Monday, July 15th, 2013, 7:49 am
Richard Stallman on the NSA (Part 5)
Direct download as Ogg (00:09:58, 7.4 MB)
Summary: Stallman speaks about security, privacy, networks, and the NSA
TODAY’S part deals with several different topics that Stallman rarely speaks about publicly. The full transcript follows.
Dr. Roy S. Schestowitz: The next bunch of things I’d like to speak about is the data, showing whole data security, I mean, security from the point of view of the user, not security from the point of view of, you know, “national security”, which could mean just about anything.
Dr. Richard M. Stallman: I understand.
RSS: The repositioning of the datacentres and the location of datacentres that companies are selecting — what role do you think that plays in privacy?
RMS: Well, if you’re going to deal with a company and it’s going to get some personal information about you and that company’s servers are hosted by a US company — whether in the US or not — then that means that the US government can get all your information.
If a country wants to provide data protection to its citizens, part of their data protection must include not permitting that data to be searched in any way as part of the company’s operations, to have [...] fully reliable and cooperating data protection. So for instance, a European company should not be allowed to host its data on an Amazon server.
RSS: There was one case way back in 2008 or so, several of us European people and people in the FFII were trying to encourage the European Commission not to put Google Analytics in its Web site. That was a public service Web site which was providing, using JavaScript, a helluva lot of details about the European citizens accessing the site to a US company. I don’t think that’s being addressed sufficiently, even now a lot of the servers…
RMS: Well, you’re certainly right and I would suggest that if a Web page is set up so that it will provide information [to] these companies, that should be treated as legally equivalent to the case where the operator of that Web page explicitly sent the same data to [these companies] and of course in Europe that would bring the European data protection rules into play and that would say, “no, you can’t send this data to Google Analytics or to some advertising network or anyone.”
RSS: I want to also ask you about encryption. I’m not sure to what degree you’re into, into all these — I suppose this is an area that enthusiasts in the field of security are very much into — but several of us people are trying to find reliable encryption, ubiquitous encryption method…
RMS: Well, I can help you find that. I know how to use the GNU Privacy Guard. However, in order to use that you’ve got to have somebody’s public key. So that’s why I was wondering if when I go to the UK we might meet and then can I could get your public key.
RSS: We’ll probably come to it later, but in the UK we have this big scandal right now about spying on diplomats in the G8 summit and that’s probably something that Russia — I read about it today — Russia is apparently going to take some legal action over it as well as the NSA leaks. There was spying on people using, basically honeypots as access points, as a way in which it would connect to a wireless access point and of course even if people are using E-mail with SSL/TLS, I’m not sure to what degree this is safe. We know WPA — WPA2 even — is crackble. And…
RMS: Well, okay, the point is, the encryption of a network hub is not something that you can depend on for your own privacy because, you know, if other people are getting on the network hub, they can listen to your packets too, so if you want to maintain your privacy, you do that with something else like communicating with SSH.
Now, the relevance of encryption on the network hub — that’s not just a way of controlling who can use it. It’s very important for people to maintain Wi-Fi networks without any kind of password, because if you don’t, then you’re becoming an enforcer in the war on sharing. One way to resist the application of unjust laws such as the Digital Economy Act is by not having a key on your Wi-Fi network.
RSS: That increases the pressure through liability claims, so…
RMS: Of course, collective responsibility is the tool of tyrants. Collective responsibility is the policy that says, if you don’t help keep everyone else subjected, we’ll punish you. Right now the UK government is using the system of collective responsibility to divide people and turn everybody into an enforcer against everybody else, and that’s why it’s people’s duty to refuse to do it.
RSS: And I suppose the same…
RMS: …Wi-Fi that works without passwords, so that they refuse to enforce the system of unjust control on everyone else.
RSS: I totally agree with you and the same was said about the solidarity when it comes to encrypting E-mail. We should make it a standard thing to encrypt our E-mails although, to tell you the truth, I mean, all the encryption methods are based upon industry standards that are accepted at the other end of the line, so when you send somebody an E-mail you have to make sure they have the same decryption methods upon which…
RMS: Right. That’s why it’s difficult, in practice, to encrypt all our E-mails. We can encrypt E-mail with people that we know and have arranged to exchange keys with. But the other thing to point out is that encrypting E-mail doesn’t disguise any of the metadata, so the NSA can still track who sends E_mail to whom, even if the contents are encrypted.
RSS: And I suppose with all the mathematicians at the NSA — they seem to be hiring quite a few very skilled people who can do analysis on the encryption methods and…
RMS: They’ve been doing that since 19…
RSS: Fifty?
RMS: 1949 or so.
RSS: I think the NSA was only founded in 19…
RMS: Well, it wasn’t then called the NSA, but it doesn’t matter. You know, details like where it’s put don’t matter.
Later today I’ll be meeting Stallman in Oxford to get some video interviews done with him. This time the audio quality will be vastly better.
We hope you will join us for future shows and consider subscribing to the show via the RSS feed. You can also visit our archives for past shows. If you have an Identi.ca account, consider subscribing to TechBytes in order to keep up to date.
As embedded (HTML5):
Keywords: gnu fsf richardstallman
Download: