New tools offer practical help to block official spies

national security agency headquarters fort meade maryland

A bill was introduced in Congress  on Tuesday that would extend the controversial part of the Patriot Act that the U.S. National Security Agency, whose headquarters are shown here in Fort Meade, Md.,  used to collect U.S. telephone records in bulk.

Credit: NSA

Entirely by coincidence this week IBM and a gaggle of online civil rights groups struck a blow for the digital economy and individual rights, though only one described things in those terms.

The long-term, more commercially relevant contribution came from IBM, which was granted a patent for a Data Privacy Engine designed to encrypt personal data so it would remain safe regardless of whether it was stored in the cloud, on a personal or corporate hard drive or while it crossed the Internet under the potential surveillance of an increasing number of U.S. and International government snooping agencies.

The other, more politically provocative tool, is being promoted by the Electronic Frontier Foundation, Amnesty International, Privacy International and other online-rights groups through a site called Resist Surveillance and a new anti-spyware tool called Detekt.

The goal of most security apps is to make it more difficult for hackers to steal a consumer's Target REDcard or turn consumer PCs into walkers on some hot new botnet.

The goal of Detekt to reveal the work of federal intelligence agencies responsible for protecting against threats to our physical wellbeing of political security, but which choose to do so by peeking over the shoulders of consumers to see who might be thinking about starting a local chapter of the rampaging ISIS army of terror, or mapping out a fence-jumping, Secret-Service-dodging way to get to the Oval Office without an invitation. (FAQ here; download Detekt here)

Written by a team of online-rights-advocating security experts led by Rapid7's Claudio Guarnieri, Detekt is designed to be a practical tool for self-defense against illegal government surveillance.

In this case that means defense against a specific set of digital surveillance tools and techniques aimed at civilians within the United States by the National Security Agency, as revealed in the secret NSA documents released by contractor/whistleblower/creep-show guide Edward Snowden.

One of the best sites that help demonstrate why the violations of trust, privacy, judicial process and civil rights by a supposedly benign government agency are worth opposing, by the way, is here.

It is a realistic but fake NSA-explainer site whose fake headlines ("Your Data: If You Have Nothing to Hide, You have Nothing to Fear") provide surreal contrast with actual headlines for stories explaining why spying on your own people and stealing their data is a bad thing, regardless of how exhaustively complete and technologically innovative your arsenal of spy tools has become. ("Pointing the US Surveillance Apparatus at the American People," "No Warrant, No Problem," "Public Buses Across Country Quietly Adding Microphones to Record Passenger Conversations.")

It's not clear how successful Detekt is at flagging known NSA spyware, let alone unknown apps or future enhancements.

However, by giving individual computer users a tool they can use to actually resist government surveillance, Detekt and Resist Surveillance do more than just make a statement opposing government surveillance. They give ordinary users a way to fight back.

By itself, Detekt won't add enough security to compensate for the failure of Congress to defend need for a court order and a search warrant before invading the privacy of a business or individual.

It also won't be able to compensate for the effort of government agencies to undermine the security of the Internet whose security they are supposed to protect.

It won't contradict the FUD and fearmongering of those who pretend disaster will follow any effort to force law enforcers to follow the law. It won't even address the blandly procedural betrayal of trust inherent in the cooperation of telcos and networking companies with not-quite-legal demands for private information about customers.

By itself, Detekt won't do much to dispel the hypocrisy, fear and ignorance that caused the Senate to kill off the most recent effort to make the NSA obey the Constitution rather than the law – an effort led by Senators of the same party as the one who described the effort to keep ISPs from extorting fees from customers and competitors as "Obamacare for the Internet."

Compared with the massive resources and determination of a government addicted to covert surveillance and the violation of rights it was created to protect, there probably won't be a lot of impact from one desktop app designed to show specific users when their individual rights are being violated.

But it can't be a bad thing to put a practical tool into the hands of people with the will to use it – whether the tool is Detekt or IBM's Data Privacy Engine or any other bit of personal protection.

When you're stuck in a place where your progress is blocked in every direction by a mountain of something nasty and the only choice is to dig through no matter how long it takes, even a small shovel helps more than a fool's assurance that eventually you'll get used to the smell.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.