Friday 6 September 2013

The internet secure? Absurd

While we were all away on holiday a scene from the theatre of the absurd was reported. It had been enacted  a month before, in July, in the basement of the Guardian newspaper's London office.

Dramatis personae:
    A number of GCHQ persons
    A Guardian editor and a Guardian IT person

Props:
    A number of computer disks and chips
    An angle grinder and some other tools

On 20 July 2013, apparently acting on the orders of Sir Jeremy Heywood, the Cabinet Secretary, who was in turn apparently acting on the orders of the Prime Minister himself, the Guardian persons set about destroying the disks and chips with the angle grinder and other tools. The GCHQ persons, having watched but not assisted, left once the job was done.

Thus one copy of the Edward Snowden files was destroyed. Quite pointlessly, as there are other copies. But the Prime Minister insisted, allegedly, the charade went ahead, and the dignity of his office was thereby preserved.

The Snowden revelations continue unabated. Yesterday, the Guardian treated us to US and UK spy agencies defeat privacy and security on the internet while the New York Times gave us N.S.A. Able to Foil Basic Safeguards of Privacy on Web.

If you think that encryption will keep your use of the internet private/confidential/secret, think again.

The US National Security Agency (NSA) and our very own GCHQ have cracked the code and can decrypt your transactions on secure websites, your use of virtual private networks, your emails, web chats and Skype calls, just like that, more or less in real time.

If a cloud computing supplier tells you your data is safe in the cloud because it's encrypted, he or she is probably wrong. HMRC, the MOD, the Home Office and the Government Digital Service (GDS) might like to reconsider their use of Skyscape Cloud Services Ltd.

If a personal data store supplier tells you that your information is safe because it's encrypted – perhaps in connection with the UK's midata project – he or she is probably wrong.

No doubt GDS will tell us that the new electoral roll will be secure. And that the identity assurance service they are about to unleash on HMRC is secure. In what way?

Individuals, companies and government departments can forget about confidentiality on the internet. What was left of it was all hoovered up by the cleaners in the Guardian's basement after the audience had left.

Lawyers, bankers and accountants working on a major takeover, for example, may well continue to use the internet. It's convenient. But they can no longer promise that their clients' data is being kept confidential. Everyone now knows that on the internet that is, to all intents and purposes, impossible.

1 comment:

David Moss said...

Not unprecedented, I am reliably informed that I am wrong to say that "no doubt GDS will tell us that the new electoral roll will be secure". They've given up with security and will only claim that the electoral roll will be "assured". "Assured" means a lot less that "secure". So much less, that it may actually mean nothing.

Post a Comment