Sunday, June 16, 2013

Metadata and the Unwanted Gaze

The President claimed yesterday, in the continuing debate about NSA surveillance, that Americans' privacy has not been violated by the collection of so-called meta-data. But it appears there are a large number of citizens who don't agree with the President's assessment. We should have seen our growing surveillance society as it was developing, but most of us didn't. The crux of debate on NSA data trawling hinges on two related issues. The first has been our inability, to date, to translate the rights and privacy we desire in the actual world to our presence in the virtual world of email, web surfing, and social media. The second is the very real injury that comes from being watched. One has to agree with the President that it's important to debate the issue of governmental surveillance, now that we know it is occurring, because how we decide today on the issues of virtual rights and the unwanted gaze will set the stage for expectations of privacy and rights for generations to come.

Letters & Postcards

A couple of decades ago, Phillip Zimmerman developed an open source public key encryption suite called Pretty Good Privacy (PGP) that could be used to scramble stored data and email content, thereby preventing it from being read without the permission of the owner or the intended recipient of the data. The need for encryption was illustrated by comparing letters and postcards: When you send a letter via US Post, you expect the contents inside the envelope to remain private while the letter is in transit to the recipient. In contrast, when you send a postcard you have relinquished any such expectation: You are willingly acknowledging that anyone and everyone is free to read what you have written. Each of us knows this and adjusts accordingly: There are many things that we might put in a letter that we would never consider revealing in a postcard. What most American's don't seem to realize is that an unencrypted email message is the digital equivalent of a postcard. They can be intercepted and read by any number of entities while the data makes it's way from the sender to the recipient. If you think that no one can read your email once you press SEND, it's time to wake up and smell the coffee.

PGP, and it's variants, rely on a public key for each person that is widely distributed (usually on one or more of several key servers) and a private key that the individual keeps securely stored. Data sent to an individual is encrypted using their public key and can only be decrypted using that person's private key. You can use PGP to encrypt locally-stored data and you can digitally sign a message so that the recipient can verify the message was 1) sent by the holder of your private key and 2) that the contents have not been altered by a third party. Encryption should be the default for email, but sadly it is not. Few people realize the implications and even fewer actually care that this is the state of digital privacy.

For his part in developing and distributing PGP, Zimmerman was subject to a federal investigation (at considerable personal expense) for unauthorized exportation of weapons (military grade encryption). In the end, Zimmerman prevailed and even started a company that marketed the PGP products. Eventually PGP was acquired by Symantec and has since been sold, but you can find PGP products for Windows, MacOS, iOS, and Android. It's a bit cumbersome, but you can send encrypted emails that are essentially the equivalent of a sealed letter, it just requires some effort and your recipient must do some work to create a public key.

Metadata and What It Means

Traditional Jewish law recognizes that injury occurs when anyone comes under the unwanted gaze of another. This sort of gazing does not have to have the salacious intent of a peeping tom. Anyone who watches their neighbor's activities without permission is harming the other person. This injury is what seems to have been lost on the White House when it asserts that no one's phone, email or text messages are being read so there's no harm being done. The very fact that the government is recording details about who is talking to whom is causing injury, regardless of whether or not one of the parties is a "foreigner."

What makes the NSA's wide-scale snooping so troublesome is that, by collecting and storing large amounts of meta-data, they are creating an index into all communications occurring between individuals. While some of these individuals may have criminal or, if you prefer, "terrorist" intentions, the data that is being swept up is general in nature. The general search and seizure of this meta-data is occurring before any crime has been alleged or committed. Having a meta-data index into communications simply makes locating and reading of unencrypted data that much easier. Governmental assurances that only "suspect" communications are being targeted is beside the point.

Data has been gathered without the knowledge or permission of everyone involved and this turns the presumption of innocence on it's head. We are developing a legal framework where everyone is potentially guilty until proved innocent. Just as you would not write your innermost thoughts and feeling on a postcard, each of us changes our behavior when we know we are being watched. We have all been injured because when we are under surveillance, we cannot act and think freely.

Taking Action

There are productive choices each of us can make in regard to the NSA's snooping. First, make your displeasure known to your elected representatives who have been complicit in approving these activities. Citizens only enjoy the rights that they are willing to defend.

Second, take steps to secure your communications and data. GPG (GNU Privacy Guard), a free implementation of the OpenPGP standard, is available for Windows, Unix, MacOS, iOS and Android. Download GPG, generate a private and public key, publish your public key, keep you private key secure, and encourage your friends to adopt the policy of sending only encrypted emails. If you send text messages and are an iOS user, use iMessage whenever possible since, according to this article, those messages are encrypted and cannot be intercepted by law enforcement.

All of these actions may not stop NSA snooping. Governmental snoopers may ultimately be able to access encrypted data through password cracking or by installing key logging software, but at least we can make them work for it.

No comments:

Post a Comment