One year ago on Thursday, the first story came out based on NSA documents taken and leaked by contractor Edward Snowden. It detailed how the U.S. intelligence agency was collecting metadata about the communications of Verizon(s vz) customers.
A lot has been come out since then. For an incomplete rundown, check out my summary from the end of last year — further revelations have emerged since then, such as last week’s New York Times piece about the NSA’s collection of facial images, but the most important stuff emerged during 2013. The biggest shift, however, is the realization that ordinary people can and should push back in a meaningful way.
Web consultant Mark Stockley put it well on Sophos’s Naked Security blog today, pointing out the differences between Thursday’s Reset The Net campaign, with its handy privacy pack, and February’s The Day We Fight Back event:
Highly organised government surveillance will not be challenged by the most dilute form of modern technical homeopathy, changing our Twitter avatars […] I argued at the time that our only viable defence, the only way to really Fight Back, would be by adopting or contributing to projects that improve our use of encryption. Fancy let’s-all-join-hands graphics aside, Reset The Net is exactly that. It’s everything that I wanted The Day We Fight Back to Be. In a word, useful.
The thrust of Reset The Net is to make it harder for spies and hackers to do what they do. It’s probably impossible to stop them entirely – if they want to target an individual they will – but it is arguably possible to make mass surveillance so costly and bothersome that it’s no longer the easiest and most economical way for the likes of the NSA to do its job.
That’s where the privacy pack, being promoted today on all sorts of websites (even that of Minecraft creator Mojang) comes in. It includes instructions and links to a variety of tools for phones and desktops, all of which make it possible for average people to start encrypting and obscuring their communications and other online activities. The tools may not be super-easy to use – a situation which will hopefully change soon — but encryption is, as Snowden put it, “the defense against the dark arts for the digital realm.”
Here’s a few examples of links in the pack (there’s a lot more good stuff in there, too):
- Whispersystems’ TextSecure and Redphone (I use TextSecure and wrote about it here)
- ChatSecure, for iOS(s aapl) and Android
- The MasterPassword password management tool
- The two-factor authentication features of popular services like Facebook(s fb), Twitter(s twtr) and Dropbox
- Secure chat clients for Mac (Adium) and Windows(s msft) and Linux (Pidgin)
- The private browsing toolkit Tor
There are many ways to combat mass surveillance, with good examples taking place in the context of Reset The Net: pushes for legislative reform; the likes of Google(s goog) finally taking end-to-end encryption seriously; and web outfits from WordPress (see disclosure) to Tumblr turning on encryption by default, as they have done today.
But there’s something special about encouraging ordinary users to take their security into their own hands by consciously choosing locked-down services. That’s not as easy as it should be right now, and no-one should see the pack as a panacea, but practical steps can be taken — and demonstrating that fact is more meaningful than a million temporary avatar changes.
Disclosure: Automattic, maker of WordPress.com, is backed by True Ventures, a venture capital firm that is an investor in the parent company of this blog, Gigaom.