The scandal involving the Director of the U.S. Central Intelligence Agency (CIA), David Petraeus, shocked the nation. But is it because yet another powerful man was brought down by a sexual affair, or is it because he was brought down by our everyday internet tools like Gmail & Co.?
Were you aware how carelessly certain Internet tools like Gmail treat our data? The infographic below illustrates their terms of service.
As a four-star general of the U.S. Army, Mr. Petraeus was treated as an American hero and a role model for the nation. Then, everybody knows what followed.
Mr. Petraeus chose to conceal his e-mails to his mistress Paula Broadwell with a simple trick. This trick is used by terrorist organizations and teenagers alike to avoid leaving traces on the Internet. Rather than sending e-mails from one Gmail account to another, they saved their written messages as a draft. When Mr. Petraeus decided to send a message, he’d log in to his Gmail account via Google, type a message and save it as a draft to the drafts folder When Ms. Broadwell wanted to read his message, she’d use the very same log-in data for the same Gmail account, and would find the message in the drafts folder.
Is this technique more secure than sending e-mails from one in-box to another? Yes, because no connection to another server (Yahoo, Hotmail, yourwebsite.com) is being established that could be intercepted. But is it completely secure? No. Although Gmail uses “https://” encryption to secure your e-mails, legal authorities have the right to contact all of our everyday service providers to request personal information such as IP-addresses, messages, locations, recipients (basically everything you’ve posted to the Internet). How often do they do this? According to an article from Startribune, Google received 12,300 requests from legal authorities in 2011. How many of them were processed? A frighteningly 90+% of all requests! A subpoena is sufficient to require service providers to unveil personal user information.
Special attention is paid to the Terms of Gmail: “Google sometimes may be legally required to share information with law enforcement…”. Apart from the trivialised wording “Google sometimes may be legally required […]” the question arises, what Google really means with this sentence. Is there an official court decision so that they are legally required to share information? How does that subpoena work? These and more questions will be answered in our next blog posts.
So how can you protect your privacy better than Mr. Petraeus?
Your e-mail is nobody’s business except yours! Two hack-proof ways to send your messages are e-mail encryption or via virtual private network services (VPN). E-mail encryption allows you to encrypt messages to your recipient with the 256-bit Advanced Encryption Standard (AES-256). This standard is used by the U.S. government for documents containing confidential information. So far, the algorithm has not been cracked. While it’s possible to detect the use of encryption software on your computer, the decryption of e-mails you’ve sent is virtually impossible if you choose a safe password.
Another possibility is to use a VPN. These are used by banks and insurance companies but also are designed for home use. A VPN creates a secure tunnel between your computer and the websites you visit. True to the motto, “Data thieves cannot steal what they do not see,” your identity is masked by the tunnel’s data encryption, so you can send e-mails and surf the Web carefree. Even in public WiFi hotspots at bars, restaurants, hotels and airports, your identity remains safe from prying eyes. WiFi hotspots are a potential source of massive data theft, if you are not suitably protected. Hiding sensitive information in images is another way to protect yourself from identity thieves. Steganos Software became popular for this 15 years ago.
Gabriel Yoran, founder and managing director of Steganos Software, says: “On their journey through the internet e-mails are easy to intercept. E-mails that are hosted at freemail providers (Gmail, Yahoo, Mail.com) may be looked through by providers and legal authorities without a warrant and without the knowledge of the account holder. This data espionage both by the state as well as Internet services like Google is steadily increasing– without the user really noticing. After all, isn’t everyone already overwhelmed by dozens of pages of terms and conditions? We will therefore continue to make easy-to-use privacy products available to our users, which protect their data and online activities from prying eyes.”
So many active users do the biggest privacy offenders have:
Dropbox (2012): 100 million active users
Skype (2012): 250 million active users
Facebook (2012): 901 million active users
MSN Live (2012): 325 million active users
Google (2012): 100 million active users
Twitter (2012): 170 million active users