About About Contact Contact
The global media appears to be spreading the news that people are getting worried about Internet privacy.  Yet here in the UK, where the Guardian, a national newspaper, was involved with publishing Edward Snowden's disclosures about widespread Internet surveillance, the population actually seems to be becoming less concerned, if not blasé, about privacy online.  The data I'm using in the chart above is from a recently published report from Ofcom – whose remit is governance of all things to do with the U.K.'s media and communications.  One part of Ofcom's duties is to survey how people in the U.K. are using media, and their attitude to what they see and hear.  What makes this report especially interesting is that Ofcom has been asking some of the same questions for several years, so we can get some measure of how attitudes are changing over time.  For the technically minded this is called longitudinal data, the kind of data that you rarely get in business because it is expensive to collect, and also because very  few businesses ask the same questions in the market research studies they commission over any length of time. Given that Snowden's revelations showed how monitoring people's Internet communications is relatively easy for most governments, one would think that personal privacy would rank high in any list of Internet apprehensions.  But it’s not so.  Concerns about personal privacy have fallen since 2009 and rank only just above concerns about advertising.  It seems that three times the number of people are concerned about offensive or illegal content, and twice the number worry about security and fraud. But in fact the fastest growing area of concern at present seems to be personal risk to others and or society.  This is probably a natural result of an increase in awareness of how social media is being used to groom children for sexual encounters, and also to radicalise Muslims.  Both of these latter concerns are physically visible and visceral.  Far more so than the intangible, and often poorly understood yet clever, government software that intercepts all our packets of data that run through the Internet and our mobile phones.  June this year (2015) was the month when the U.K. population was made aware of the presence of fake mobile towers, although no-one appeared to be unduly concerned.  But these towers are being used by the U.K. police to produce classic “man in the middle” (MITM) attacks to intercept mobile communications.  This works in a really sneaky way: the fake towers act like normal phone towers, letting mobile phones know they are available to receive data, but when the fake tower receives data from a handset the data is stored by the police or government before being transmitted to a genuine mobile tower for onward network transmission.  The technical term for this is “International Mobile Subscriber Identity catching” or “IMSI catching”.  The IMSI is a unique number that is used to identify the user on their mobile phone network.  Although perhaps you will hear the term “Stingray” used to describe this process.  More precisely “stingray” refers to equipment manufactured by the Harris Corporation, based in Florida, which has quietly built up a global market for this type of surveillance equipment.  Over the last 15 years Harris Corporation has been supplying many Federal agencies in America, as well as government agencies in Ireland and Britain.  A recent Sky News investigating team, using a Stingray detector, discovered over 20 active Stingray masts in London.  A sobering thought when one considers that any of the latest equipment from Harris Corporation, like the portable Gossamer and Kingfish devices, will probably have gone undetected.  After the disclosure of the fake towers media attention was quickly distracted by more popular topics, or was it deliberately diverted?  Who really knows? A similar diversionary fate befell the report on the future of Britain's surveillance laws entitled “A Question of Trust” which essentially approved draconian Government data collection, albeit perhaps with a fraction more judicious oversight.  Again, was this because the U.K. Government didn't want public awareness leading to open discussion about what exactly is happening?  True, the report isn't a quick read as it runs to 382 pages, and this would definitely eat into journalistic time in today's stripped down news rooms. Yet one would have thought that something as important as this would warrant more than 464 words from the Daily Telegraph.  Only the Guardian, living up to its name, had a decent length article at just over 1,000 words.  This lack of exposure was surprising because one of the two main aims of the report by the “Independent Reviewer of Terror Legislation” was to “inform the public and political debate” about privacy.  The second aim being to “put forward proposals for the reform” of government surveillance.  David Anderson QC, who wrote the report, acknowledged that his task went well beyond counter- terrorism and encompassed some of the many other reasons why government intercepts personal communications.  Anderson sees the privacy debate as split: on the one hand are the people who object to the growing invasion of privacy as we increasingly live out our lives online.  On the other hand are the authorities who prophesy a decline in their access to people's electronic communications.  Both sides of the argument project a future where control is lost and the other side dominates.  Central to this debate is the universal use of default encryption, such as when Apple makes a selling point out of the security of the latest iPhone, where even Apple is unable to decrypt its contents.  One of the interesting facts to come out of the documents revealed by Edward Snowden is that some forms of encryption still cause the National Security Agency (NSA) problems.  