Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock

Column How to protect your private data in a digital world

With Snowden, Prism and national security secrets in the news, it’s clear that technology has made privacy harder to ensure. Renaat Verbruggen gives a run down of how cryptography can protect your private information.

WHILE EDWARD SNOWDEN plays his own version of “Where in the world is Carmen Sandiego?”, it is worth considering what the implications of his revelations are for our own communications.

Last year I was lucky enough to read Privacy on the Line: The Politics of Wiretapping and Encryption by Whitfield Diffie (one of the pioneers of public-key cryptography) and Susan Landau (Sun Microsystems). The book traces the ongoing battle between the US and other governments’ need for surveillance and the individual’s right to privacy. The overarching point is that such increased surveillance can in fact lead to decreased security as a lapse such as Snowden allows access to a large range of data.

To quote from the book:

Telecommunications are intrinsically interceptable, and this interceptability has by and large been enhanced by digital technology. Communications designed to be sorted and switched by digital computers can be sorted and recorded by digital computers. Common-channel signalling, broadcast networks, and communication satellites facilitate interception on a grand scale previously unknown.

And their additional line:

Laws will not change these facts.

One example was given where a large group of Greek Ministers had all their communications tapped through a government  central service and the perpetrators are still unknown.

The importance of privacy

Well, so much for foresight, what about now?  The argument of whether privacy per se  is enshrined in law either in the US or Europe I can leave to the legal eagles. However, it is obvious that with legislation such as the Data Protection Act and the Katz case in the US there is an acknowledgement of the importance of privacy in personal communications.

In an Irish context, the work of the folk at digitalrights.ie should keep you up to date. On the US side EPIC (the Electronic privacy information center) have set up a petition signed by Diffie, Bruce Schneier and others to get the NSA to suspend collection of data as they view it illegal under current US law.

The normal discussion on privacy relates to private conversation between two people face to face, their privacy can be ensured by “moving away” from others so that they cannot be overheard. Telephone made such privacy harder to ensure as the possibility exists for an eavesdropper to intercept the conversation while in transit hence the wiretap. Privacy now requires that the line is tamper-proof, and thus expensive, or that the communication is sent in such a way that even though intercepted it will be unintelligible therefore encoded.

Data protection in the digital world

On a related issue the classic postal system ensures its privacy through the use of a sealed envelope while the envelope protects the contents from scrutiny it also ensures that attempts to open and access the contents can be spotted. This latter “tamper-proof” envelope is something not yet available in the digital world.

Technology has made such privacy harder to ensure but there are some excellent tools available which can help.

One way to view the issue is in terms of what is it that you would wish to keep secret, once that is established then an approach can be taken which can rely on encoding through cryptography those essential parts of your communication.

So starting at the base level, if you wish the contents of a message to be secret then that will involve a form of encryption using a key and a sharing some form of key with the person with whom you are conversing.

What methods can I use?

Methods such as PGP (Pretty Good  Privacy) developed by Phil Zimmermann back in 1991 have gained a lot of popularity world-wide and are incorporated in both commercial and open source solutions. It allows for encryption of both the message and files of data that are resident on disks. It is effective and in legal cases has normally required access to the passwords to be cracked.

In the UK this is now included within the RIPA act and such passwords have to be revealed.  If you intend using it make sure you get it from a reputable commercial vendor such as Symantec who acquired the PGP corporation in 2010, or open-source sites based around OpenPGP and use versions post 1996. Also it requires that you engage in a key management approach to authenticate your receivers.

So, that will allow the content of the mail to be secret. But what is not secret about this email is interesting and the so-called meta-data mentioned so much lately.

Are my emails safe?

Your email-address, your IP address, your route to your correspondent by email, your correspondent’s email address and their IP, plus the size of the email itself, are all visible. So it is clear who are communicating with, when, and to what extent…

The availability of such data is itself giving a lot of information to the eavesdropper.

So how do you prevent this meta-data from being revealed? One approach is the use of the TOR network. TOR (The Onion Router) works by taking each step of the route your data takes and encrypting it and then sending it to another Tor server. So your data hops from one secure Tor server to another.

This requires setting up a Tor server available from torproject.org and following the instructions for its use. Tor certainly works and makes the route private, however because it only bounces off other Tor sites it will make the process slower than normal. Tor can also be used for private browsing and has been made infamous through the so-called ‘dark net’ or hidden network of sites  available through Tor for nefarious activities.

One caveat: while Tor is making the route private, if a set of servers at an end-point is compromised then some data can indeed be revealed. This happened recently in Austria where a set of servers acting as Tor exit nodes were searched and found to contain illicit material and the Sys Admin for the servers was arrested and is pending trial.

Treat email like a postcard

Any other solutions? Close to home CertiVox is a company who provide two-factor authentication that they call M-point. This uses simple short PINs and some contact details and removes the need for password storage. It is a solution based on a very strong encryption technique known as elliptic curve cryptography and offers a free community based service without support or a commercial licensing agreement with support.

So that is a brief, incomplete run through of some current approaches. The only advice I would offer is treat email like a postcard and only write what you don’t mind being read. If you go down the encryption route be careful of your passwords because with good systems they are one way and cannot be recovered from the disk.

My favourite story on this was told by a security consultant who was changing jobs and decided to encrypt all his previous personal work for his former employer. He then duly went for his holiday break and returned with no memory of his password except that it had something to do with Britney Spears. Data secured – forever!

Renaat Verbruggen is a lecturer in the School of Computing in DCU. He is also the Chair of M.Sc. in Security and Forensic Computing.

Read: Snowden applies for asylum in Ireland… and 18 other nations>

Read: Row over US ‘bugging’ of EU offices>

Read: Civil liberties groups claim PRISM breaches international human rights>

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
15 Comments
    Install the app to use these features.
    Mute Mary Crimmins
    Favourite Mary Crimmins
    Report
    May 7th 2012, 8:33 PM

    Treaty/vote No/austerity seems to be linked to every story. I have a feeling that there are people out here who can’t let a single human interaction escape them without bringing up the f@€king treaty.
    “congrats on the engagement Pat” – “cheers……VOTE NO”
    “3.50 for a coffee?… Noonan you thief”
    “come to bed darling” – Ok love,…..But I won’t pay. Not one red cent. Cant pay, won’t pay”.

    46
    Install the app to use these features.
    Mute Todo
    Favourite Todo
    Report
    May 7th 2012, 6:50 PM

    Touring got it backwards. The true test would surely be if the machine could tell if the human was intellegent. The day we log on and the cloud says “at least it’s almost friday” is the day we should start to worry.

    34
    Install the app to use these features.
    Mute Joey Dempsey
    Favourite Joey Dempsey
    Report
    May 7th 2012, 6:20 PM

    quite close by all accounts, FG & labor seem to be getting a grasp of artificial intellect ;)

    22
    Install the app to use these features.
    Mute Nucky Thompson
    Favourite Nucky Thompson
    Report
    May 7th 2012, 6:38 PM

    Can we please let a story go without linking it back to politics?

    130
    Install the app to use these features.
    Mute Seamus McDermott
    Favourite Seamus McDermott
    Report
    May 7th 2012, 6:48 PM

    It’s like Thomas Mann said:
    “Everything is politics.”
    The context of his statement escapes me, however.

    19
    Install the app to use these features.
    Mute Robert Kelly
    Favourite Robert Kelly
    Report
    May 7th 2012, 9:29 PM

    I don’t know if you can consider something that does a simple search through data can be classed as intelligence. Is that all we do? I come up with ideas that seem new to me and as a result can’t be from searching through memories.

    Do we call IBM’s Watson intelligent? Or the machine Deep Blue, which beat the champion in 1997. All that did was a search and rank algorithm…

    12
    Install the app to use these features.
    Mute Paddy McGowan
    Favourite Paddy McGowan
    Report
    May 8th 2012, 8:59 AM

    When you woke this morning, what connected you to your past, to yesterday. Simple memories of it occurring. Granted our memories do not get file names or can be sorted by date, I would argue that our memories are stored in a much more advanced method, in an emotional context. However the similarities can be drawn. Its an extremely fascinating subject though.

    4
    Install the app to use these features.
    Mute john g mcgrath
    Favourite john g mcgrath
    Report
    May 7th 2012, 6:57 PM

    Robot look like how noonan might look if treaty vote is defeated

    10
    Install the app to use these features.
    Mute Brad Arnold
    Favourite Brad Arnold
    Report
    May 9th 2012, 5:41 AM

    http://www.geekosystem.com/cleverbot-passes-turing-test/

    “This past Sunday, the 1334 votes from a Turing test held at the Techniche festival in Guwahati, India were released. They revealed that Cleverbot was voted to be human 59.3% of the time.”

    I am a transhumanist, and am constantly surprised at how people (even computer experts) underestimate the rate of technological progress in computer technology (both hardware and software). For instance a while ago everyone at my chess club insisted that a computer would never beat the best human – and it wasn’t more than a decade later that it happened.

    Ray Kurzweil, a futurist with a remarkable track record, predicts man will merge with machine around 2045. The Singularity is undoubtedly coming, and equally likely is that most people will insist right to the very end that it won’t ever happen. The future is like the past until it isn’t, and technological progress can be predicted remarkably accurately using an exponencial curve.

    2
    Install the app to use these features.
    Mute Colm A. Corcoran
    Favourite Colm A. Corcoran
    Report
    May 8th 2012, 11:35 PM

    “French says that if a complete record of a person’s life experiences – which help to develop their subcognitive network – were available to a machine, it’s possible that too could develop a similar network and pass the Turing Test.”

    Which is exactly what Prof Alan Smeaton’s digital memories project is about, should give him a shout on that, he lectures at DCU.

    1
    Install the app to use these features.
    Mute Dan Foley
    Favourite Dan Foley
    Report
    Jun 2nd 2012, 2:13 AM
    1
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.
JournalTv
News in 60 seconds