Snooping to repress

Khaosod had a long report the other day that deserves close attention. It is based on Who’s that Knocking at My Door [clicking downloads a 27-page document] by Privacy International.who-copy

The Khaosod report observes that: “When they can intercept communications without having a legal framework that allows companies to refuse this, it means they have open-door access to people’s information…”.

The author, Eva Blum-Dumontet, is clear. This is “a clear violation of people’s rights to privacy and [the government’s] international agreements.”

The most alarming but totally expected aspect of the report is that there “are indications the government has systematically sought to defeat the encryption used to keep web traffic private – what to most is the difference between an http or https in a URL.”

The infamous shutdown of Facebook – the ICT bosses said Facebook had been shut down until the regime could win its “cooperation” in censoring critics – appears to have been the junta getting all of Thailand’s service providers to have “Facebook traffic … rerouted over http instead of its encrypted https connection.”

That might have failed, but it tells something of the junta’s aims and its initial misunderstanding of the internet. It also reveals cooperation between the junta and ISPs. The report says the relationship is “incestuous.”

One of the most important junta fixes has been having the head of the National Security Council General Thawip Netrniyom made board chairman of CAT Telecom. This is an important building block in a China-like Great Firewall.

An important aspect of the report is the light it focuses on Microsoft.

The Thai government also has its own root certificate and the report states that “[n]either Apple, Firefox-maker Mozilla, nor Java automatically trusts it…”. It is “only widely used platform … Microsoft Windows” that accepts it. This means “a spoofed website signed with the government certificate would return an error for someone on a Mac while Windows users wouldn’t notice a thing.” That’s dangerous for users.

Privacy International analysis of the “conversation that happens between an email client such as Microsoft Outlook, and a mail server in late 2014 found “the military government was conducting downgrade attacks” to force them to connect via an unencrypted channel.” That’s dangerous. The advice is: “Just use webmail.”

There’s a lot more in the report about the junta’s attempts to snoop in order to repress and jail opponents.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: