Recent events
I’ve very recently, and very rapidly, been becoming increasing alert regarding my personal privacy. As the British Online Safety Law (2022) is the topic of the EPQ I’ve chosen for Year 12, I think it’d be best for my future if I begun documenting my ventures into privacy and different intelligence gathering techniques used by intelligence agencies and data collelction companies alike.
My interest in privacy was piqued by a venture into the concepts that make up OpSec (Operational Security), as I grew to realization that although the password I used for all my sites was long, the password I used for all my sites was a password that was being used across all the sites I’ve signed up for – which meant, should there be a data leak on any of the services I had signed up for, I could experience a fatal security flaw. This moment of clarity led me to Bitwarden, my first intentionally open-source alternative to a service provided by a big tech company, which simultaneously directly lead me to pitch headfirst into the currently remarkably uncertain scene of maintaining personal privacy.
Cause and Effect
In the past decade or so, privacy (and to a correlated extent, censorship), has grown from a topic of some interest to some professionals of some cerain groups, to a topic where the public should be made fully and inexplicably aware of the immensely detrimental damages the governments of the major states have made on the privacy and freedom of speech, opinion and expression, all in the name of protecting young children, stopping activist/extremist groups from spreading hateful speech/radical ideologies, or for the “interest of domestic security”.
Although these laws will undoubtedly be used for some form of solidifying each of those aforementioned categories, the extent of which laws that were made for protection of the people could also very likely be used in the inverse way – such as where the Online Safety Law, instead of being used to profile criminals or other characters of national interest, will become instrument for mass surveilance – with examples of mass public surveilance that have already occurred being plentiful, for example, in regards to the activities by the United States government after the conception of the Patriot Act, where the government had multiple mass public surveilance systems setup to harvest, process and store data from unencrypted data streams to profile its own citizens and those in foreign countries, for both those innocent and guilty, as clearly evident by the numerous whistleblowers (the most famous of which most likely is Edward Snowden) that have provided evidence that had put the spotlight on data collection methods by the United States government.
To this day, the US and other nation states still participate in data gathering of their own private citizens – capturing encrypted data en masse, waiting the day where quantum computers and algorithms will have developed to a point where currently existing data encryption methods will become vulnerable to future decryption methods, hence unlocking the private data of the current approximately 5 billion members that have access to the Internet today, all for private governmental usage for what most likely would be for intelligence companies to setup individual tracking profiles for each and every person around the globe – although it’d be outdated data, it’d still remain very useful data for intelligence companies – in particular, when personnel they now have damaging information are in greatly influential positions, being of use as blackmail (of which though illegal, is an effective method for governments for controlling global events) to remain in play in the hand of the shadows of global politics.
Encryption – a breakdown of cryptography
Linking back to the Online Safety Law, which seems to have very similar clauses to Australia’s “Telecommunications (Assistance and Access) Act”, it is imperative that everyone who has voting capabilites understand the importance of encryption in maintaining digital order.
Surface level cryptography is a concept that you all must be familiar with, which is why this section will be brief, unlike what I am likely to put into writing for my EPQ.
Encryption is the act of transforming a message in a way where, by design, no intermediaries who may be able to intercept or read the transmitted message will be able to gather what the original message was, whilst both the sender and the receiver will have information on what the original message was, prior to encryption. It’s used in modern technology everywhere you go. The HTTPS header you see on websites, on the address bar, before the URL (https://google.com/, for instance)? That’s an indication that TLS (Transport Layer Security) is encrypting your data so only the website you’re sending data to and you have information on the data packets being sent. There have been a few upgrades to the TLS protocol since it’s conception, and we’re now at TLS 1.3 – which, despite experiencing significant upgrades that have improved the data asecurity of TLS encrypted data, have still yet to be upgraded to a post-quantum level – where internet traffic will be, at least with our current understanding of the decrypting capabilities of quantum computers, to a good extent resistant to algorithms that currently exist for quantum computers to decrypt asymmetrically encrypted data (TLS uses a large part of asymmetric encryption for encrypting data). There will be a few links at the end of this post that will be able to go into more sophisticated detail regarding how encryption can be updated from methods vulnerable to quantum decryption to post-quantum protocols.
