CryptoParty is a decentralized, global initiative to introduce basic cryptography tools – such as the Tor anonymity network, public key encryption (PGP/GPG), and OTR (Off The Record messaging) – to the general public.
Now you may be asking yourself, “Why does the general public need encryption?” The “why” of it all could yield a series of articles stretching from now until my digits have become worn to bloody nubs. Since that is not our intention here we will focus on just a few examples. See if you can identify why you’ll want to guarantee your online privacy even if, as the old privacy-invasion myth goes, “you’re not doing anything wrong, so you don’t have anything to hide.”
Put quite simply, data retention is the storage of digital communications for later analysis. Data Retention in itself is nothing new and many ISPs have engaged in the practice for some time now. However, what has become alarming recently is the prevalence of government policies (usually administered by spy agencies like the NSA and FBI) that compel service providers to turn over your data, and the ease in which they are able to do it. According to the Electronic Frontier Foundation, a non-profit organization dedicated to defending digital rights, “Law enforcement agencies throughout the world are pushing for invasive laws that force Internet Service Providers (ISPs) and telecom providers to continuously collect and store records documenting the online activities of millions of ordinary users… Government mandated data retention impacts millions of ordinary users compromising online anonymity which is crucial for whistle-blowers, investigators, journalists, and those engaging in political speech. National data retention laws are invasive, costly, and damage the right to privacy and free expression. They compel ISPs and telcos to create large databases of information about who communicates with whom via Internet or phone, the duration of the exchange, and the users’ location. These regimes require that your IP address be collected and retained for every step you make online. Privacy risks increase as these databases become vulnerable to theft and accidental disclosure.”
Utah Data Center
We would not waste your time with some half-baked conspiracy nonsense. We are focusing on examples of well documented data retention that affects everyone. Certainly the most glaring example for the U.S. would be the Utah Data Center. The NSA facility features servers with storage capabilities that can be measured in yottabytes of data. The yottabyte is equal to one quadrillion gigabytes.
According to an April 2012 Wired article, “[F]or the first time since Watergate and the other scandals of the Nixon administration the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes. Finally, the agency has begun building a place to store all the trillions of words and thoughts and whispers captured in its electronic net. And, of course, it’s all being done in secret. To those on the inside, the old adage that NSA stands for Never Say Anything applies more than ever.”
Deep Packet Inspection
As your computer communicates on the internet the data is transferred in units known as packets. These packets contain information on the sender and receiver of the data, as well as the data being transferred itself. Deep packet inspection allows the contents of these packets to be read.
Earlier in February, British Parliament announced plans to step-up its online surveillance. According to RT, “The report said the surveillance regime would function on deep packet inspection, a monitoring method that lets an individual who intercepts data to search its contents. Though the project is still in draft form, the committee generally rejected critics’ claims that it would constitute an oppressive domestic spying program, saying that without such new security measures, rapidly developing technologies would soon have a serious impact on the intelligence and security agencies.”
In fact, some ISPs have taken it upon themselves to implement some rather intrusive policies themselves, well ahead of government coercion. This month also saw Australia’ s Telstra announce its plans to utilize deep packet inspection to throttle back speeds for users it suspects of p2p file sharing. Telstra has a history of sending notice to users it suspected of engaging in the practice and is a vocal advocate for copyright enforcement.
While there are those who would argue that anonymity on the internet breeds nothing but hate speech and trolls, there is a side they seem to miss. There has been a serious push post-9/11 to censor certain types of speech. We aren’t talking hate speech, that stuff is protected by the first amendment so groups like Westboro Baptist are here to stay. No. It’s the whistle-blowers and the outspoken critics of ruling class oppression and our ongoing “war on an emotion” that have been increasingly targeted. You’ll note that the FBI monitored Occupy Wall Street activity and was quite ready to label them “domestic terrorists” if need be. When the State takes away someone’s right to speak anonymously, they are essentially taking away that right to free speech. The moment someone has to consider being a target of government surveillance and harassment to speak their minds, the First Amendment isn’t worth the parchment it was written on.
“The right to personal anonymity, pseudonymity and privacy is a basic human right. These rights include life, liberty, dignity, security, right to a family, and the right to live without fear or intimidation. No government, organization or individual should prevent people from accessing the technology which underscores these basic human rights.” ~The Cryptoparty Manifesto
So what we are offering is a solution, right? No. What the Cryptoparty offers is protection. While encryption can be broken, and there is no such thing as being bulletproof on the internet, you can reduce your own personal risk. I have had people ask me, “If encryption can be broken, what’s the point of all this?” Well, someone can pick the lock on your door but I bet you don’t leave it unlocked because of it. The government agencies and ISPs who are instituting this surveillance are aware of the threat groups like the Cryptoparty pose to their efforts.
“[E]ncryption is a very widely used tool by people who communicate via internet. And actually that’s going to make the kind of inspection of the communications that we have very difficult for the government and the internet service providers, who are going to be asked to gather all of this information,” says Emma Carr, of Big Brother Watch, a civil liberties and privacy advocate group.
So what we plan to do in this series of upcoming articles is to provide you with the tools needed to provide an adequate layer of protection while communicating digitally. Whether you wish to secure your computer, smartphone, or tablet we will be showcasing and providing tutorials for installing and using these tools.