In 1948, it seems like George Orwell was quite prescient when he wrote “There was of course no way of knowing whether you were being watched at any given moment” in his novel “1984”. Apple used the vision painted by Orwell to help launch the Macintosh in 1984. Much to the pleasure of those who believe that big brother is indeed watching us, the tweetosphere (if such a place exists) lit up last week when reports emerged about a US government called PRISM that apparently seeks to capture information about the various Internet activities of foreigners (such as myself). President Obama moved to reassure us that these were “modest encroachments on privacy” and that “you can’t have 100% security and also then have 100% privacy, and zero inconvenience.” Quite.
Microsoft, among other major Internet companies, has been forced to issue a statement to let people know of its stance on the matter, saying “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis.”
Quite a few people contacted me to ask whether Office 365 was included in the PRISM program (as if I would know). My response is that I doubt very much if any government agency would be able to deal with the sheer volume of electronic communications that exist today without placing very sophisticated filters on the data feed to identify and isolate items that might be of interest and that it’s unlikely that such filters exist within Microsoft’s datacenters. If anything, interception is far more likely as data travels from company networks across the Internet to reach an Office 365 datacenter.
Even though Office 365 datacenters are located around the globe, the problem is that IP packets containing email, attachments, and other data don’t necessarily follow the most direct path across the Internet to reach Office 365 (a fact emphasized by the leaked PRISM PowerPoint, roundly condemned for its poor use of PowerPoint in this Forbes article). Therefore, whilst your mailbox might safely repose in Singapore or Dublin, the traffic to the mailbox might well go via the U.S. and be subject to all manner of interception, examination, and contemplation by three-letter agencies.
I imagine that the fuss and bother about what the NSA has been up to will cause some companies who were considering moving to Office 365 to pause for thought, if only until they are quite sure that they can protect their information en route to and from Microsoft.
But this has been the case ever since Internet-enabled email has been used. In the old days, when company email travelled across company-controlled networks and never saw the light of day outside those networks (except perhaps in printed form), email was relatively secure insofar it was hard(er) for outsiders to access its contents. Of course, company networks were not as secure as they are today and email was not well secured on servers. In many cases, messages were stored in plain text format and were therefore easily readable if a hacker managed to penetrate the network.
Over the last 25 years we have become increasingly dependent on the Internet as a means of communication. To withdraw from using the Internet is unthinkable to many, even if it would mean a little more privacy. (This article draws a picture of what it would mean to stop using the services offered by the companies mentioned in the PRISM hoo-hah.)
Email security experts have advised for a very long time, “never put anything into an email that you wouldn’t put on the back of a postcard”. Of course this will never happen because the sheer ease of communication makes people forget the risk. The Faustian pact of using all of the facilities of the Internet in full knowledge that packets can be intercepted between transmission and reception is unlikely to be terminated.
Whether using Office 365, Gmail, Yahoo! Mail or anything else that sends messages across the Internet, if you want to preserve your privacy in email you need to invest in some form of encryption. Although it might be possible for your chosen encryption to be broken by the supercomputing power now dedicated to observation and capture, at least you’ll have the small satisfaction of costing the snoops some extra resources to interpret details of the birthday present you plan to send to Auntie Mary next week – or whatever else you put into email.
Follow Tony @12Knocksinna