No encryption? How very rude.

First pub­lished on RT Op-Edge.

It struck me today that when I email a new con­tact I now reflex­ively check to see if they are using PGP encryp­tion.  A hap­pily sur­pris­ing num­ber are doing so these days, but most people would prob­ably con­sider my circle of friends and acquaint­ance to be eclect­ic at the very least, if not down­right eccent­ric, but then that’s prob­ably why I like them.

There are still alarm­ing num­bers who are not using PGP though, par­tic­u­larly in journ­al­ist circles, and I have to admit that when this hap­pens I do feel a tad miffed, as if some basic mod­ern cour­tesy is being breached.

It’s not that I even expect every­body to use encryp­tion — yet — it’s just that I prefer to have the option to use it and be able to have the pri­vacy of my own com­mu­nic­a­tions at least con­sidered. After all I am old enough to remem­ber the era of let­ter writ­ing, and I always favoured a sealed envel­ope to a postcard.

And before you all leap on me with cries of “using only PGP is no guar­an­tee of secur­ity.…” I do know that you need a suite of tools to have a fight­ing chance of real pri­vacy in this NSA-sat­ur­ated age: open source soft­ware, PGP, TOR, Tails, OTR, old hard­ware, you name it.  But I do think the wide-spread adop­tion of PGP sets a good example and gets more people think­ing about these wider issues.  Per­haps more of us should insist on it before com­mu­nic­at­ing further.

Why is this in my mind at the moment?  Well, I am cur­rently work­ing with an old friend, Simon Dav­ies, the founder of Pri­vacy Inter­na­tion­al and the Big Broth­er Awards. He cut his first PGP key in 2000, but then left it to with­er on the vine. As we are in the pro­cess of set­ting up a new pri­vacy ini­ti­at­ive called Code Red (more of which next week) it seemed imper­at­ive for him to set a good example and “start using” again.

Any­way, with the help of one of the god­fath­ers of the Ber­lin crypto­parties, I am happy to report that the fath­er of the pri­vacy move­ment can now ensure your pri­vacy if you wish to com­mu­nic­ate with him.

I am proud to say that my aware­ness of PGP goes back even fur­ther.  The first time I heard of the concept was in 1998 while I was liv­ing in hid­ing in a remote farm­house in cent­ral France, on the run from MI5, with my then part­ner, Dav­id Shayler.

Our only means of com­mu­nic­a­tion with the out­side world was a com­puter and a dial-up con­nec­tion and Dav­id went on a steep learn­ing curve in all things geek to ensure a degree of pri­vacy.  He helped build his own web­site (sub­sequently hacked, pre­sum­ably by GCHQ or the NSA as it was a soph­ist­ic­ated attack by the stand­ards of the day) and also installed the newly-avail­able PGP. People com­plain now of the dif­fi­culties of installing encryp­tion, but way back then it was the equi­val­ent of scal­ing Mount Everest after a few light strolls in the park to limber up.  But he man­aged it.

Now, of course, it is rel­at­ively easy, espe­cially if you take the time to attend a Crypto­party — and there will be inev­it­ably be one hap­pen­ing near you some place soon.

Crypto­parties began in late 2012 on the ini­ti­at­ive of Ash­er Wolf in Aus­tralia.  The concept spread rap­idly, and after Snowden went pub­lic in May 2013, accel­er­ated glob­ally. Indeed, there have been vari­ous reports about the “Snowden Effect”.  Only last week there was an art­icle in the Guard­i­an news­pa­per say­ing that 72% of Brit­ish adults are now con­cerned about online pri­vacy. I hope the 72% are tak­ing advant­age of these geek gatherings.

The US-based comedi­an, John Oliv­er, also recently aired an inter­view with Edward Snowden.  While this was slightly pain­ful view­ing for any whis­tleblower — Oliv­er had done a vox pop in New York that he showed to Snowden, where most inter­viewees seemed unaware of him and uncar­ing about pri­vacy — there was a per­cept­ible shift of opin­ion when the issue of, shall we say, pic­tures of a sens­it­ive nature were being intercepted.

Offi­cially this spy pro­gramme is called Optic Nerve, an issue that many of us have been dis­cuss­ing to some effect over the last year.  In the Oliv­er inter­view this trans­mog­ri­fied into “the dick pic pro­gramme”.  Well, whatever gets the mes­sage out there effect­ively.… and it did.

