The revelations about the scale of NSA snooping on everyone’s information and communications and storing that information to be used against you has spawned interest in how to combat it.
The Electronic Frontier Foundation has published a list of ten steps that anyone can take that will make their computer data more secure. To be honest, even though I have been writing about these things, the only precautions I take are #7 and #8 in the list. I have been thinking of using PGP encryption but when I look into it, there seem to be a lot of options and I am not sure which ones are safe and secure to use. Can readers recommend a good source for the PGP software plus a good tutorial on how to use it? And for any of the other recommendations on the list too.
Meanwhile, Cory Doctorow writes of several clever ways to combat the government. Consider the infamous National Security Letters that not only demand that you hand over any information you have in your position to the FBI but forbids you from telling anyone that you were asked to do so, even your lawyer or the person about whom information was requested, under the threat of severe punishment.
Librarians (a group of people whom I greatly admire) were among the first groups to raise the alarm and protest the NSLs because the government could demand that they hand over library patron information and prohibit them from telling the patron what information had been asked for or even that their records had been snooped on. Librarians felt that this violated the trust they had with patrons and was a violation of their ethics. Of course, the government has little concern about ethics in their drive to acquire people’s private information.
But according to Doctorow, one librarian had an idea.
Jessamyn West, a radical librarian, conceived of a brilliant solution, a sign on the wall of her library reading “THE FBI HAS NOT BEEN HERE (watch very closely for the removal of this sign).” After all, she reasoned, if the law prohibited her from telling people that the FBI had been in, that wasn’t the same as her not not telling people the FBI hadn’t been in, right?
Doctorow says that this gave him an idea for a system modeled on the ‘dead man’s switch’, where it is the absence of an action that triggers the alarm.
This gave me an idea for a more general service: a dead man’s switch to help fight back in the war on security. This service would allow you to register a URL by requesting a message from it, appending your own public key to it and posting it to that URL.
Once you’re registered, you tell the dead man’s switch how often you plan on notifying it that you have not received a secret order, expressed in hours. Thereafter, the service sits there, quietly sending a random number to you at your specified interval, which you sign and send back as a “No secret orders yet” message. If you miss an update, it publishes that fact to an RSS feed.
Such a service would lend itself to lots of interesting applications. Muck-raking journalists could subscribe to the raw feed, looking for the names of prominent services that had missed their nothing-to-see-here deadlines. Security-minded toolsmiths could provide programmes that looked through your browser history and compared it with the URLs registered with the service and alert you if any of the sites you visit ever show up in the list of possibly-compromised sites.
This would make for an interesting legal case. Could someone be prosecuted for setting up such a system and thus alerting, by inaction, that they received a national security letter? Because if you set up such a system and do receive such a letter, then the only way to prevent that fact from becoming known is to tell a falsehood, that you had not received a letter. It is one thing for the government to tell someone that they cannot reveal a truth. But can the government compel you to tell a lie in order to be compliant with the law?