Tech Guides

What we can learn from the Sony hacking scandal [digital privacy resources]

December 17, 2014
Castries, St. Lucia

As he speculated on the ethics of society, Aristotle found himself naturally led to the study of politics.

Putting together his observations, he wrote a treatise on political philosophy (cleverly entitled Politics), in which he describes how a tyrant abuses power for personal benefit at the expense of his subjects.

And they can get away with this either with a reign of terror or by disguising their actions as virtuous.

In order to instill terror in the populace, Aristotle elaborates:

“A tyrant should also endeavor to know what each of his subjects says or does, and should employ spies . . . and . . . eavesdroppers . . . [T]he fear of informers prevents people from speaking their minds, and if they do, they are more easily found out.”

Yes, even 2,400 years later, Aristotle’s treatise seems to be the official playbook for those in power today, because this is precisely what’s taking place.

But it’s not only government spying that poses a threat to your privacy.

As we learned from the ongoing Sony hacking scandal, most of our digital communications are completely unsecure.

And it’s especially striking that a company as large as Sony would take digital security so lightly.

Truth is, there are basic steps that anyone can take to safeguard privacy and protect against theft of emails, identity, and financial information.

First thing’s first: don’t EVER put anything sensitive in an email.

Sending an unencrypted email is like shouting across a crowded room. There is no privacy whatsoever in email.

We put together a comprehensive free Black Paper on how to encrypt your email to help you understand how to secure your communications. I encourage you to check it out and share it with your friends.

And for chat software, here’s a great infographic from the Electronic Frontier Foundation that ranks a number of popular messaging platforms.

You can see that applications like Cryptocat and Adium’s OTR are far superior than, say, Skype or AOL Instant Messenger. No surprise there.

Bear in mind that even encrypted email or chat isn’t totally secure. Just because you encrypt your communications doesn’t mean that it can’t be used against you later on.

Suppose, for example, that you and your business partner use secure email to communicate with one another. Congratulations, you’ve taken the NSA and North Korean hackers out of the equation.

But if your partner decides to sue your ass down the road, suddenly all of those emails become evidence that s/he can use against you in court.

So, again, definitely think twice before hitting the send button. If you have something sensitive to say that you wouldn’t want a jury to see, don’t leave a written record of it… even if it’s encrypted.

Aside from saying bonehead stuff in cleartext email, Sony also royally screwed up by putting sensitive information in unencrypted files on their servers.

This is how tens of thousands of Social Security Numbers got hacked. It’s how we now know that Tom Hanks checks into hotels under the name of “Johnny Madrid”.

It was a really dumb thing to put all of this data in unencrypted files. And it’s an easy fix.

First, don’t just dump all of your data on services like Dropbox (that is guaranteed to lay down and share all of your information with the US government).

There are other services like Switzerland-based Wuala, which offer, secure, “zero knowledge” encrypted storage.

This means effectively that you are the only one who can decrypt the files that are stored.

Yet like Dropbox, Wuala’s software automatically synchronizes your computer to the file server.

(SpiderOak, recommended by Edward Snowden, is a Chicago-based company that provides a similar service.)

For highly sensitive data, it makes sense to encrypt files locally on your own computer FIRST before uploading them to a cloud server.

There are a number of great file encryption tools out there, including TrueCrypt (which has sadly been discontinued as of this year), and the open-source DiskCryptor [for Windows].

Again, there are plenty of great options out there. As I’m fond of saying, all the tools and all the technologies already exist to take back our privacy.

It’s comical, almost. Any measure they try to implement, any law they try to pass, can be undone with existing technology.

If they try to ban firearms, for example, we can start 3D printing them. That technology already exists.

If they implement capital controls tomorrow, we can move straight to crypto-currency.

And if they continue spying on us (which they will), all we have to do is take some basic precautions.

Their power is waning quickly. And all the tools are already available. It’s up to us to use them.

What we can learn from the Sony hacking scandal [digital privacy resources]