No encryption? How very rude.

First pub­lished on RT Op-Edge.

It struck me today that when I email a new con­tact I now reflex­ively check to see if they are using PGP encryp­tion.  A hap­pily sur­pris­ing num­ber are doing so these days, but most people would prob­ably con­sider my circle of friends and acquaint­ance to be eclect­ic at the very least, if not down­right eccent­ric, but then that’s prob­ably why I like them.

There are still alarm­ing num­bers who are not using PGP though, par­tic­u­larly in journ­al­ist circles, and I have to admit that when this hap­pens I do feel a tad miffed, as if some basic mod­ern cour­tesy is being breached.

It’s not that I even expect every­body to use encryp­tion — yet — it’s just that I prefer to have the option to use it and be able to have the pri­vacy of my own com­mu­nic­a­tions at least con­sidered. After all I am old enough to remem­ber the era of let­ter writ­ing, and I always favoured a sealed envel­ope to a postcard.

And before you all leap on me with cries of “using only PGP is no guar­an­tee of secur­ity.…” I do know that you need a suite of tools to have a fight­ing chance of real pri­vacy in this NSA-sat­ur­ated age: open source soft­ware, PGP, TOR, Tails, OTR, old hard­ware, you name it.  But I do think the wide-spread adop­tion of PGP sets a good example and gets more people think­ing about these wider issues.  Per­haps more of us should insist on it before com­mu­nic­at­ing further.

Why is this in my mind at the moment?  Well, I am cur­rently work­ing with an old friend, Simon Dav­ies, the founder of Pri­vacy Inter­na­tion­al and the Big Broth­er Awards. He cut his first PGP key in 2000, but then left it to with­er on the vine. As we are in the pro­cess of set­ting up a new pri­vacy ini­ti­at­ive called Code Red (more of which next week) it seemed imper­at­ive for him to set a good example and “start using” again.

Any­way, with the help of one of the god­fath­ers of the Ber­lin crypto­parties, I am happy to report that the fath­er of the pri­vacy move­ment can now ensure your pri­vacy if you wish to com­mu­nic­ate with him.

I am proud to say that my aware­ness of PGP goes back even fur­ther.  The first time I heard of the concept was in 1998 while I was liv­ing in hid­ing in a remote farm­house in cent­ral France, on the run from MI5, with my then part­ner, Dav­id Shayler.

Our only means of com­mu­nic­a­tion with the out­side world was a com­puter and a dial-up con­nec­tion and Dav­id went on a steep learn­ing curve in all things geek to ensure a degree of pri­vacy.  He helped build his own web­site (sub­sequently hacked, pre­sum­ably by GCHQ or the NSA as it was a soph­ist­ic­ated attack by the stand­ards of the day) and also installed the newly-avail­able PGP. People com­plain now of the dif­fi­culties of installing encryp­tion, but way back then it was the equi­val­ent of scal­ing Mount Everest after a few light strolls in the park to limber up.  But he man­aged it.

Now, of course, it is rel­at­ively easy, espe­cially if you take the time to attend a Crypto­party — and there will be inev­it­ably be one hap­pen­ing near you some place soon.

Crypto­parties began in late 2012 on the ini­ti­at­ive of Ash­er Wolf in Aus­tralia.  The concept spread rap­idly, and after Snowden went pub­lic in May 2013, accel­er­ated glob­ally. Indeed, there have been vari­ous reports about the “Snowden Effect”.  Only last week there was an art­icle in the Guard­i­an news­pa­per say­ing that 72% of Brit­ish adults are now con­cerned about online pri­vacy. I hope the 72% are tak­ing advant­age of these geek gatherings.

The US-based comedi­an, John Oliv­er, also recently aired an inter­view with Edward Snowden.  While this was slightly pain­ful view­ing for any whis­tleblower — Oliv­er had done a vox pop in New York that he showed to Snowden, where most inter­viewees seemed unaware of him and uncar­ing about pri­vacy — there was a per­cept­ible shift of opin­ion when the issue of, shall we say, pic­tures of a sens­it­ive nature were being intercepted.

Offi­cially this spy pro­gramme is called Optic Nerve, an issue that many of us have been dis­cuss­ing to some effect over the last year.  In the Oliv­er inter­view this trans­mog­ri­fied into “the dick pic pro­gramme”.  Well, whatever gets the mes­sage out there effect­ively.… and it did.

We all have things we prefer to keep private — be it dick pics, bank accounts, going to the loo, talk­ing to our doc­tor, our sex lives, or even just talk­ing about fam­ily gos­sip over the phone.  This is not about hav­ing any­thing to hide, but most of us do have an innate sense of pri­vacy around our per­son­al issues and deal­ings and this is all now lost to us, as Edward Snowden has laid bare.

As I have also said before, there are wider soci­et­al implic­a­tions too — if we feel we are being watched in what we watch, read, say, write, organ­ise, and con­duct our rela­tion­ships, then we start to self-cen­sor.  And this is indeed already anoth­er of the quan­ti­fied Snowden effects. This is dele­ter­i­ous to the free flow of inform­a­tion and the cor­rect func­tion­ing of demo­crat­ic soci­et­ies.  This is pre­cisely why the right to pri­vacy is one of the core prin­ciples in the 1948 Uni­ver­sal Declar­a­tion of Human Rights.

Les­sons had then been learned from the Nazi book burn­ings and the Gestapo spy state, and pri­vacy was recog­nised as a pre-requis­ite of open demo­cracy. Yet now we see seni­or and sup­posedly well-informed US politi­cians call­ing for the mod­ern equi­val­ent of book burn­ings and fail­ing to rein in the glob­al abuses of the NSA.

How quickly the les­sons of his­tory can be for­got­ten and how care­lessly we can cast aside the hard-won rights of our ancestors.

Edward Snowden, at great per­son­al risk, gave us the neces­sary inform­a­tion to for­mu­late a push back. At the very least we can have enough respect for the sac­ri­fices he made and for the rights of our fel­low human beings to take basic steps to pro­tect both our own and their privacy.

So please start using open source encryp­tion at the very least. It would be rude not to.

Privacy as Innovation Interview

A recent inter­view I gave while in Stock­holm to the Pri­vacy as Innov­a­tion project:

privacy_innovation