[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
How to protect your electronic privacy -- consumer pamphlet
- To: [email protected]
- Subject: How to protect your electronic privacy -- consumer pamphlet
- From: [email protected] (Nick Szabo)
- Date: Tue, 27 Apr 1993 03:20:30 -0700 (PDT)
Here is a handout I've written for our next Portland-area libertarian
meeting. Comments welcome. Feel free to distribute freely (you
can edit out Portland-specific stuff) with attributions.
----------------------------------------------------------------
How to Protect Your Electronic Privacy
Nick Szabo, April 30 1993
Distribute Freely
We conduct more and more of our legal, political, and private business
over the wires. Every decade, the number of phone calls that the
government can record for later playback increases by a factor of ten.
Commercial organizations gather and sell our transactions; marketers
and governments cross-reference them, forming our vast electronic
reputation. The number of e-mail messages doubles every year, and many
political organizations are coming to rely on networks like Internet and
LiberNet. Most e-mail users are unaware that it is the most public
medium ever invented, and use it to write love letters, letters to their
lawyer, discussion of illegal activities, etc. Vast volumes of e-mail
can be stored on small magnetic tapes and searched in bulk for keywords,
eg "mari[jh]uana". The good news is, the computer brings an even greater
weapon to fight these threats to our privacy and political freedoms: widely
available, automatic cryptography.
Instead of developing phones allowing truly private conversations, which
are now feasible, AT&T recently put a phone on the market that contains
the NSA-designed "Clipper" wiretap chip. All users' encryption keys are
registered with the U.S. government, giving it exclusive access to
wiretapping this system's phones. The use of an unpublished algorithm
and other features also make the system insecure. "Clipper" would also
make traffic analysis (finding out who is calling whom, when, etc.)
much easier. The goal of this government/Ma Bell collusion is to
subsidize the creation of a standard that forces truly private phone
systems off the market.
By purposefully allowing a government backdoor in its "secure" phones,
AT&T has demonstrated its contempt for its customers' privacy. Here are
some other long-distance providers that may have more respect. All U.S.
line providers are required to surrender to telephone taps under
government "authorization", but some require more "authorization" than
others, or otherwise make a greater fuss about it. Local wiretaps are
beyond the control of long-distance companies, but long-distance
eavesdropping is much more difficult if the company uses fiber optic
instead of microwave links. Ask company representatives for details.
Allnet Long Distance Services 1-800-783-2020
MCI, commercial 1-800-888-0800
MCI, residential 1-800-950-5555
Metromedia Communications Corp. 1-800-275-2273
One-2-One Communications 1-800-293-4121
Sprint, residential 1-800-877-7746
Sprint, business 1-800-733-5566
Real phone privacy can be obtained with a veil of encryption, by using
pairs of phones containing privacy chips, which scramble the
signals *and* keep the keys private. Contact your local business
telephone dealers for privacy phones from Ericson, Cylink and other
companies. Keep your eye out for portable-computer-based
software with voice input that can be used to encrypt voice mail
and send it over the networks like e-mail; these may be appearing
on the market or as freeware within six months.
Data privacy can be obtained with public-key encryption
features which have been added to some of the newer e-mail packages
from Microsoft, Apple, Novell, etc. Beware: most software encryption
has been restricted by the U.S. government to very weak algorithms.
"Cypherpunks" enjoy writing programs to crack the weakened file
encryption in Word Perfect, Lotus, etc. Be sure the software contains
the new "RSA" public-key algorithm, which probably cannot be cracked
by anybody, even the NSA with their buildings full of supercomputers.
A strong freeware RSA package is also available called Pretty Good
Privacy (PGP); this is the international standard on the Internet.
PGP can also be used for protecting the files on your PC. On an Internet
machine type "archie pgp" to find out where PGP is available for
download. Several BBS systems also have PGP available.
In public key encryption, there are two keys, one used to lock
(really scramble) the data, the other to unlock (unscramble) the data.
To join the fun, publish or send your freinds your public key, and
they can then send you messages only you can unlock with your private
key. You collect other's public keys and do the same. PGP key
distribution is based on an informal, voluntary web of trust instead
of the government's rigid heirarchy which is vulnerable to failure
at the top. Just as today's businessmen trade business cards,
tommorrow's businessmen will trade public keys -- if the government
doesn't ban them first.
For more detailed information on electronic privacy, see:
* Your local phone dealer. If he does not know about privacy
issues and phone privacy products, ask him to find out!
* The May/June issue of "Wired" magazine featuring "crypto-rebels"
on the cover. A history computer cryptography and the "cypherpunk"
movement, whose goal is to break the government monopoly on cryptography
and to restore our right to privacy in the electronic age.
* "Mondo 2000" #9 (most recent) features two good articles on PGP, and
a third article on protecting our financial privacy from governments.
* The Winter/Spring issue of "Extropy" features and article on digital
cash. Unlike current electronic funds transfer, digital cash increases
financial privacy.
* On the Internet, the cypherpunks mailing list
([email protected]) and the newsgroups sci.crypt. In the
Portland area two Internet providers are agora (293-1772 data) and
techbook (220-0636 data).
* Organizations helping lobby for electronic privacy: Electronic Frontier
Foundation (eff.org), Computer Professionals for Social Responsibility
(cpsr.org), Privacy International. These are not entirely libertarian
(eg EFF tends to support Gore's socialist "Data Highway".)
* James Bamford, _The Puzzle Palace_, 1983: A classic expose of the
National Security Agency.
Nick Szabo [email protected]