For all government surveillance agencies the most damaging aspect of Edward Snowden's leaks has been the increased use of encryption in online communications.  We know that in 2013, out of an annual budget of more than $10 billion, the NSA allocated for their department called Cryptanalysis and Exploitation Services (CES) no less than $34.3 million.  The report “A Question of Trust” also acknowledges that the use of encryption has steadily been growing over the years and this growth accelerated after Edward Snowden's leaks.  One post-Snowden certainty is that American and British governments are spending a higher proportion of their budgets on breaking encryption systems. The “A Question of Trust” report has clearly been written by a legal expert, and government insider, who therefore describes Edward Snowden's leaked documents as “said to relate to …..”  Nowhere in the report does Anderson admit that Snowden's information is accurate.  And although Anderson has had some technical briefings from experts, on close reading of the report it becomes clear that encryption is not Anderson's forte.  He does mention IMSI catchers briefly, but refers to them as “new technology” apparently unaware that they started being used by police forces in 2006.  And, as an establishment figure, he fails to mention their purchase by U.K. Government agencies.  More crucially, Anderson ignores the simple fact that, at its root, encryption is a technical issue - whichever side of the privacy argument has the superior technology is the absolute winner.  No discussion or public debate is needed about that.  What Anderson should have done was to have explored where the current balance on encryption lies, and to have posited on what is most likely to happen in the future. Bearing all this in mind, it should not come as a surprise that individuals who show an aptitude at encryption are eagerly being sought out by governments.  A clear example is the story behind the development of Truecrypt.  Originally created back in 2004, Truecrypt gradually became one of the better, and hence more popular, hard disk encryption software products.  Ten years later, in 2014, the development of Truecrypt abruptly ceased amongst a swirl of rumours that the brains behind it had been bought and, fittingly, a truly cryptic message was left on the website stating that the software might contain security issues and bugs...  Truecrypt had come to the notice of the U.K. authorities when David Miranda, the partner of journalist Glen Greenwald, was detained at London Airport by the Metropolitan Police.  Miranda was said to have in his possession an encrypted hard drive containing data from Edward Snowden.  The U.K. authorities sought to retain possession of the hard disk as they were unable to break the Truecrypt encryption.  That was one point scored by the privacy movement, although a stronger point was speedily scored by the authorities with the announcement of the sudden (official) cessation of the development of Truecrypt.  Ironically, the authorities’ success became the equivalent of cutting the head of a Hydra as new heads formed: two novel products quickly replaced Truecrypt.  These are CipherShed and VeraCrypt, both of which are open source “transparent” projects, so that anybody can check their code for vulnerabilities. Whether one roots for greater privacy for individuals, or trusts the government with whatever personal data it is able to glean, discussing the topic rapidly becomes superfluous.  Superior technology is the real winner. Robust, open source encryption software has so many enthusiastic programmers checking the code for vulnerabilities that a huge amount of government computing power, dedicated over an extended time-frame, will be necessary to break the cypher.   Both the American and U.K. governments are funding the development of quantum computers to break encryption systems.  Until then they’ll need to rely more on the laziness of human nature.  One is mindful of the 2014 investigation into the murder of Fusilier Lee Rigby.  The culprit, Michael Adebowale, had simply used his landline to communicate with a member of Al-Qaida in the Arabian Peninsula. The key recommendation from the “A Question of Trust” report is that bulk Internet data collection should continue and that Internet and mobile phone operators will still be required to store all personal communications, albeit with a bit more oversight.  Surprisingly, I must admit that I agree with this overall finding as, like the majority of people in the U.K., I find the current danger from violence and extremism outweighs any privacy worries.  I remember the fuss some years back about the introduction of CCTV cameras, and all the concerns about privacy.  Today, because of many high profile cases where criminals have been caught by this technology, there are far fewer privacy quibbles.  In fact, I actually welcome “being on camera” because that means I am in a safer environment.  Equally, as the chart above already shows, the majority of people in the U.K., if given a choice, prefer a safer environment, even if that means that all their communications are monitored.  Safety will trump privacy every time, just as whoever possesses the best encryption technology has already won the argument and further debate is pointless. June 2015
Click here to download the PowerPoint chart: Click here to download the PowerPoint chart:
...with analysis & insight...
Home Home Archive: Free PowerPoint download Free PowerPoint download
Click image to enlarge
Click here to download the PowerPoint chart: Click here to download the PowerPoint chart: Click here to download the PowerPoint chart: Click here to download the PowerPoint chart:

Hush hush…?

