Can true privacy and security really be effective in this information age? Particl News explores this critical issue.
Cryptography was invented as a solution to communicate through unsecured channels in a totally private manner with complete control over what parties receive the information you wish to broadcast.
In its essence, it dates all the way back to transposition ciphers — a cryptosystem over 2,000 years old — but the idea then was the same as it was during WW2 and as it is today: controlling access to information.
As we live through this challenging information age, obstacles to our privacy and data sovereignty are more present than ever. Finding trustworthy solutions to those challenges can be difficult, and sometimes even misguided.
Can true privacy and security really be effective in this information age? Do they even exist anymore? And if so, how can we make sure that we remain protected online?
The State of Global Surveillance
As we’ve explored before, there is very little we do online that does not ultimately get compiled into a marketable and exploitable database. Every tech giant tracks your online habits in myriads of ways, and they use that information to build customer profiles identifying us, or worse.
And although public awareness has largely increased about that parasitic phenomenon within the last decade — indeed, a 2020 study by the data firm Data Axle found that over 80% of people are more concerned about the privacy of their data than ever before, across all generations. Over 50% even agreed that giving a company their personal information constituted a risk to them — the public is left with very limited and misleading solutions to this problem.
While tech corporations are, with good reason, bearing a large share of the public backlash against data collection, we know today that it is small potatoes compared to the true behemoth of information gathering: The United States’ NSA, PRISM, and the surveillance infrastructure of nearly all US-allied nations.
Big Brother is Watching You 24/7
In 2013, the Edward Snowden revelations took the world by storm. In reports published by The Guardian and the Washington Post, Snowden’s leak included evidence of a vast network of global surveillance established by the United States government and in which several nation’s intelligence communities participated in one way or another. This massive scale of data consumption and analysis also involved some of the world’s biggest tech companies, some of which were even compensated to the tune of millions of dollars for their compliance with the surveillance program. Described as the NSA enjoying “direct access” to the information of dozens of companies, the scandal involved not also tech giants but also telecommunication providers.
Today the sheer scale of global surveillance can only be inferred, as many of those initial revelations are almost a decade old. There are no signs that the machine has slowed down, and something we know for certain is that the computing capabilities of the Fourteen Eyes surveillance and intelligence sharing network continue to increase exponentially, year after year.
Leveraging Information Technologies
We are faced with a unique challenge; the privacy of much of our lives and of our private conversations has been undermined to a level that only modern technology can make possible. Yet, the same technologies that face us with unprecedented threats to our privacy also offer us many strong protections. To that end, Edward Snowden did, indeed, give us a strong hint: “encryption works”.
Modern end-to-end encryption is an invaluable asset for each of us. Not only does it protect our data from prying eyes, it also helps maintain its integrity and protects any transfer of information against man-in-the-middle attacks of all kinds. Thankfully, encryption protections are becoming more and more common in the current tech landscape, even though encryption backdoors are still a threat to its efficacy against government entities. However, there is a very important caveat to "e2ee"; it cannot be trusted if it's deployed on closed-source software.
Closed-Source Privacy is Trust-Based Privacy
Open-source software has a critical role to play in this fight for privacy. Privacy software that can be publicly audited can be verified not to include any backdoors or workarounds, unlike closed-source alternatives that rely on users’ trust in their privacy claims.
Indeed, it was revealed by the New York Times in 2013 that $250 million USD a year was spent by the NSA on inserting backdoors into commercial and encryption products — and the agency worked directly with tech companies in order to do so. That is why open-source software plays a critical role in this fight for privacy.
Software that can be publicly audited can be verified by experts and contributors around the world not to include any compromising elements or contingencies. True privacy relies, in part, on the soundness of the encryption protocol an app uses, and so, one has to be able to peek into the code to ensure no monkey business or poor implementation goes on.
Of course, even open-source code can fall victim to zero-day exploits and black swan events like we've seen with Heartbleed, but the likeliness of an attack or backdoor being successfully deployed on open-source applications like Signal, for example, is multiple times less likely than on closed-source software that relies exclusively on user trust.
To Hide the Signal You Must Generate Noise
In a perfect world, it should not be up to the individual to bear the burden of protecting their privacy. One's initial inclination might be to expect democratically elected legislative bodies to secure those rights for us. That is, however, utopic and detached from reality. That's because respecting people’s privacy is against the interests of those in power, and they'll fight it up tooth and nail again and again, often in the name of national, societal, or personal security.
For this unfortunate reality, information privacy, especially in an era of informational warfare, ultimately cannot be left to increasingly globalized governmental entities, and especially not for extended periods of time. The interests of power, like nature, will find a way.
Strong, seamlessly integrated encryption and its integration within open-source software will allow us to develop communication structures resistant to the abuses and silencing of mass data gatherers — but only if the product can be trusted, is easy to use, and is open to all, outside of politics.
To hide the signal, you must generate noise!
If you want to learn more about what we do at Particl and contribute to the growth of online privacy, become part of our awesome global community of cypherpunks and join the discussion about the future of the web with us on Discord, Telegram, or Element — or just give one of our decentralized and privacy-focused apps a try here.