General

Digital Security for Non-Geeks or How I Learned to Stop Worrying and Love Transparency

By Tim Hardy

A number of people have asked me recently about how to keep their email and communications secure and my answer is simple: don’t bother.

Even though the recent behaviour of the police suggests that they have a grotesquely exaggerated sense of their rights to impede peaceful protest, within an imperfect but partially functioning democracy like that of the UK, a society in which the values of freedom are endorsed in the speech if not the acts of those in power, the need for security is less pressing than in an authoritarian regime.

Nonetheless, it is not enough to say, as many do, that if you are not doing anything illegal then you have nothing to hide.

Only a totalitarian would believe that the law was the sole expression of morality. Laws can and do change. Until 1991, it was legal for a husband to rape his wife in the UK.

The fact that we live in a society where powerful interests profit from unjust laws means that there will be times that an engaged citizen, following in the noble tradition of Gandhi and other peaceful activists, will be forced to take a stand and break the law.

My reason for saying don’t use crypto is more pragmatic than that.

Cryptography gives the illusion of privacy. Your emails may be secure, but how do you know that the people with whom you are communicating are who they say they are? Your password may be impossible to guess but how do you know that there is not a key logger attached to your computer, a physical device or a snippet of code hidden there to steal your keystrokes and play them back? How do you know that the messaging software itself isn’t designed to betray you? Your communications may be unbreakable but the fact that you are talking allows intelligence agents to perform a crude traffic analysis: the fact that you are using crypto draws attention, makes it look like you have something to hide; the fact that your communications start to increase in volume tells everyone that something is about to happen.

I would urge everyone to avoid the complacency that a strong password and the latest fashionable email address for activists might give you.

If someone really wants to find out what you are talking about it then they will find a way.

Indeed in the UK it is a criminal offence under the Regulation of Investigatory Powers Act 2000 (RIPA) not to surrender the password to an encrypted file if the police request it.

I believe in peaceful protest that operates as far as possible within the limits of the law and seeks to change unjust laws by bringing broader attention to injustice. I believe in the levelling power of transparency and see it as a necessary step in bringing about a more equal, honest society in which people may settle their differences through genuine engagement rather than by buying a bigger megaphone and shouting louder than everyone else.

The more steps we take down the path of digital privacy, the greater the risk of losing sight of those values.

I’d suggest we need enough security to prevent journalists hacking our voice mails and emails but I know enough about security to know I would be naive if I thought I could outwit the intelligence services.

If you want your plans to be a surprise, I’d suggest organising face to face, not online. But whatever you choose, always be honest.

Speak every word as if you would be happy for everyone to hear it. Honesty at all times is the only security we need. If you are willing to take a stand with your actions, then be willing to own them in public.

Standard

3 thoughts on “Digital Security for Non-Geeks or How I Learned to Stop Worrying and Love Transparency

  1. Trevor Vallender says:

    I normally agree with most of what you say on this blog; this time I heartily disagree. The right to private communications between individuals is a fundamental one, and rather than lamenting the fact using encryption draws attention, we should encourage the wider use of encryption to lessen this fact.

    Yes, encrypted email is not the be all and end all of secure digital communications, but it is a step in the right direction. We shouldn’t give up on it just because “well, there could be a keylogger installed anyway”.

    Besides, when you bring up the problem of knowing if people are who they say they are, this is exactly what PGP’s “web of trust” is designed to combat.

    Privacy is not a barrier to an open, equal, honest society, but a key part of one. The reasons people may have for desiring privacy are many and varied, and ensuring that privacy helps increase dignity and respect.

    • Thanks Trevor for your excellent observations.

      “Web of trust” only proves that the person you are speaking to is the person you think it is: it doesn’t prove that, for example, Mark Stone is an activist not an undercover police officer infiltrating a peaceful movement.

      Until there is wider use of encrypted communications my point still stands that using it draws attention but your alternative that it is used more widely is perfectly valid and you are right that privacy is an essential part of society, helps give dignity and respect and is a right that must be defended.

      What I am saying is that people should not be complacent: crypto is not a silver bullet.

Comments are closed.