Click here to download the PowerPoint chart: Click here to download the PowerPoint chart:
Click to return to page Archive Archive
About
Contact
Home
The global media appears to be spreading the news that people are getting worried about Internet privacy.  Yet here in the UK, where the Guardian, a national newspaper, was involved with publishing Edward Snowden's disclosures about widespread Internet surveillance, the population actually seems to be becoming less concerned, if not blasé, about privacy online.  The data I'm using in the chart above is from a recently published report from Ofcom – whose remit is governance of all things to do with the U.K.'s media and communications.  One part of Ofcom's duties is to survey how people in the U.K. are using media, and their attitude to what they see and hear.  What makes this report especially interesting is that Ofcom has been asking some of the same questions for several years, so we can get some measure of how attitudes are changing over time.  For the technically minded this is called longitudinal data, the kind of data that you rarely get in business because it is expensive to collect, and also because very  few businesses ask the same questions in the market research studies they commission over any length of time. Given that Snowden's revelations showed how monitoring people's Internet communications is relatively easy for most governments, one would think that personal privacy would rank high in any list of Internet apprehensions.  But it’s not so.  Concerns about personal privacy have fallen since 2009 and rank only just above concerns about advertising.  It seems that three times the number of people are concerned about offensive or illegal content, and twice the number worry about security and fraud. But in fact the fastest growing area of concern at present seems to be personal risk to others and or society.  This is probably a natural result of an increase in awareness of how social media is being used to groom children for sexual encounters, and also to radicalise Muslims.  Both of these latter concerns are physically visible and visceral.  Far more so than the intangible, and often poorly understood yet clever, government software that intercepts all our packets of data that run through the Internet and our mobile phones.  June this year (2015) was the month when the U.K. population was made aware of the presence of fake mobile towers, although no-one appeared to be unduly concerned.  But these towers are being used by the U.K. police to produce classic “man in the middle” (MITM) attacks to intercept mobile communications.  This works in a really sneaky way: the fake towers act like normal phone towers, letting mobile phones know they are available to receive data, but when the fake tower receives data from a handset the data is stored by the police or government before being transmitted to a genuine mobile tower for onward network transmission.  The technical term for this is “International Mobile Subscriber Identity catching” or “IMSI catching”.  The IMSI is a unique number that is used to identify the user on their mobile phone network.  Although perhaps you will hear the term “Stingray” used to describe this process.  More precisely “stingray” refers to equipment manufactured by the Harris Corporation, based in Florida, which has quietly built up a global market for this type of surveillance equipment.  Over the last 15 years Harris Corporation has been supplying many Federal agencies in America, as well as government agencies in Ireland and Britain.  A recent Sky News investigating team, using a Stingray detector, discovered over 20 active Stingray masts in London.  A sobering thought when one considers that any of the latest equipment from Harris Corporation, like the portable Gossamer and Kingfish devices, will probably have gone undetected.  After the disclosure of the fake towers media attention was quickly distracted by more popular topics, or was it deliberately diverted?  Who really knows? A similar diversionary fate befell the report on the future of Britain's surveillance laws entitled “A Question of Trust” which essentially approved draconian Government data collection, albeit perhaps with a fraction more judicious oversight.  Again, was this because the U.K. Government didn't want public awareness leading to open discussion about what exactly is happening?  True, the report isn't a quick read as it runs to 382 pages, and this would definitely eat into journalistic time in today's stripped down news rooms. Yet one would have thought that something as important as this would warrant more than 464 words from the Daily Telegraph.  Only the Guardian, living up to its name, had a decent length article at just over 1,000 words This lack of exposure was surprising because one of the two main aims of the report by the “Independent Reviewer of Terror Legislation” was to “inform the public and political debate” about privacy.  The second aim being to “put forward proposals for the reform” of government surveillance.  David Anderson QC, who wrote the report, acknowledged that his task went well beyond counter-terrorism and encompassed some of the many other reasons why government intercepts personal communications.  Anderson sees the privacy debate as split: on the one hand are the people who object to the growing invasion of privacy as we increasingly live out our lives online.  On the other hand are the authorities who prophesy a decline in their access to people's electronic communications.  Both sides of the argument project a future where control is lost and the other side dominates.  