Mass surveillance is being undermined by the ‘Snowden effect’

We are in the middle of a Crypto war again. Perhaps we have always been in the middle of a Crypto war. Since the 70s, the right and ability to encrypt private communications has been fought over, time and again. Here in the UK, Cameron’s re-election has prompted reports of a ‘turbo-charged’ version of the so-called ‘Snoopers’ Charter’, extending further the powers of surveillance that the whistleblower Edward Snowden described as having ‘no limits’.

Two nights ago, the US Patriot Act expired. With it, at least officially, elements of the NSA’s bulk surveillance programme expired too. The law was passed in the wake of 9/11, in order to ‘strengthen domestic security’ and ‘broaden the powers of law-enforcement agencies with regards to identifying and stopping terrorists’. Section 215 of the Act had allowed the NSA to collect mobile phone data on millions of Americans. For the time being, that provision has gone. In the same week, the UN published a report saying encryption is ‘crucial for human rights’.

But the law is only half the story. Privacy advocates were, of course, cautious not to overstate the significance of the act’s suspension. But behind this caution, their successes are far more extensive than the symbolic demise of the Patriot Act. From the perspective of surveillance, the damage has already been done.

The ‘Snowden effect’, named after the whistleblower responsible for outing government surveillance in the US and UK, has brought more companies and technologists to the fight. Their purpose? To provide privacy tools that are powerful, open-source and accessible to the masses. And these groups are winning. As fears over our privacy continue to grow and the government talks about further extending surveillance capability, ordinary people are turning to these tools. What’s more, for the first time, they are beginning to be adopted on a massive scale.

Scale is a significant change, and a significant challenge to security services. Take Tor. Tor is a web browser-cum-network that scrambles your connections and makes your internet browsing more difficult to track. Both Tor and other publicly-available encryption tools always come with a caveat. Although frequently very powerful, especially in combination with one another, they are not perfect. With enough work and with the resources at the disposal of government organisations, a single user’s communications are at risk: the sheer firepower that the security services can use to break into secure channels means that a single suspect is up against it.

This is probably a good thing. If we believe our security services should have the resources to protect us from those who would plan acts of terrorism, for example, then they must be able to intercept the communications of suspects under investigation. Isis advise use of encryption to its supporters in order to protect their identities and whereabouts. Anders Breivik wrote a blog on it. If a suspect was under investigation we would rightly expect MI5 to use wiretaps and human surveillance, after all. Digital communications should be no different.

But what the mass uptake of this kind of software threatens is mass surveillance. Cracking one encryption key is difficult but possible. Cracking millions is a different proposition. Mass uptake of encryption and of VPNs – virtual private networks designed to hide your identity – is anathema to dragnet collection of data.

Take instant messaging, for example. It is estimated that the 700m users of the app WhatsApp currently send thirty billion messages a day. This alone poses a real challenge to those calling for those messages to be somehow ‘read’ and analysed; how on earth do you read 350,000 messages a second? Over the past few years the Centre for the Analysis of Social media at Demos has done a lot of work in partnership with the University of Sussex on ‘Natural Language Processing’, the science of teaching computers to find meaning in the words we use. Conclusion: it isn’t easy. Algorithms are never perfect, and they go out of date quickly as the way we speak changes.

But now, WhatsApp on Android is end-to-end encrypted, with the possibility of extending this to iOS. Thirty billion encrypted messages a day on one platform alone. True, the levels of encryption provided to a single user under investigation won’t stand up to security service surgery, but they will provide a strong barrier to understanding this data in bulk.

WhatsApp is owned by Facebook. Today, Facebook announced the site would allow its users to encrypt emails sent from the site to their personal accounts. It already provides a ‘dark web’ link which allows access through Tor. Whether its users will take advantage of this to increase their levels of security isn’t clear, but it is tacit approval of encryption from one of the biggest technology companies on the planet. And it isn’t just encrypted communications that are becoming more mainstream.

Hola is a peer-to-peer network. It claims to ‘provide everyone on the planet with freedom to access all of the Web’. Put simply, when you use it, your connection is routed through somebody else’s computer, and when you’re not using it, your computer is offered to others for the same purpose. It is wildly popular among those looking to dodge restrictions placed on, say, television shows. Recent estimates place its use at fifty million worldwide.

Hola has been the subject of some controversy of late: above all, they weren’t quite being straight up about the risks of letting somebody else use your internet connection. Nevertheless, it is the first example of a network that is both very difficult to monitor and censor that has really hit the mainstream by offering a slick and desirable service. The much more ethically-sound and established Tor browser has less than a tenth of its userbase, but is also growing. The Ethereum project is a similar attempt to decentralise the internet and take it out of the control of the government and big companies, making it more private and impossible to censor. It raised $12 million in crowd-funded support.

What this means for the security services, and our own security, is difficult to say. The UN has recognised the vital role these tools play in protecting those at risk of oppression. Human rights activists living under government oppression, for example, or citizens looking to bypass government censorship all rely on these tools daily to avoid persecution. In our recent Demos report with my colleague Jamie Bartlett we argue that there is a balance that must be struck in dealing with this kind of powerful technology.

But lack of dialogue between governments and cryptographers, the no-man’s land between the two sides of this crypto war, is deafening. As long as the security services remain silent and Snowden keeps talking, encryption and moves to protect private communication on the internet will accelerate. It is time the government joined the debate, not as enemies of privacy, but as level-headed, publicly accountable figures whose job it is to protect us from those who would do us harm.

Alex Krasodomski is a researcher at the Centre for the Analysis of Social Media at Demos. He can be found tweeting @akrasodomski