For Privacy Open the Source & Close the Back Door

There is no surprise in the many recent corporate self-admissions that they too have given our private information. After all, they got us to release our privacy to their care with barely a flick and a click. As a direct consequence – and without need of oversight through lawful warrant or subpoena – Internet service providers (ISP) and tele-communications service providers are compelled to release our pen registers, profiles, email and stored files to host location authorities (e.g., local, state and federal agencies) everywhere in the world when requested. The corporations can, will and have freely, willing and routinely provided our private data, stored on their servers or clouds, upon request. And any will decipher our encrypted private data to assist such surveillance if they can. It is all done with our expressed permission.

A 2012 study I read about in The Atlantic estimates that we each would have to spend about 200 hours a year (that is 78 work days with a calculated cost of $781 Billion to GDP) to actually read all the privacy policies we have accepted. At the same time, the word count in privacy policies is going up, further reducing the likelihood that they will be read and understood. In my opinion, the so purposed design of privacy policies – to make it so easiest to accept without reading – demonstrates the Internet’s ability to coerce the user into acceptance.

“Its OK, I have nothing to hide,” you might be thinking. And to that, “It won’t hurt a thing,” is often added to those same fallacious rationalizations. That sort of thinking is continuously exposed for what it is by the stinky announcements that gigantic globs of our personally identifiable information (PII) stored on corporate servers have been leaked to the bad guys through massive and mysterious spigots lurking in some company’s data. The leaks signal the reminder that government mandated surveillance back doors in the data center (DC) and central office (CO) architectures help provide the weakened security upon which Internet hackers rely.

Thanks to the server back doors, criminals and marketers enjoy the same back door transparency without accountability as do government agents or anyone else that somehow has access through the back door. Truth be told, marketers have better back door access than government agencies in many cases. This is generally the case when you deal with any free service or web site that boasts they “do not save your data”. What they usually do is mine it as come through and distribute some part directly to a third, fourth, fifth, etc. party for harvest. Unauthorized outsiders and criminals often rely upon masquerading as an administrator, marketer or possibly a government agent at the back door.

So it is.

Back doors of any stripe undermine security. Exploiting server back doors is a common objective of marketers, sellers, executives, governments, employees, hackers, crackers, spies, cheats, crooks and criminals alike. The attraction is that there is no way for you to tell who is standing at the back door or who has ever accessed your PII data at the server. While intrusion detection and logging practices have improved over time, it lags in uptake of state-of-the-art technologies. At the same time, the talents of intruders have not only kept pace with but often are defining the state-of-the-art.

Computing back-doors are not a new phenomenon. By could by now be raising our children to fear root kits as if by instinct. Root kits are just back door knobs.

Cookies? Trojans? Worms? Other so-called malware – especially when the malware can somehow communicate with the outside world. It all fits out the back door. SQL Injection? Cross-site scripting? Man-in-the-middle attacks? Key-loggers? Just back doorways.

I need to take it one step further though. To a place where developers and administrators begin to get uncomfortable. Scripting languages (PowerShell, c-shell, CL, T-SQL, VBA, javascript, and on and on and on) combined with elevated administrative authority? All free swinging back doors.

That’s right! Today’s central offices, data centers, and by extension cloud storage services – are severely and intentionally weakened at their very foundation by mandated back doors that have been tightly coupled to the infrastructure for dubious reasons of exploitation. That’s nuts!

Whats worse? We the people – as consumers and citizens – pay the costs to maintain the very electronic back doors that allow all comers to effortlessly rob us of our earnings, identities and privacy. What suckers!

