So, our great and glorious Minister Sean Sherlock just signed SOPA into law in Ireland, despite a huge civil outcry. The poorly defined statutory instrument will allow anyone claiming “Copyright Infringement” to seek a court injunction against any website, without having to present evidence and without a consultation with the accused website. The form of the resulting censorship is unclear, but will probably require ISP-level DNS censorship of websites outside Ireland, or direct seizing of those within the Irish jurisdiction.
This is stupid, unfair and myopic (and it won’t work), but it’s not the end for freedom of expression in Ireland. However, the fact that IRMA and others can now arbitrarily demand removal of your blog, youtube video, tweets or server simply by claiming that they suspect copyright infringement (the easiest faked allegation ever devised) means that your freedom of expression will need to be more sophisticated than before.
Thankfully, there are systems enabling free, uncensored speech and content discovery already available at zero cost. While I’ve committed to providing workshops on censorship and surveillance circumvention very soon under the umbrella of Nexus Cork (our local Hackerspace), in the meantime, here’s my quick shortlist:
Web Browsing and Publishing
Tor. The ultimate in current anti-censorship technology, Tor uses an “Onion Routing” system (for which it is named) and layered encryption to route Internet traffic so that it is virtually impossible for even extremely well positioned censors (read: far more powerful than the Irish state or IRMA) to prevent the user from reaching his or her destination online, or to see what that destination is. It is not suitable for Bittorrent downloads, but for traversing the Internet freely without censorship or effective surveillance, the Tor Browser is the easiest and most effective tool available.
Tor Hidden Services. A continuation of the above; the Tor network can be used not only to find and view content without censorship or surveillance, but to host uncensorable websites that are all but impossible to locate, provided the sites use secure software in their construction. A server hosting a “Hidden Service” can be reached only through the Tor network (using the Tor Browser, for example), using a unique “.onion” web address that looks like random text. Hosting in this way is not only uncensorable and impossible to locate, it’s free; or as free as your ISP’s up/down bandwidth caps, anyway. Hosting your site somewhere in the cloud is advisable in any case, preferably somewhere where free speech is still considered important.
While SOPA Ireland only deals with censorship, it’s inevitable that if Sherlock wants to serve IRMA fully he’ll have to progress to surveillance of daily communications. After all, with the Internet under IRMA’s thumbs, those darned-tootin’ ubiquitous pirates will just resort to far-more-efficient and hard to detect “Hard-drive parties” instead, where friends gather and share gigabytes of data at a time in one another’s homes.
Recall that Email and SMS are both relayed between sender and recipient as plain text normally. People tend to regard email as being like a letter, enveloped and safe from casually prying eyes, but this is not so. Intermediate servers, bored or malicious employees, or overreaching corporations or law enforcement can easily read these communications, pilfering passwords, credit card details, or just private and personal information.
In order to prepare for surveillance either by the government for IRMA, or by IRMA directly (backed by another Sherlock*), encryption of personal communications is a good idea. Thankfully, it’s trivial for SMS messages on Android at least, and relatively easy for Email, provided you’re willing to accept using a client to manage your daily email (you don’t have to sacrifice webmail as a convenience, but you won’t be able to use it to handle encrypted email, because Gmail/Yahoo/MS et al don’t use encryption. How would they read your email if they did, silly?).
PGP (“Pretty Good Privacy”) is the world-class encryption method used to protect email and other critical data. It is a form of “Asymmetric Encryption”, meaning that data is encrypted using one key, and can only be decrypted with another key. Therefore, each user is expected to have a “Key Pair” consisting of a public key, which is shared as widely as possible, and a private key which is kept completely private. Friends/Family/CoWorkers/CoHackers can then email the user privately by using the public key to encrypt the email, so that only the user can decrypt it using the private key. PGP is installed by default on Linux as “GnuPG”, an open-source implementation of PGP from the GNU foundation.
