The most serious threat to your digital privacy

Celine's First Law:

National Security is the chief cause of national insecurity

Governments spying your encrypted communications

  • Slovak Information Agency (SIS) repeatedly wants to change a legislation to implement backdoors for any "legal" encrypted communication
  • Czech Military Intelligence Service ("Vojenská rozvědka") wants to put "blackbox" sniffing devices (with a secret functionality) to all Czech ISPs/mobile operators
  • The government's fight against end-to-end is global (e.g. Cameron also wants to ban the end-to-end encrypted communication in the UK) 

The question:
What is a political legitimity of such dictatorships proposals?

  • If someone wants to propose a law for "tagging" Jews with a yellow star, should we consider him to be serious?
  • If not, why we take seriously the institutions like SIS, Czech Military Intelligence or crazy politicians?

What can we learn from Wikileaks I.

  • Slovak SIS and Czech secret police bought a special hacking malware (FinFisher/Galileo) from companies which provable work for dictatorship regimes (i.e. tax payers' money are used for supporting dictatorship-friendly companies)
  • Because these special hacking tools use 0-day exploits (tools for exploiting not-revealed yet 0-day vulnerabilities which are not patched), for citizens there is ALMOST NO WAY to protect their digital privacy against these dangerous tools
  • Huge asymmetry between the government and individuals
  • There is no transparency at all (!) how to reveal this dangerous government's activity, because everything is top-secret & classified

Reaction of Czech Police

  • Everything is OK because the hacking malware is used for "legal purposes"

Analogy:

Is it OK to use tax payer's money to buy guns from ISIS terrorist organization just because they are used for "legal purposes only"?

What can we learn from Wikileaks II

  • Recent leak of hacking tools of CIA
    • CIA knew about 0-day vulnerabilities of millions of Internet users exposing them to potential attacks of all Internet criminal gangs
    • CIA threatened Internet corporations not to fix these vulnerabilities, because it's a (leaked) classified information exposing of all their customers
    • CIA behavior presents a significant threat to all Internet users (!) 

No information about our privacy without whistleblowing

  • Unfortunately, whistleblowing is becoming the only way how to reveal these immoral government's practices regarding our digital privacy
  • More corrupted or misused power -> more leaks
  • Less "official" transparency -> more leaks
  • It's a shame that despite of leaks, often nothing is changed (e.g. the most serious political corruption leak in Slovakia - "Gorila")

Impact of government's privacy interventions

  • All system with government's backdoors will be weakened leading to significant decrease of citizens' digital privacy, especially when sufficiently secure privacy solution will be blocked
  • Central government "storage" system (data retention, EET, ..) can be always misused - by potential hackers or corrupted employees

The most serious threat for your privacy is government's agencies

  • Because they are:
    • Usually completely non-transparent (classified)
    • Monopolized (with the impossibility of bankrupt in case of leak of huge amount of sensitive information)
    • Used 0-day very efficient spying malware with no possibility for citizens to defend themselves
    • Unlimited financial sources (compared to the private sector)

Protect yourselves against government's spying & tracking

  • Encrypt all your calls and messages (Signal)
  • Encrypt all your instant communication (Jabber+OTR)
  • Encrypt all your email-communication (PGP, S/MIME)
  • Encrypt your Windows (Microsoft Bitlocker)
  • Encrypt your Linux / Mac (dm-crypt/LUKS, FileVault)
  • Encrypt your Android / iOS
  • Prefer cryptocurrencies instead of fiat money

Thanks!

Text

The most serious threat to your digital privacy

By Pavol Luptak

The most serious threat to your digital privacy

What is the most serious threat to your digital privacy?

  • 2,036