And we provide the most generous financial rewards in society to the executives – and their politicians – that champion the continuation of senselessly high risk configurations that burp out our private information to all comers. That’s dumb.

~~~~~

So, how did we get here? It started way before the PATRIOT Act or September 11, 2001. The process has served to advantaged government and – in exchange for cooperation – business with little transparent deliberation and much politically bi-partisanship. Both corporate and political access without accountability to user PII has been serviced at the switch in Signal System 7 for as long as there have been such switches and at the server for as long as there have been servers.

To wit, Mssr. A. G. Bell, and Dr. Watson I presume, incorporated AT&T in 1885.

To implicate contemporary corporate data stewards, all one need do is look at the explosion in so called “business intelligence” spending to see user data in use in ways that does not serve the interests of or, in any other way, benefit the user. Most often the purpose is to aid others to make more money. I leave it to you to decide how other’s might profit from your data.

Some act without any degree of ethical mooring. There is a driven interest, by most corporations that can afford the up front infrastructure costs, to use all the data at their disposal in every way imaginable in the quest to lift the bottom line and it is done regardless if it is a people harming virtue of capitalism. The only thing that matters to a Corporation is profit. I mean, who would ever sell cigarettes using advertising filled with sexy beach scenes and handsomely rugged cowboys but knowingly forget to mention that smoking cigarettes is one of the worst things you could ever do to yourself? This intention to mine your data for behavioral advertising purposes is one of the topics you could have read a few words about deep under that “I have read” button you magically uncovered and thoughtlessly clicked through when presented the chance to read those pesky privacy policies first. To late now…

The legislation and adjudication in opposition to government mandated communication back doors in the US can be followed back to the bootleggers during Prohibition. In 1928 the Taft Supreme Court (Hoover was the President) decided (5-4) that obtaining evidence for the apprehension and prosecution of suspects by tapping a telephone is not a violation of a suspects rights under the 4th or 5th Amendments to the US Constitution.

The Communications Act of 1934 (Roosevelt) granted oversight of consumer privacy to the newly created Federal Communications Commission (FCC).

Beginning in the 1960’s, with no real concern evident among the people, television revelations began weekly broadcasts showing how Opie’s Pop, Sheriff Andy, could listen in on your phone calls or find out who you had talked with and what you had said in past phone conversations. All he had to do was ask Sarah at the phone company.

Alas, in 1967 the Warren Supreme Court (Johnson) overruled the 1928 decision (7-1) and said the 4th Amendment does in fact entitle the individual to a “reasonable expectation of privacy.” This was widely thought to mean government agents had to obtain a search warrant before listening in on a phone conversation. However, the erosion of privacy at the confluence of surveillance and profit has since become a muddy delta.

All privacy protection during “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo-electronic or photo-optical system that affects interstate or foreign commerce” were revoked in the US – in a bi-partisan fashion – as the Electronic Communications Privacy Act (ECPA) of 1986 (Reagan). ECPA effectively expanded the reach of the Foreign Intelligence Surveillance Act (FISA) of 1978 (Carter) to include US Citizens: heretofore protected by the Bill of Rights from being spied upon by the US government.

No one I know had an email address in 1986. So no one cared that ECPA stripped American citizens of their email privacy. No one I know does not have an email address in 2013 (Update April 1, 2017: free email is now on life support and about to die – an abortion would have been so much better for everyone). Still, few seem alarmed that there has been no electronic privacy in the US since 1986. Judging by the popularity of the Internet-as-it-is and in the light of the unrelenting and truly awful stories of hacking resulting in travesties from identity theft to stalking to subversion of democracy coming to the fore every day, perhaps nobody even cares?

But it continues to get worse for you and I. With the Communications Assistance for Law Enforcement Act (CALEA) of 1994 (Clinton), the full burden of the costs to provision and maintain an expanded ECPA surveillance capability was thrust upon the service provider. I leave it, again, to you to decide how service providers funded the levee (hint: profits are up). Beginning explicitly with CALES, providers are now required to build data centers – and System 7 COs, cellular networks, SMS, etc. – with a guaranteed and user friendly listening ability for surveillance agents working under ECPA authority: the free swinging back door became a government mandate.

The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT ACT) of 2001 (Bush 2) removed any need to notify an individual that they had been under surveillance until and unless authorities arrest and charge that individual. The burden of electronic privacy was placed squarely on the individual. Privacy officially died. Not that things really changed all that much.

Even now agencies play games under the cover of the USA PATRIOT ACT by charging US non-citizens and holding and torturing them as desired in indefinite detention in offshore facilities sometimes, perhaps in part to avoid having to disclose methods should some matter ever come to trial? I have no way to know exactly what they are doing, but the pattern of escalating surveillance permissiveness in legislation combined with the steady leaking of heinous truths over time suggest that it is only a matter of time before the ability to hold citizens without charge becomes an effective sledge hammer methodology for agencies and, then, the local police. History is quite clear that such detainment will be used and will be used inappropriately.

Still the politicians remained unsatisfied? In 2008, FISA was amended to effectively eliminate the distinction in agency surveillance of an enemy combatant and a citizen. Now, indeed, everyone, citizen and non-citizen alike, is ‘the enemy’ through the FISA visor. FISA Amendment changes continue to ripple through ECPA, CALEA and US PATRIOT ACT regulations in an expansion of authority to a force already claimed by its bureaucratic leadership to be stretched too thin to be able to keep track of what they are doing accompanied by a decrease in already inadequate and faltering judicial oversight now made less transparent and less accountable than is necessary for an effective and democratic “rule of law”.

In 2006 and then again in 2011 the US PATRIOT ACT regulations that were supposed to expire because they would make the country safe enough in a limited time to not be needed in the future were extended… and re-extended.

Recently the NSA claimed it would violate our privacy if they secretly told even to two US Senators authorized for NSA oversight approximately how many citizens they had electronically spied on. Why is that not disturbing to most? It is worth noting that the Generals of the NSA – yes, the US Military call the shots on the privacy for all American Citizens – made it clear at that time that perhaps no-one has a way to tell who has and has not been electronically spied upon – as an alternative way to explain why they could not answer the Senators’ question.

It might be OK if privacy had been fairly traded for security, but that has not happened. Instead, the government has given our privacy to these unaccountable agencies and the terrorism continues. The police and other agencies are arriving only in time to clean up the mess, spending shit loads of the public’s money putting on a good show for the cameras, and spinning the truth about how much these laws are helping. They may be getting better at stopping the second terror attack of a particular stripe, but that is only valuable to society when the bad guys repeat a type of attack. So far, that is not happening. The agencies are being pwned big time and don’t even notice because they are too busy reading our email.

The 4th Amendment is, for all intents and purposes, null and void – unless you have a bigger gun. The 9th Amendment is now about exceptions and exclusion to rights instead of the protection of rights not named elsewhere in the Bill of Rights as the unchanged text of the amendment would suggest. If I understand correctly, even the 1st Amendment has been struck. I’m not a constitutional expert, but I am 100% positive privacy is out the window like a baby toy and now we are now too far down that road to even think about going back to find it.

Our government is now self-empowered to spy on the people, self-evidently convinced it must spy on the people and self-authorized to exterminate its own citizens without the process of law we are told is due every citizen. This is territory most inconsistent with the Constitution of the United States as I understand it and wholly unacceptable to the vast majority of the citizenry with knowledge of the matter as far as I can tell. Indeed, what people on earth should tolerate such governance?

 

Update August 22, 2015. The USA FREEDOM Act of 2015 (Obama) stirs the muddy waters of privacy but in the end is little more than a re-branding effort that hopes to squelch the post-Snowden outcry against mass surveillance.

