The University of California Office of the President (UCOP) has been secretly monitoring university network traffic since about August 2015. ALL data including all private E-Mail communication and everything else sent from or to the UC Network is analyzed by a not disclosed third party and retained for at least 30 days. Sources: SF Chronicle, Blogpost, Letter from Raechel Nava, Executive Vice President — Chief Operating Officer
The people responsible for implementing the unconditional and extremely invasive surveillance of all people on campus claim that this installation will enhance individual's privacy as it is necessary for improving campus security, and security is a requirement for privacy. lol. or cry. idk.
Yes, security is a requirement for privacy, but analyzing and storing all data, including the most private information, is a particularly bad attempt to achieve the goal. First, it is only a matter of time until the skillful attackers break into the surveillance system and get all data served on a silver tray. Second, the main use-case would be to analyze attacks after they happened, not prevent them. Third, parts of the UC IT are quite outdated and presumably contain lots of security holes. Fixing them first would be much more effective. Fourth, giving a third party access to all private data is a bad idea because it greatly extends the set of trusted people, devices, and networks. Fifth, today they promise to only use the data for protecting the network. When we already store all this data the next generation will legitimately ask, why it is not used to resolve other crime cases as well. A few years later, the government just slightly changes how to define crime.
Again we see the security argument applied as a plain decoy to justify peoples nasty surveillance dreams. Or maybe they just don't know better? Idk. Btw: Berkeley is worldwide one of the top research institutions in Computer Security. Apparently non of the faculty or students were asked to assist with making the network more secure. Instead an external party was secretly contracted.
So, what can we do against this. I don't know. Convincing the administration that this form of surveillance it no good might be fruitful in case they just did not know what else to do. I doubt it. And even then other actors are monitoring all your communication anyways. So it seems like as long as there is no better solution available, we all have to protect ourselves a little bit more. We can
- Encrypt our e-mail end-to-end (for OS X, for Thunderbird)
- Encrypt our text messaging and phone-calls end-to-end (Signal for iOS, Signal for Android, alternatively Threema)
- If hosting websites, enable SSL/TLS on them (if not done already, shame on you!)
Not to care about privacy because you have nothing to hide is like not caring about free speech because you have nothing to say. - Edward Snowden
Comments allowed and welcome.