jump to navigation

Protecting Yourself from Spies September 7, 2013

Posted by Andre Vellino in Ethics, Human Rights, Information.
add a comment

prism

I once worked for a company that makes the kind of software that the NSA and CSIS appear to be using to monitor email and internet metadata (see the Guardian for a quick survey of the metadata that exists in different digital media).

I might add that I think there is nothing morally wrong with the surveillance technology itself – indeed it can be used to protect privacy and prevent harm. It is more a question of whether our privacy rights are violated when the technology is used and whether those rights should be relinquished to the state for the greater good.

The recent revelation that the presumption of privacy even when engaging in encrypted transactions is erroneous adds fuel to my concern that people don’t make informed decisions about what information they disclose and that they don’t even try to protect their information even when it is quite easy to do. This post highlights some software solutions you can use to reduce the likelihood that your private information is monitored.

Web Browsing

Let’s start with web browsing. The amount of information that a web servers can glean from your web browser’s attempt to connect with it is quite voluminous. To see what a server can find out about your browser and computer, try this link:

http://www.mybrowserinfo.com/detail.asp?bhcp=1

Furthermore, the combination of these browser characteristics, while they may not provide personal identity information can still identify you uniquely.  Try this test from the Electronic Frontier Foundation:

https://panopticlick.eff.org/

When I try it, they assert that my browser information-collection, i.e. my browser “fingerprint” is unique among the 3M or so they have tested.

There is not much you can do to limit the uniqueness of your browser’s fingerprint other than having a generic computer and a generic browser configuration.  Using the TOR browser / network (see below) helps to reduce the uniqueness of your browser-fingerprint, but there are tradeoffs (response speed for one thing).

HTTPS

There was a time when I thought that HTTP-Secure (“https”) was a reliable way of ensuring that information between your browser and the end-point server (e.g. a Bank) could not be intercepted or tampered with. The revelation that the NSA is able to decrypt such communications reduces my confidence that this method is “secure” in any meaningful way, but at least it offers some degree of assurance that not just anybody and either read or tamper with such transactions.

If that level of confidence is sufficient for you, then you might consider adding the HTTPS Everywhere plugin (brought to you by the Electronic Freedom Foundation) to your browser.

TOR

This browser / encrypted network system describes itself as

…free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security

In principle, the Onion Routing technology behind it offers the end-user a high degree of anonymity and untraceability. However, if anyone can break SSL, the next step is to break TOR.

File and file system encryption

If you want to protect computer files, or indeed a whole file system (e.g. in case your laptop is stolen or your USB key is lost) you should try TrueCrypt. It offers operating-system level, on-the fly encryption, file-level encryption and partition encryption.  Best of all, TrueCrypt is open source (so you can check for yourself, if you have the patience and know-how, that there are no backdoors for the NSA or CSIS).

Also, for Windows PCs (or Wine enabled Macs), AxCrypt is a pretty good and easy to use tool for encrypting files.

Email

Securing email is a bit trickier. There is no meaningful way to encrypt e-mail metatdata. The very nature of e-mail addressing and store-and-forward protocols like SMTP require that metadata. Which, of course, is a fundamental design flaw with email.

However, if you want to protect the content of what you say from prying eyes, you can try Gnu Privacy Guard (GPG). Its precursor was PGP (Pretty Good Privacy) and Edward Snowden thinks it works.

Conclusion

It appears that most people think that their privacy is worth sacrificing in exchange for safety and protection by government.  This is short-sighted. A benevolent government in whose integrity you trust might do the right thing at any point in time, but the issue is a matter of principle. You should not relinquish your right to privacy to the state.

As Bruce Schneier wrote in The Guardian:

By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract…..

We have a moral duty to [dismantle the surveillance state], and we have no time to lose.

In the meantime we can at least do better to protect ourselves.

Some Problems with MOOCs August 17, 2013

Posted by Andre Vellino in Education, Ethics.
add a comment

Michael Sandel‘s acclaimed undergraduate lectures at Harvard on Justice are now offered in a MOOC at EdX and watching them for a second time gave me an insight into a few of the significant shortcomings of recorded lectures.

First, they have a limited shelf-life. However perennial the issues are (e.g. “What is Justice?”), what makes it a learning experience for the students is the process of investigation and enquiry.  While Sandel’s recordings of his lectures are a master class on how to engage students, how to foster critical thinking and make issues pertinent and alive,  their very nature as recordings ultimately limits them to being historical documents.

For instance, since 2005 – the year in which these lectures were recorded – the richest person in the world (taken as an example of [potential] financial injustice) is no longer Bill Gates (it’s Carlos Slim Helu), significant examples of greed and inequality are better illustrated with the 2007-2008 financial crisis and there have been many changes in U.S. politics since the election of President Obama.

At least as importantly, watching these lectures makes the viewer feel wanting of interactions with the lecturer. Listening to young minds grappling with the issues is pedagogically interesting, but as a student what you really want is to be in the audience asking questions, taking positions and arguing with the lecturer and fellow students.

As a taste of how a student might benefit from a Harvard education, having a course such as this on-line is wonderful. And it is clearly of value to anyone who would be unable to attend or afford such an education.  But it is no substitute for the real experience.

So, for these two reasons alone, I think that MOOCs will, at best, be a complement to a university education, not an alternative to it.

Freedom Abhors a Chill March 24, 2013

Posted by Andre Vellino in Ethics.
add a comment

Jian Ghomeshi’s opening monolog on CBC’s radio program Q is the lastest salvo against the Library and Archives of Canada new Code of Conduct. In it he uses the phrase “Freedom Abhors a Chill”.  And a chill it is:

View this document on Scribd

The BC Library Association has condemned it in writing. BC Archivist Myron Groover was polite but firm on “As It Happens”.

Members of Parliament for the Official Opposition Andrew Cash and Pierre Nantel gave the Heritage Minister a piece of their mind about it in the Canadian House of Commons:

Jim Turk, Executive Director of the Canadian Association of University Teachers (CAUT) gave a clear explanation of what’s at stake in an interview on Radio Canada International.

My question is – we’ve expressed our collective outrage at this Orwellian nightmare – and now what? Do we decide that Federal archival and library institutions are doomed and take on their role on the remaining islands of democracy or “…take arms against a sea of troubles, and by opposing end them”?