~~~~~   

So, what can be done? Here are some guiding principles for anyone seeking to take back their online privacy. It ain’t pretty:

  1. There is no plan to delete anything. Never write, type, post or say anything [on-line] you do not want others to see, read, overhear or attribute to you. Anything you put on the Internet just may be out there forever. IBM has boasted the ability to store a bit of data in 12 atoms. Quantum data storage is just around corner. MIT suggests that Quantum computing (@ 2 bits per atom) will be in Best Buy by 2020. And search technology is making orders of magnitude larger strides than storage technology.
  2. You cannot take anything back. Accept that all the information you may have placed online at any time – and all so called ‘pen registers’ that document your interactions during placement – does not belong to you. Sadly, you may never know the extent of compromise this not-yours-but-about-you data represents until it is too late to matter. The single most important action you can take to safeguard what little is left of your privacy – from this moment forward – is to use only peer reviewed Open Source privacy enabled software when connected to the Internet and to deal only with that respect your privacy. But where are those capitalist?
  3. Stop using social web sites. There are many ways to keep track of other peoples’ birthdays. There is not much worth saying that can be properly said in one sentence or phrase and understood by boodles of others. Makes for good circus and gives people something to do when there is nothing appealing on TV but not good for communication or privacy. But combine the keywords from your clucks, demographics from your birthday reminder list and your browsing history and it is far more likely that you can be effectively ‘advertised’ into a purchase you had not planned or researched the way you likely had claimed you always do. Such behavior inducing advertising, in essence cheapens life while it makes a few people a lot of money.
  4. Avoid web sites that know who you are. Search engines and portals, like all free-to-use web sites, get their money by looking through donations and fundraising else through the back door by keeping and reselling the history. Maybe forever? This data is not generally encrypted, nor even considered your data (oops, there goes that pesky Privacy Policy again).  Nonetheless, anyone that can hack into this not-your-data has the information needed to recreate your search history and, in all likely hood, to identify you if so desired. Corporate data aggregations and archives, so-called data warehouses – often leave related data available for business analysts, developers, network engineers, and any sneaks who might find a way to impersonate those behind the scenes insiders, through a nicely prepared user interface that can drill-down from the highest aggregations (e.g. annual corporate sales or population census data) to the actions and details of an individual in a few clicks. Once ordered, organized, indexed and massaged by high powered computers, this data remains ready for quick searching and available in perpetuity.  Protect your browsing history and searches from as much analysis as possible – a favorite pen register classed surveillance freebie for governments (foreign & domestic), marketers, and criminals alike. One slightly brutal way might be to surf only from freely accessible public terminals and never sign-in to an online account while surfing from that terminal. An easier and open source but still more work than not caring way may be to hit Tor’s onion servers using FireFox and Orbot from your Android device or the Tor browser bundle from your Linux desktop or thumbdrive. (We have no way to know if the Windows or Mac desktop are backdoor-ed. ). You could even combine the two approaches with tails – assuming you can even find a public kiosk or Internet Cafe that will let you boot to tails. A VPN from home would work well too, if you can be certain the VPN provider holds your interest and privacy above more profits.
  5. Use only open source software that you trust  Avoid all computer use, especially when connected to the Internet, while logged in with administrator or root authority. Particularly avoid connections to the Internet while logged in with the administrator or root credentials. Avoid software that requires a rooted smartphone or a local administrator login during use.
  6. adopt peer-to-peer public key cryptography 
    1. securely and safely exchange public keys In order to have confidence in the integrity of the privacy envelope of your communications and exchanges with others.
