My Thoughts on Recent Web Security Revelations
Last week The Guardian published an article outlining the work of American and British intelligence agencies (NSA and GCHQ) to 'defeat internet securities'. The details, gained from documents leaked by Edward Snowden, reveal how both security agencies have been spending millions on research programmes, intent on finding ways to break through standard internet security protocols, and even on working with technology companies to provide ways to enable the agencies to circumvent standard software security.
GCHQ has been working on ways to get into encrypted traffic from the "big four": Google, Hotmail, Yahoo and Facebook.
All of this is done under the idea that this is required for the purposes of crime and in particular terrorism prevention, but what does it mean for us 'law abiding' citizens?
It's not a revelation
I have to say, I was not at all surprised when this news broke. Twitter instantly came alive with outrage and upset that government agencies could be doing such aggressive spying on their own people. But did we really think that something like this wouldn't be going on?
The uncomfortable truth, for anyone who values their privacy at all, is that any (and even all) of our private, personal communications can be read, stored, processed and used by agencies working in the shadows.
A while ago I deleted my personal Facebook account. I didn't like Facebook's 'opt-out' security policy, which upset plenty of users when they suddenly found some or all of their profiles visible by non-friends. (And also, I'm not really sociable enough for a personal Facebook account - now I just have a page for work).
The fact is, whether it be Facebook, or Google, or Hotmail or anyone else who's services we use, our data is valuable. To big internet businesses, the data which is collected when we search, browse or communicate is used to fuel advertising and ultimately profits.
To government agencies our data is valuable as it can be used to trace and track criminal activity. However, there is something deeply unsettling about this going on behind the scenes.
The internet was initially developed in order to enable government departments to communicate should a nuclear war break out. The team at CERN saw a far wider reaching use than that when they took the concept and developed the system we now know as the internet: a global communication platform, giving freedom of speach and facilitating the sharing of information.
It was designed to benefit users, to aid education, research, technology. Sir Tim Berners-Lee told the Times earlier this year:
"In the Middle East, people have been given access to the internet but they have been snooped on and then they have been jailed.
"Obviously, it can be easy for people in the west to say, 'oh, those nasty governments should not be allowed access to spy'. But it's clear that developed nations are seriously spying on the internet."
If you've got a Google account, chances are, Google will have a hugh digital 'fingerprint' detailing your movement around the internet.
This week, Apple have introduced a new iPhone, the 5S which contains an actual finger print scanner, enabling users to easily access secure accounts and so on. This fingerprint data is stored securely, within the iPhone, and never available to any other software, or stored on Apples servers (iCloud).
I hope this is true.
At the same time, with this technology becoming 'real' - how long will it be before others are doing similar, perhaps not so securely. It is beginning to concern me that so many huge companies, let alone government agencies, have such access to so much personal data.
Can anything be done?
Has it already gone too far? Are we destined for a future where nothing is private - or should we just accept that the price for using the internet and all of the associated amazing technology, is the understanding that what we share will be scanned, logged and processed by someone other than the intended recipient?
Aral Balkan recently wrote an ineresting post on indiedata.org, outling his thoughts on producing an internet free from the relentless data-mining of faceless corporate identities. Perhaps this is the start of the way out? Matt Wilcox published his steps to creating (reasonably) secure web server at home using a Raspberry Pi - maybe soon we'll all be running our own webservers from home, with our email data, file storage and so on stored locally. Maybe not.
As a web developer, I can see that it is the duty of the engineers, the developers, the designers to create software, hardware and systems which facilitate the free and simple sharing of information (the internet).
A solution which suits both sides of the argument may never be found - can global security live alongside global data privacy? I can't imagine how at the moment.
I hope I'm wrong.