Skip to content

Protect Against Government Snooping

August 31, 2013

By now I’m sure you have heard about surveillance of data communications done by the US NSA.  There’s no reason to assume that only the US government is doing this: governments of every country is likely doing the same thing.  Your data may already be in their hands.  What can you do to prevent it?

There are many different types of intruders into computer systems and networks.  I’ll outline some rough categories, although they actually grade into one another.  The most common are the group often called Script Kiddies.  They are primarily after your computing resources.  By organizing hundreds or thousands of computers into a loose network, they can control certain Internet facilities, making money in the process.  Another group has more direct financial interests.  They want to obtain your online banking details or your credit card number so that they can steal money from you.  Corporate intruders primarily collect confidential business information so that they can obtain an advantage over other corporations.  Similarly, government intruders seek information that will give them an advantage over other governments.  They can even pass laws to aid them in their activities.

Corporate and government intruders are after data, especially data that is interesting to them.  They may, for example, want to know about all of the computing or network activities of a specific person.  This includes everything the person does on their own computer, but also their personal information that is collected by any organization they have dealt with.  As another example, they may want access to the internal communications of an organization, just to find out what that organization is doing.

Your personal computer may be vulnerable.  People often don’t care, saying “I have nothing to hide”.  This is always an incorrect assertion.  As soon as you ask them about their credit card number and PIN, you will find that they do have something to hide.  What they really mean is they trust a possible intruder not to misuse that information.  In reality, a sufficiently motivated intruder could have full access to your computer, including everything stored on it and everything you do on it.  Your Internet service could be intercepting your network traffic.  Your e-mail service, which may be located in another country, could be scanning all of your e-mail messages.  Of course, your personal computer is protected to keep out intruders.  Your Internet and e-mail services state that they respect your privacy.  Is this really true?

A company has many more strategies available to protect their data.  Keeping services within company premises, rather than at another data centre, perhaps in another country, may help keep the data secure.  Data stored in another country or entrusted to a company based in another country will likely fall under the laws of that country, rather than your own.  You can hire a security expert, or contract security to a well-known company.  Even then, they may not detect sophisticated snooping or may not report it if they do detect it.  Even worse, they may be giving your data away.  How can you be sure that your data is safe?

The real problem is secret courts or equivalent powers set up by governments.  This is often done in the name of national security.  Who can be opposed to the security of the country?  They can issue a secret order to any organization that requires them to provide access to a government agency.  Very likely, all countries do this.  They generally protect their own citizens from excessive snooping but place no such restrictions on foreigners.  Aren’t we all foreigners to countries other than our own?  To maintain secrecy, they also require organizations to keep the order secret, even after it expires.  Unless there is a security breach, we will never know that this type of access is happening.

The result of these orders is that a company will not tell clients or customers that they’ve given their data away.  They may even say that they protect your privacy and publish a privacy policy.  They may even report on accesses to specific data that are requested by government.  The part that they cannot disclose is access that’s been granted through a secret order.  Consequently, if the information in important enough to them, governments have the means to obtain it.  They can devote millions of dollars and dozens of people to the task.  You will never know.

So, who can you trust?  In this situation, you can’t trust anybody completely.  If they are complying with a secret order, they are forbidden from telling you about it.  This is a terrible situation, one that people usually only know about from spy movies, with spys and counter-spys in shadowy dealings.  One of the traditional methods to detect a leak, in these movies, is to plant some false information, and to see if it’s acted upon.  Perhaps that would work to detect government snooping too?

Advertisements

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: