I was asked – as happens from time to time – for commentary for an upcoming security article. (As also happens from time to time, I have no idea whether the journalist has used it or not. Since the request came via an agency, I don’t actually know the who or where, either, so I feel quite comfortable about expanding on that commentary here…)
In this case, the topic was a report from Silent Circle. I’d be happy to provide a link to it, but I haven’t been able to find one. Apparently, though, the report summarizes the opinions of 1,000 people in the UK regarding privacy, just 12% of whom believed that their cellphone calls and texts remain private. (Not surprisingly, given stories like this. So, inevitably, I was asked whether privacy is ‘a luxury of the past’.
Well, 'privacy' is a relative term in an online world. It's not quite as though every phone call or text is listened to or examined by a human agent in the manner of '1984' - the sheer volume of data is a restriction there - but not much of the information transmitted through various media today isn't available to a number of government agencies when automated filtering suggests that it's of interest, or if legal processes are in place to allow targeted surveillance. That genie is out of the bottle, and getting it back is as feasible as squeezing haemorrhoid cream back into the tube.
It's curious, perhaps, that the study doesn't seem to have mentioned the abuse of telephone services by the media: while most of us are not newsworthy enough to be targeted by ethically-challenged reporters, well-publicized cases in recent years have probably attracted even wider attention than stories about the government surveillance. In any case, it's clear that there is a range of technologies that can be used and misused with sufficient resources and incentive, though the actual take-up of such technologies is probably less than popular TV shows and films might suggest.
It's interesting that 17% were concerned about being monitored by a jealous spouse or husband. I don't know how often this scenario actually plays out, but it does reflect concerns that go further back than the present preponderance of smartphones and other mobile technologies. When I did pro bono consultancy a few years ago for a site where people could ask for IT-security-related advice, one of the most common themes centred on people who believed their PCs and online accounts had been compromised by ex-partners/boyfriends etc. using keyloggers, identity theft and the like.
But what can you do about it?
There isn’t an awful lot the everyday computer user can do about government surveillance apart from exercising their votes (where applicable) and actively lobbying and campaigning for their government to find a better balance between national security/safety and personal privacy. Silent Circle itself has products and services (surprise!) that go some way towards addressing these issues, though I’m not in a position to evaluate them directly. (Of course, some will think that their own government has already found a reasonable balance, and others will be effectively unable to take action without compromising their personal safety: these are issues too big to discuss in a short security blog.)
It is, of course, sometimes possible to make life difficult for intrusive reporters by various legal measures, as well as obvious measures like not using a default PIN for accessing voicemail. While my colleague at ESET, Lysa Myers, has an article on How can domestic violence survivors protect their privacy? addressing some of the issues around digital privacy in the context of various kinds of domestic abuse.
David Harley
Small Blue-Green World
