Encouraging Online Privacy

I’ve begun to think on the increasing need for improved online privacy. Once upon a time my mum’s communications didn’t occur on the Internet, now they routinely do. Once upon a time I had a reasonable idea about how secure my communications were, now it seems that governments are doing things like intercepting our SSL traffic in the UK ‘to protect my freedom’. This is rather worrying, there are ways to stay ahead of these invasions of privacy. Looking around the world we’re leading the pack in some ways whilst lagging (massively – China and Iran for example) in others.

I’m toying with writing a book on the subject, looking at all the ways one can protect their privacy online (including browsing securely, easily configuring and using VPNs, avoiding leaving digital fingerprints that can be exploited etc). More at the end. In the UK we already have one of the highest densities of security cameras in the world (guessed to be 1 camera for every 32 people or You Get Photographed Hundreds Of Times A Day In The UK). Now the Government wants to read and record all of our online communications.

Channel 4 carries the story about the UK Government’s increasingly invasive attitudes – “‘Black boxes’ to monitor all internet and phone data“. Sadly this is not a crazily spun story. It does indeed look like the Government is preparing to issue Black Boxes which strip ‘header data’ from all communications which is stored for a year by our ISPs. Other companies have been involved in inserting themselves into the SSL Certificate Chain so that they can seamlessly decrypt the data they intercept. The Government needs a colluding Certificate Provider and a bunch of ISPs (they carry the traffic from your home) who are legally required to comply, then they’re in business. All in the name of anti-terrorist and anti-paedophillia safety.

What’s really interesting is the increasing realisation that the SSL security layer is often poorly implemented (e.g. according to this ongoing analysis only 12.9% of sites using SSL do so securely). SSL rests on the idea that all members of the certificate chain are trustworthy, haven’t made mistakes, haven’t leaked data and aren’t colluding with third parties who are working against our interests. There have been enough breaches to show that the basic idea of ‘fully trusting in SSL’ is a poor idea.

On top of this it seems that we are required by law to hand over encryption keys or face imprisonment if the police believe we have an encrypted file which they wish to read. They do not have to prove that the document is encrypted (the example given is – what happens if I have a file of random numbers used as a seed in experiments?). It rather feels that our liberty loving Government is happy for us to do whatever we like, as long as they can read everything they want, particularly without requiring us to know (via ISPs) that they’re reading our communications. Feels a touch like a Cold War novel, no?

So, I’m toying with writing a book on the subject of protecting and encouraging Online Privacy, currently I just have a Mailchimp mailing list (sign-up here). For the two previous books I’ve written I first gathered emails, then queried to figure out what needs writing, then covered those topics. I’ll do the same here. Topics that I could cover include technical means to protect  one’s communication (e.g. VPNs and Proxys and using them on mobile devices), ways to encourage free speech (e.g. Freenet and Tor), browser plug-ins that improve privacy and a look at all the ways we leave digital fingerprints that may share more knowledge about us than we’d expect (e.g. Facebook likes and photos and contacts, our locations & preferences via Foursquare).

Sign up if you’re curious and tell me what you’d like covered. There won’t be any spam or foolishness, this is a research mailing list to figure out what ought to be covered by a book on Online Privacy. I’ll be collaborating on the book with Balthazar Rouberol.

If you’re not already a member I’d sincerely recommend you check out the UK’s Open Rights Group (I’m Founder #282) and the USA’s Electronic Frontier Foundation.

Ian is a Chief Interim Data Scientist via his Mor Consulting. Sign-up for Data Science tutorials in London and to hear about his data science thoughts and jobs. He lives in London, is walked by his high energy Springer Spaniel and is a consumer of fine coffees.