Chatting in Secret
The Intercept has an article entitled Chatting in Secret While We’re All Being Watched that’s a good read for anyone interested in how to keep communications private. It was written by Micah Lee, who works with Glenn Greenwald to ensure their communications with Edward Snowden are private.
Even if you don’t want to read the detailed technical instructions on how to go about it, at least read the first part of the article that explains at a high level how communications can be intercepted, and the steps needed to stop that risk.
Communicating in secret is not easy. It takes effort to set it up, and it’s easy to slip up along the way. As is usually the case in any kind of security – physical or electronic – it’s about raising the difficulty level for someone to breach the security. The more efforts someone might take to try to intercept your communications, the more work it takes to keep it secret. For example, you raise the sophistication level of the thief who might burglarize your house as you increase security – from locking your doors, to deadbolts, to break resistant glass, to alarms, etc. It doesn’t take much extra security to make the thief go to another house, but it may take a lot more if a thief wants something specific in your house .
Edward Snowden’s communications, for example, require very diligent efforts, given the resources that various authorities might use to intercept those communications.
For the record, I think Snowden should be given a medal and a ticker tape parade, not jail time. I recommend watching Citizenfour, the documentary about Snowden that won the Academy Award for Best Documentary Feature at the 2015 Oscars. Also to read security expert Bruce Schneier’s book Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. Another book to put this into context in Canada (based on my read of the introduction – I haven’t made it farther than that yet) is Law, Privacy and Surveillance in Canada in the Post-Snowden Era, edited by Michael Geist.
I challenge anyone to watch/read those and not be creeped out.
Creeped out — and depressed. Just think about it for a moment: all — all — of our online behaviour is being surveilled. We have slid incrementally from a situation where privacy was the norm to one where the panopticon has five eyes and they’re on all of us. And this piece doesn’t even get to whether you can secure telephonic communication, surely an even more common means of communication for lawyers. It’s well past time for law societies in conjunction with the CBA to plan and develop and maintain robust techniques and, if necessary, apps and hardware, to keep members’ communications private and confidential, a prime requirement in practice. In my view, law has two principal functions in society: to assist in the creation of wealth and to act as a counterweight to power (corporate or state), and of these the latter is the more important. The ability to communicate without fear of eavesdroppers and spies is essential to this critical role.
“[L]aw has two principal functions in society: to assist in the creation of wealth and to act as a counterweight to power (corporate or state)”. Perhaps the function of law as a counterweight to power (corporate or state) might be more effective were the function to be to ensure the prospering of the many rather than assisting in the creation of wealth.
On Simon’s point about the creation of infrastructure for secure communications, see the recommendation of the National PKI Group for the Federation of Canadian Law Societies, February 2000 (http://www.lsuc.on.ca/media/techtaskfrcerpt.PDF), in part:
Momentum is developing in the private sector and among individual law societies to provide electronic certification. The national PKI group is unanimous in its opinion that a nationally coordinated PKI needs to be
established this year if it is established by the law societies.
The single issue most likely to undermine such an initiative is lack of understanding and the subsequent likelihood of failure to act. Further, the members of the national PKI group believe that PKI should not been seen as a technology issue, but rather as a function related to the mandate of law societies in Canada.
PKI is a law society issue for four reasons. First, PKI is a core function because law societies issue and police the credentials of lawyers and in an online communications environment law societies should continue to do so. Second, PKI is an independence issue because in the absence of the law societies creating a national PKI infrastructure, the private sector will, and this, inevitably, will result in a loss of independence. Third, certifying authorities must be trustworthy: law societies are endowed with that public trust by legislation and should maintain that trust relationship in the online environment. Fourth, PKI is a public interest issue because the public is inexorably opting in favour of e-commerce, and clients need the ability to conduct business electronically: it is in the public interest that law societies facilitate clients doing business on line with each other, and with businesses, and governments. In doing so, they should be able to access the services of their counsel securely and with trust. A PKI infrastructure sponsored by lawyers will do this.
The creepiest part, in my opinion, is that my usual motel chain uses this same kind of hacking technology (forged security certificates) and a man-in-the-middle attack as part of their wi-fi log-in scheme, and doesn’t even realize they’re doing anything wrong.