We all have things we prefer to keep private — be it dick pics, bank accounts, going to the loo, talk­ing to our doc­tor, our sex lives, or even just talk­ing about fam­ily gos­sip over the phone.  This is not about hav­ing any­thing to hide, but most of us do have an innate sense of pri­vacy around our per­son­al issues and deal­ings and this is all now lost to us, as Edward Snowden has laid bare.

As I have also said before, there are wider soci­et­al implic­a­tions too — if we feel we are being watched in what we watch, read, say, write, organ­ise, and con­duct our rela­tion­ships, then we start to self-cen­sor.  And this is indeed already anoth­er of the quan­ti­fied Snowden effects. This is dele­ter­i­ous to the free flow of inform­a­tion and the cor­rect func­tion­ing of demo­crat­ic soci­et­ies.  This is pre­cisely why the right to pri­vacy is one of the core prin­ciples in the 1948 Uni­ver­sal Declar­a­tion of Human Rights.

Les­sons had then been learned from the Nazi book burn­ings and the Gestapo spy state, and pri­vacy was recog­nised as a pre-requis­ite of open demo­cracy. Yet now we see seni­or and sup­posedly well-informed US politi­cians call­ing for the mod­ern equi­val­ent of book burn­ings and fail­ing to rein in the glob­al abuses of the NSA.

How quickly the les­sons of his­tory can be for­got­ten and how care­lessly we can cast aside the hard-won rights of our ancestors.

Edward Snowden, at great per­son­al risk, gave us the neces­sary inform­a­tion to for­mu­late a push back. At the very least we can have enough respect for the sac­ri­fices he made and for the rights of our fel­low human beings to take basic steps to pro­tect both our own and their privacy.

So please start using open source encryp­tion at the very least. It would be rude not to.

Privacy as Innovation Interview

A recent inter­view I gave while in Stock­holm to the Pri­vacy as Innov­a­tion project:

privacy_innovation

German politician wants return to typewriters to evade US surveillance

A com­ment piece from last week on RT about Ger­man politi­cians want­ing to go back to paper-based com­mu­nic­a­tions to evade the US spy panopticon:

de_govt_touts_typewriters

And here is the full text of the inter­view I gave on RT Op Edge:

Both type­writer and strong encryp­tion is going to slow down com­mu­nic­a­tion, but uphold­ing a basic demo­crat­ic right of pri­vacy seems to be more import­ant, former MI5 agent Annie Machon told RT.

Amid the Amer­ic­an-Ger­man espi­on­age scan­dal, Ger­man politi­cians are con­sid­er­ing going back to old-fash­ioned manu­al type­writers for con­fid­en­tial doc­u­ments in order to pro­tect nation­al secrets from Amer­ic­an NSA surveillance.

RT: Why would Ger­many think of using type­writers as a secur­ity measure?

Annie Machon: What I find inter­est­ing is that we have a situ­ation where even our demo­crat­ic­ally elec­ted rep­res­ent­at­ives have to think deeply and ser­i­ously about how to pro­tect the pri­vacy of their com­mu­nic­a­tions, par­tic­u­larly when the invest­ig­a­tion of the very sub­ject of inva­sion of the pri­vacy of the cit­izens, which is what the Bundestag at the moment is doing in Ger­many, try­ing to hold hear­ings to work out what exactly the NSA has been doing, which might be con­tra­ven­ing the con­sti­tu­tion of Ger­many. It is very dif­fi­cult now but it is still pos­sible to pro­tect your elec­tron­ic com­mu­nic­a­tions, but I think this announce­ment, this sort of state­ment by the Bundestag rep­res­ent­at­ive about going back to type­writers is inter­est­ing. It just makes a very strong point that we all need to be aware of the fact that we can be spied on at any time.

RT: Do you think every­one would fol­low Germany’s example?

AM: I think more and more people are con­cerned about their pri­vacy because of the Edward Snowden dis­clos­ures. He has done the world a huge ser­vice with great per­son­al cost, expos­ing the pred­a­tions of the US Intel­li­gence agen­cies and the NSA par­tic­u­larly, as well as a num­ber of European agen­cies. In the past all coun­tries spied on each oth­er because they wanted to gain advant­age over oth­er coun­tries, not neces­sar­ily their enemies, just an advant­age eco­nom­ic­ally or polit­ic­ally. How­ever, what we are see­ing at the moment is the res­ult of what was the per­fect storm for the USA in the 1990s, it was a per­fect oppor­tun­ity for them, because at that point the Cold War had ended, they were the sole remain­ing super­power on the plan­et, and pre­cisely at that moment we had the evol­u­tion of the inter­net, a huge tech explo­sion of com­mu­nic­a­tions. They saw the oppor­tun­ity and they went for it. Of course they did because that meant that they could embed whatever they wanted into the infra­struc­ture that the whole world now uses for com­mu­nic­a­tion. Of course they were not going to turn this oppor­tun­ity down, and they haven’t. That is what Edward Snowden disclosed.

