Posted by Brian O. on Sep 2, 2014
Whenever people are writing about cybersecurity and government programs that negate any inherent right to privacy, Orwell’s 1984 almost inevitably comes up, and with good cause. The unblinking eyes of Big Brother are a great symbol for vastly over-reaching NSA programs such as PRISM. But there is another, lesser known (though not obscure) essay by Orwell that I think does a better job explaining, if not serving as a stand-in for, the reason why as a country we have abrogated many of our privacy rights.
Posted by Brian O. on Aug 26, 2014
Here at the Privacy Post, we’ve talked a lot about how SpiderOak and its ‘Zero-Knowledge’ philosophy can protect your small business. Rightfully so, too: small business is at the forefront of the cybercriminal assault, as hackers try to probe for weaknesses in order to gain corporate or customer data. Additionally, depending on your kind of business, you may be served a subpoena forcing you to compromise client information- with SpiderOak, you can help to be protected from that.
But the benefits of ‘Zero-Knowledge’ go beyond the business world. We live in an era of massive sharing, where seemingly every thought has to be instantly filtered through social media, and where many of us willingly give up our privacy. This is of course a personal choice, but even those who share every thought on Twitter have the right to decide what is public and what is not. The same goes for the rest of us. Simply abrogating our privacy in one arena does not give anyone the right to arrogate it to themselves in another. That’s where SpiderOak comes in.
Understanding ‘Zero-Knowledge’ And the Individual
‘Zero-Knowledge’ is both the philosophical and technical underpinning of the SpiderOak data storage system. Basically, when you upload your information into its secure cloud-based servers, it comes to SpiderOak as encrypted data, nothing but strings of numbers and symbols. This can only become unencrypted with a key, which only you have. SpiderOak never is able to see your data as plaintext, and neither is anyone even if they are able to break into our system. If our records are subpoenaed, we can only turn over encrypted data. Our clients would have to be served with individual warrants in order to turn over their encryption key.
It’s not that we think your stuff isn’t worth looking at- we’re sure it is all fascinating- it is just that we believe that you have an absolute right to decide what you want shared and what you don’t. And SpiderOak helps to give you that choice, and strengthen that right.
That shouldn’t be revolutionary, but it is unfortunately unusual. After all, we live in a world where NSA staffers would frequently pass around compromising photos they found. Not because the people whose pictures they saw were charged or even suspected with anything, but because boredom and a sense of entitlement is a dangerous combination. We don’t want anything to do with such a violation, and ‘Zero-Knowledge’ ensures that.
Your information, your privacy
We know what businesses want to keep private. What about you? What does the individual have to guard? It can be anything.
These categories obviously all encompass a lot, but the heart of it is: anything you wouldn’t want other people to see or to get out in the public, for either personal or financial reasons (or any other).SpiderOak also allows easy access to all your information, with an intuitive, user-friendly system. It’s your information, and we want you to be able to access it.
But why, you might think, do you need this? After all, it is unlikely you’ll be issued a warrant, and don’t most hackers only care about business? It’s possible on your normal data storage to send something incorrectly, to attach a document you didn’t want, to open up your computer to malicious bugs or people, who will broadcast your personal information. Some people just like to cause trouble.
The point is that we live in a world where the accidental release of your information- whether through error or malice- is not just possible, but more plausible than ever before. You want to store your private data somewhere private, like SpiderOak. Our ‘Zero-Knowledge’ philosophy extends to you, but it also lets you know one thing for sure- our cloud-based encrypted data security system will keep your information private.
Posted by Brian O. on Aug 20, 2014
Not knowing something is rarely considered a good thing, outside of certain circles and political parties, and not even being curious enough to know things is considered even stranger. Our thirst for knowledge and our insatiable curiosity are a large part of what makes us human, and what drives innovation. No one has ever been inspired by the person who, seeing a problem, looks up and boldly shrugs his shoulders.
But there is an area in which zero knowledge is key: your privacy. Whether you are concerned with your personal information or the secrets and data of your small business, you want to know that the legions of hackers, snoops, spies, criminals, adversaries, and just plain bored but clever teens don’t have access to your information. You want them, and really, everyone other than yourself, to have zero knowledge of your personal and private data. And that’s what makes SpiderOak different than the other cloud storage services out there. Different enough to be endorsed by the most famous privacy advocate in the world.
