dna exclusive: Geeks have a solution to digital surveillance in India: Cryptography
While you were thinking of what next to post on Twitter, the government has stealthily put an ambitious surveillance programme in place that tracks your every move in the digital world — through voice calls, SMS and MMS, GPRS, fax communications on landlines, video calls and emails.
The article by Joanna Lobo was published in DNA on July 7, 2013. Pranesh Prakash is quoted.
The programme, conceived in 2011, has now been brought under one umbrella referred to as the centralised monitoring system (CMS). It is the death of privacy.
But as concerned citizens argue for the need to formulate policies and laws to protect privacy, there's a simpler solution in sight for now: a CryptoParty.
At this 'party', an informal gathering of people, non-geeks can learn how to legally encrypt their digital communications and how to store data without the fear of anyone snooping in. Encryption is a process of encoding messages so that it can only be read by authorised parties.
What is it?
"A CryptoParty educates people in the domain of cryptography. It's usually about the basics: how to send encrypted email, how to protect your hardware and how to use free and open source software," says Satyakam Goswami, a free software consultant associated with the Software Freedom Law Centre (SFLC), Delhi (remove this). Goswami was one of the 72 participants at the CryptoParty organised on Saturday at Institute of Informatics & Communication (IIC), Delhi University South Campus On June 30, a CryptoParty organised at the Centre for Internet and Society (CIS) in Bangalore had 30 people in attendance. "We were taught about the what, how and who is watching us. We were also taught how to encrypt emails, chat, video calls or instant messaging,” says Siddhart Prakash Rao, a computer science graduate and a free software and open source enthusiast who is about to pursue a Masters in Cryptography.
The topics may be a mouthful for non-geeks but CryptoParty advocates maintain that all this is taught in the simplest way possible. The choice of subject depends on the composition of the group — if it is a gathering of geeks, like at the Bangalore event, then the topics are more technical.
How can it help?
CryptoParties started in August 2012 by an Australian woman (who goes by the pseudonym Asher Wolf) after a conversation on Twitter about The Australian Parliament's new cybercrime bill that allowed law enforcement to ask Internet Service Providers to monitor and store data.
Attending a CryptoParty is a good way to learn how to overcome government snooping legally.
“Citizens should use encryption to safeguard their private communications against both corporations and the government. Encryption is one of the best ways to react to CMS along with increased civic vigilance and democratic questioning of our government and parliamentarians,” says Pranesh Prakash, policy director, CIS, and one of the frontrunners in the fight to formulate a policy to safeguard privacy in India.
"In India, people tend to be rather ignorant. They are not aware of the kind of surveillance they are subjected to once online. It's a lack of understanding," says Sumandro Chattapadhyay, a researcher with Sarai, a programme of the Centre for the Study of Developing Societies, Delhi.
Bernadette Langle, who also works at CIS has been instrumental in organising the handful of CryptoParties in the country. When dna spoke to her, she was on her way to Delhi after participating in the Bangalore event. Langle will also be part of a CryptoParty being planned for October in Mumbai. "Ten years ago, you had to be a geek to be able to encrypt and protect yourself online. Now, you need software and it's much easier," she says.
The advantage is that the privacy tactics taught at such parties is completely legal. All knowledge is in the public domain. “A government will only deny its citizens basic communications privacy if it is authoritarian,” says Pranesh. “So while it can try social engineering and other means to gain access to what you've encrypted, it simply cannot 'decode' it as long as you have chosen a strong pass phrase and keep that protected, or they create quantum computers capable of breaking your encryption.”
The CIS is currently working on revisions of the Privacy (Protection) Bill 2013 with the objective of contributing to privacy legislation in India. Till that bill becomes an Act and till there's a better way to overcome needless government surveillance, attending a CryptoParty could possibly be the wisest solution for those concerned about privacy.
(For more details on CryptoParties, visit www.cryptoparty.in)
How to encrypt:
SMS: Make content secure by using software like TextSecure (Android) or CryptoSMS (Symbian). However, SMS metadata (who you are sending the message to and at what time) can still be tracked.
Instead of Whatsapp, install Jabbir and add off the record encryption.
For email, you can use OpenPGP in conjunction with Thunderbird to encrypt mails you send from Gmail/Yahoo Mail/Live Mail accounts so that even Google, Yahoo and Microsoft can't read them
For web browsing, use a VPN (which will hide your traffic from your ISP), or Tor (which will help anonymise your traffic, but will slow down your connection slower).