Privacy in an Electronic Age

Any sound that Winston made, above the level of a very low whisper, would be picked up by it ... There was of course no way of knowing whether you were were being watched at any given moment ... You had to live - did live, from habit that became instinct - in the assumption that every sound you made was overheard and, except in darkness, every movement scrutinised - George Orwell

More than 100 pieces of equipment described by George Orwell in '1984' now exist - Stephen Hollander

We are often told that we are living in an Information Age, Internet must be the most hyped word of the late 20th century, we are all connected together by an invisible umbilical cord. To many the Information Age is Big Brother's idea of paradise, an Orwellian nightmare.

When I was at Kent, 1969 - 1972, there was a great deal of concern as to the files that the university authorities were holding on each and every student. What was in those files, who read them, what was the information used for? Such was the concern that it was decided to hold a sit-in. No one knew what was in the files, I doubt if anyone had ever seen one, but the more the university denied, the greater was the feeling that they had something to hide. And in any case when was something as trivial as facts going to get in the way of a good excuse for a sit-in. Such was the desire to have a sit-in that the students were pouring out of the meeting place in Rutherford with the battle cry 'occupy the Cornwallis' even as the vote was being counted. Not that there was a need for a count as I believe only myself and Roger Corbett voted against.

The Cornwallis was duly occupied. The Free University of Canterbury in Kent was established. Banners displaying the acronym fluttered from the building. One or two radical lecturers stuck a metaphorical two fingers up at the vice-chancellor and gave lectures. Students out of habit raised two very real digits. The authorities were suitably aghast. A storming of the building was threatened, or at least rumoured. The students were equally adamant that they would not be moved. Luckily for the authorities it was close to vacation and as soon as the vacation arrived the students packed their bags, and following a triumphant procession down into the town, all went home. The authorities claimed massive damage, though from my own inspection, apart from a few ripped open filing cabinets, I saw little evidence of this. I also remember how careful everyone was that no damage ensued and how any trouble makers were kicked out of the building.

To show that it has had a radical past the university now proudly refers to this event. The files were a none issue, an excuse to liven student life. All the authorities had to do was have an official set and an unofficial set. It's hard to imagine that this is the same university that a generation later appointed a third rate business man as its Chancellor.

Kent wasn't the only establishment at the time to be keeping files alleged or otherwise. The FBI had massive files of varying degrees of secrecy. The most confidential (and strictly unofficial) were kept behind the desk of its now disgraced Director - J Edgar Hoover. Hoover turned the FBI into a very effective and efficient police force. He also abused his position to further his own ends. Anyone to the left of Genghis Kahn was considered a dangerous subversive radical. Anyone under that heading was to be monitored, if necessary they were to be destroyed. Some people had files six inches thick. The effect on the American psyche is still present today a generation later. Anyone calling themselves a socialist is seen as a dangerous Commie bastard intent on the destruction of the the state, Mom's apple pie and the American way of life. Right wing militia men are simply defending the American way of life against an overly oppressive Federal Government.

Moving rapidly forward to the present day I see two trends; major advances in computing that enables the unprecedented monitoring of a population that to Big Brother would only have been possible in his wildest dreams; the almost total apathy of the monitored population. Coupled to this we have a rise in Fascism, Nationalism and an unelected, undemocratic European Junta. The radicalism of Kent students of the late '60s and early '70s and those of their generation seems a distant dream of some Utopian past that never existed.

We are all used to seeing people in offices wear plastic dog tags around their neck. Often these have a magnetic strip or active electronics to enable privileged individuals to access areas denied to other people. Those same dog tags allow Big Brother to monitor where you are, how long in the company canteen, how many times you went to the toilet, whose office you visited and for how long.

A school where the kids' attitudes are recorded, along with other personal data and data on their parents. Those who are seen to be deviating from the norm are selected out for reconditioning. This is not pre-Glasnost Russia or present day China, it's a school in Kennewick, Washington, in the present day United States. The same US that stampedes around the world defending democracy, or is it the other way around, defending us from democracy - I'm never quite sure.

There is a Russian joke. Post-collapse of the Soviet empire two ex-KGB agents are stood outside the walls of the Kremlin wondering what to do with their lives now that they are tasting the delights of Western freedom - unemployment. One says to the other 'let's set up a credit agency'.

A cashless society allows the state to monitor our every move and count every penny we spend. Luckily it's not likely to happen as politicians, pimps, drug barons and money launderers won't stand for it.

As we walk down the street hidden cameras watch, computers with image recognition identify.

Files detailing every aspect of our lives are held on us and unlike an elephant a computer never forgets. A dirty trade exists in buying and selling our electronic souls.

A MacWorld survey showed that in 25% of the work places surveyed employers regularly intercepted and read their employees e-mail.

The FBI has requested and received five hundred million dollars, spread over a four year period, to enable it to monitor all forms of electronic communications. Officially about 1,000 wire taps are granted in the US every year. This must make wire tapping the most expensive endeavour in human history, or are they planning an expansion?

In the late '80s I was engaged in business negotiations with a company in California. They wanted to fax me. I said they couldn't as I didn't have a fax, neither did anyone else I knew. They were surprised as everyone in California had a fax. At the time it was very rare for anyone in England to have a fax. Now everyone has a fax. If you had looked in an office 10 years ago you would have found everyone using a typewriter. Now look in any office and you will find it very rare to find a typewriter. Instead you will find rows and rows of computers. In anything but the smallest office these are likely to be connected together on a network. These computers are increasingly likely to be connected to each other through Internet. We are now at the stage with e-mail that we were with the fax. Large companies and universities are using e-mail but hardly anyone else. In a few years time I expect everyone to be using e-mail.

E-mail offers unprecedented opportunity for monitoring the public. Unlike a telephone or fax an e-mail is not point to point. It is more like conventional mail. E-mail hops from one computer to the next en-route to its final destination. Anywhere en-route the e-mail can be syphoned off and stored. Keyword searches can be used to pick out anything of interest. Pattern recognition engines can be used to form a personal profile. At least one company can provide a personal profile given an e-mail address and a suitable fee. These engines can also be programmed to pick up deviant activity - such as alerting the public to the dangers of e-mail monitoring.

It is possible to screw these simple minded robots by deliberately sprinkling your e-mail with provocative words that will trigger an alert - JFK, assassination plot, sex, money laundering, blackmail, drugs, narcotics, hacking, security, encryption, bomb, IRA, terrorist, CIA, NSA, KGB, Russia .....

E-mail has often been likened to postcards - the actual reality is far worse. Would you like to find your personal correspondence pinned up next to the office coffee machine for all to see or posted on the small ads board at the local corner shop? Like its conventional counterpart e-mail can get lost. It's possible to mail to the wrong address. The system administrator has access to all your mail. If you use a dial up connection your mail sits in a transparent mail box awaiting your collection.

Does it matter if data is amassed on us? Is it something that need only concern the paranoid and those with something to hide? If we have a clear conscience can we not sleep easy at night?

Credit card frauds are easy, snitch a card out of a bag or pocket. Jot down the number passed over at a petrol station. Internet makes it even easier. What is lacking is the personal data. Hack into a database that contains credit details and a host of other information. It is now a lot easier to impersonate the real owner, which could be you. Underground boards exist for credit card frauds.

Buy an expensive foreign holiday with your credit card. That holiday company may conduct a survey to see how you enjoyed your holiday, they may also not be able to resist the temptation to collect more information. A survey that I saw at the beginning of 1996 had one page of questions on the holiday (the questions were so badly framed that it is difficult to imagine what use the data could be), the remaining three pages were detailed personal information - income, insurance policies, salary, bank accounts, make of car owned ..... A gold mine for any fraudster.

A consumer affairs program described a woman - her age, her car, job, salary .... All this information was gleaned from some waste paper thrown out by a Scottish power company. The waste paper was found as wrapping in Thailand. Apart from the fact that the company was so careless with this information why did they have it, how did they collect it? Was the woman foolish enough to provide it? The only information the company requires on a consumer is the name (to have someone to bill) and the address (where the electricity is delivered).

Stalking is a growing problem, especially for women. The stalker often closely identifies with the victim. A female star of a TV show answered the door of her home and was shot dead. The killer was a stalker who had collected his (it's usually a he) information by hacking into databases.

One of the biggest rip-off frauds in the States is telephone fraud. Not high-tech hackers wheedling free calls, but low-tech con artists milking punters via the telephone. By hook or by crook they obtain credit card details and personal data. Armed with a profile of their targets, punters are invited to invest in get rich quick schemes or to make donations to charity - 'light bulbs for the blind'.

Hackers have refined to a fine art the exploitation of personal data to obtain more information or system access.

Caller ID was not introduced to protect the vulnerable from malicious calls as is often claimed to be the case by telecommunication companies. That problem can be dealt with through call interception and line tracing. Caller ID was introduced to enable corporations to build a database on all their callers to which can be added any additional information gleaned during the call. How often have you called a telephone help or support line and found that you've had to answer a seemingly endless list of questions before you can get across your problem, more often than not on a premium rate line at your expense. In England, Caller ID was introduced to counter a growing trend for subscribers to go ex-directory. Caller ID will lead to an increase in nuisance calls, not their decrease.

Anyone who has any doubts as to why Caller ID was introduced need look no further than British Telecom. BT tried to introduced Caller ID in the summer of 1994. Following adverse comment on a consumer affairs programme and the resultant public outcry BT were forced to put the scheme on hold. BT claimed that Caller ID was being introduced as a result of consumer demand, though they were unavailable to produce any evidence of that demand. It's difficult to imagine the public expressing a demand for a service that they know nothing about or that there would be any demand for a blatant invasion of privacy. BT finally introduced the scheme November 1994, with an added sop to customers that they could prefix each call with a three digit number (141) to block Caller ID or they could request a permanent blocking. The onus was on the consumer to take action to prevent something that they had never requested in the first place. BT wastes vast sums of money on extremely irritating TV commercials to encourage more telephone calls. I've yet to meet anyone who needs any encouragement to use the telephone. Most people try to cut down their usage in a vain attempt to limit their phone bills. BT made no attempt to advertise that Caller ID was being introduced or more importantly that it could be blocked. Inspite of BT's lack of publicity too many people (from BT's perspective) are making use of the blocking facility. To counter customers protecting their own privacy BT plans the introduction of a new scheme - Anonymous Call Rejection. Anyone making a call with Caller ID disabled will find themselves unable to get through. Instead they will be greeted with a recorded message advising them that that their call has been blocked, and unless they re-enable their Caller ID they will not get through. BT plans to introduce Anonymous Call Rejection by the end of 1996. The only option open to customers is to protest to BT and to refuse to deal with companies that use Anonymous Call Rejection, though in the case of the latter they will be unable to get through to lodge their complaint.

BT's excuse (personal conversation) is that certain businesses are being abused - Chinese Takeaways were given as an example. People ring up, place a large order then fail to turn up, or have it delivered to the wrong address. This is a pathetic excuse. All the takeaway has to do is to call the customer back to confirm the order. When BT initially installed Caller ID they tried it on by claiming it was to reduce nuisance calls. During the conversation it was admitted that Anonymous Call Rejection was being introduced in response to a demand from business. Currently it is on trial. No information is officially available, it appears that the public are being deliberately excluded from the debate (even though they are the ones directly affected) until the scheme is officially introduced by which time it will be too late.

Pop into any public phone box in Central London and you will find a fascinating collection of business cards displayed by ladies offering a variety of exotic and erotic services. So widespread and all pervasive are these cards that children collect them in the same way that that their parents and grandparents used to collect cigarette cards. An interesting insight is offered into a subculture. Small minded officials have engaged their flea-sized brains and decided to effect the removal of these cards. Anyone found promoting their services in this way will have their phone cut off. What doesn't seem to have occurred to these petty officials is that it will simply drive these girls back onto the streets, and that by operating from the relative safety of their own homes they are kept out of the clutches of pimps and crime syndicates. Neither does it appear to have occurred to these guardians of public morality that anyone could put out these cards in a deliberate attempt to smear someone else and get their phone disconnected.

Much to the chagrin of moralists, prostitution is not illegal in England. What difference is there between these girls and one who marries a man for his money, or another who invites her boss between her legs in the hope of promotion? The only real difference is that some are more upfront and open about their activities.

If prostitution be the world's oldest profession, then the man who tracked her down and released her address was the founder of the second oldest.

I was once refused admission to a major computer exhibition, even though I had a valid admission ticket, because I refused to fill out a questionnaire. I got around the problem by ticking all the boxes at random.

In the UK maintenance of personal data on a computer comes under the Data Protection Act. All records have to be registered. If the privacy box is ticked then that information can not be circulated to third parties. That's the theory. In practice the Data Protection Registrar is a toothless watchdog and should a breach occur he rarely hands out anything more severe than a slap on the wrist. What few people are aware of is that the Act contains a gaping loophole through which a coach and horses can be driven. The maintainers of the database can apply for exemptions.

Surrey University maintains personal records on its staff and research students. It has obtained exemption for the world wide transfer of data in the following categories

o Personal identifiers o Professional membership

o Personal details o Professional expertise

o Physical description o Membership of committees

o Publications o Leisure activities, interests

o Public offices held o Current employment

o Licences, permits held o Career history

o Academic record o Business activities

o Qualifications and skills

There is not exactly much that it doesn't cover and some of the categories are so vague that they could cover almost anything. With the information to hand it would be relatively easy to extract more information. The salary is not listed, but as these are fixed salary posts not difficult to tie the two together. The university bank is known, from there only one step to any individual's account.

May be these individuals have a choice, probably not - not that is if their choice is whether or not to work at Surrey.

I have a friend who used to work at London University. She was asked to provide detailed personal data. She refused on the grounds that it had no relevance to her work. A short time later her research contract was not renewed, even though there had been no criticism of her work. Luckily for her she was well respected in her field and easily found work elsewhere. Others are often not so fortunate.

Like Surrey University, London University maintains a data base on its employees with similar categories of exemptions. It then takes this a stage further, keeping data not only on its current employees but also on past employees. There can be little excuse for keeping this amount of data on current employees, there can be no excuse whatsoever for keeping it on ex-employees - such data should be destroyed.

Libraries use computers to keep track of their books - where they are in stock, who has them out on loan. Who else has access to this data? Even if I tried I don't think I could devise a better scheme for keeping tabs on the activists, dissidents and subversives within society. Stupid regimes burn books, more sophisticated regimes monitor what is being read.

A National ID Card is being proposed. The associated User ID could be used as a general purpose User ID for access to databases and computer systems. In the USA the Social Security Number tends to get used as a general purpose User ID. It is not uncommon for banks to use a client's Social Security Number as a PIN for access to bank accounts. A unique User ID streamlines the transfer of data between systems.

A National ID Card would be linked to your credit card, bank account, medical records, library card, telephone number, e-mail account, driving licence. With a smart card all this and more could be on the card itself. A smart card would have a holographic image of its owner on the front, inside a high resolution hologram, retina scan, fingerprints, DNA profile and still leave room for plenty more. Everything that a person did would be visible to Big Brother. It would make computerised e-mail monitoring seem trite and trivial in comparison. Where a person went who they met, all would be monitored. The smart card itself would not show who you met but it would show who was in your vicinity, then turn to the ever present security camera ....

The British Labour Party has admitted to plans to establish a national DNA database. Blood samples would be taken of all babies at birth and anyone applying for a work visa. This database would be linked to a compulsory national ID card. Apart from any civil liberty implications these proposals ignore the growing scientific doubts as to the reliability of genetic fingerprinting.

When browsing a Web site you may be asked to fill out a registration or questionnaire, your own system may be interrogated. This is used to form a personal profile of you. The very act of browsing, the choices and searches you make can be used to form a personal profile unique to you. Next time you access that site the information presented may be tailored to your perceived needs, you may be presented with advertising specifically targeted at you. To store this information, especially for heavily accessed sites requires space. To add insult to injury and to save space at the Web site this information is stored on your system. It is stored in what is known as a 'cookie file'. Each time you log on to the site the relevant information on you is transferred to the site from your cookie file. The system is supposed to be secure, that is only the site that generated the cookie information has access to that information. The cookie file is a plain text file, you can read it, the originator can read it ....

Cookie Monsters now freely roam the Internet. If you invite one home it will devour your cookie files.

Pre-glasnost Russia everyone had to be careful who they talked to and where the conversation took place - friends, neighbours, relatives, workmates, anyone could be an informant for the State Police, passing on any unguarded comment. Children were freely encouraged to inform on their parents.

There are often events in history that can be pinpointed as when it happened - the October Revolution, the Boston Tea Party. Monday 5 August 1996 was the day England officially became a Police State. For decades the state had been spying on its citizens, but this was the day that the Government established a free telephone hot line to encourage informants to spy on their neighbours. Known as the 'shop-a-cheat' hot line, it was established to cut down on Social Security fraud. It was an immediate success, within its first day of operation it had attracted over 1600 callers. After one week of operation the line had received over half a million calls, one call coming in every 15 seconds! In no way do I wish to condone fraud and would welcome any attacks on landlords who are running massive benefit fraud schemes (and evading tax), but the scheme has to be put into context. For many people it is not that they are fundamentally dishonest, it is that dire circumstances forces them to cheat - the single girl, struggling to bring up a couple of kids who puts in a few hours at a pub; the guy with initiative who tries to set up a business, then finds that for every penny he earns it is immediately taken off his benefit and if he's really unlucky (and brings in more than a few pounds) he loses his whole benefit. A marginal tax rate that is way in excess of 100%.

Those who pay tax will shout 'foul', as they are the ones who have to support the whole system. A moments reflection would show that 'but for the grace of God go I'. Whatever tax they are paying they are still better off than those who have no work. Everyone in work is likely to have one or more spells out of work, the system they are paying for today may be supporting them tomorrow. The only exceptions are local government employees who no matter how corrupt and incompetent appear to have guaranteed jobs for life. Instead of encouraging a society of informers, kicking people in the teeth who show a bit of initiative and knocking them back into the gutter it would be far better to reform the system and to legitimise the black economy. Let people keep a phased amount of their income so that they can bootstrap themselves back into paid employment.

It has become a crime to be poor.

On the morning of Thursday 8 August 1996 I received a letter from TV Licensing (an outpost of Big Brother) - "We have no record of a TV licence for this address ... You may not know that anyone who uses a television without a licence is breaking the law, and risks a fine of up to £1,000 ... If you use a TV set and have NO LICENCE, you should get one at once ... Please act now to stop us taking further action ..." Much of this was in a heavy bold typeface. This bit of junk mail went the same way as all junk mail, straight in the rubbish bin. I have no TV, do not watch TV and have no wish to obtain a TV. If past experience is anything to go by I will shortly be visited by an investigative agent who will insist on searching my home for an illicit TV. If I refuse to grant permission he will return with a search warrant.

Anyone buying a TV has to provide the shopkeeper with their name and address. The shopkeeper duly passes this information on to the appropriate authorities. Within a short period of time if the records fail to show possession of a valid TV Licence the purchaser will receive a letter warning of the dire consequences should a licence not be obtained.

In pre-glasnost Russia a licence was required to posses a photocopier or typewriter. Radios were not to be tuned to foreign stations, in particular the BBC World Service. In the religious police state known as Iran it is illegal to use a satellite receiver. Satellite dishes are banned on the grounds of 'mind pollution', though when I consider the garbage that Murdoch pours from the sky I must admit a small amount of sympathy for the Iranians.

Maybe for you it it is not a problem that data snoopers are engaged in a sordid trade with all your most intimate personal details.

For those who do care, never provide personal information in response to questionnaires (including job applications) other than the absolute minimum necessary. Always tick the privacy box. One day, some day, that information will be used against you.

The power of computers is a two-edged sword. The computing power that every citizen now has at his disposal enables the use of military standard encryption. Hard crypto, as it is known in the trade, is that which can not be cracked within a feasible time span. Feasible is usually defined as not within the lifetime of the universe using current and foreseeable computing power. One such package, PGP, has become the de-facto Internet standard.

PGP, Pretty Good Privacy, was developed by Phil Zimmermann. A measure of the power of PGP is that its author, Phil Zimmermann, has been under three years harassment and investigation by the US Government for the release of PGP. The reason for their action is that not even the security agencies of Uncle Sam, including the top secret NSA, can crack PGP. Such is the level of paranoia surrounding PGP that even those who simply write about it find themselves the subject of unwelcome visits by US Federal Agents.

