Three months into Edward Snowden's revelations of PRISM and other government programs to monitor pretty much everything that flows through the Internet today and the news still get worse by the day. Now, first services are shutting down because they can't offer privacy anymore in the bounds of the laws of an open, free and democratic society. Instead they are shutting down because secret court orders they can't even talk about would force them to reveal private information on an unprecedented scale. I find that very disturbing and I feel that we need to speak up against this now as politicans word wide are still not willing to have a public discussion on the right balance between security, privacy and personal freedom.
Don't get me wrong, I am not at all against court sanctioned wiretapping when there is evidence that someone is in the preparation of comitting a serious crime. What I'm against is monitoring everything. Lavabit's owner, Ladar Levinson, who used to run a secure email service that encrytped all data stored on his servers and could only decrypt it while the user was logged in seems to be of the same opinion. Being asked by reporters he stated that in the past he's always complied to court orders to give information out to government agencies on a case by case basis. But it seems the US government now wants to go much further and hence he's decided to shut down the service. Exactly what is going on he can't tell because he is bound to secrecy by law and threatened with imprisonment if he fails to do so. But from the public knowledge how his email service works and his statement that he complied with court orders for surrendering information from and about specific accounts before, it's pretty easy to discern that the latest order went much further, likely a tap for security agencies directly into his system. From a privacy and civil liberty point of view that's absolutely not acceptable.
Next in line was Silent Circle, another secure email provider, who shut down their email service without any notice because it suffers from the same shortcoming: There's no end to end encryption in email as per design. No matter how secure you make transmission, at some point it always has to be encrypted before transmission or storage. And finally Groklaw, a popular law website has shut down as the owner feared that the privacy and confidentiality of her sources was no longer ensured with the current practice of security agencies monitoring the whole Internet rather than only the traffic of persons for which they have a court order for surveillance.
All of these services could shut down because they are privately owned. That of course does not shed good light on the big service providers who have not spoken out against this and keep running their services without being able or wanting to tell their customers of how their private communication is monitored. Society needs trust in order to function. Where's the trust in this? This makes me wonder about the future of Internet companies in the US!? The current state of affairs simply means that it's impossible for customers to trust US companies or US owned companies abroad to securely and privatly handle their data. Secret court orders can force them to reveal sensitive data to governments and what is once out of their hands can then be easily used by governments for many purposes. If I owned a non-US company today the last thing I would do is to store or process any data I didn't encrypt on my own premisis on servers of such companies. Money's usually a strong argument and loosing business because of
run-away anti-terror laws is perhaps a strong incentive to pressure for
change. But trust is lost and it will take a lot to restore it. So perhaps we'll see an Exodus of tech companies from a country to which in the past people fled to because they wanted freedom. It would be ironic in the extreme.
Sure I'm trying everything to better protect my privacy. Those of you who follow my ongoing 'Raising the Shields' sequel know that I go far beyond what a normal user can do. But a lot of my communication is still exposed to mass surveillance and some of it always will be. Raising the shields is treating the symptions, it's not the cure. We need governments to clearly define what security agencies are allowed to do, what they are not allowed to do and to communicate that openly. Otherwise, a significant part of our civil liberties will remain lost.
Besides the loss of the business model for privately owned companies and the implications for people valuing their privacy, another consequence of recent developments (Snowden off to Russia for freedom, Manning sentenced to more years than the people committing the crimes he leaked intel on, Miranda’s—oh, the irony—8h55m intermezzo at London airport) is some (many? will never know) people retracting to ’proactive’ self censorship.
That is, in a world where people ditch their business for a latent risk of being subpoenaed, the fear for personal consequences to one self or their family is much less tangible, thus actually more scaring.
And “raising the shields” might make you more suspicious to “them”.