‘Perfect privacy’? In Internet communication, that doesn’t exist
by Devin Coldewey, NBC News
Your communications are private — mostly. Your next-door neighbor can’t hear you send an angry email or a saucy text, and even talking on a cellphone is more secure than using the century-old tech in a landline telephone. But when it comes to keeping a lid on the details of your communication — who you communicate with, and when and how you do it — perfect privacy just isn’t attainable.
In the wake of the NSA spying scandal, and the subsequent closure of two notable “secure” email services, even privacy experts seem to have given up.
“Our computing and communications infrastructure is fragile,” Seth Schoen, the Electronic Frontier Foundation’s senior staff technologist, told NBC News. “And people who want to spy on us have made it their business to understand the vulnerabilities and to figure out how to exploit them.”
Security comes of age
Early on, emails and Web correspondence sent over Wi-Fi or other unsecured networks could be snatched out of the air by anyone in range and assembled into the message you were sending. As online banking and commerce — and dating — took off, security started catching up.
Encrypted connections, both to the wireless router in your home network and to servers around the Internet, started becoming more familiar. If you were buying something on Amazon, a snooper at the cafe or someone lurking in the virtual depths couldn’t tell you were doing it. If anybody saw any data, it would be undecipherable to them.
But even this wasn’t fully secure. If a site didn’t have a secure socket layer (SSL) connection, denoted by the HTTPS in the address, hackers could scoop up your content. And if you couldn’t trust the company which hosted the HTTPS site, all bets were off.
So a new, even higher level of protection emerged, known as “end-to-end” encryption. It’s what it sounds like: Only you and the recipient of your message can decode the data. An email sent with this level of protection would be unreadable even by the service that hosted it.
For some, this is sufficient: “It works well. If you have good operational security, you’re fine,” security technologist Bruce Schneier told NBC News. “But between the theory and the reality, it’s harder. It doesn’t matter how good your encryption is if I put a Trojan on your computer.”
When ‘secure’ isn’t secure
Even without hackers meddling with your PC, some of the data in an end-to-end secure transaction is never completely obscured: the messaging metadata — the addresses, so to speak — that tell the Internet’s postal service where to deliver the packets.
“Someone spying on you can still figure out a lot from your location, the timing and volume of your communications, and who you communicated with,” said Schoen.
It’s for this reason that Silent Circle (and possibly Lavabit) both recently announced that they would be exiting the secure email business. As Louis Kowolowski, technical operations manager at Silent Circle, wrote in a blog post in answer to the question, “Why can’t email be secure?”:
“If your goal is to not have metadata leakage in your otherwise secure communications, you may wish to avoid email altogether. Email leaks the information about who is communicating, and how often. This information may be just as damaging as the content of the email. For example, a freedom fighter working in an oppressive country, trying to get the word out.”
But you probably didn’t use Lavabit or Silent Circle. You, for example, probably use Web-based email service, one like Gmail. It seems reasonably secure because your emails all live on a server somewhere behind powerful firewalls, and no one can look in — except, of course, Google.
And Google does look, with advertising bots that can tell you’re emailing about a trip to Bali and show you ads for hotels there. But Google, like other cloud service providers, also may scan for child pornography or keywords like “ricin” or “assassination.”
What Google knows, it is obligated to share with law enforcement given a warrant or some other legal justification. What the NSA revelations have shown us is that plenty of different justifications can (and will) be used to gather information.
No more secrets
So if even the people in the secure email business are saying email isn’t secure, what is?
It sure isn’t mobile phones. GSM and CDMA — phone technologies used in the U.S. — both encrypt the digital audio of your conversation, but it’s decrypted once it hits the telephone network, and hackers or law enforcement can intercept it at any number of places. And besides that, whether you’re being tracked by cell towers or eavesdropped by voice command bots, there are plenty of known privacy leaks in today’s smartphones.
Some leaks are even features. “Google’s new phone listens to you 24/7,” said Schneier, referring to the Moto X. “Does that sound like a good idea?”
If you want privacy while talking on the phone, you’ll need to get off the voice network and use encrypted data instead; apps like Silent Voice create an end-to-end encrypted channel between two phones, but both sides have to have the app — and at $120 a year, that’s a tough sell for some.
The same thing goes for online voice and video chatting. Skype was once renowned for being friendly to the security-conscious, but since its purchase by Microsoft in 2011, the service has failed to assure its users that it still has the same commitment to confidentiality.
Apple boasts of end-to-end encryption for FaceTime, saying that “no one but the sender and receiver can see or read them.” The company adds it doesn’t “store data related to customers’ location, Map searches or Siri requests in any identifiable form.” What doesn’t it say? That it stores other metadata associated with the session.
“When you connect to your friend, you’re relying on Apple to connect you. They’re like the phonebook,” Christopher Soghoian, technologist and analyst for the ACLU, told NBC News. “Apple occupies a trusted position in that ecosystem, and what you really want is a system where users don’t have to trust any company.”
The same metadata conundrum vexes Apple’s iMessage, and third-party messaging services like SnapChat and WhatsApp. BlackBerry Messenger was an early precursor to these, providing end-to-end encryption to businesses exchanging sensitive data. Governments around the world demanded access to these confidential communications, and RIM, to its credit, publicly fought such requests. But even with BBM there’s a trail of metadata.
Services that don’t rely on middlemen like Apple and BlackBerry are being developed; WebRTC is one that could potentially allow secure communications between any two IP addresses, without the need to consult a central directory.
‘Not a technical problem, a legal problem’
The solution may be out there, but we may be looking in the wrong places. Is it reasonable to expect privacy from a company like Google, which makes money selling ads based on tracking everything you do online?
“I’m not saying Google is evil — they’re not,” said Soghoian. “But they’re an advertising company. The wolf is providing the tools to the sheep.”
Schneier concurs: “There’s a lot of tech you can bring to bear — but remember, the business model of the Internet is surveillance.”
He suggests the solution does not lie in a technological breakthrough or even simple consumer awareness. “This is not a technical problem,” he said. “This is a legal problem.”
It’s been just a few months since the NSA revelations began shifting the debate on security away from paranoiacs and cautious journalists to everyone who uses the Internet. We may not see the results of that for years, as individuals, companies and regulators update their definitions and expectations of privacy.
What can you do in the meantime? A few downloads and settings can help you keep a lower profile, but until the next generation of privacy tools hits, your best bet for a confidential conversation might be at a quiet bench at the park.