The Panopticon Is Extremely Convenient (So Use Facebook, Google, And Chrome)

I write from the Philippines, where a phone has just been released which, if stolen, can be remotely triggered to repeatedly scream “Thief! Thief! Thief!” Back home, BART riders have been hearing: “Ladies and gentlemen, this is your train operator. If you have any electronic devices with you, please make sure they are secure, especially if you are near the exits.”

Phone theft is a big problem everywhere. Fortunately, there’s a technical solution: Apple’s Find My iPhone and Google’s Android Device Manager can render your stolen phone essentially useless. If enough people use them — which means opting in to services which can track their users’ locations at any time — there’ll be no economic incentive to steal phones.

You can argue about whether we should have to make trade-offs between privacy and security, but this is an excellent example of how we currently do.(1) The panopticon is much more appealing when you find yourself looking for something lost. It’s easier to sympathize with the NSA when you think of them as searching for a thousand stolen phones, some of which are rigged to explode.

Please note: sympathize, not agree. The NSA and their allies have clearly gone off the reservation, and hijacked the Internet, in trying to save us from danger by giving themselves police-state powers. As security guru Bruce Schneier puts it:

The NSA’s actions are making us all less safe. They’re not just spying on the bad guys, they’re deliberately weakening Internet security for everyone—including the good guys. It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create. Additionally, by eavesdropping on all Americans, they’re building the technical infrastructure for a police state.

But at the same time:

Virtually everything we work with on a day-to-day basis is built by someone else. Avoiding insanity requires trusting those who designed, developed and manufactured the instruments of our daily existence.

The NSA is obviously no longer worthy of our trust; they have lied not to increase our collective security, but to continue to avoid any checks, balances, or real oversight. No one should (and I suspect few would) opt in to any NSA data-collection program.

But what about Apple and Google et al?

All of the outrage and discussion about the NSA tends to obscure the fact that the government data collection and corporate data collection are two connected but essentially separate issues. Corporations can destroy your data, and maybe, at worst, your job and your reputation; governments can destroy your entire existence and imprison you until you die. You can choose to avoid individual companies, but you cannot choose not to live under NSA scrutiny.

As John Lanchester says in this magisterial piece in The Guardian, the NSA/GCHQ attitude is:

just because we hand data over to Google and Facebook the government automatically has the right to access it. It’s as if, thanks to a global shortage of sticky gum, envelopes can no longer be sealed, so as a result the government awards itself a new right to mass-intercept and read everybody’s letters.

Now, people can and do disagree with Lanchester’s conclusion that what we need is more and better oversight —

— but we can agree that the less data we collectively give to the NSA the better. What they want is a massive online dragnet which collects everything. What they don’t want is to have to make specific requests for specific information about specific people.

We need to trust someone, as Schneier says. But who? Which services are least likely to turn our data over en masse, deliberately or negligently, and/or most likely to fight demands to do so?

Well. Major phone carriers are all basically evil incarnate, but you knew that already.

Facebook, unexpectedly, seems to be high on the list of companies you should trust. I know, I’m as surprised as you are. But this isn’t a judgement call, this is a technical fact. Facebook is one of the very few major web sites moving towards implementing perfect forward secrecy when connecting to modern browsers.

PFS essentially means a company doesn’t have to rely entirely on the integrity of a single secret key to prevent an intruder like the NSA from decrypting all of their communications in transit, because every session is encrypted with a new ephemeral key. Sites which don’t implement perfect forward secrecy could, in theory, be compelled to surrender their secret keys and hence open all of their past, present, and future communications to their government’s prying eyes.

But it’s Google which remains, by far, the gold standard for online privacy and security. They implemented PFS some time ago. They recently upgraded their SSL certificates. GMail is apparently the only major mail provider which supports two-way encryption when mail is passed from one server to another; Microsoft doesn’t do server-side encryption at all, whereas AOL and Yahoo, inexplicably, do outbound but not inbound encryption.

Oh yes, and Google now rewards people who fix security holes in open-source software, too:

Meanwhile, Chrome is the only major browser to include a preloaded HSTS list, and, more importantly, automatically implement certificate pinning (albeit only for Google properties and a handful of other sites.) This is a big deal because the entire SSL certificate system — which, essentially, ensures that a site claiming to be google.com actually is — has been, I’m sorry to say, basically built on a horrifying morass of quicksand. Certificate pinning helps shore that up.

Twitter doesn’t yet implement PFS, but, to be fair, they don’t keep nearly as much personal data as a mail provider, and they do have default HTTPS connections and a proud history of fighting for their users. Yahoo can boast the latter — they tried to fight the FISC a few years ago — but they really need to implement HTTPS-by-default, at least for email, along with perfect forward secrecy, stat.

At the end of the day, though, Chrome connections to Google servers are about as secure as you can get without resorting to end-to-end encryption and/or Tor (which anonymizes, rather than encrypts.) I hope that will be the norm, some day…but it won’t be any time soon.

In the interim, Facebook, Google, and Twitter seem to be earning your trust. But Yahoo? Microsoft? Amazon? Apple? Sorry. I can’t say that any of those companies seem to be working hard to protect your online privacy and/or security. Again, that’s not a judgement call, it’s a cold hard technical fact.

Image credit: Onceuponatime13, DeviantArt.

(1) Assuming there are no low-level Android/iOS services that already can and do report location in response to a server ping, in which case that “opt-in” is nothing but a deceptive fig leaf. But for argument’s sake let’s take Apple and Google at their word.