No encryption? How very rude

is a former intel­li­gence officer for MI5, the UK Secur­ity Ser­vice, who resigned in the late 1990s to blow the whistle on the spies’ incom­pet­ence and crimes with her ex-partner, David Shayler.
13 Apr, 2015 04:36 / Updated 10 years ago

In the post-Snowden era, what is the etiquette for protecting your privacy and that of others?

It struck me today that when I email a new contact I now reflexively check to see if they are using PGP encryption. Happily, a surprising number are doing so these days, but most people would probably consider my circle of friends and acquaintance to be eclectic at the very least, if not downright eccentric, but then that's probably why I like them.

There are still alarming numbers who are not using PGP though, particularly in journalist circles. I have to admit that when this happens, I do feel a tad miffed, as if some basic modern courtesy is being breached.

It's not that I even expect everybody to use encryption - yet - it's just that I prefer to have the option to use it and be able to have the privacy of my own communications at least considered. After all I am old enough to remember the era of letter writing, and I always favoured a sealed envelope to a postcard.

And before you all leap on me with cries of "using only PGP is no guarantee of security..." I do know that you need a suite of tools to have a fighting chance of real privacy in this NSA-saturated age: open source software, PGP, TOR, Tails, OTR, old hardware, you name it. But I do think the widespread adoption of PGP sets a good example and gets more people thinking about these wider issues. Perhaps more of us should insist on it before communicating further.

Why is this in my mind at the moment? Well, I am currently working with an old friend, Simon Davies, the founder of Privacy International and the Big Brother Awards. He cut his first PGP key in 2000, but then left it to wither on the vine. As we are in the process of setting up a new privacy initiative called Code Red (more of which next week) it seemed imperative for him to set a good example and "start using" again.

Anyway, with the help of one of the godfathers of the Berlin cryptoparties, I am happy to report that the father of the privacy movement can now ensure your privacy if you wish to communicate with him.

I am proud to say that my awareness of PGP goes back even further. The first time I heard of the concept was in 1998 while I was living in hiding in a remote French farmhouse in central France, on the run from MI5, with my then partner, David Shayler.

Our only means of communication with the outside world was a computer and a dial-up connection and David went on a steep learning curve in all things geek to ensure a degree of privacy. He helped build his own website (subsequently hacked, presumably by GCHQ or the NSA as it was a sophisticated attack by the standards of the day) and also installed the newly-available PGP. People complain now of the difficulties of installing encryption, but way back then it was the equivalent of scaling Mount Everest after a few light strolls in the park to limber up. But he managed it.

Now, of course, it is relatively easy, especially if you take the time to attend a Cryptoparty - and there will be inevitably be one happening near you some place soon.

Cryptoparties began in late 2012 on the initiative of Asher Wolf in Australia. The concept spread rapidly, and after Snowden went public in May 2013, accelerated globally. Indeed, there have been various reports about the "Snowden Effect". Only last week there was an article in the Guardian newspaper saying that 72 percent of British adults are now concerned about online privacy. I hope the 72 percent are taking advantage of these geek gatherings.

The US-based comedian, John Oliver, also recently aired an interview with Edward Snowden. While this was slightly painful viewing for any whistleblower - Oliver had done a vox pop in New York that he showed to Snowden, where most interviewees seemed unaware of him and uncaring about privacy - there was a perceptible shift of opinion when the issue of, shall we say, pictures of a sensitive nature were being intercepted.

Officially this spy programme is called Optic Nerve, an issue that many of us have been discussing to some effect over the last year. In the Oliver interview this transmogrified into "the dick pic programme". Well, whatever gets the message out there effectively.... and it did.

We all have things we prefer to keep private - be it dick pics, bank accounts, going to the loo, talking to our doctor, our sex lives, or even just talking about family gossip over the phone. This is not about having anything to hide, but most of us do have an innate sense of privacy around our personal issues and dealings and this is all now lost to us, as Edward Snowden has laid bare.

As I have also said before, there are wider societal implications too - if we feel we are being watched in what we watch, read, say, write, organise, and conduct our relationships, then we start to self-censor. And this is indeed already another of the quantified Snowden effects. This is deleterious to the free flow of information and the correct functioning of democratic societies. This is precisely why the right to privacy is one of the core principles in the 1948 Universal Declaration of Human Rights.

Lessons had then been learned from the Nazi book burnings and the Gestapo spy state, and privacy was recognised as a pre-requisite of open democracy. Yet now we see senior and supposedly well-informed US politicians calling for the modern equivalent of book burnings and failing to rein in the global abuses of the NSA.

How quickly the lessons of history can be forgotten and how carelessly we can cast aside the hard-won rights of our ancestors.

Edward Snowden, at great personal risk, gave us the necessary information to formulate a push back. At the very least we can have enough respect for the sacrifices he made and for the rights of our fellow human beings to take basic steps to protect both our own and their privacy.

So please start using open source encryption at the very least. It would be rude not to.

Annie Machon for RT

The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.