Online Privacy: Technical, Political, or Both?
When it comes to encryption, there's solidarity in numbers
During his live-streamed appearance at SXSW Interactive ("Snowden Defends Fourth Amendment," March 10), exiled cyber-security whistle-blower Edward Snowden urged "makers and thinkers and the development community" to "protect [privacy and security] through technical standards" that can outrun the much needed, but slower, policy changes. Along with ACLU technologist Chris Soghoian, Snowden emphasized the importance of making "end-to-end encryption" available and user-friendly for those who aren't experts, arguing that protection should be common and by default, without requiring "opting-in" or technical expertise.
So how do we normalize privacy protection? "The first thing we need is to have people recognize that they need encryption," said cryptography expert Phil Zimmermann. "I think Snowden has done a lot to raise consciousness about how pervasive surveillance is, so more people are likely to recognize the need for encryption today than they were a year ago."
Zimmermann, founder of the widely used email-encryption software, Pretty Good Privacy (PGP), is also the president and co-founder of the communications encryption firm Silent Circle. Arguing that encrypted and therefore private messages should be the default expectation rather than the exception, Zimmermann noted, "One of the things that came out in the Snowden revelations is that the people that are using encryption attract more attention from the NSA. My feeling about that is, you know, we should all be Spartacus [referring to the film]." That is, there's solidarity in numbers when it comes to encryption.
Google has recently made efforts to step up its security, which the company announced last week as "a top priority after last summer's revelations." The announcement read in part, "Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers – no matter if you're using public WiFi or logging in from your computer, phone or tablet."
Yet Google's user security remains far from complete. Time pointed out that "[t]his is a Gmail user-to-Gmail user solution" and that "Google's not promising to protect your communications with someone who's not a Gmail user." Elissa Shevinsky, CEO of Glimpse, an encrypted messaging app, thinks Google is "sincere about preventing unwanted third parties from intercepting your communications to Google." However, she also notes that "the Google business model relies on Google reading and analyzing your emails and other personal data, in order to better serve you advertisements. As a result, there is only so much they can do to make your email more secure."
While Facebook and Google could be doing more to secure their users' privacy, Shevinsky said, "If we're just realistic about what these networks are like, we don't necessarily need to be upset that they're public." In other words, Facebook and other networks can be highly useful, as long as users understand that anything that they post could potentially be public and could possibly last forever online. A regular Facebook user herself, she explained, "Ultimately, what's important is for us, as Internet users, to understand what happens at different social networks, and make choices that are good for us."
Zimmermann isn't as accepting of Facebook's business model. "If you're not paying for the product, then you are the product. The people who use Facebook are not the customers of Facebook. They are the inventory of Facebook. Facebook sells them to advertisers. They're not accidentally abusing our privacy; it's their business model." Of course, marketing readers to advertisers is part of the business of every online or print publication, including the one you're reading. As co-founder of OkCupid, SparkNotes, and most recently Keybase, Max Krohn pointed out, "The sad truth of it is that you're going to have a trade-off. You're going to say, 'Do I want to do the easiest thing, or do I want to do the secure thing which is slightly less convenient?'"
Electronic Frontier Foundation technologist Yan Zhu explained some of the practical problems with such a trade-off. For example, "It's possible for someone at Google to read the emails, as far as I know. The problem with losing that ability is that it would require change in Google's design, such that people would no longer able to search through their emails" and, for example, key-word searches "would fundamentally no longer be possible if their emails were encrypted before they got sent." For people trying to design secure apps, issues such as this are often seen "as a huge usability loss."
She explained that, at one point, the internet company Mozilla introduced a feature that allowed users to sync their preferences between Firefox browsers on different computers – for example, between your phone and your laptop. The feature was designed in such a way that Mozilla itself couldn't see the transmitted data. Mozilla, according to Zhu, "thought this would be something that users appreciated, but, in fact, people didn't like it very much." During the syncing process, users would sometimes lose their passwords, and thus access to their data, and then would contact Mozilla requesting that data – which Mozilla couldn't provide because, to prevent its own access, it never stored the passwords.
In that context, Zimmermann said, "There's a place for popular messaging products that are for the masses – and some of them might use encryption – but there's also a need for products that are aimed at more professional users that use strong encryption and have protocols that are resistant to coercion," such as his own Silent Circle. "So, if we want privacy, we're going to have go elsewhere to get it. If you want privacy, go to a company where the reason for the company to exist is to protect your privacy."
Shevinsky said, "The desire to share privately with the people who you're close to is quite universal." Indeed, she's part of a blossoming industry of apps that emphasize security and privacy (see below).
Buying secure apps won't be enough, Zimmermann argues, but he remains optimistic. "We live in a democracy; if we have the political will to change the laws, we can change the laws. It may seem hard, and maybe it is hard, but we've been up against harder problems in the past."
Know Your Privacy Apps
Glimpse: Aiming to be as user-friendly as other popular ephemeral messaging apps, Glimpse messages are encrypted end-to-end to a single, private key held only on the recipient's phone, rather than a less secure, shared key. www.weneedglimpse.com
Whisper Systems' TextSecure: This open-source app is for "a full replacement for the default text messaging application," that lets users avoid dependence on SMS. All messages are encrypted locally, and messages to other TextSecure users are encrypted over the air to protect them during transit. www.whispersystems.org
ChatSecure: Rather than replacing texting, this free app allows users to send encrypted messages over existing chat services such as Facebook Chat, Google Hangouts and Talk, Jabber, and more. www.chatsecure.org
Telegram: Especially popular in Russia, Telegram is an encrypted messaging app. The creators were so confident in their encryption that they offered $200,000 in Bitcoin to anyone who could decrypt their traffic before March 1. They got to keep their money. www.telegram.org
Confide: Professional app ensures all received text is hidden behind orange boxes until it's "wanded over," revealing a word or phrase at a time; the text then disappears. If the recipient tries to take a screenshot of the message, the app will boot the recipient and notify the sender. www.getconfide.com
Wickr: Wickr allows users to send texts, videos, and pictures with "military-grade" security. A user can control how long a recipient will be able to view a message before it "self-destructs." www.mywickr.com
Silent Circle: Subscription-based service provides encrypted voice, video, texting, and file communications to any other Silent Circle user for $9.95 a month. For a higher price, Silent Circle offers partial encryption on calls made to non-subscribers. www.silentcircle.com
Gliph: Along with encrypted messaging, email services, and private Web chat, Gliph offers users a secured wallet for Bitcoin. www.gliph.me
Keybase: Free keybase is "a public directory of publicly auditable public keys" that are each paired with a unique username that allow users to sign, encrypt, decrypt, and verify files, messages, and streams. www.keybase.io
Blackphone: Essentially a privacy-focused Android smartphone, the Blackphone allows users to browse the Web anonymously, send encrypted texts, and make encrypted phone calls. www.blackphone.ch>