Central to this debate is the universal use of default encryption, such as when Apple makes a selling point out of the security of the latest iPhone, where even Apple is unable to decrypt its contents.  One of the interesting facts to come out of the documents revealed by Edward Snowden is that some forms of encryption still cause the National Security Agency (NSA) problems.  For all government surveillance agencies the most damaging aspect of Edward Snowden's leaks has been the increased use of encryption in online communications.  We know that in 2013, out of an annual budget of more than $10 billion, the NSA allocated for their department called Cryptanalysis and Exploitation Services (CES) no less than $34.3 million.  The report “A Question of Trust” also acknowledges that the use of encryption has steadily been growing over the years and this growth accelerated after Edward Snowden's leaks.  One post- Snowden certainty is that American and British governments are spending a higher proportion of their budgets on breaking encryption systems. The “A Question of Trust” report has clearly been written by a legal expert, and government insider, who therefore describes Edward Snowden's leaked documents as “said to relate to …..”  Nowhere in the report does Anderson admit that Snowden's information is accurate.  And although Anderson has had some technical briefings from experts, on close reading of the report it becomes clear that encryption is not Anderson's forte.  He does mention IMSI catchers briefly, but refers to them as “new technology” apparently unaware that they started being used by police forces in 2006.  And, as an establishment figure, he fails to mention their purchase by U.K. Government agencies.  More crucially, Anderson ignores the simple fact that, at its root, encryption is a technical issue - whichever side of the privacy argument has the superior technology is the absolute winner.  No discussion or public debate is needed about that.  What Anderson should have done was to have explored where the current balance on encryption lies, and to have posited on what is most likely to happen in the future. Bearing all this in mind, it should not come as a surprise that individuals who show an aptitude at encryption are eagerly being sought out by governments.  A clear example is the story behind the development of Truecrypt.  Originally created back in 2004, Truecrypt gradually became one of the better, and hence more popular, hard disk encryption software products.  Ten years later, in 2014, the development of Truecrypt abruptly ceased amongst a swirl of rumours that the brains behind it had been bought and, fittingly, a truly cryptic message was left on the website stating that the software might contain security issues and bugs...  Truecrypt had come to the notice of the U.K. authorities when David Miranda, the partner of journalist Glen Greenwald, was detained at London Airport by the Metropolitan Police.  Miranda was said to have in his possession an encrypted hard drive containing data from Edward Snowden.  The U.K. authorities sought to retain possession of the hard disk as they were unable to break the Truecrypt encryption.  That was one point scored by the privacy movement, although a stronger point was speedily scored by the authorities with the announcement of the sudden (official) cessation of the development of Truecrypt.  Ironically, the authorities’ success became the equivalent of cutting the head of a Hydra as new heads formed: two novel products quickly replaced Truecrypt.  These are CipherShed and VeraCrypt, both of which are open source “transparent” projects, so that anybody can check their code for vulnerabilities. Whether one roots for greater privacy for individuals, or trusts the government with whatever personal data it is able to glean, discussing the topic rapidly becomes superfluous.  Superior technology is the real winner. Robust, open source encryption software has so many enthusiastic programmers checking the code for vulnerabilities that a huge amount of government computing power, dedicated over an extended time-frame, will be necessary to break the cypher.   Both the American and U.K. governments are funding the development of quantum computers to break encryption systems.  Until then they’ll need to rely more on the laziness of human nature.  One is mindful of the 2014 investigation into the murder of Fusilier Lee Rigby.  The culprit, Michael Adebowale, had simply used his landline to communicate with a member of Al-Qaida in the Arabian Peninsula. The key recommendation from the “A Question of Trust” report is that bulk Internet data collection should continue and that Internet and mobile phone operators will still be required to store all personal communications, albeit with a bit more oversight.  Surprisingly, I must admit that I agree with this overall finding as, like the majority of people in the U.K., I find the current danger from violence and extremism outweighs any privacy worries.  I remember the fuss some years back about the introduction of CCTV cameras, and all the concerns about privacy.  Today, because of many high profile cases where criminals have been caught by this technology, there are far fewer privacy quibbles.  In fact, I actually welcome “being on camera” because that means I am in a safer environment.  Equally, as the chart above already shows, the majority of people in the U.K., if given a choice, prefer a safer environment, even if that means that all their communications are monitored.  Safety will trump privacy every time, just as whoever possesses the best encryption technology has already won the argument and further debate is pointless. June 2015

Hush hush…?

Click here to download the PowerPoint chart: Click here to download the PowerPoint chart: Click to return to page