Posted by Brian O. on Aug 20, 2014
Everyone knows the expression “canary in a coal mine”, and its use as a metaphor. Back in the old days, in addition to explosions, cave-ins, floods, equipment collapse, head-busting Pinkerton thugs, etc, miners had to worry about carbon monoxide poisoning. They’d have a canary down in the mine with them, and if it stopped chirping, due to a condition bird experts recognize as “being dead”, miners would recognize that it had been poisoned by a carbon monoxide leak, and they’d flee (birds, it seems inhale more than humans, making them more susceptible, though why there was a specific anti-canary animus is a question I don’t have the moral courage to investigate).
This is what passed for safety regulations back in the day, and while it was imprecise, if was potentially effective, especially given the lack of regard for their safety the miners faced on a daily basis. In the face of such reckless indifference to their basic rights, things had to be improvised.
In the same way, information companies have started to implement what are called “warrant canaries”. These are backdoor alerts to let users know that the government has issued to the company a secret subpoena for their user information. The trick here is that you are not allowed to tell your users that the government has issued this (otherwise it wouldn’t be a secret).
So what companies, including SpiderOak, are doing is to set up a page or an alert letting you know that everything is all right, that the canary continues to chirp. This means that they haven’t been issued a secret subpoena. There’s nothing against saying that you haven’t had asked to open up user data to any security service. And then, if you are issued a warrant, the page changes of goes down. The canary is dead, and users will know that their information has been potentially compromised.
SpiderOak explains their decision in an excellent post over at our companion blog. The way that the page is set up is that it contains a bit of timely news (a less-bleak cousin of the hostage holding up the current newspaper) so that you know when it has been updated. SpiderOak plans to update every six months, because that is about the time it would take to challenge a warrant and make sure it is legal. Falsely killing the canary could lead to the end of the business. Even if it doesn’t, you don’t want to set false panic, and have everyone running out of the cave, before finding out that the canary died of natural causes.
The page can only be updated if all three “signatures” agree, as you can see at the top of the page. The procedure is significantly more complicated than that, which befits its importance, and the SpiderOak blog does an excellent job explaining it.
Backdoor Privacy Measure or Subversion?
Let’s stipulate few things.
So the question is, do warrant canaries effectively undermine intelligence agencies and the government at the risk of security? Or are these warrants so broad and all-encompassing that they cross the line into a subversion of our ideas about self-government? Don’t canaries also tip off the bad guys?
My answers to these, which might not be yours, are 1) yes to the undermining, basically no to the risk; 2) absolutely, and 3) probably, but that isn’t as dangerous as it might sound. Here’s the thing: any radical or terrorist group figures that they are being monitored at all times. Indeed, paranoia is, if not the essential ingredient, at the very least an inherent element to any underground group. That’s why the outcry that met Edward Snowden’s revelations, the “now our enemies know what we’re doing”, rang so false. These guys already knew. That’s why they speak in code.
We have a right to know what is being done in our name. The argument that “if you have nothing to hide you shouldn’t be worried” is absurd, and an essential abdication of rights. It’s the same sort of argument that sniffed how coal miners should be happy they have jobs, and shouldn’t complain about the constant risk of death or maiming.
Coal needed to be dug. Security services need to be able to collect information. But the same lack of restrictions that allowed mining organizations essential control over the blinkered lives of the workers is allowing unelected groups like the NSA vast power over our lives. Privacy groups are still the canaries, letting us know what is going on in the black, impenetrable walls stretching silently past the reach of our lamp’s dim glow, letting us know what noxious fumes are seeping unseen.
Posted by Brian O. on Aug 13, 2014
There’s an insanely fun and addictive nonsense website called hackertyper.net. Basically, it sets up a black, old-time looking DOS-type screen, and all you have to do is bang on the keyboard and a string of code-looking green letters comes up. It looks exactly like what “hackers” would do in movies from the 1990s, or, really, still today. You can pretend you’re a classic hacker, furiously typing code and breaking into the mainframe- “I’m in!” is something you’re likely to yell out, if you’re me, to an empty room.
Posted by Brian O. on Aug 12, 2014
Capitalism is not necessarily a zero-sum game. There are always winners and losers, but the system in and of itself is not inherently designed to force choices in terms of results. What it does do, however, is force people within it to choose priorities. It becomes a question of who is entitled to what, given the finite nature of resources. A classic example of this is water rights. Take, for example, Las Vegas and Imperial County both needing water from the Colorado River and Lake Mead to survive- and this is especially pertinent, as Lake Mead is drying out.
