October 31st, 2016 by Tom Coburg
The Investigatory Powers Bill, or ‘Snooper’s Charter‘, is about to become law. This will make legal the mass surveillance technologies that UK agency GCHQ and its partners have deployed for the last decade or more, as revealed by Edward Snowden.
The Canary has already published a guide to help individuals, such as bloggers and online journalists, to protect themselves against state or commercial predators. Now a UK company called Brass Horn intends to go one step further, and provide a comprehensive anti-surveillance service to anyone – individuals, organisations and businesses.
It’s not surprising that many internet users, especially bloggers and political activists, may want to find out in simple terms how to be safe online from predators such as ‘Big Brother’, consumer organisations, and those who simply wish to steal identities. Now is the time to act. But finding the right technology and advice is not always that easy. It appears that Brass Horn is trying to fill that gap.
Brass Horn Communications, a Reading-based Internet Service Provider (ISP), is now offering highly-secure facilities and services for internet users. Brass Horn describes itself as “a non-profit ISP with the purpose of helping people protect their privacy in light of increased mass surveillance”.
It aims to:
For that reason, Brass Horn also offers an OnionDSL service, which is basically a closed network between an end user’s modem and the Brass Horn Tor bridges.
These workshops will examine a range of topics, including Bulk Interception, Stingrays, Internet Connection Records as well as targeted surveillance (Regulation of Investigatory Powers Act, communications data, metadata, threat modelling, etc).
Also, the workshops will demonstrate how to set up and use a number of privacy/security tools: Tor, TAILs, Signal, GPG, SSL / TLS and full disk encryption.
Significantly, Brass Horn states that:
All connections to our services are encrypted (TLS, Tor, SSH) and we will not surrender private keys. Periodic key rotation will be announced. We will not keep any logs for any services (httpd, sshd, postfix, Tor bridges, etc). UK staff do not hold the decryption keys for any of the disks in servers physically located in the UK so cannot be coerced to decrypt a seized server under RIPA s.49.
Brass Horn has also assisted campaigning organisation the Open Rights Group. But whether it can successfully out-maneouvre GCHQ remains to be seen.
The services offered by Brass Horn could be characterised as a direct challenge to government thinking and the surveillance state generally. They won’t suit everyone, but may in time become more commonly available as more people take them up. Such services will prove to be particularly useful for lawyers, who wish to protect their clients. Similarly, journalists – whose media organisation has not yet adopted highly secure systems – may find such services beneficial.
Meanwhile, a detailed guide for political activists on how to protect yourself online (and offline) has been published in Germany. The guide states that it:
aims to be a concise overview on information security for anyone in emancipatory struggles against structures of power.
Here is the English version of the guide.