Article on defending data

August 15, 2014 |

The Australian has something of a schizophrenic approach to privacy.  Mention a statutory (or any other) right to privacy and the paper reaches into its archives and dredges up another piece against the proposition.  And if it is really hackneyed and cliched, put it in the Legal Affairs Section.  High dudgeon a plenty but not much in the way of analysis.  But then the paper does run some quite good pieces on data protection. For example in Defending your data is not a bad piece on protecting privacy.  It is a rush to the line type of article but it does touch the main points in a fleeting sort of way.  A good overview.

It provides:

Pretty good privacy.

THE revelations of WikiLeaks, intelligence surveillance activities disclosed by Edward Snowden, and most recently, the federal government’s move to adopt data retention has increased the paranoia about being online for everyone from large enterprises to individuals.

The added activities of cybercriminals and hackers, the advent of ransomware and the vulnerability of commercial secrets to online theft has made matters worse. But there’s little point worrying about government data retention if you haven’t tightened your Facebook privacy settings to protect your identity and personal information, or don’t use strong, unique passwords for every account you log into to minimise the chance of hacking and identity theft.

Social networks such as Facebook have privacy settings, although they can take some finding. (Click the right-most arrow on the Facebook homepage, choose settings, then privacy setting in the left-hand column.)

Safes such as Keypass, LastPass, iPassword and Apple’s iCloud Keychain let you manage dozens of unique and complex passwords for each online service you join. You recall just one password that unlocks the safe to the rest of them.

An important weapon in this brave new world of surveillance and hacking is data encryption. You encode your emails, spreadsheets, Word and PDF documents and entire disks so that only intended recipients read them.

Even if cybercriminals or government agencies hack your data as it travels across the internet, or steal your hard drives, they can’t read the data if they don’t have or can’t crack the code.

There are measures we can all implement straight off, such as protecting data on hard drives. BitLocker for Windows and FileVault 2 for Mac OSX machines will encrypt the entire contents of a hard drive, making it unreadable unless you provide an account password. If your laptop is stolen a thief can’t access your data without that password.

You should also consider encrypting data you store in cloud-based storage such as Microsoft OneDrive, Google Drive or DropBox. Services such as Cloud­fogger and BoxCryptor will manage the encryption of files on their way to the cloud. Some software packages such as Nitro Pro (for PDFs) include 256-bit encryption capabilities.

You could also opt for cloud storage packages that include encryption such as Wuala, Tresorit and SpiderOak. You need to be convinced their encryption is secure, and that only you have the means to unlock and decrypt your data stored with them.

The ability to encrypt emails has been around since the early internet days via a program called Pretty Good Privacy, or PGP. This reporter used it to communicate with confidential news sources in the 1990s.

When you install PGP you ­create two random, unique keys. Messages encrypted by the first one — known as the public key — can only be decrypted or unlocked with the other one — the private key. You give the public key to anyone who wants to send you encrypted mail and keep the private key to yourself.

In the 1990s this meant writing a message, copying and pasting it into the PGP program to create the encrypted message, then copying and pasting that encrypted message into an email ­client, and sending it off. It worked and for many still does, but it is laborious. PGP and an open free version called GnuPG are easily obtained online.

You can also opt for web-based email services with built-in encryption such as Hushmail or the new ProtonMail, a Swiss-developed crowd-funded encryption email service.

The developers say they are scientists originally from the European Organisation for Nuclear Research in Geneva. When they launched ProtonMail on the crowd-funding site, they sought $US100,000 to get the service up and going and received their required target five times over — with $US550,492 to date. ProtonMail says it hosts its servers in Switzerland — outside US and EU jurisdiction, so all user data is protected by Swiss privacy laws as well as being encrypted.

If you use Gmail or Yahoo’s mail services help will be on the way soon, with both developing PGP-encrypted systems.

There are also apps that claim to offer more privacy in mobile communications.

Silent Circle sells an encryption app which lets users talk and text in private. Services include Silent Phone, Silent Text and Silent Messaging. It also sells a “blackphone” which offers secure voice communications. Silent Circle’s servers are in Canada and Switzerland.

Microsoft’s Outlook desktop client has introduced a public-private key encryption system that is triggered when a sender and recipient share their digital IDs. Sending and viewing encrypted email messages is the same as with any other email messages.

Another option is offerings by antivirus and security firms such as Symantec, which bought PGP in 2010. Symantec principal systems engineer Nick Savvides says consumers can obtain a cheap class 1 certificate that lets them sign and exchange encrypted emails with other parties with a similar certificate. Consumers rather than Symantec generate the encryption keys.

Symantec has plugins which enable their certificates to work with desktop clients such as Outlook and Mac Mail. Savvides says Symantec maintains the world’s largest directory of users’ public keys. Symantec also offers a desktop client for encrypted email that Savvides says may be less complex for some users.

For those wishing to access the net privately, there are services like Tor— a free network of virtual tunnels used by ­people such as journalists and civil libertarians for private communications. But be well aware of the issues surrounding Tor beforehand.

Tor’s browser claims to prevent somebody watching an internet connection from learning what sites you visited, and from those sites learning your physical location.

Another is a virtual private network, or VPN, which reroutes your internet traffic and can make it seem as though you are in another country.

Communications Minister Malcolm Turnbull has said that using a VPN is a way to get around the government’s proposed data retention laws.

Services are available for less than $10 a month but there is a possibility your traffic may not be as secure as you may hope. You need to be careful when selecting a VPN provider to make sure your data cannot be compromised.

One Response to “Article on defending data”

  1. Article on defending data | Australian Law Blogs

    […] Article on defending data […]

Leave a Reply