Sunday, June 09, 2013

Security and the Price of Liberty

Most of us are familiar with some form of Benjamin Franklin's bon mot, "Those who would obtain a little temporary safety at the price of essential liberty, deserve neither."

It's a truism.  But not much thought is given to what it means in the lives of the citizen in the 21st century.

In May and June of 2013, Americans have been privy to the release of some disturbing state secrets:  The Federal government is collecting metadata on billions of phone calls by Verizon customers:  names of caller and callee, telephone numbers, dates, length of call.  The Federal government is collecting from all major Internet service providers complete text as well as metadata for millions of Americans who daily use gMail, Hotmail, Bing and Google, among other services.

Essentially, "All your digital are belong to us," says Barack Obama.

To a certain extent, the news is not shocking, because most sentient beings have heard rumours about this activity for some time.  The extent, and the blatant disregard for citizens' privacy -- those are shocking.

We citizens have only ourselves to thank.  We didn't have any say in the passage of the Patriot Act after the terrorist attacks in 2001.  But we certainly had a say in the continuing re-election of the legislators who passed that legislation and continued to reconfirm and even expand its scope in the subsequent twelve years.  Democrats and Republicans alike have voted carte blanche access to private activities of American citizens at home.  And voters have regularly given their approval of those votes at the polls.

Now that we're in that situation, what can we do about it?

We do have the technical, practical means to block government access to our information.  We have the technology.  We can make it better than it was.


  • Hushmail.  For nearly 15 years, Hushmail has been providing encrypted email delivery and storage.  You get a respectable amount of service for free; for $50 a year you get the additional ability to plug your hushmail account into desktop clients like Outlook and Thunderbird.  The Hushmail servers are in British Columbia, Canada.  For the US gov't to get access to your mail, it has to go through the Canadian gov't.  And it has to present a valid, legal search warrant to Hushmail in order to get the encryption key needed to read your mail. (HM does not store your key, but on presentation of a valid court order, will implement a method to capture your key when you send a mail; and use it to decrypt any mail surrendered pursuant to the court order.)
  • Silent Circle. Silent Circle provides a suite of encrypted services:  phone, text messaging, video chat, and email.  Within the circle, your communications are encrypted end-to-end.  For SC to work, both sender and receiver have to be "within the circle," i.e., members.
  • Tor. The Tor project provides a secure, anonymous network to connect to the internet.  "Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet."  The Tor browser connects to web sites through the Tor network, thus completely masking the origin of your web traffic.  
  • Orbot. The Guardian Project provides a set of applications and tools for secure data connections on smart phones.  "Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world."  The Guardian Project also provides a secure browser, Orweb; and a secure chat tool, Gibberbot; both built around Orbot.
  • CryptoHeaven. CryptoHeaven provides secure email and messaging with encrypted storage online.  CH provides the ability to send encrypted messages to contacts who are not in the CH security realm using a ask-and-response mechanism, a one-time "key" for an encrypted message.  
  • Penango. Penango provides browser plugins for Firefox and Internet Explorer that allow you to encrypt gMail.  Penango also plugs into desktop clients like Zimbra Desktop.
  • WebPG. WebPG provides extensions for Chrome and Firefox to enable the use of GPG or PGP to encrypt/decrypt and sign emails.
  • DuckDuckGo. DuckDuckGo is an anonymized, non-filtering, non-tracking search engine.  It is available as a Chrome or Firefox extension to override the filtering that is automatically done by Google and Bing and similar search sites.

This is a suggestive, not a comprehensive, list of options.  These tools, and others like them, provide American citizens with the the abilities to inhibit and and, in many cases, absolutely block government access to digital activities.  We do not have to acquiesce in these government intrusions.  In the event that you encrypt your email, chat, file storage, phone calls and searches; what is going to happen if the government really, really wants to know about you?  Its agents are going to show up on your porch and demand that you provide them with the keys to decrypt your data.  You have to be prepared for that unlikely but highly scarifying possibility.  If you're going to crumple like a cheap tent in a breeze at the sight of an FBI badge, all your efforts to keep secret your activities will have been useless posturing.

And this is the crux of the biscuit for citizens:  it's your responsibility to defend your liberty on your doorstep as aggressively as a soldier defends her life in a far-away combat zone.  We are in this mess because too many citizens think that liberty is defended by soldiers and the right to vote is just quaint.  We voted into office the people who are implementing these policies; the only way these policies will change is if those people are voted out.  In the interim, hundreds of thousands or even millions of citizens encrypting their data, anonymizing their digital activities and taking those activities off the grid present a huge road block to the data hungry NSA and associated agencies.

So ... What are you going to do?  Suck your thumb and complain about how "you shouldn't have to do this" -- or do it?  Because, in fact, you absolutely have to take charge of your own actions as citizen.  The government is an aggregation of human beings who will go as far as you, the citizen, let them go.  Bureaucrats and legislators alike will test the limits.  Don't kid yourself -- most of you would do the same, in that position.