EOF

Stuff That Matters

Doc Searls

Issue #245, September 2014

Are we going to get real about privacy for everybody—or just hunker in our own bunkers?

I'm writing this in a hotel room entered through two doors. The hall door is the normal kind: you stick a card in a slot, a light turns green, and the door unlocks. The inner one is three inches thick, has no lock and serves a single purpose: protection from an explosion. This grace is typical of many war-zone prophylaxes here in Tel Aviv, Israel's second-largest city. The attacks come in cycles, and the one going on now (in mid-July 2014) is at a peak. Sirens go off several times a day, warning of incoming rockets from Gaza. When that happens, people stop what they're doing and head for shelters. If they're driving, they get out of their cars and lie on the ground with their heads covered.

Since I got here, I have joined those throngs three times in small, claustrophobia-inducing shelters—once in my hotel, once in an apartment house where I was visiting friends and once in a bunker entered through a men's room at the beach. After gathering behind a heavy door, everyone in the shelter tensely but cheerfully waits to hear a “boom” or two, then pauses another few minutes to give shrapnel enough time to finish falling to the ground. Then they go outside and return to whatever they were doing before the interruption.

But not everybody bothers with the shelters. Some go outside and look at the sky. I was one of those when I shot the photo shown in Figure 1 from the front porch of my hotel, a few moments after hearing a pair of booms.

Figure 1. Two incoming Hamas rockets from Gaza, intercepted by four Israeli missiles.

The photo tells a story in smoke of two incoming Hamas rockets from Gaza, intercepted by four Israeli missiles. The round puffs of smoke mark the exploded rockets. The parallel trails mark the paths of the interceptors. These are examples of the “Iron Dome” (en.wikipedia.org/wiki/Iron_Dome) at work.

People here monitor rocket attacks using a free mobile app called Red Alert. The one on my phone tells me there were 27 rocket attacks fired from Gaza on Israel yesterday, including the long-range ones I saw intercepted over Tel Aviv. (Most are short-range ones targeted at cities closer to Gaza.)

Meanwhile, Linux Journal and its readers also are under an attack (daserste.ndr.de/panorama/xkeyscorerules100.txt), of sorts, by the NSA. Here are the crosshairs at which we sit, in an NSA surveillance system called XKEYSCORE:

// START_DEFINITION
/*
These variables define terms and websites relating to the 
TAILs (The Amnesic Incognito Live System) software program, 
a comsec mechanism advocated by extremists on extremist forums.
*/

$TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') 
 ↪and word('linux'or ' USB ' or ' CD ' or 'secure 
 ↪desktop' or ' IRC ' or 'truecrypt' or ' tor');
$TAILS_websites=('tails.boum.org/') or 
 ↪('linuxjournal.com/content/linux*');
// END_DEFINITION

// START_DEFINITION
/*
This fingerprint identifies users searching for the TAILs 
(The Amnesic Incognito Live System) software program, viewing 
documents relating to TAILs, or viewing websites that 
detail TAILs.
*/
fingerprint('ct_mo/TAILS')=
fingerprint('documents/comsec/tails_doc') or 
 ↪web_search($TAILS_terms) or
 ↪url($TAILS_websites) or html_title($TAILS_websites);
// END_DEFINITION

Those details come via a story on the German site Tagesshau (www.tagesschau.de/inland/nsa-xkeyscore-100.html). On our Web site, Kyle Rankin explains what's going on (www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance):

XKEYSCORE uses specific selectors to flag traffic, and the article reveals that Web searches for Tor and Tails—software I've covered here in Linux Journal that helps to protect a user's anonymity and privacy on the Internet—are among the selectors that will flag you as “extremist” and targeted for further surveillance. If you just consider how many Linux Journal readers have read our Tor and Tails coverage in the magazine, that alone would flag quite a few innocent people as extremist.

BoingBoing also was targeted. Writes Cory Doctorow (boingboing.net/2014/07/03/if-you-read-boing-boing-the-n.html), “Tor and Tails have been part of the mainstream discussion of online security, surveillance and privacy for years. It's nothing short of bizarre to place people under suspicion for searching for these terms.”

Both kinds of attacks bring defensive responses. In the physical space above Israel, Iron Dome is fully developed and amazingly effective. In the cyber space surrounding us all on the Net, we have little to protect us from unwelcome surveillance. As the XKEYSCORE story shows, just looking for effective privacy help (such as Tor and Tails provide) places one under suspicion.

My current road trip began in London, where there are surveillance cameras in nearly all public spaces. These were used to identify the perpetrators of the bombings on July 21, 2005 (en.wikipedia.org/wiki/21_July_2005_London_bombings). Similar cameras also identified suspects in the Boston Marathon bombings of April 15, 2013 (en.wikipedia.org/wiki/Boston_bombing). It is essential to note, however, that these cameras are not in people's homes, cars and other private spaces (at least not yet).

Our problem with the Net is that it is an entirely public space. In that space, Tor (https://www.torproject.org) and Tails (https://tails.boum.org) are invisibility cloaks, rather than the cyber equivalents of clothing, doors, windows and other well-understood and widely used ways of creating and maintaining private spaces.

We do have some degree of privacy on our computers and hard drives when they are disconnected from the Net and through public key cryptography (en.wikipedia.org/wiki/Public_key_cryptography) when we communicate with each other through the Net. But both are primitive stuff—the cyber equivalents of cave dwellings and sneaking about at night wearing bear skins.

It should help to recognize that we've been developing privacy technologies in the physical world for dozens of thousands of years, while we've only had today's version of cyber space since 1995, when ISPs, graphical browsers and the commercial Web first came together.

But living in early days is no excuse for not thinking outside the boxes we've already built for ourselves. Maybe now that wizards are in the crosshairs—and not just the muggles—we'll do that.

Got some examples? Let's have them.

Doc Searls is Senior Editor of Linux Journal. He is also a fellow with the Berkman Center for Internet and Society at Harvard University and the Center for Information Technology and Society at UC Santa Barbara.