Opinion: Rethinking communications in the age of universal surveillance

In fact, with wiretaps directly on global Internet backbones and spy agencies being able to glean large amounts of information on organisations by observing how their data flows, without even having to peer into their content, it will be difficult restore the integrity of electronic communications.

Encryption of data and communications still works to protect communications to some degree.

The Administrative Office of the Courts in the United States notes that last year, some wiretaps failed because they were encrypted.

“Encryption was reported for 15 wiretaps in 2012 and for 7 wiretaps conducted during previous years. In four of these wiretaps, officials were unable to decipher the plain text of the messages.

This is the first time that jurisdictions have reported that encryption prevented officials from obtaining the plain text of the communications since the [Administrative Office] began collecting encryption data in 2001,” the document reads.

However, only four wiretaps could not be decrypted and either way the communications were intercepted along with their meta-data.

From the report, it’s also clear that officials are working hard to break encryption or to bypass it with man-in-the-middle eavesdropping or similar strategies.

As the Guardian, which broke the story about NSA leaker Edward Snowden notes, spy agencies are more likely to be interested in and to intercept encrypted communications, which is stands to reason; there could be something to hide.

The fact that encrypted data makes organisations even greater objects of interests to spy agencies is unfortunate, but shouldn’t deter them from scrambling their communications. The more people and organisations that use strong encryption the harder the spy agencies have to work instead of having a firehose of easily obtained information that can be intercepted without anyone realising it.

What’s more, greater uptake of encryption will lead the development of better and easier ways to do it. For instance, it’s been possible to encrypt Internet email messages for a long time now, with standards such as Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME) and other methods.

Many email clients and systems support encryption too, from the transport layer and down to messages themselves.

When was the last time you received an encrypted email though? And if you did, were you able to read it, or did decryption fail because of some obscure interoperability issue – or a key problem?

Given how important email is personal and business communications, it seems strange that it isn’t encrypted by default. More correctly, that it’s so difficult to encrypt email on a regular basis that most users don’t do it. 

Email, incidentally, is considered in many Western countries to be covered by the fundamental legal principle that safeguards the privacy and secrecy of correspondence. This includes the United States and the European Union and it’s been that way since the Post Office days and the idea was that you should be able to trust the carrier of open messages.

There are some valid arguments for not encrypting email, such as malware attachments and malicious links also being obfuscated and thus putting recipients at risk, and that it reduces government transparency and hinders police investigations.

Those are good reasons not to encrypt email, but they were ignored by the spy agencies which have now undermined the confidentiality of communications they weren't entitled to intercept.

Expect more people and organisations to encrypt messages from now on, with all that it entails.

Living in the era of big bad data

Now, with privacy and secrecy principles actively disregarded by governments and their private contractors often for the purpose of industrial espionage worth billions and to repress freedom of expression, everyone will need to expend more time, resources and money in the hope of staying out of the global automated Panopticon that the Internet has been subverted into.

That it has come to that isn’t perhaps unexpected, but it is disappointing that the Internet could not route around the damage.

One irony of the Internet now effectively being captured is that spy agencies doing so did not and do not use their powers for good.

Leaving aside the contentious question how many terror attacks have actually been prevented by global surveillance (it’s impossible to work out who is telling the truth), have you noticed spam levels drop because spammers have been found and rounded up?

What about hacking, attacks on government and private IT installations and websites? Did they cease because spy agencies vigilantly monitored the Internet for malicious traffic? Some of the Anonymous may have been caught thanks to the surveillance, but that didn’t stop the huge data dumps they orchestrated.

Viruses and malware, banking Trojan horses, romance scams that devastate the lives of so many people; all the rubbish that turns the Internet into a sewer is still with us in ever-larger numbers and represent real threats to our IT systems at every level.

Instead, it appears spy agencies are happy to let that carry on and instead of keeping people, businesses, organisations, entire countries safe, they use the latest exploits to their short-term advantage .

In that scenario it doesn’t matter which side of the fence you’re on because everyone loses. We owe Edward Snowden a thank you for reigniting the debate on what constitutes acceptable information gathering; now we need to take it further and build legal and technical ways to prevent further abuses - and also make the security agencies live up to their names and do the right thing, instead of the opposite.

Copyright © SC Magazine, Australia