Few options for avoiding web surveillance
Crosstalks panel explores privacy and anonymity on the internet
If you’re seeking anonymity or privacy on the web, there are no guarantees. Even the best available anti-surveillance tools are not perfect, say two computer science researchers from KTH Royal Institute of Technology.
Appearing on the June 3 edition of Crosstalks , Gerald Q. Maguire Jr., Professor of Computer Communication, and Stefan Nilsson, Associate Professor, said that while secure messaging is still possible, the notion of internet anonymity is basically fiction.
Anonymity tools such as the increasingly popular Tor browser provide “pseudo anonymity”, Maguire says.
“This sense that people have that it offers any anonymity is largely fictitious,” he says. “If you’re doing it online and someone has the technical means and the interest, there is basically nothing that you can do that isn’t going to be observed – and isn’t observable – from a technical point of view.
“Whether they’re going to waste time observing you or doing anything with that data is a completely separate matter,” he adds.
Maguire and Nilsson were joined by a panel that included Tor Project Executive Director Andrew Lewman; hacker-author Eleanor Saitta, the Technical Director at the International Modern Media Institute, and Stockholm University law and IT researcher Daniel Westman.
Lewman however stands behind Tor’s technology. “We have 15 years of research that shows that Tor does work”, he says, adding that the Tor Project has been informed by national intelligence agencies that the software has been impenetrable. “It works so well that they’re angry.”
Nilsson, who has been blogging on the revelations from NSA contractor Edward Snowden, says he agrees with Maguire. “Real anonymity is almost impossible”, he says. But Nilsson points out that the spy agencies must spend more time and money on surveillance of Tor users.
“They have to spend a lot more effort to do it and they can’t do it for many people,” Nilsson says. “It does make a difference, but there is no such thing as absolute anonymity on the net, ever.”
Maguire stresses that there is a distinction between anonymity and secure communication. A data encryption technique known as one-time pads still offers the best protection for those seeking to keep their communication private, but can be costly. “You essentially have perfect security”, he says, “but not anonymity.
“Anonymity is something very different. The path (the message) takes can be anonymised, and made more difficult; but … if you communicate for any significant period of time, it’s going to be found out who you are communicating with.”
Even encryption can’t guarantee privacy 100 percent, since the security relies on a key that could possible fall into the wrong hands.
“If you’re willing to put enough effort into it, you can increase the effort that someone has to go to … to the level at which they have to break into your machine either electronically or physically.” Maguire says. “But you also have to accept that basically if you write it, it’s forever. And there is a pretty good chance that if someone’s determined enough, they’re going to get it. So is it worth the risk or isn’t it?
“As they say, don’t do the crime if you can’t do the time.”
Lacking the content of your messages, it may be enough for a spy agency to collect metadata, Nilsson adds. “Collecting metadata is in fact mass surveillance”, he says. “When you think about it, (metadata) is actually who talked to whom, who was at the same place as someone else at the same time – that’s almost exactly the definition of surveillance.
“Without even looking at what people are saying, you get a lot of information.”
And there’s no end in sight to the amount of metadata being collected, especially in the US, where a massive government data centre is being built in Utah, Maguire says. “The easiest thing is, we don’t know what’s important now, so why not just store everything?” he says.
“Storage is cheap”, Maguire says. “So you have to go about life believing that essentially if you write it down, if you communicate it, even if you communicate it near a person with a cell phone or a microphone on their computer, or even the physical phone on their desk, it is probably being listened to and you should act as though it is.”