Thunderbird is the premier open-source email client. On its own, it does not provide encryption, but a free plugin called “Enigmail” enables one to easily set up and use PGP encryption for any email account, whether webmail or personally hosted. Enigmail can be installed from within Thunderbird by searching for it in the addons section. Enigmail works by allowing Thunderbird to use GnuPG or PGP, which must be installed on the system already: if you aren’t using a breed of Linux, you’ll need to download and install GnuPG.
APG and K9 Mail - Both Open-Source apps downloadable from the Android Market, APG brings PGP encryption to Android, and K9 Mail natively supports APG encryption and decryption. K9 also happens to be a fantastic mail client, far more granular and customisable than the default mail client or the Gmail app. This can be a problem if you make settings changes you don’t fully understand though, so sticking with default settings might be an idea at first. APG must be installed first, K9 second. If you forget, you can always uninstall and reinstall K9 to get things working well.
Textsecure is an Android SMS application (available in the Android Market) that acts as a drop-in replacement for the default SMS app. In fact, you can even delete the native Android SMS client (mms.apk) using ADB if you’ve got the technical skill, and Textsecure will work fine without it. Textsecure enables local and end-to-end encryption. The former means your SMS history (which can be imported on installation from the old SMS app) is protected by a password and fully encrypted from snooping eyes. The latter means that two users with Textsecure can set up an encrypted session, such that all text sent between them are entirely concealed from the prying eyes of intermediaries, whether network employees, IRMA or the like. The disadvantage is that session setup can be bug-prone and may require several tries/aborts before it works (but it lasts once established), and that letters-per-SMS drops to 60 because of the formatting overheads of sending encrypted text. This is seldom a problem in this age of “Free SMS to all networks” offers, of course.
File and Disk Encryption
If and when Sean and IRMA come calling to peruse your private life in person, or Sean’s future “Stop and Frisk for Data” plans come to fruition, you may want your data to be indecipherable. For Linux breeds like Ubuntu, encryption of your home folder is an option on installation, and means that the parts of the system on which you keep most of your private information are all encrypted securely. It’s not perfect unless the whole disk is encrypted, but home-folder encryption is a great start.
For external drives, Linux supports encryption of disks as an option for ext2/3/4 file systems; when formatting a hard drive under (for example) gParted in Ubuntu Linux, you can choose for the disk to be encrypted and password protected, at the cost of it being incompatible with Windows and probably Mac, which can’t handle ext file systems (although you could put a little universally-recognised partition on the drive containing software that would allow you to use the main partition with the other systems should the need arise..).
More practical for cross-platform interaction between computer users is Truecrypt, the last software to get a mention here. Truecrypt allows you to create encrypted “containers”; essentially virtual drives in the form of a file, which appears to be completely random binary data unless opened correctly in Truecrypt with the correct passphrase. Once opened correctly, Truecrypt containers appear as virtual disks on the computer which can be written to or copied from. Truecrypt supports a dizzying depth of hard encryption and plausible deniability; is it any wonder that it was used by Julian Assange to protect Wikileaks’ data on the move?
So, for mobile drives, format your harddrive using a commonly accepted format like Fat32, and create a giant Truecrypt container on the drive. Remember to include installers for Truecrypt on every platform you’ll need on the drive, so you can open the container when needed.
With Local encryption using Truecrypt, a trustworthy computer system such as Linux, a freshly installed, trustworthy custom Android ROM such as cyanogenmod and the software above, nobody will be able to stop you from browsing at will, hosting at will, and communicating at will. Freedom of speech, assembly, expression and belief, restored through open source software.
Share the software and the knowhow. I’ll be hosting workshops soon, when I can spare time to prepare. Share this document; consider it Creative Commons Attribution-only, giving you the right to copy, modify, excerpt or even sell it, provided you give me attribution for my role in writing the original document. Just link back here with my name if you do, thanks.
Go forth. Share!
- Sherlock, n: An act enabling massive disruption of civil rights to satisfy narrow commercial interests.