dynamoo.com home

Site navigation

orange book
January 2004

Dynamoo 2004





UK Mobile Phones at shopforphones.co.uk


The Privacy Issue

June 2001

Contents: Echelon  RIPA   Anonymous Surfing
Email Encryption  Privacy Begins at Home (and Work)

Several things thumped into Dynamoo's Inbox this month on the thorny issue of Internet privacy. Privacy is distinct from many other security issues because your privacy can be compromised quite legally by government agencies as well as illegally by hackers and the like.

Echelon is the great-grandaddy of monitoring systems, founded in the 1970s and updated continually, this is a joint program of the US, UK, Australia, Canada and New Zealand. Simply put, Echelon has the potential to intercept all electronic communications coming in or out of these countries, from email and web connections through to phone calls and fax transmissions. In addition, the US operates Echelon eavesdropping facilities in a number of allied countries.

How does it work. Well, not even Echelon can read everything, but it uses and intelligent filtering system to try to get at potentially "interesting" communications.

Sounds like paranoia? Well, not really - there are arguably good grounds for having this capability, certainly in the eyes of governments. Except that the available evidence tends to show that it is being used against private citizens, and, increasingly for economic advantage (at least according to a report of the European Parliament).
>>> Echelon links

In the UK the Regulation of Investigatory Powers Act (RIP Act or RIPA) enables UK intelligence authorities to eavesdrop on all domestic Internet traffic in an Act which (bizarrely) was meant to protect privacy. The Act allows security services to install equipment at ISP's locations and monitor traffic without a warrant. It also allows the goverment to compel people to hand over passwords and keys, and in effect removes any shred of privacy or legal redress.

Again, this is not paranoia. The Act actually allows for these things - but it is hard to tell if they are being put in place because the Act also makes it illegal for private individuals to reveal that these actions are taking place. There are tribunal and check systems in place, but the cloak of secrecy may make them less than effective.
>>> RIPA Links

Anonymous Surfing
One common way to try to overcome these is to use an anoymous proxy service to surf the web. One of the best known is Anonymizer - but there are many others, and Dynamoo's favorite at the moment is the excellent (and free) Megaproxy . These enable you to access sites which are either barred, logged or otherwise inaccesible.

Encrypting Email
Encryption is one of the best ways of keeping email private, and one of the best known ways of doing this is to use PGP. PGP has a long history behind it - I would recommend Simon Singh's The Code Book as an excellent primer in all aspects of cryptography. The International PGP Home Page has various free versions of PGP for personal use.

There are two main drawbacks with sending encrypted email:

  • Firstly, they can draw attention to yourself (i.e. why are you sending encrypted email?). Even if security agencies can't crack your encryption, they can use traffic analysis to see who is sending messages to whom, even if the content is unknown.
  • Secondly, encrypted emails are a nightmare for corporate administrators because they render Anti-Virus products useless. There is no way an AV product can scan a PGP encrypted email for incoming viruses, and this increases the risk of virus infection on a corporate network.
Privacy Begins at Home (or Work)
Everywhere you visit on the Web leaves a trail, of History files, Cookies, Temporary files and other traces. These contain information about your surfing habits, personal details and other things you might not want people to know about.

(Updated January 2004) How vulnerable you are depends on how skilled the person is looking for traces of sites you've visited. Deleting Cookies and Temporary Internet files (in Internet Explorer this is under Tools.. Internet Options..) will only stop nontechnical users. In a work environment, you might have staff with good computer forensic skills, in which case consider looking at the products listed at the Open Directory.

Echelon links:
 BBC News article on Echelon, May 2001
 Echelon Watch
 European Parliament: Draft report on Echelon [pdf]
 FAS: Echelon an excellent site from the Federation of American Scientists

RIP Act links:
 UK Home Office: Regulation of Investigatory Powers Act 2000
 Regulation of Investigatory Powers Act (2000) - Commentary at magnacartplus.org
 Orgasm's quick guide to the RIP bill at orgasm.ac


 Subj: Shopping and Services


 home   technical   diary   webmaster stuff   orange book   shop   contact   links   your privacy