    2. exchange only p2p encrypted emails Never store your messages, even if encrypted by you, on a mail server else you forgo your right to privacy by default. I think US law actually says something like when your email is stored on somebody else’s mail server it belongs to that somebody else not to you. Even Outlook would be better, but Thunderbird with the Enigma OpenPGP add-in is a proven option for PGP encryption using any POP account. The hard part will be re-learning to take responsibility for your own email after becoming accustomed to unlimited public storage (and unfettered back door access). It will also become your responsibility to educate your friends and family about the risks to convince them to use peer-to-peer public key cryptography and secure behaviors too. Until then your private communications to those people will continue to leak out no matter what you do to protect yourself.
    3. exchange only p2p encrypted messages For SMS text, investigate TextSecure from Open WisperSystems. I don’t have a suggestion for SMS on the desktop.  For other messaging check out GibberBot that connects you through the Tor network on your Android device. If used by all parties to the chat, this approach will obfuscate some of your pen registers at the DC and all of your message text. Installing Jitsi adds peer-to-peer cryptography to most popular desktop Instant Messaging clients. Jitsi does not close any back doors or other vulnerabilities in IM software. Your pen registers will still be available at the server and attributable to you but your private information will only be exposed as encrypted jibberish. Using the onion servers with Jitsi or GibberBot will help obfuscate your machine specific metadata but the IM server will still know it is your account sending the message. Security experts seem convinced that Apples loudly advertises the iMessage back-door: http://blog.cryptographyengineering.com/2012/08/dear-apple-please-set-imessage-free.html
    4. exchange p2p encrypted files If you get A. right, this will be a breeze.
    5. exchange p2p encrypted SMS messages else avoid SMS.  I had briefly used TextSecure from Open WisperSystems on Android 4x. I don’t have a secure tested Windows or Linux desktop suggestion for SMS.
    6. exchange p2p encrypted voice communications While web phone Session Initiation Protocol (SIP) providers are subject to the same pen and tap logging rules as all other phone technologies. The biggest practical differences between SIP and good old System 7 or cellular switching is the open source software availability and throughput potential. With SIP several open source apps are available now built upon Zimmerman’s Realtime Transport Protocol (ZRPT) for peer-to-peer encryption of SIP-to-SIP multimedia capable conversations. I know Jitsi includes ZRPT by default for all SIP accounts registered. When a call is connected the call is encrypted, but ONLY if the other party to the call is also using a ZRPT peer. tforo
  7. avoid trackers, web bugs and beacon cookies Cookies are tiny files. They are an invaluable enhancement for user experience that don’t get wiped from your machine when you leave the page that dropped the cookie. Cookies have become impossible to manage manually because there are so many and because many cookie bakers try to make it difficult for you to determine the ingredients of their cookies on your machine that fills with your data. That is so creepy. What could go wrong? But tracker cookies are worse than most They keep collecting your data even after you leave the baker’s web site and disconnect from the Internet. Then, every chance they get when you next connect to the Internet, these cookies will gather more data from you and ever so slyly transmit your data out to their death star . Lots of trackers come in or as advertisements, though most are simply invisible to the unaware user. One classic beacon cookie is a picture file with no image, just a tracked data collector, yet done in a way that convinces most (all?) tracker detectors of it’s innocence. However, it would be foolish to characterize trackers as ever built one way or another. The design goal is and will always be to not look like a tracker. In today’s world, I believe it safe say that the tracker builders continue to have an easy time of it toand are one giant step ahead of the tracker trackers. I have AdBlock Plus, Ghostery Disconnect and the EFF’s Privacy Badger running on the desktop browser I am using to edit this old page. AdBlock Plus finds 4 adds but blocking has to be off or I am not able to edit the blog post. Ghostery finds 3 web bugs and Privacy Badger identifies 7 trackers or for this page.  Disconnect finds 27 request for my data from a variety of sources. Privacy Badger sees 16 potential trackers and blocks all but three. The thing is Disconnect has 19 request sorted under a ‘content’ category that are not blocked and if I try blocking any of them, the free WordPress weblog breaks,  Google and twitter both seem to have trackers on me that neither Privacy Badger or Disconnect blocks by default by default on my browser. Could be I made the wrong choice on some google policy 11 years ago, could be I was drunk the other day and clicked on accept so I could get to the porn faster, or could be Google or WordPress imposes this unblocked condition. Could even be that they are benign cookies and my tracker trackers know it, though I mostly doubt any scenario other than they seek to send my data back to the server.

