Edward Snowden once made the point that the reality of mass surveillance is always one election away. The technology to undertake it is already available and the privacy protection laws are like a duct-tape holding the floodgates – all you need is one 9/11 type of event and the tape will be done away with. But what could you do to preserve privacy when that happens?
Things are not looking good for online privacy lately
Donald Trump is backing his campaign promises by appointing security hard-liners as head of the CIA and as Attorney General. The UK Parliament just passed the Investigatory Powers Act which gives intelligence agencies the power to collect and store citizen data, which, in Snowden’s words, goes further than many autocracies. Several EU countries are calling for the installment of backdoors into encryption. And in Thailand cybersecurity laws are being tightened so the state could spy on internet users and restrict online speech.
This is just from the past few weeks. And it is only about governments – there are various other types of adversaries that have an interest in your personal data and communications, who have never had their hands tied by laws to begin with. Think business competitors after your company’s information, or cybercriminals.
The Internet is not private. Treat it accordingly
The first thing you should do is to do away with the perception that anything you do online is anonymous, or private. The Internet is a public space and should be treated as such – you don’t go screaming out your secrets in public, don’t do it online too. Regular people tend to reveal way too much on social media, oblivious to the fact that even seemingly harmless bits of information – like checking in at a restaurant – could be put to malicious use.
Once you have the right mindset, you also need the right tools to guarantee some privacy of online communication. Encryption is the means to achieve that. Good encryption and safe key-exchange protocols guarantee that even if your communications are intercepted by eavesdroppers, they would look like nonsense to them – and will be readable or listenable only by the intended recipient who has the key to decipher them.
Using encryption everywhere is a very good idea
There are various practical steps you can take to reclaim online privacy. Snowden, as well as various security experts and privacy advocates, advises people to protect all their communications with end-to-end encryption. He himself uses PGP encryption for emails, and off the record (OTR) protocol-based chats – both of which the US National Security Agency reportedly couldn't break. (We have also opted for using these protocols in our encrypted app suite, Secure Pack.) You should also encrypt your hard drive in case someone takes hold of your device.
And this is just the first step. For true online security you need to take care of vulnerabilities at every level from the hardware, though the OS and the apps you use, to the permissions they have. This is why the best solution for security-wary individuals is to opt for wholesome solutions like devices that have been built from the ground up to offer privacy. This is what you should do too.