PRISM update

One of my greatest concerns around the PRISM scandal was that it would fall foul of our society’s short attention span and disappear when the next news cycle came around but much to my relief and frankly, to my surprise, it didn’t, in fact it even survived the Royal baby cluttering up the news-wire which gave me warm feelings about the health of our culture today.

I’ve been wanting to update this blog over the last few weeks but unfortunately I’ve simply been too busy with work and studies but I have been able to keep up with a lot of PRISM news updates that have been steadily coming out.

Most interesting have been some of the discussions on the twit network, particularly IT security expert Steve Gibson’s ideas on what PRISM actually is and how it works; he makes a very convincing argument that it is essentially a wire-tap on the major Internet companies via their Internet providers, which explains why they can plausibly deny all knowledge but also suggests why the name “PRISM” was used. Unlike wire tapping a phone line in a house, wire tapping a high-speed Internet connection is complicated by the fact they are optical fibers so the fiber needs to be split to siphon off some of the light but not all of it so that Google et al still receive a signal but one that is slightly dimmed by the tap, and of course splitting light is essentially what a prism does!

Although I’ve seen some paranoia that the whole Internet is being tapped I still maintain that this is still infeasible although any traffic that passes to or from the major web sites on the Internet are likely to be monitored in this way which reinforces my earlier proposal that the solution is to diversify our online activities using smaller federated networks as this would make it more difficult to capture all of the traffic using this form of surveillance.

Some of the more disturbing news to come out of all this was surrounding Microsoft’s enthusiastic complicity with Government snoops by installing back doors in their major online services that agencies could use to gain access to their user’s data. Skype was one of the services mentioned which I find interesting because I had suspected this was the case before PRISM after I saw news articles showing Microsoft had introduced changes that basically enabled wire tapping on Skype shortly after their acquisition. Before this Skype had always been designed as a peer-to-peer network that would make it very strong against surveillance. When I first heard this news I ceased using Skype and took up open alternatives such as SIP or Mumble.

Microsoft’s behaviour highlights one of the key arguments against closed source proprietary software. When you can’t see the source code, you can’t be sure what the software actually does so you need to trust the creator of the software that it only does what they say it does. After all this though, can you trust Microsoft any more? I certainly couldn’t but then I never did. Going open source doesn’t just give you control, it’s the only safe way to ensure your software is not working against you and violating your privacy. Fortunately I’m already very embedded in the open source software world, I know the transition is not easy when you have to replace familiar applications with open source alternatives but it’s easier today than ever, there is a wide range of very high quality open source software, a new website prism-break.org provides a list of good alternatives to anyone looking to make the switch.

Although I use Linux and open source almost all the time, I’d like to consider myself pragmatic about it. Use open source when you can, certainly try it and if it’s evens between an open source and closed source product in terms of quality, opt for the open source one on the basis that you can trust it but know when you have proprietary software you have no control over it and you certainly can’t trust it any more than the creator which if the creator is Microsoft then that is “not at all”.

So what have I done in response to all this? A few things but as I said before my time has been limited. I’ll provide a brief run down which may provide you with some inspiration.

I took my email archive offline

I downloaded my messages onto my computer and now only recent email is kept online for which I don’t use a major email provider. My email archive contains messages going back to 2004, I don’t read them often so there’s no need for immediate access. I’ll now periodically download my mailbox into the archive so only a small amount of recent email is at risk of online surveillance.

I stopped using Gtalk/Google Hangouts

I did use Gtalk for chat, and MSN before that, and ICQ before that. All of these are closed proprietary chat networks but now I use XMPP for online chat which is an open, federate network. I run my own XMPP server although there are many more online, I intend to write more about this again soon. I also use IRC which is the granddaddy of chat protocols, it’s also open and there are many networks and applications.

I joined the Open Rights Group

Technological solutions are one thing but politics is also very important. John Oliver hit the nail right on the head on his first episode of the Daily Show as he stood in for John Stewart over the summer, the fact that this is legal is very disturbing and something has gone very wrong in Government to allow this.

The Open Rights Group are a UK political lobbying group who campaign for our rights online doing similar work to the Electronic Frontier Foundation in the US. The ORG are a young organisation but have had a strong start and perform a vital role in lobbying our Government. I support their cause wholeheartedly and from this month pay them £5/month to voice my concerns to the people who can effect change in parliament. This is a tiny amount but so important I encourage you to consider supporting them too.

It’s important though that this doesn’t end yet, there’s a lot of people very angry about all this and will keep it going until we secure the rights past generations had with the postal service and phone networks in the modern online world. It is critical so the Internet can continue to be the promoter of democracy it has been in the past decade, it’s important and we need to fight to keep it that way.

PRISM round-up

Other commentary

What to do about PRISM?

It really should come as no surprise. For years the Internet has been consolidating so that billions of people now concentrate their online life onto a few “free” networks controlled by major US corporations, and now we find that Governments have been actively exploiting this in a mass domestic surveillance spying programme. The unfortunate truth is that this was just waiting to happen since it became apparent that too many people are putting too much of their private lives in the hands of too few companies. Companies whose interests, like any business, are towards serving their shareholders, their Governmental masters and their customers, who are not their non-paying users. So what can we do about this?

“When you are not paying for something, you are not the customer, you are the product.” – Internet Proverb

Decentralise

The Internet is big, there are many alternatives out there, they might be less convenient but by simply spreading out your online activity you are gaining a lot of your privacy back. Put your events, calendars, documents, photos, emails, instant messaging and status updates in several different places so that gathering them all together would require a much larger programme than we understand PRISM to be. Reinforce this by using smaller, independent web services that are less likely to get tapped, make the economies of scale work in your favour.

Federate

Decentralising does lose some of the benefits of integrated online applications, however that doesn’t need to be the case. Federation is the concept of using common standards to allow services to exchange data across the internet. It breaks down silos and enables a more diverse Internet that is more resilient against Government oppression and failure of individual online service providers. Email is the prime example, you can send an email to anyone using many different applications, operated by anyone and it works! Instant messaging is federated too using XMPP, Google federated Gtalk and Wave using it but now they are pushing their users onto their Hangouts service that is a walled garden as just more damning evidence of their falling interests in an free and open Internet.

Be demanding

Don’t blindly accept services which don’t support your freedom and privacy. Demand the ability to export your own data; demand the ability to communicate outside of their networks; demand open source so their software has no hidden surprises. If they don’t meet these demands, don’t use them and keep looking, there will be another one out there.

I’m not claiming to be perfect, but join me in retaking our privacy, I know what I’ll be doing and I’ll update this blog to explain how I’m doing it.