Why cryptography matters

Ever since the the discussion began about the FRA legislation I have thought about the implications of a large, secret organization eavesdropping on Internet communication. After the law was decided upon by our parliament here in Sweden I have researched more and more about encryption systems and techniques as a means to divert the feelings of hopelessness and sadness about the political system and the process that lead to the awful law.

I sometimes say, half jokingly, that my motto is There is no problem that doesn't have a technical solution. This is of course false, but when it comes to privacy on the internet, technology can be helpful.

For those of you that doesn't know about FRA and the new law, it is the Swedish equivalent of the NSA and they have traditionally provided the swedish government with military intelligence gathered from intercepted radio traffic. Since the airwaves has become kind of boring to listen to over the years with people using new means of communication, our politicians has come up with a new law that grants the FRA access to all Internet and telephone communication that crosses Sweden's borders.

Many people has seen the problems with this new situation. FRA is an organization that is impossible to subject to efficient regulatory oversight, and with vast amounts of personal data being collected it is obvious that invasion of privacy can happen and probably will happen on on a massive scale. Why? Because FRA works in secret and their continued existence is conditioned on their ability produce interesting information. So, my theory is that you can pretty much assume that FRA will do the things that are most efficient to get information about criminal or suspicious activity, regardless of wether it invades someone's privacy or not, and regardless of what the official FRA rhetoric says about the right to privacy.

What is the most efficient information gathering techniques you can use with massive amounts of internet traffic? I believe the answer is by profiling individuals. Find out what websites you visit, find out who you send emails to. Who are your friends on Facebook? If we assume that FRA does not have any limits internally as to what it does with the information it collects, my guess is that all political activity that is considered somewhat extreme will be investigated, and not only the people actually members of suspect policial parties but also their friends, neighbours and relatives. Also, it would lessen the efficiency of the system to discard user profiles that the organization finds no use for, so everything even remotely interesting will be saved and can be revisited if a suspicion arises sometime in the future.

Does this sound scary? Well, I think it is, and that is why I advocate the use of cryptography for all types of communication, as often as possible. The history is full of examples of governments that has gone from good to somewhat abusive to totalitarian and evil. The internet activity that seems innocent now might not be seen as innocent in the future. Done right, the use of cryptography can bring a great deal of protection from eavesdropping to internet users. So, please do.

Filed under Cryptography | Comment (0)