It's easy to see the reasons for this paranoia. It's like the populace taking a collective decision to arm themselves but instead of Kalashnikovs or AK-47s they each have their own personal magaton nuclear warhead with a guidance system that makes the Gulf War smart bombs look as blind as bats - and that's an understatement. If that isn't enough add in that PGP author Phil Zimmerman is a veteran antinuclear campaigner, has helped train other antinuclear activists and has been involved in direct action at the Nevada test site alongside such prominent anti-war veterans as Daniel Ellsberg and you begin to get the picture.

Governments around the world are not taking this lying down. Having just acquired the undreamt of power to monitor every citizen they are not going to see it snatched from their grasp without a fight. Already several governments have banned the private use of hard crypto, many more are considering a ban. Hard crypto is banned in France, Russia, Iran, and Iraq and possibly China. The US, UK, European Junta are amongst those considering a ban.

Were hard encryption to be banned the only people using hard encryption would be the criminals and government (it's usually hard to differentiate), the citizen will be left to walk naked through cyberspace.

One of the many ironies surrounding encryption is that its lack of use tilts the balance in favour of the cyber criminal. With encryption in place they may be able to hack their way through your security systems (contrary to the advice given by highly paid security consultants) but the only loot they would get away with would be worthless electronic confetti.

Security consultants, at the clients expense, model their security system and show how impervious it is to all forms of attack. An attacker completely oblivious to the security consultant's model exploits an obvious opportunity and hacks into the system with incredible ease.

A more subtle counter attack by governments is key escrow. Yes, we will allow you to use encryption, but you give us the key; or you can only use our encryption scheme to which we have the back door key.

Would you trust a government minister with a key to your back door?

You expect the police to produce a Search Warrant should they appear on your doorstep and demand entry to search your house. You do not expect to leave a copy of your keys at the local police station just in case they may one day wish to carry out such a search of your property.

The introduction of key escrow would encourage the emergence of several parallel black markets. There would be a black market in keys, anyone would be able to purchase a key to your back door. There would be a black market in the information obtained, either indirectly from the official key holders or directly through a black market in stolen keys. There would be a black market in encryption systems that faked information going out the back door.

A few of us are fortunate to live in a democracy, or at least what masquerades as a democracy. Don't through your inaction let the tools of a dictatorship slip in by default.

The citizen can fight back by using encryption now. It will be too late to wait until its use is banned. The more people who use encryption now, the harder it will be to introduce a ban at a later date.

At the moment the majority of governments are only discussing the introduction of key escrow or a ban on the private use of hard crypto. Were the government to introduce a ban tomorrow they would be able to do so with relative ease due to the apathy of the population and a lack of understanding of the issues involved. It would be too late to to build up the momentum required to stop such Draconian measures.

You may well be thinking 'I don't need encryption, I'm not engaged in espionage, subversive acts against the state or any other dubious activity - I wasn't one of those long haired Kent radicals of the '60s'. This may be true but then why do you conduct the affairs of your life by letter and not write it down on postcards for all to see, why do you hide away your bank statements, why do you draw your curtains at night, why do you get upset when your name and address falls into the hands of junk mail merchants? The answer to all of these questions is privacy, you value your privacy.

Privacy is not simply a private matter, it is a matter of commercial fidelity. You may be transferring customer or client information, should that fall into the hands of third parties you could be sued. In many countries safeguarding of data is a statutory requirement. You may be planning a megabucks takeover. It is cheaper for a company to steal a march on a competitor by stealing their secrets than it is to carry out some hard work.

Data should always be kept encrypted, whether or not it is to be transferred to a remote location. There have been too many examples of agents of the state (who should know better) accidentally releasing or losing sensitive data. Police and security service files found on disks sold at car boot sales. A senior Air Force officer on return from a NATO planning meeting left a laptop containing NATO war plans in a car, the car was stolen. In the US, computers used by the Federal Witness Protection Programme were sold. These contained the real identity of witnesses and their current location.

