PRISM update

One of my greatest concerns around the PRISM scandal was that it would fall foul of our society’s short attention span and disappear when the next news cycle came around but much to my relief and frankly, to my surprise, it didn’t, in fact it even survived the Royal baby cluttering up the news-wire which gave me warm feelings about the health of our culture today.

I’ve been wanting to update this blog over the last few weeks but unfortunately I’ve simply been too busy with work and studies but I have been able to keep up with a lot of PRISM news updates that have been steadily coming out.

Most interesting have been some of the discussions on the twit network, particularly IT security expert Steve Gibson’s ideas on what PRISM actually is and how it works; he makes a very convincing argument that it is essentially a wire-tap on the major Internet companies via their Internet providers, which explains why they can plausibly deny all knowledge but also suggests why the name “PRISM” was used. Unlike wire tapping a phone line in a house, wire tapping a high-speed Internet connection is complicated by the fact they are optical fibers so the fiber needs to be split to siphon off some of the light but not all of it so that Google et al still receive a signal but one that is slightly dimmed by the tap, and of course splitting light is essentially what a prism does!

Although I’ve seen some paranoia that the whole Internet is being tapped I still maintain that this is still infeasible although any traffic that passes to or from the major web sites on the Internet are likely to be monitored in this way which reinforces my earlier proposal that the solution is to diversify our online activities using smaller federated networks as this would make it more difficult to capture all of the traffic using this form of surveillance.

Some of the more disturbing news to come out of all this was surrounding Microsoft’s enthusiastic complicity with Government snoops by installing back doors in their major online services that agencies could use to gain access to their user’s data. Skype was one of the services mentioned which I find interesting because I had suspected this was the case before PRISM after I saw news articles showing Microsoft had introduced changes that basically enabled wire tapping on Skype shortly after their acquisition. Before this Skype had always been designed as a peer-to-peer network that would make it very strong against surveillance. When I first heard this news I ceased using Skype and took up open alternatives such as SIP or Mumble.

Microsoft’s behaviour highlights one of the key arguments against closed source proprietary software. When you can’t see the source code, you can’t be sure what the software actually does so you need to trust the creator of the software that it only does what they say it does. After all this though, can you trust Microsoft any more? I certainly couldn’t but then I never did. Going open source doesn’t just give you control, it’s the only safe way to ensure your software is not working against you and violating your privacy. Fortunately I’m already very embedded in the open source software world, I know the transition is not easy when you have to replace familiar applications with open source alternatives but it’s easier today than ever, there is a wide range of very high quality open source software, a new website prism-break.org provides a list of good alternatives to anyone looking to make the switch.

Although I use Linux and open source almost all the time, I’d like to consider myself pragmatic about it. Use open source when you can, certainly try it and if it’s evens between an open source and closed source product in terms of quality, opt for the open source one on the basis that you can trust it but know when you have proprietary software you have no control over it and you certainly can’t trust it any more than the creator which if the creator is Microsoft then that is “not at all”.

So what have I done in response to all this? A few things but as I said before my time has been limited. I’ll provide a brief run down which may provide you with some inspiration.

I took my email archive offline

I downloaded my messages onto my computer and now only recent email is kept online for which I don’t use a major email provider. My email archive contains messages going back to 2004, I don’t read them often so there’s no need for immediate access. I’ll now periodically download my mailbox into the archive so only a small amount of recent email is at risk of online surveillance.

I stopped using Gtalk/Google Hangouts

I did use Gtalk for chat, and MSN before that, and ICQ before that. All of these are closed proprietary chat networks but now I use XMPP for online chat which is an open, federate network. I run my own XMPP server although there are many more online, I intend to write more about this again soon. I also use IRC which is the granddaddy of chat protocols, it’s also open and there are many networks and applications.

I joined the Open Rights Group

Technological solutions are one thing but politics is also very important. John Oliver hit the nail right on the head on his first episode of the Daily Show as he stood in for John Stewart over the summer, the fact that this is legal is very disturbing and something has gone very wrong in Government to allow this.

The Open Rights Group are a UK political lobbying group who campaign for our rights online doing similar work to the Electronic Frontier Foundation in the US. The ORG are a young organisation but have had a strong start and perform a vital role in lobbying our Government. I support their cause wholeheartedly and from this month pay them £5/month to voice my concerns to the people who can effect change in parliament. This is a tiny amount but so important I encourage you to consider supporting them too.

It’s important though that this doesn’t end yet, there’s a lot of people very angry about all this and will keep it going until we secure the rights past generations had with the postal service and phone networks in the modern online world. It is critical so the Internet can continue to be the promoter of democracy it has been in the past decade, it’s important and we need to fight to keep it that way.