Log in

No account? Create an account
Trevor Stone's Journal
Those who can, do. The rest hyperlink.
Keeping Communication Private Over Hostile Networks 
23rd-Jun-2013 11:24 am
According to additional details from Snowden leaks published by The Guardian, GCHQ, the UK's counterpart to the NSA, is wiretapping all or most transatlantic cables which terminate in Britain, i.e., most traffic between Europe and the U.S.

In a sense, this sort of traffic interception is well-known in Internet security, though the scale is new. Internet traffic often travels over untrusted links, from coffee shop WiFi to backbones owned by hostile governments. Good network security design doesn't try to ensure that every step your packet takes is secure. Instead, it focuses on end-to-end security of the data, such as encrypting the transmission and requiring authentication to access hosts. Intercepts can still learn what nodes are communicating (metadata like "you went to a Google web page"), but not the content of the transmission (like the budget spreadsheet you're editing).

Given news and leaks about spy programs in the last several years, we should assume that any internet traffic is monitored. Use https (the secure web protocol) whenever possible, and complain to websites that don't support https. Assume that a government spy agency can intercept any email you send, though emails with sender and recipient on the same system (e.g. gmail to gmail) may be safe. Unfortunately, email encryption like GPG isn't easy to use for most people. For secure communication, consider using an authenticated online document editor from a company you trust, like Google Docs or Office 365. Share the document with a generic title (like "Conversation with Bob, 2013-06-22") and type your message. I believe this approach is more robust to intercept-style snooping than email or phone conversations. However, a saved document (like an email) can be subpoenaed in an investigation or court case and can be read by anyone who gets your account credentials, like a hacker or a spy agency that installed a keylogger on your account.

The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to "selectors" – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is "content", such as recordings of phone calls or the substance of email messages. The rest is metadata.
GCHQ taps fibre-optic cables for secret access to world's communications, The Guardian, 2013-06-21
This page was loaded Oct 23rd 2018, 8:40 am GMT.