Laptops contain transferable data. By design laptops are transportable. By unintentional design laptops are easy to steal and easy to dispose of. Thieves are becoming increasingly aware that the data on a laptop can be many times more valuable than the laptop itself. An American merchant bank recently paid out £80,000 for the return of a laptop. The laptop contained details of a corporate buyout. Always keep valuable data on a laptop encrypted.

A laptop can use the Global Positioning Satellite system to keep track of its own whereabouts. It can report back to base its current location and thus lead the police to make an arrest. The same system can be used to keep track of its owner.

He who controls the information controls the state. This has never been more true than now in an information era.

Using encryption helps to safeguard a small portion of your privacy in cyberspace. By using encryption now, and by encouraging your friends, colleagues and relatives to use encryption you raise awareness of the issues. You alert people to the massive invasion of their privacy that is taking place, that information on their lives is an actively traded commodity. The more people who are using encryption the more difficult it will be for any government to introduce a ban. It will then be possible to turn the tide, to stop the wholesale collection and sale of information on ourselves. Supermarkets now collect information on our every purchase and reward us with a few worthless points. Is that for our benefit or theirs?

Where encryption is already banned, or states like Malaysia where its use attracts unwelcome attention, using a technique known as steganography an encrypted file can be hidden within another file such as an image or sound file.

Malaysia actively monitors the e-mail of all Malaysian students studying abroad.

Traffic analysis can be used to monitor not what you are saying but who you are saying it to. Anonymous remailers can be used to hide who you are sending your mail to. It also hides your identity from the recipient.

Those who are less worried about individual civil liberties and human rights and more worried about crime, drug trafficking, money laundering, terrorism, may with some justification raise their concern that hard crypto helps criminals to prosper. Yes, but then so do mobile 'phones, fast cars, politicians, and banks that turn a blind eye to money laundering. Space does not permit me to go into detail but there are still many techniques available to target these criminal groups. What hard crypto does is to help shift the balance back to that of a pre-electronic age.

To monitor a person's 'phone, steam open their mail is very resource intensive. Whatever the legal niceties there has to be some overwhelming reason to justify such resource expenditure. In an information age we have gone from rod and line fishing to industrial trawling. Encryption makes the effort once again resource intensive. Rightly or wrongly individuals and groups will be targeted but it will no longer be feasible to target the whole population.

In a free society our private life is just that - private. Unless we have committed a crime, or there is strong suspicion that we have or may be about to do so, then it is for us and us alone to decide how much if any of our private life will be placed in the public domain.

In a free society we are all vulnerable, that is the price we pay for our freedom. It is all too easy for a terrorist to plant a bomb - World Trade Centre; Manchester, City of London and many other IRA atrocities; ETA bombing campaigns in Spanish holiday resorts; TWA Long Island bombing; bomb at a rock concert in Centennial Park Atlanta during the Olympic Games. In Russia the collapse of a Police State has seen that vacuum replaced by a brutal criminal mafia. In maintaining our freedoms we walk a very fine line, a tightrope act that may be impossible to perform.

PGP Disk

To encourage the use of PGP and to raise awareness in general I have put together a disk that contains PGP and massive amounts of information files covering topics that space considerations in this article permits me to only lightly touch upon. I'm making this available to Kent graduates and current students at the special offer price price of £2-00 (two pounds sterling), overseas £5-00 (five pounds sterling). I can also accept US dollars, Spanish pesetas, Cyprus pounds [cash only due to bank charges].

My PGP public key fingerprint

User ID:  Keith Parkins <10 GU14 6QJ England>
Key Size: 1024 bits
Date:     22 April 1996
Key ID:   B09CC89D
Key fingerprint: 2A 66 6A 8F 91 42 48 C8  48 98 38 AD 2F D3 45 08


PGP, Pretty Good Privacy, is a public key encryption system. The difference between that and a conventional encryption system is that a secret or private key is used to decrypt files that have been encrypted with a public key. The public key may be widely disseminated. Compare this with conventional cryptosystems where a single secret key is used to both encrypt and decrypt a file. With conventional cryptosystems the secret key has to be guarded, disclosure of the secret key will compromise security, hence diplomatic couriers with their case of secret keys handcuffed to their wrist.

