Time and again people ask me why I don’t involve myself in political activism to stop mass surveillance. My answer is doing so is pointless because no matter how hard you beg the state it will never handicap itself. Case in point, the Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring (USA FREEDOM) Act (I hope a staffer was paid a nice bonus for coming up with that acronym). It has been hailed as a solution to the National Security Agency’s (NSA) mass surveillance practices. However the bill, as so often is the case, does the opposite of what its name implies and advocates claim. Instead of curtailing NSA surveillance the bill codifies it:
After only one hour of floor debate, and no allowed amendments, the House of Representatives today passed legislation that seeks to address the NSA’s controversial surveillance of American communications. However, opponents believe it may give brand new authorization to the U.S. government to conduct domestic dragnets.
[…]
However, the legislation may not end bulk surveillance and in fact could codify the ability of the government to conduct dragnet data collection.
“We’re taking something that was not permitted under regular section 215 … and now we’re creating a whole apparatus to provide for it,” Rep. Justin Amash, R-Mich., said on Tuesday night during a House Rules Committee proceeding.
“The language does limit the amount of bulk collection, it doesn’t end bulk collection,” Rep. Amash said, arguing that the problematic “specific selection term” allows for “very large data collection, potentially in the hundreds of thousands of people, maybe even millions.”
In a statement posted to Facebook ahead of the vote, Rep. Amash said the legislation “falls woefully short of reining in the mass collection of Americans’ data, and it takes us a step in the wrong direction by specifically authorizing such collection in violation of the Fourth Amendment to the Constitution.”
Political activism can’t solve problems. At most is can be used to convince the state to rewrite its rules, and then only temporarily, so that it can continue doing the same thing but claim it isn’t. The only way widespread surveillance can be curtailed is if every one of us begins encrypting all of our communications. Even if some of us utilize weak cryptography it will still increase the overall cost of operating the system. Clear text requires no resources to read. Weak cryptography still requires some resources to identify the algorithm(s) used and to reverse them. Furthermore the text of any encrypted communication is unknown to the eavesdropper until it’s unencrypted. Strong cryptographic tools, on the other hand, are practically (as in the time required is longer than the information’s usefulness) impossible for spies to crack.
Stop begging the state to neuter its spying capabilities and take back your privacy. A good place to start is to begin utilizing tools that allow secure communications.
Thanks for the link! And yes, just as you say, it’s up to us to keep our information private; hoping for the government to regulate itself is a pipe dream.
For off-site file storage, PGP and some other applications are apparently very secure, but they don’t hide the fact that encrypted data exists. As things get worse, I expect the government to strong-arm people into revealing their keys so its appointed thugs can pore over anything they please. Against such criminals, steganography is superior, as it hides private data inside music or image files, with plausible deniability that anything is being hidden. The trade-off is about a 10x increase in file size, so it’s best used to conceal non-gigantic files.
TrueCrypt actually enables plausible deniability by allowing uses to create a hidden container inside of a container. So you can create a TrueCrypt volume, store some important stuff that you don’t mind revealing if under duress, and put the really important stuff in the hidden container.
But I agree, anonymity is an important piece of the puzzle. The key is to make sure your encrypted data cannot be tied to your real-life identity. Steganography is one option, uploading encrypted data to an anonymous file server (one not tied to your real-life identify in any way) over Tor is another.
I use TrueCrypt but don’t consider the hidden container to be a major feature. I’d rather stuff my data into a file where, suddenly no secret information exists at all. Encryption? What’s that? 😉
There are rumors that Tor has been compromised, but I agree, anonymity is another option. If it works and isn’t a major pain to use, it’s probably the best option of all. I guess I consider hiding something in plain sight to be more fun, though…
I’m a fan of always giving them a little something to hopefully placate them enough where they won’t kill you (everybody has secrets so the question becomes whether you give them secrets you’re secretly OK with having made public or denying you have any secrets while they beat a confession out of you). And the image files that are notable larger than files of that size ought to be might tip them off. 😛
There are always rumors that a widely used security tool is compromised. But the documents leaked from the NSA lead me to believe Tor is secure since it was listed as something the NSA had no notable luck in cracking.