A publication of the Centre for Advancing Journalism, University of Melbourne

Society

Cryptoparty-goers learning tricks for protecting their data

Andy Hazel joins the throng who are learning ways to lock up their data.  

Words by Andy Hazel
 
Tech-savvy operators are advising people on how to hide their data from prying eyes. PIC: Chris Callil

Tech-savvy operators are advising people on how to hide their data from prying eyes. PIC: Chris Callil

On the 23rd floor of an elegantly-appointed office building in the heart of Melbourne, the strains of Marianne Faithfull’s Working Class Hero play out. Competing with the song’s plaintive call-to-arms is the chatter of 100 or so curious individuals armed with laptops, smart phones and pen and paper. Though they may not look like it, they’re here for a party.

“Cryptoparties” are events in which hackers and the tech-savvy gather to share knowledge and empower people in better protecting their privacy online. Spurred on by the federal government’s recently-introduced data retention laws, tonight’s event sold out in just 90 minutes and left 150 more people on a waiting list. Those present are essentially at the vanguard of a collective resistance.

“To do operational security really well, is very difficult,” says Western Australian Senator Scott Ludlam by way of introduction. “The idea at the heart of a cryptoparty is to share thoughts and ideas.

https://s3.amazonaws.com/the-citizen-web-assets-us/uploads/2018/02/13231153/andy.crypto3-1.jpeg

“Any connections you make tonight, with each other, can be more important than the technical tools you learn, and do be aware that there are probably ASIO spooks in the room,” he adds to scattered laughter. “It would be very weird if there weren’t.”

Since the first Melbourne cryptoparty in 2012, more than 30 cities worldwide have played host to a like gathering. And Edward Snowden, the man who Attorney General George Brandis has named as directly responsible for the introduction of Australia’s data retention laws, ran Honolulu’s cryptoparty where he taught 20 locals how to encrypt their hard drive and browse the Internet anonymously.

Tonight’s other speakers include encryption expert Hannah Commodore, human rights lawyer Lizzy O’Shae, Bitcoin pioneer Cade Williams and members of Thoughtworks, the international software design firm hosting the event.

Discussion of intelligence agency practices, notably how the ‘collect-it-all’ doctrine is implemented, is tempered with step-by-step guides to practices that enable the user to evade detection and protect the content of messages. 

Though journalists are seen as particularly vulnerable to the government’s new national security measures, Lizzy O’Shae made particular mention of sensitive and confidential data lawyers are impelled to keep private.

“Other professions rely on confidentiality to do their job,” she tells the attentive crowd. “Lawyers should be getting more involved in these debates.

“It’s important for lawyers because they have a tendency to focus on justice in an overt way, and don’t think too much about what goes on in the shadows. We need to think about how information we handle fits into the broader intelligence puzzle. We need to assess risk and establish how to minimise our own risk and our clients’ risk.”

“Always treat your service provider as malicious. A VPN is a way to make a secure connection over an insecure network and, as Edward Snowden taught us, all networks are insecure.” — security expert and cryptoparty organiser Tom Sulston

Both Senator Ludlam and Ms O’Shae made mention of the design of the data retention laws, and how they allowed for expansion and for safeguards put in place to be easily bypassed by authorities.

“The minister can make a declaration to modify the data retained, the list of authorities able to access it and the length of time it is stored,” Ms O’Shae said.

Away from the discussion of the data retention measures, speakers explained practical privacy tools such as virtual private networks (VPNs).

“Always treat your service provider as malicious,” warned security expert and chief organiser Tom Sulston. “A VPN is a way to make a secure connection over an insecure network and, as Edward Snowden taught us, all networks are insecure.”

According to the new laws, Internet Service Providers [ISPs] are required to store all data they intercept for two years. But by using a VPN, you create a ‘tunnel’ between your computer and a VPN provider elsewhere in the world, bypassing your ISP and rendering your data invisible. 

To assist understanding and encourage real-time learning, cryptoparty attendees are provided with USB sticks containing encryption software: a VPN link, a safe download program called Tails and the Tor browser Bundle, a collection of programs to be used via the Tor network and, according to Thoughtworks’ Andrew Jones, the gold standard for safe and anonymous Internet browsing.

Mr Jones describes the Tor Network as “a base of volunteer-run servers”. Using a Tor network is similar to using a chain of VPNs. Instead of accessing one ‘tunnel’, data runs through many ‘tunnels’ making it much harder to trace online. These computers are used in a relay, and each computer in this chain is only connected to the computer immediately before it and immediately after.

By contrast, a standard Internet connection is easily detectable. Monitoring a standard connection allows anyone to determine your physical location, your login details, email address and so forth.

But Tor provides anonymity not only when you connect with a website or another computer, but in the reverse direction too. Thoughtworks’ Robin Doherty outlines another useful tool, Off the Record [OTR] messaging. “Google makes no promise to ever delete any information you give them,” he said to audible snorts of derision.

https://s3.amazonaws.com/the-citizen-web-assets-us/uploads/2018/02/13231218/andy.crypto4-2.jpeg

An audience member laments: “But what’s the point of even leaving them now that I’ve given them all my information? I mean, they know everything about me.”

“Giving up convenience is hard,” Mr Doherty responds, “but in most cases there are alternatives to every service they provide. It is possible.”

“If you do use Google,” adds encryption expert Hannah Commodore, “do it smartly. Use it in a separate browser, because they will track your movements. Using OTR chat applications like Adium for Mac or ChatSecure for both Android and iOS, means that Google can tell you’re talking, they can tell the time and date of your conversation, but not the content.”

Ms Commodore also does her best to explain what PGP [pretty good privacy] keys are and how they work, but even with the visual aid of a box with a lock and a message inside that she passes to her friend Ivy, the audience still seems confused.

A dominant theme from the question and answer section that follows is how to actually make change. “You shouldn’t be needing to know any of this,” says Senator Ludlam.

“Essentially,” says one member of the audience, “this is all about the redistribution of power. The government want it for themselves, and this is how we can get it back.”

Senator Ludlam points out that the government itself – and the opposition – weren’t as united as they seemed when both houses passed the data retention laws. He says his “good friend” Labor Senator Anthony Albanese is against  the measures despite his party’s unanimous vote in favour of the laws. Like others, he was compelled to toe the party line. Though Senator Ludlum vents frustration, he reserves most indignation for the Liberal Party.

“Look at their website, it’s in their constitution to be all about protecting individuals from the power of the state!”

He pauses to assess the audience reaction, before continuing.

“As a general rule, politicians will follow the spirit and mood of the community. Maybe they’ll learn something from the fact that [Prime Minister Tony] Abbott didn’t get the poll bounce he wanted [from passing the legislation], and Labor got the crap beaten out of them for following Abbott down the rabbit hole.

“Nobody came out of that with much honour. So, next time they try and expand it with more scope, more agencies, more platforms, how many of us will there be?”

More, it would seem, than there were before this night.

About The Citizen

THE CITIZEN is a publication of the Centre for Advancing Journalism. It has several aims. Foremost, it is a teaching tool that showcases the work of the students in the University of Melbourne’s Master of Journalism and Master of International Journalism programs, giving them real-world experience in working for publication and to deadline. Find out more →

  • Editor: Jo Chandler
  • Reporter: Jack Banister
  • Audio & Video editor: Louisa Lim
  • Data editor: Craig Butt
  • Editor-In-Chief: Andrew Dodd
  • Business editor: Lucy Smy
Winner — BEST PUBLICATION 2016 Ossie Awards