Posted by Brian O. on Aug 6, 2014
It was reported on Tuesday that a Russian Hacker Gang has accumulated over 1.2 billion pieces of ID data– usernames, passwords, credit card information, and other means of personal identification in cyberspace. This was discovered by a Milwaukee-based firm called Hold Security, who then shared their information with the New York Times. The New York Times then hired an investigator of their own to confirm it and spent most of Tuesday putting the news on their front page.
It is shocking news, to say the least. The data stolen is linked to over 500 million email addresses, and according to PC Mag, it was stolen by one Russian gang of maybe a dozen members operating out of one city. The revelation fully emphasizes the epic global reach of cybercrime and how it can tentacle its way into more lives than the master thieves of the past could ever dream of. Even Bernie Madoff would shake his head at the audacity.
The weight of the NSA
The second factor is most important. Think of the amount of data the NSA collects– according to an article in The Daily Beast, quoting Glenn Greenwald, “A top-secret chart in Greenwald’s book displaying ‘Current Volumes and Limits’ for data storage shows that the agency collected upwards of 20 billion ‘communications events’ per day in 2012, the vast majority of which were stored in various databases.”
20 billion “events” per day is incomprehensible gibberish– something most of us are entirely unable to wrap our minds around. This leads us to shut off, ignore it entirely, or dismiss it as a problem far too vast to even think about… not to mention change. It’s like being handed a huge oil-drum of uncooked rice and being asked to arrange them by length. Knowing where to start is almost enough to break your brain.
But we do know where to start– and that’s to understand that when it comes to crime or to over-aggressive security agencies, you can’t think of huge numbers. Instead, you must think of the smallest number possible: one. You can be impacted, and most likely already have been. It’s time to take action to protect your security– you must demand it from those you trust with your important information. Do not passively allow your privacy to be taken away.
Posted by Brian O. on Jul 29, 2014
Senator Patrick Leahy (D-Vermont) has interests outside of government, which for an institution so hidebound and insular marks him as something of a radical. One of his great loves is Batman, a passion for which has led to a couple of cameos in The Dark Knight and The Dark Knight Rises. In the former, he was menaced by Heath Ledger’s Joker at a fund-raising party for Harvey Dent, the crusading District Attorney looking to change Gotham’s relationship with crime. It isn’t just that the city was plagued by it, but that the citizens expected it. They were inured to crime, and to corruption, and didn’t think anything could change. Dent wanted to make them change their minds.
It’s a bit of a stretch to compare Sen. Leahy to Dent, or to the Batman- for one thing, he doesn’t talk in a ridiculous voice- but he is trying to do the same thing with government surveillance that Dent and Bruce Wayne wanted to do with crime- curb it, drag it into the light, and alter the perception we have about our inherent right to privacy.
Posted by Brian O. on Jul 25, 2014
In the introduction to Milan Kundera’s Book of Laughter and Forgetting, the great Czech author tells the story of when Communism came to Prague. The new leader was giving a stirring speech in Wenceslas Square in the winter, ushering in a new age (what Kundera didn’t know at the time, but as a contemporary reader we know now, that same square is where the incomparable Vaclev Havel would send out Communism with the same kind of laughter). It was a cold winter, and one of the new leader’s aides was so moved with love and concern for the leader that he gave him his hat. A photograph was taken of the speech.
Well, as so often happens, political tides shifted, the aide fell out of favor, and was removed- not just from life, but from history. Photos of that moment were doctored to remove him. He became a non-entity; he had existed, but his past was changed so that he was always an enemy. However, his hat was still there. He couldn’t be erased entirely- and that furry Middle European cap was a testament through the ages.
Posted by Brian O. on Jul 23, 2014
There’s always been a strain in human thought, social creatures that we are, that a higher calling would be a life of solitude. From Byzantine holy men like Simon Stylites sitting on raised platforms for years at a time trying to commune with God, to not-anywhere-near-as-ascetic pond-wanderers like Henry David Thoreau and those who followed, misinterpreting his message of solitude, we’ve always been fascinated by those who strike out on their own.
Of course, these days, that seems impossible. Even if you stake out land in the middle of nowhere, like if you were to buy a town in the Badlands of South Dakota, you’d still be able to be found, and would probably still be connected. You could be spotted on Google Maps and plugged into a navigator. You’d have tax records, business licenses- everything that makes us part of modern society.