The Death of Privacy

August 9, 2013 4 minutes read

NSA • privacy

My column this week for Medium:

That such a vast, longstanding surveillance system for the Internet exists makes perfect sense when one considers that the military invented the Internet, and thus knows how to monitor it the most effectively. It was never meant to be secure, because the Pentagon never imagined it would grow beyond the scale of safeguarding government data (along with some universities doing research) to become the pervasive presence it is today. The internet’s insecurity is why the U.S. government built alternate internets, called SIPRNet and JWICS — it was the only way to keep secret communications private…

It sounds almost rhetorical, but that question is important to the debate about what the government can or should do with easily accessible data. Even supposedly anonymous systems, like TOR (The Onion Routing network, which was birthed by the U.S. Navy and getsover half its money from the U.S. government), can get cracked openby government agencies and their contractors to uncover criminal conduct, such as the distribution of child pornography. There are workarounds, like using email with strong cryptography, but they’re difficult to use. Most average people either can’t be bothered or can’t understand it.

Read the rest over at Medium. The tricky thing with privacy is that it is possible, but not user-friendly. I can encrypt my emails with what is essentially an uncrackable cipher… if the person I’m emailing also has the capacity to decrypt it. This isn’t just a question of whether they have the password, or can even be bothered to use encrypted email. It is also whether they know how it works — something most people do not (and I’m not referring to how the math of an MD-5 hash functions, but how it can be put into software).

More important, privacy only goes so far as laws allow it. There is no technical workaround for the government legally requiring access to your data, apart from either leaving the country or doing everything under so many layers of encryption and anonymizing server redirects that the experience is laggy and unpleasant. Again: most people literally cannot be bothered to do it.

Though some can. Edward Snowden, for example, used a supposedly secure encrypted email system, Lavabit, to communicate with journalists to leak the NSA’s secrets.In a cryptic message, the owner of Lavabit dramatically (and suddenly) announced he was shutting down the service entirely — ostensibly due to the receipt of either a National Security Letter or a court subpoena ordering he turn over account data to the government.

Silent Circle, which provides anonymous and encrypted chat, texting, phone, and email, also announced it was shutting down its email service — not because it had received any court order, but because they wanted to make sure they never would. In a blogpost announcing the decision, Silent Circle said something very interesting:

Silent Mail has thus always been something of a quandary for us. Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure.

This comes back to what I write about in my piece for Medium. I don’t think we really do have a reasonable expectation to total privacy anymore, or whether we ever did, at least so far as the current techno-libertarian movement conceives of it. Simply put: using someone else’s server, or sending packets out into the internet (which is what all uses of the internet do) is not equivalent to hiding papers in a safe in your house, or being alone with your thoughts. It is a public activity.

That doesn’t mean that it’s good that surveilling routine or political speech happens, but it is silly to pretend it’s some unforseeable consequence of an NSA run amok. As I wrote in my piece, the internet was never designed to be secure or private. And email services, which rely on data being stored at a server that can later be queried, are possibly the least secure method of communication we have.

At the same time, judicial coercion like the National Security Letter — which is issued directly by the FBI without court review and prevents the recipient from even acknowledging it — seems like an astonishing, flagrant inversion of the foundations of our legal system. Six years ago the Washington Post reported more than 3,000 separate abuses of the National Security Letter process, and it’s almost certainly a higher number now. One of the few who can openly acknowledge receiving an NSL, Brewster Kahle, the inventor of the Internet Archive, says it is an exceedingly unpleasant experience.

And yet even Kahle, in response to a question about whether he encrypts his email because of his experience, said, “No, that’s really hard.”