So we have the situ­ation now when everything can con­ceiv­ably be hoovered up by the NSA and its vas­sal states in Europe, everything can con­ceiv­ably be stored for ever and be used against cit­izens in the future if the laws change. And everything can con­ceiv­ably be known amongst the private delib­er­a­tions of our parliament’s demo­crat­ic­ally elec­ted rep­res­ent­at­ives. It’s worse than Orwellian.

It would be naïve to think that the US would not take up this oppor­tun­ity, but of course they did, and these are the res­ults we are liv­ing in. It would be lovely to think that we could go back to the era of hav­ing pri­vacy in our lives that our gov­ern­ments would have power to ensure we had it, but in this glob­al­ized world it is very dif­fi­cult to ensure that. One of the things that is little known out of all Snowden’s dis­clos­ures is the fact that it is not just what we send over the inter­net, it is also hard­ware, the com­puters, the tech­no­logy we actu­ally use that can already be com­prom­ised by the NSA. This is one of the things that came out just after Christ­mas last year. So we are liv­ing in a very com­plex world but there are very simple steps we can take, both the gov­ern­ments and the cit­izens, to pro­tect our demo­crat­ic and our basic right to privacy.

RT:Wouldn’t using type­writers slow things down in terms of com­mu­nic­a­tion? Why not use oth­er, more mod­ern ways of pro­tect­ing communication?

AM: Either going back to using pen paper or type­writer or using very strong encryp­tion is going to slow down one’s com­mu­nic­a­tion, there is no doubt about it. The point is though, what is more import­ant, is it access to the latest celebrity gos­sip on the inter­net or is it actu­ally uphold­ing a basic demo­crat­ic right of pri­vacy. Because if we don’t have pri­vacy, then we lose our free­dom to com­mu­nic­ate eas­ily and in private, we lose our free­dom to ingest inform­a­tion via video, audio or from read­ing, we can­not plan, we can­not con­duct private per­son­al rela­tion­ships over the inter­net. So what is the price of a little bit of incon­veni­ence when it comes to pro­tect­ing our basic rights? I think that how­ever light-heartedly the Ger­man politi­cian men­tioned using type­writers, when it comes to prop­er secur­ity issues with­in gov­ern­ment, he is prob­ably abso­lutely right. Last year there was a report as well, say­ing that some of the Rus­si­an secur­ity oper­at­ors were now using type­writers too. We will all have to think about that, and it’s just a jolt­ing wake up call to make us all think about that by stat­ing that the Ger­man gov­ern­ment is now going back to type­writers for cer­tain things.

RT: What kind of solu­tion do you see? Should people rely on their gov­ern­ments for pro­tec­tion of their privacy?

AM: There is a danger that people and the gov­ern­ment will become very para­noid about try­ing to pro­tect against the pred­a­tions of the NSA and its vas­sals in Europe. How­ever, I’m not sure as we as cit­izens can rely on gov­ern­ments to pro­tect our pri­vacy because all gov­ern­ments would want to know what is going on on the inter­net for legit­im­ate reas­ons as well, to try to track down the ille­git­im­ate crim­in­als and ter­ror­ists. But it can be easy for them to hoover up all the per­son­al inform­a­tion and we, as cit­izens, need that have that guar­an­tee of pri­vacy. So one of the things we can do as cit­izens is to take respons­ib­il­ity in our own hands. We can indeed source all tech­no­lo­gies, source com­puters pre-2008 that have not built-in hard­ware back­doors. We can use decent PGP encryp­tion, we can use Tor to hide what we are look­ing at in the inter­net, we can use oth­er encryp­tion meth­od­o­lo­gies to pro­tect our pri­vacy, and we need to. I think it’s a very inter­est­ing cross­roads in our his­tory, both as civil­iz­a­tions, as demo­cracy and as indi­vidu­als, but also how we view the tech­no­logy, how we use it, how we can bet­ter use it to pro­tect our life, so that is going it be an ongo­ing debate. I’m very pleased to see this in Ger­many par­tic­u­larly. The politi­cians seem to be wak­ing up around these issues and want­ing debate these issues because the USA has got away with it for long enough across the West.