As you can see, effective tools are not really available to protect on-line privacy short of end-to-end encryption. What’s more, the bad guys are already using all the tools to keep them undetected! The challenge for us is a human behavioral issue that ultimately demands little more than awareness of what is happening around your and a willingness to cooperate in a community of other’s in search of privacy. Could be that cooperation alone is the overpowering impediment in these polarized times. Oddly, most find it easier to trust Google and Facebook than to trust the people they know. Only if everyone in the communication values privacy and respects one another enough to move together to a peer-to-peer public key cryptography model using widely accepted and continuously peer reviewed software can that software hope to find a satisfactory digital privacy.

We must start somewhere.

I repeat, the bad guys made the changes long ago so your resistance serves only your demise and the ability of others to profit from your data until that time.

Sadly, I’m not at all sure how to convince anyone that spends time on Facebook, Twitter and that lot not flock toward the loudest bell. You’ll are throwing your privacy to the wolves. With each catastrophe perpetrated by the very bad guys that the rape of our privacy was supposed to protect, the media immediately and loudly lauds the police and other agencies for doing such a great job and proclaims how lucky we are to have them freely spying upon our most personal matters. The agencies, for their part, continue to bungle real case after real case yet maintain crafty bureaucratic spokespeople to pluck a verbal victory from the hind flanks of each shameful defeat of our privacy. Turns out the agencies don’t even use the pen registers and tap access for surveillance they claim to be crucial. Instead it is a helper when sweeping up the mess left behind by the last bad guy that duped them. Why are the agencies not preventing the horrible events as was falsely promised during the effort to legitimize their attacks on our personal privacy?

For genuine privacy, all people in the conversation must confidently and competently employ compatible p2p cryptography. That’s all there is to it. Until folks once again discover the fundamental value in private communications and public official transparency, public accountability is beyond reach.. and your privacy and my privacy will remain dangerously vulnerable.

Advertisements
This entry was posted in Code Review, Privacy, Secure Data. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s