The most serious threat to your digital privacy

Celine's First Law:

National Security is the chief cause of national insecurity

Governments spying your encrypted communications

• Slovak Information Agency (SIS) repeatedly wants to change a legislation to implement backdoors for any "legal" encrypted communication
• Czech Military Intelligence Service ("Vojenská rozvědka") wants to put "blackbox" sniffing devices (with a secret functionality) to all Czech ISPs/mobile operators
• The government's fight against end-to-end is global (e.g. Cameron also wants to ban the end-to-end encrypted communication in the UK) 

The question:
What is a political legitimity of such dictatorships proposals?

• If someone wants to propose a law for "tagging" Jews with a yellow star, should we consider him to be serious?
• If not, why we take seriously the institutions like SIS, Czech Military Intelligence or crazy politicians?

What can we learn from Wikileaks I.

• Slovak SIS and Czech secret police bought a special hacking malware (FinFisher/Galileo) from companies which provable work for dictatorship regimes (i.e. tax payers' money are used for supporting dictatorship-friendly companies)
• Because these special hacking tools use 0-day exploits (tools for exploiting not-revealed yet 0-day vulnerabilities which are not patched), for citizens there is ALMOST NO WAY to protect their digital privacy against these dangerous tools
• Huge asymmetry between the government and individuals
• There is no transparency at all (!) how to reveal this dangerous government's activity, because everything is top-secret & classified

Reaction of Czech Police

• Everything is OK because the hacking malware is used for "legal purposes"

Analogy:

Is it OK to use tax payer's money to buy guns from ISIS terrorist organization just because they are used for "legal purposes only"?

What can we learn from Wikileaks II

• Recent leak of hacking tools of CIA
  • CIA knew about 0-day vulnerabilities of millions of Internet users exposing them to potential attacks of all Internet criminal gangs
  • CIA threatened Internet corporations not to fix these vulnerabilities, because it's a (leaked) classified information exposing of all their customers
  • CIA behavior presents a significant threat to all Internet users (!) 

No information about our privacy without whistleblowing

• Unfortunately, whistleblowing is becoming the only way how to reveal these immoral government's practices regarding our digital privacy
• More corrupted or misused power -> more leaks
• Less "official" transparency -> more leaks
• It's a shame that despite of leaks, often nothing is changed (e.g. the most serious political corruption leak in Slovakia - "Gorila")

Impact of government's privacy interventions

• All system with government's backdoors will be weakened leading to significant decrease of citizens' digital privacy, especially when sufficiently secure privacy solution will be blocked
• Central government "storage" system (data retention, EET, ..) can be always misused - by potential hackers or corrupted employees

The most serious threat for your privacy is government's agencies

• Because they are:
  • Usually completely non-transparent (classified)
  • Monopolized (with the impossibility of bankrupt in case of leak of huge amount of sensitive information)
  • Used 0-day very efficient spying malware with no possibility for citizens to defend themselves
  • Unlimited financial sources (compared to the private sector)

Protect yourselves against government's spying & tracking

• Encrypt all your calls and messages (Signal)
• Encrypt all your instant communication (Jabber+OTR)
• Encrypt all your email-communication (PGP, S/MIME)
• Encrypt your Windows (Microsoft Bitlocker)
• Encrypt your Linux / Mac (dm-crypt/LUKS, FileVault)
• Encrypt your Android / iOS
• Prefer cryptocurrencies instead of fiat money

Thanks!

Text