The weak point of a public key cryptosystem is the public key itself. Disclosure of the key is not a problem, tampering and substitution is. For these reasons a unique digital fingerprint of the key should be published in a tamper proof medium against which the key can be checked. Alternatively obtain the key in person direct from its claimed owner. Keys are usually signed, not only by their owner, but also by those who claim to know the owner. This enables cross checking of the key if you know the owner but in practice it only removes the problem further down the line.

Kent Graduates have started to include their e-mail addresses in Who's What Where. I'd recommend that their PGP fingerprint also be included to enable secure communication between Kent Grads using e-mail and Internet. When participating in the Kent discussion group for the first time include your public key.

Public key encryption doesn't only offer encryption, it also offers digital signatures. The digital signature can only be applied with the user's secret key. It offers two things; tamper proof electronic documents; authenticity.


Simson Garfinkel, PGP: Pretty Good Privacy, O'Reilly & Assoc, 1995

Keith Parkins, Why Use Pretty Good Privacy?, 1996

Philip R Zimmermann, The Official PGP User's Guide, MIT Press, 1995

Keith Parkins, How Secure is PGP?, 1996

Keith Parkins, UK Proposals for a Key Escrow Encryption System, 1996

André Bacard, The Computer Privacy Handbook, Peachpit Press, 1995

Keith Parkins, A National ID Card, 1996

Keith Parkins, Caller ID - We've got your number, 1996

Brian Barnard, World Wide Web: Data Protection and other Legal Implications, Broadcast, Surrey University, No 13, April 1996

Tony Bunyan, The Political Police in Britain, Quartet Books, 1977

Crispin Aubrey, Who's Watching You?, Penguin Books, 1981

Bruce Sterling, The Hacker Crackdown, Viking, 1992

Seumas Milne, The Enemy Within: MI5, Maxwell and the Scargill Affair, Verso, 1994

Anthony Summers, Official and Confidential: The Secret Life of J Edgar Hoover, Gollancz, 1993

Athan Theoharis (Ed), From the Secret Files of J Edgar Hoover, Elephant Paperbacks, 1993

Jenny Simmonds, Regain your privacy, Connected, Daily Telegraph, Tuesday 23 April 1996

Chris George, BT tough line on 1471 blockers, Connected, Daily Telegraph, Tuesday 30 July 1996

Michael McCormack, No lapdog, this laptop, Connected, Daily Telegraph, Tuesday 30 July 1996

Tom Standage, Leaving a trail of crumbs, Connected, Daily Telegraph, Tuesday 30 July 1996

BT, Anonymous Call Rejection, personal conversation, 31 July 1996

Steve Boggan & Louise Jury, Watching me, watching you, Independent, Tuesday 6 August 1996

Jojo Moyes, End of the line for prostitutes, Independent, Tuesday 6 August 1996

Welfare needs more than curtain-twitching, Leader, Independent, Tuesday 6 August 1996

Number's up for phone box ads, Leader, Independent, Tuesday 6 August 1996

George Orwell, 1984

Aldous Huxley, Brave New World


Keith Parkins was a member of Rutherford College and graduated from Kent in 1972 with an Honours Degree in Electronics. He subsequently graduated from City University with a Masters Degree in System Science.

He works as a freelance computer consultant with a specialist interest in security, privacy, encryption and viruses.

He has written several papers on computers, privacy and the use of Pretty Good Privacy. He is also author of the definitive book on computer viruses - Virus: A computer malaise.

He heads an international Web design consultancy and is the author of HTML 3.2 Quick Reference the definitive concise reference guide for all Web page designers.

(c) Keith Parkins November 1996 rev 13

This paper is a greatly expanded version of an article originally submitted for publication in Kent Bulletin (Ed: Killara Burn) the journal for alumni of the University of Kent at Canterbury. There is also a on-line discussion group.

This paper is also available as a signed text file.

To subscribe to the Kent-grads discussion group mailing list send an e-mail to, in the body of the message subscribe, the subject line should remain blank.

Home ~ Index ~ PGP ~ What is PGP ~ Why use PGP ~ My PGP Public Key
(c) Keith Parkins 1996-1997 -- April 1997 rev 11