With client side scanning on unencrypted messages – like what the UK has passed as a bill that can be put into action, the UK government would be given full capability to scan and read all communications made from the client before the messages are encrypted. The UK government would hence be given unrestricted access to all digital communications, and according to the law, would be able to apply censorship the way they see fit – and of course, they could and most definitely are likely to log, monitor and profile users based off their online activities, of which now they have full, unrestricted access to.
P.S. – governments have not yet begun large scale mass public surveilance by decrypting HTTPS traffic due to the enormous amount of computational power required to decrypt even a small proportion of data sent over the Internet. They may do so for specific personnel, but it is not to my knowledge that they have been able to build supercomputers in such great scales that they are able to decrypt HTTPS traffic to any great capacity.
What do you have to hide?
At this point, you may ask me – “If not for you commiting questionable things that may not be fully legal, what could you have to hide?”
I implore you to think of this, as someone – you could think of them as a friend, a collegaue, or a family member, who has secretly gained access to your electronic devices, is secretly on bad terms with you, and is both able and willing to listen to every single one of your messages to filter out any juicy information they could use as leverage over you or to sully your reputation. Would you be alright with that? Or would you, given this situation, vehemently reprimand said somebody and cut off all ties with them?
What was this post for?
The concern of I, and many others like I, who vary all the way from massive international organizations such as Amnesty International, to underfunded researchers inventing new cryptographic methods to protect your privacy, is that one day, privacy will no longer exist in the form we expect it to. You may no longer have the freedom and accessibility to remain completely anonymous on the Internet – to be able to voice your own opinions, however outlandish or irregular they may seem. Protecting and regaining your privacy comes in small steps – I don’t and do not plan on actively going to protests for privacy, but I’m also not opposed to explain to others how they can do more to protect their personal privacy, like degooglfying or moving to other platforms that are more mindful of how much data they collect and how it is used, or ensuring that they are at least informed of the impacts of voting against encryption or other laws that would caused irrevocable damage on our human rights to privacy, as to make actual informed decisions on impactful laws that will impact our personal freedom for the many years to come.
I have no more points to make – I’m making this post to make all that read this aware, to at least some understandable extent, the importance of privacy, and so, maintaining and improving encryption. Your votes – the conglomerate of votes that make up everyone who will and have read this post – are part of the aggregate that determine our lawmaking policies and determine whether we get to live freely or not.
Just like, for example, the overturning of Roe v Wade – the Liberals did nothing to solidify their position on abortion during the sunny days when they had the majority of Congress by their sides, and look where it has lead us.
Do not simply sit there in inaction – do something if you believe, after considering and processing enough data you’ve gathered from multiple sources with both different political ideologies and standings, . If you’re someone young and of voting age (such as I), go look for someone in good political standing who supports your causes and does not contradict your principles and go vote for them – the proportion of young adults in the voting scene is currently exceptionally low, and given enough votes, there can and will be drastic visible change in lawmaking policies that align more with us, the newer generations’ ideologies and opinions. And if you aren’t of age, start by explaining to your parents and friends, and perhaps slowly upscale that to participating in scholarly debates at school, to spread your word of your opinions. Go stand up for yourself.
Similarly, do not take drastic, extremist action for or against whatever concepts you stand for. Being a lawful citizen is your responsibility – or maybe, until the government collapses. Don’t be an anarchist or an insurrectionist. Remain a lawful citizen, arguing for your causes in peaceful manners – though most major protests in the 21st century, both in the Westeren and Eastern world, have fallen on deaf ears with no resulting consequence in political standing, you should never resort to violence.
Take a solid stance for your beliefs and opinions.
Thank you for reading.
https://www.aclu.org/documents/surveillance-under-usapatriot-act
https://assembly.coe.int/nw/xml/XRef/Xref-XML2HTML-en.asp?fileid=21583&lang=en
https://pure.royalholloway.ac.uk/ws/files/33074422/2018HoylandJGPhD.pdf
https://arxiv.org/abs/1907.12762
Notes:
This post was made to express my opinions regarding privacy.
Please keep personally identifiable information out of the comments section.
Leave a Reply