Go home NSA. You're drunk.
I'm living in America, and I don't trust the government here. They read my text messages and my email and they can get access to anything my cloud providers store on me. I also don't trust Saudi Arabia with my data. Why should I?
I didn't mind this sort of thing while I was in Australia. It seems pretty benign, although I'm pretty sure my emails were being recorded by the US government anyway. But allowing governments to record us seems pretty profoundly stupid. What the hell are we doing? Why do we use systems that leak information about ourselves? Why aren't we using secure systems that don't have these kind of flaws?
I guess its hard. What would we need to solve this problem? Lets first consider the attack vector we're trying to protect against.
So imagine you work for the NSA. Your mandate is: "We want as much information on terrorists as possible. We want to find them and we want to learn everything we can about them so we can foil their dastardly plans and arrest them!"
Your operation has two parts:
- Gather as much information on as many people as possible. Do data mining on your data set to find suspicious people.
- When someone is considered suspicious, learn everything you can about the person. If you still think they're suspicious, arrest them.
For part 1 you want as much information as possible on as many people as possible. But if you're trying to snoop on 300 million people, you're going to be spread a bit thin. Everything you do needs to be automatic and cheap. So you enlist the co-operation of certain companies (like AT&T) to get unencrypted data feeds of phone lines and the internet.
Simply sniffing traffic will give you access to most unencrypted email and let you record HTTP requests to see what people are looking at. You won't be able to see email passing within a network without the permission of the network operator (for example, traffic from one gmail user to another), but you can sniff email moving between email providers (eg, gmail to hotmail). The US government probably stores all this data forever, and they've built a shiny new data center to house it all in Utah.
They probably scan the data in realtime to look for threats. But just in case their scanning doesn't find something, they'll save everything to disk anyway. This means that if in 20 years someone wants to make you an enemy of the state, they can pull up that angry email you wrote when your girlfriend dumped you and you needed to vent.
Once someone has been identified as suspicious, you want more information about them. You're the government, so there's an awful lot you can do at this point, especially with National Security Letters. National security letters let you request personal information from web hosts and simultaneously stop the host telling their customer about the intrusion. Here's what I would do at this point:
- Go to their email host and get every email they ever sent to anyone.
- Intercept their mobile phone and computer. Use an SSL intercept tool to see everything they do on the web. To do this you'll need a root signing certificate, but you probably already have one.
- You were already collecting their SMSes and recording their phone calls. Go listen to them.
- Go to facebook and get a list of their friends and their conversations there, too. Do the same data gathering task on any of their friends who look suspicious, too.
All information that 3rd parties store about you is fair game. They aren't even allowed to tell you your data is being accessed, and they don't need a court order.
Protecting yourself from this nonsense
So the next question to ask is, how do we protect ourselves from this intrusion? I don't want privacy so I can go sneaking around. I want it because the thought that other people might read my personal emails is creepy. Who knows what they'll find in there? Or when they'll look - remember, they're storing this stuff forever. I don't know about you, but you extracted the right quotes from the complete works of Joseph Gentle you could find enough in there to hang me hundreds of times over. Even just talking to the police is a bad idea.
Luckily, the universe believes in encryption. Even without legislation, we have the means to nip this intrusion in the bud. The solution is quite simple:
To stop passive wiretaps, we need to encrypt everything going over the wire. At the very least, site operators should adopt https everywhere. Its a travesty that most web traffic and email is sent unencrypted over the open internet.
It would help, but simply encrypting everything over the wire isn't good enough if the government can request or demand access to site operator's computers and networks. We also need end to end encryption. My data shouldn't be readable by anyone, even the people storing my data on my behalf.
End-to-end encryption faces two big problems. First, its really hard (expensive) to do correctly. Secondly, site operators are actively disincentivised from supporting this. If I encrypt all the email I send, google can't show me adds and I can't search my mail. We could probably figure out ways to make this stuff work, but today its a hard problem.
Right now, the spooks are winning the eavesdropping war not because they are clever, but because we are lazy. Our data is like a bike that keeps getting stolen. We know how to build bike locks - they're just impractical. We can do better, and we should.