Combating online snoops
June 14, 2013
Holger Bleich, an Internet expert and editor at German-based computer magazine c't, is furious about the Prism program, which allowed US intelligence services to easily access online data in a way that was previously not thought possible.
"People weren't informed in any way that such extensive snooping was taking place," he says. "If they know that they are not anonymous and their data is being monitored, they can behave accordingly."
But that wasn't the case and US security agencies had access to user data. The question is what users do now. One strategy would be to stop using pages that are owned by US-based companies.
"In that way, you can minimize the risk," Bleich says. The problem, however, is that the domain ending, like ".com" or ".us," says very little about the location of the company server on which the user's data is stored. And that is key for data security because every country has its own rules - with Iceland having the safest data security laws, according to Bleich.
Bare bones data handling
But what remains of the Internet when some companies are avoided, Bleich asks? It would mean the Net without Google, Facebook, YouTube, Microsoft, Skype or Apple, to name but a few of the services and companies that were linked to the US National Security Agency's (NSA) extensive snooping program.
However, that's how Christoph Meinel, head of Hasso Plattner Institute, an IT college in Germany, has chosen to use the Net. "For example, I am not on Facebook and I am very careful about the emails that I answer and the sites I visit. You can call that bare bones data handling," he explained.
Meinel warns users against doing things on the Internet that they don't understand.
Unknown legal situation
Different laws apply to the Internet in every country. "If there's a foreign service and I don't know the legal situation, then I could get into problems," Meinel says.
And the US is no exception. Foreigners are treated differently from US citizens, particularly due to the terrorist attacks there. "One has to expect that all sources which could contain any leads to threat situations in the US are pulled up," he explains.
But the US isn't alone in this. Other countries also have similar programs. In Germany, telecommunications monitoring regulations allow certain government agencies to read emails.
"Every email service that has more than 10,000 customers must have a monitoring system in place," tech magazine editor Holger Bleich warns.
And Germany's leading email services like web.de and gmx.de have already done that.
Encryption as a possible case
Even if the monitoring laws in Germany are substantially stricter than the ones in the US, Bleich comes to the conclusion that "what is clear is that communications can be recorded and monitored. That's how it is on the Internet." That's why users shouldn't be lulled into a false sense of security - something that also affects modern encryption experts.
Of course, you can use different techniques: PGP, a technique for encrypting emails, which is almost as old as the Internet itself, or Psiphon or Tor to surf the Internet anonymously. But using such software is likely to grab the attention of investigators, says Bleich.
"If someone encrypts so conspicuously, then he is likely to fall into the suspect batch than someone who communicates without encryption," he adds, noting that investigators have already confirmed that.
Privacy doesn't matter online
University Professor Christoph Meinel is convinced that many people have no interest in encrypting their data. Most of them are careless with the way they deal with their data online.
"But someone has to take care that my data doesn't fall into the wrong hands," says Meinel.
And in this way, the Internet isn't yet mature. But what is clear for him is that if anyone is reading his data, it's not private companies but intelligence services.
"Secret services are under the control of parliaments in democracies, and I have less fear of them than companies, which want to abuse this information, or make money from it," he explains.
University professor Meinel sees his minimalistic data handling as the only way out. Anyone who doesn't put sensitive data on the Internet has nothing to lose.