The Investigatory Powers Bill is about to become law. It’s not an exaggeration to say that it represents the most significant transfer of power from people to the state in our lifetime. The bill will allow the surveillance of anyone (and potentially everyone) in the UK, without the need for suspicion of involvement in a crime or evidence of wrongdoing, without the need to target a person or premise and without ever notifying anyone that they have been spied on.
It would be hard to imagine a more terrifying situation for a political party than to know that every communication they made was being intercepted and stored by the government they oppose. Yet this is the situation we find ourselves in today; One where all that protects our party communications is the integrity of the secret police officers who surveil us.
Maintaining a democracy in an era of mass surveillance is going to be difficult. It will require that we start taking the privacy of our personal (and party) communications very seriously. In practice, that means we are all going to have to learn how to use (and defend our right to use) strong end to end encryption.
I’m therefore proposing three simple steps every party member can take to start protecting themselves, and our party, from the routine mass surveillance being undertaken by our state. If you have ever installed software, then you should be able to follow along. If not, you should ask someone who does to help you.
Step 1. Use encrypted chat apps instead of email
Email is by far the least secure form of communication on the internet (Your parliamentary email is no exception). It is sent unencrypted over the internet and can be read with little effort by most intelligence agencies. It’s the digital equivalent of sending your letters through the post without an envelope.
I would therefore recommend that we immediately switch to using end to end encrypted chat apps like WhatsApp, Apple imessage, Telegram or Signal (Definitely not Facebook) in place of email. This is essential if you have something sensitive you want to share, like a plan for a protest, but should eventually become the norm for most party communications.
Step 2. Upgrade your passwords
The next task is to ensure that every account you use has a different password. If you use the same password for multiple accounts, then all of your communications will be vulnerable if just one of your account providers is hacked.
The simplest way to do this is to install and use a password manager such as 1Password or LastPass. Password managers generate and store unique passwords for each of your accounts. Using a password manager means that you only need to remember one (really good) password to securely access all your accounts.
Step 3. Mask your internet trail.
To keep your web history private, it’s not enough to use the incognito or private browsing mode on your web browser. Although this prevents your history from being stored on your computer, it does not hide the sites you are visiting from your internet service provider (ISP). Luckily it’s relatively straightforward to stop your ISP, and therefore the government, having access to this information.
The solution is to sign up for a virtual private network (VPN) because when you connect to the internet through a VPN, it looks to your ISP as if you are only connecting to one site: that of the VPN provider. For this strategy to work, it’s critical that you choose a VPN provider that is based outside of the UK (or the US) and does not keep logs. If you do this, there will be no legal way for the government to compel your VPN provider to disclose your history. A list of such VPN services can be found here:
So there you go. Three easy steps anyone can take to protect their privacy against the overwhelming might of the state. Good luck and let me know how you get on in the comments.
* Scott Craig is a member of the Liberal Democrats, currently living in Edinburgh
Follow @libdemvoice.org on Bluesky
Like us on Facebook
Subscribe to our feed
Sign-up for our daily email digest
Why non-fiction books need their indexes
Changes in status: Local Elections wrap up
What should the Liberal Democrats stand for?
Ben Wood
Ed Sanderson
Jack
Matt (Bristol)
John Grout
10 Comments
I totally agree Scott, but the overwhelming majority of people just don’t care.
If you really want private chat you would use Signal, but the reality is that people use what their friends and family are on. If you’re lucky that might be whatsapp, but is more likely to be facebook messenger.
Instead of setting up a facebook group it would be much better to set up a Diaspora pod for your local party or interest group, but who else has even heard of Diaspora……..
Anyway, thanks to a vpn, this post will look like it came from Switzerland and my ISP will be none the wiser.
It’s not an exaggeration to say that this post expresses hugely exaggerated fears about “the routine mass surveillance being undertaken by our state” and the end of democracy.
It might be safest to assume that anything you type on a computer may be recovered by the Security Services.
Does a VPN add any real protection? Surely if they are that interested they could record the traffic and get the keys from your computer later (if they don’t already have the keys) or is there much more going on than I assume.
@John Peters – using a vpn prevents your ISP from recording and storing all the web sites you visit for 12 months as required by IPB.
This highlights the nonsense of this requirement. It is so trivially easy to bypass that the result will be huge mounts of data collected on the browsing habits of innocent people, and nothing on terrorists or serious criminals.
@Nick Baird
It was only going to be the recording of URLs by the ISP, not the actual pages themselves. That might have changed since the original proposal.
Doesn’t GCHQ etc. monitor all data comms anyhow? I’m sure they already record VPN traffic in which they are interested. The NSA do, I think that was one of Snowden’s wikileaks.
http://arstechnica.co.uk/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/
http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html
https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/
Why trust a password manager they could be pressured by a government agency. Think of a memorable phrase and remember or record that. I used to be a consultant where the IBM system remembered the last 5 passwords, one of my passwords was idw2cm!p or I do not want to change my ! password.
There is no such thing as being completely anonymous online but the steps mentioned in post are good to stay safe and avoid surveillance, unless you are doing illegal activities then whatever you do government can trace you. I would add that PGP is great for encrypting e-mails https://en.wikipedia.org/wiki/Pretty_Good_Privacy and also i would not trust a lot chat apps Whatsapp..etc whatever they claim about privacy/encrypted msgs they are still owned by US Companies. I would suggest for CHAT to setup XMPP / Jabber Account with Pidgin and use OTR (Off-the-Record Messaging) more info you can find on these links
https://www.jabber.org/ https://en.wikipedia.org/wiki/Pidgin_(software) https://otr.cypherpunks.ca/
As for the VPN’s this is also important, many of them will provide Logs if requested by any government agency so its good to find a VPN that is not saving Logs of their user activities. Avoid USA VPN Companies or Servers and make sure to read reviews and informations about different VPNs on website like https://vpntrends.com or looking on Google.
On my browser there’s no link after you say “here:”
mine neither
Hi Paul, Mike.
The link that is missing is https://www.privacytools.io/