Tag Archives: OHM

At the Crossroads: Surveillance State or Freedom?

OHM2013

When I went to OHM2013 last week, it was great to see such increased political activism from the hackers and geeks at the festival. I truly believe we are currently at a very important crossroads: either let governments the world over get away with crimes against the people’s interests, with programs like PRISM, ECHELON, TEMPORA and countless other authoritarian global surveillance schemes, or enter the path towards more freedom, transparency and accountability.

A good example of what not to do is Google Glass. A few weeks ago I came across the story of a hacker who modded Google Glass as to allow instant facial recognition and the covert recording of video.  Normally you need to tap your temple or use voice commands to start recording with Glass, all of which are pretty obvious gestures. But now people can record video and do automatic facial recognition covertly when they wear Glass. I even saw that there’s an app developed for Glass, called MedRef. MedRef also uses facial recognition technology. This basically allows medical professionals to view and update patient records using Glass. Of course having medical records available on Glass isn’t really in the interests of the patient either, as it’s a totally superfluous technology, and it’s unnecessary to store patient records on a device like that, over which you have no control. It’s Google who is calling the shots. Do we really want that?

Image above © ZABOU.

Image above © ZABOU.

As hackers, I think it’s important to remember the implications and possible privacy consequences of the things we are doing. By enabling the covert recording of video with Google Glass, and also adding on top of that, instant and automatic facial recognition, you are basically creating walking CCTV cameras. Also given the fact that these devices are controlled by Google, who knows where these video’s will end up. These devices are interesting from a technical and societal standpoint, sure, but after PRISM, we should be focusing on regaining what little we have left of our privacy and other human rights. As geeks and hackers we can no longer idly stand by and just be content hacking some technical thing that doesn’t have political implications.

I truly and with all my heart know that geeks and hackers are key to stopping the encroaching global surveillance state. It has been said that geeks shall inherit the earth. Not literally of course, but unlike any other population group out there, I think geeks have the skills and technical know-how to have a fighting chance against the NSA. We use strong encryption, we know what’s possible and what is not, and we can work one bit at a time at restoring humanity, freedom, transparency and accountability.

These values were won by our parents and grandparents after very hard bloody struggles for a reason. They very well saw what will happen with an out-of-control government. Why government of the people, for the people, and by the people, is a very good idea. The Germans have had plenty of hands-on experience with the consequences as well, first with the Nazis who took control and were responsible for murdering entire population groups, not only Jews but also people who didn’t think along similar lines: communists, activists, gay people, lesbians, transgenders, etc. Later the Germans got another taste of what can happen if you live in a surveillance state, with the Stasi in the former East-Germany, who encouraged people to spy on one another, exactly what the US government is currently also encouraging. Dangerous parallels there.

But you have to remember that the capabilities of the Stasi and Gestapo were only limited, and peanuts to what the NSA can do. Just to give a comparison: the Stasi at the height of its power, could only tap 40 telephone lines concurrently, so at any one time, there were at most 40 people under Stasi surveillance. Weird isn’t it? We all have this image in our minds that the prime example of a surveillance state would be East-Germany under the Stasi, while they could only spy on 40 people at a time. Of course, they had files on almost anybody, but they could only spy on this very limited number of people concurrently. Nowadays, the NSA gets to spy continuously on all the people in the world who are connected to the internet. Billions of people. Which begs the question: if we saw East-Germany as the prime example of the surveillance state, what do we make of the United States of America?

The Next Step?

I think the next step in defeating this technocratic nightmare of the surveillance state and regain our freedom is to educate others. Hold cryptoparties, explain the reasons and need and workings of encryption methods. Make sure that people leave with their laptops all configured to use strong encryption. If we can educate the general population one person at the time, using our technological skill and know-how, and explain why this is necessary, then eventually the NSA will have no-one to spy on, as almost all communication will flow across the internet in encrypted form. It’s sad that it is necessary, really, but I see no other option to stop intelligence agencies’ excess data-hunger. The NSA has a bad case of data addiction, and they urgently need rehab. They claim more data is necessary to catch terrorists, but let’s face it: we don’t find the needle in the haystack by making the haystack bigger.

My Privacy by Design Talk at OHM 2013

OHM2013Last week I’ve given a talk about privacy by design as it relates to websites at Observe, Hack, Make (OHM) 2013, a quadrennial geekfest and hacker/maker event held in the Netherlands. It’s one of the biggest hacker festivals out there, with 3,000 people that have descended on the festival grounds, and it’s great fun and a great place to meet people, hackers, makers, thinkers, and media people. It’s been somewhat of a Dutch tradition to hold these events every 4 years.

The video will be uploaded as soon as it becomes available.

I’ve designed and developed Annie Machon’s website in May 2012. This site used to run on a closed-source Typepad solution, and Annie wanted to move her website to a more open solution, for which we’ve settled on WordPress. Also, she wanted to move away from the .com domain for reasons of domain jurisdiction. You see, when you operate a .com, .net, .org etc. these domains can be easily seized by the American government if you’re doing something that may upset them. This has happened to MegaUpload, to Richard O’Dwyer’s TVShacks, the examples are legion. This can be really damaging for your reputation, so it’s important to make sure that you’ve set up your infrastructure to resist attacks like these as much as feasibly possible.

I’ve also modified Annie’s WordPress site as to prevent browser tracking as much as possible, allowing people to visit her site without fear of their movements being tracked. Normally, your website visits get tracked if the websites you visit implement things like Facebook Like buttons, etc., which reference Trackingexternal scripts and images that will tell these third-party services what your surfing behavior is. This is obviously not something that we would want, we want an open, free web, that’s easy to use, by which it’s easy and natural in fact to share information, without having to fear that we get tracked and profiled. With browser tracking a lot of information about your browser gets sent to companies like Facebook. Things like IP address, browser brand and version, the country you’re coming from, etc. These parameters are all used to connect this data together and build up a profile in this way.

Synopsis of My Talk

This talk is about the possible conflict between getting your message out there, and trying to maintain your site visitor’s privacy. This talk will highlight some of the issues that need to be taken into consideration when building websites for whistleblowers with high security & privacy needs.

This talk is about the conflict that can arise between getting your message out there, and trying to maintain your audience’s right to privacy. In the last couple of years, with the dramatic increase in the use of social media, often one of the most effective ways of spreading your message to a large group of people has become to foster a community using existing social networks, like Facebook or Twitter.

The problem with using these services is that, while convenient, they also snoop on your audience’s private data. These companies make their money by creating and selling detailed profiles to marketers, to that they can effectively target their ads. Often these services run their own ad service as well, as is the case with Facebook and Google. Later on, this data can come back to hunt you. Let’s say you’ve been searching on Google for some serious illness or disease. You can imagine what your health insurance company would do, had it access to this information. Up the premiums or deny you insurance altogether.

Sander Venema was asked by Annie Machon to redesign her website in early 2012. We took special care in avoiding common traps that can compromise the security and privacy of the site’s visitors when designing the new site.

In his talk, Sander will talk about the special considerations that come with building websites for whistleblowers with high security & privacy needs, both for the owner/operator, and the visitors of the site; discuss what the problem points are, and how we worked around them to create a website that is both pretty, usable and as safe as possible. He will also talk about domain security and governments claiming jurisdiction over a domain name, even if the actual server is not located in their country and the site isn’t aimed specifically at their citizens. There have been several cases in the past where websites have been brought offline because of this.