spying easier, you weaken them for everyone. That is a gift to hostile states and organised crime. It makes the World a much more dangerous place.

Strong encryption is vital to the banking system. Damaging encryption and leaking personal data threatens us all by making transactions insecure. Adding backdoors and leaking data makes the system more prone to theft and fraud.

So, to summarise, spying undermines democracy, threatens our justice system, damages industry and increases the risk of hostile governments and criminal groups attacking individuals and vital infrastructure. It increases the risk of blackmail and coercion in public life. It makes banking less secure and more exposed to fraud and theft. It threatens our liberty and it threatens our privacy.

I understand the need for the state to prevent bad people doing bad things. That's okay. But I object to them throwing the net so wide that it threatens justice, democracy, liberty, freedom and privacy.

That is why privacy is important.


The Technical Problem

Here's my technical solution to one aspect of the new legislation. Please see my technical blog for a technique you can use to make your own web proxy using a VPS.

See also this excellent round up of security tools from privacytools.io.

By using a web proxy you can tunnel through the surveillance to somewhere else. Clearly there is still likely to be surveillance in other places, but some countries are much less authoritarian and intrusive than others. The UK is now one of the worst in the World.


Cautionary note

When I first started using a VPS I rented one in Iceland for use as an email server. One of the things I used it for was an email list server for a group campaigning for human rights. After a few months of use I noticed the ping times had increased. When I ran a traceroute I discovered that the route had changed from UK -> Germany -> Denmark -> Iceland, to across the Atlantic to Iceland via Langley, Virginia, home of the CIA. I'm sure the CIA weren't interested in me particularly, and I'm also sure they could have hidden the fact they were monitoring me. They may even have been monitoring someone else, on an adjacent ip address. But don't ever underestimate the security services' ability to spy on you. Even if you are using a VPS in a 'safe' country, the data has to get there from where you are.