Today in Fake Privacy News
I heard the last bits of this NPR piece about a "Technical Fix for Illegal Snooping" the other morning, and it really made me pretty angry.
They're praising some company selling proprietary software which automatically logs the IP address of a searching web client, which will clearly prevent illegal searches, since they'll be traceable to the system used to perform the search. Accountability does not equate to prevention, it equates to increased risk.
They used Tom Brady as the example case. Evidently there were a bunch of frivolous searches against the Giant Federal Hive Mind Database for Brady info, does he own a gun, where does he live, blah blah blah. (as of last October, he had a penthouse in NYC and before that, lived here. Not very hard, I don't need to be in the CIA to do that).
There are a few shocking things about the piece. The implicit admission is that there is no logging on queries on the current system. This means that whatever default logging the solution provided must have been turned off. In any case, the logs spit out by New System aren't likely to be reviewed, they're likely to be compressed, maybe encrypted, archived and forgotten. What bothers me is that they say such searches are "Not Possible" under the new system, because it logs. The searches can still be performed, there will just be a paper trail. Call me jaded, but that doesn't fill me with a sense of the warm-fuzzies.
But the things that got to me were that they were targeting frivolous searches by random nobodies against famous people. They weren't talking about the invasive searches against regular people's email and telecom traffic data.
For the kind of "data mining" that really affects most people, I don't care how much logging their is on the back end, if your email and web traffic is encrypted, and your traffic is anonymised, they won't be able to search it out of a massive database. I don't want to trust in Federal logging to protect my data against illegal search and seizure by Federal agents.
From the article:
"For example, right now it is perfectly legal, without question, for the government to collect every telephone call, every e-mail, every communication in the world — as long as it can claim credibly some part of the communication contains a person outside the United States," says Fred Cate, the director of the Center for Applied Cybersecurity Research at Indiana University. "And that's a problem."
The single word answer for the government collecting every email is "Crypto", the two word answer is "Free Crypto". If they're going to collect every mail, we should encrypt every mail. There's no reason we shouldn't, the tools are there, and the tools are completely free.
Remember kids, only you can protect you, encrypt and obfuscate and be vigilant of your own info security footprint.