Today, Groklaw, a site responsible for, among other things, victory in the SCO patent troll attack on the Linux kernel, followed Lavabit and shut it’s doors. It did so because there is now no way to communicate securely on the internet; traffic is routinely intercepted, servers can be stolen and operators forced to reveal confidential sources.
This is the world we live in, and have been living in for a while now, but thanks to a whistleblower we are all forced to confront this reality.
So, as technologists, what can we do to protect ourselves and our loved ones?
Truth is there is no silver bullet, but that doesn’t mean we just give up and go home. While the technology is only a small part of the issue here, it is something that we as technologists and makers are in a position to do things about.
While we work to solve the political problems that have caused this current situation, I think that we need to work towards making cryptography ubiquitous. Analysis of some of the leaked material already suggests that if the level of cryptographic content was raised, it would raise the cost of analysis by government agencies to an impractical level, and at the very least we’d remove “use of encryption” as grounds for suspicion.
When we build systems we need to decentralise, so there’s no one server and operator to intimidate. We need to protect content and metadata, because who talked to whom, and where, is still sensitive information. We need to work on the UX of the systems that are available, so that cryptography isn’t something someone who just wants to use the computer needs to think about. Think of these sorts of things as safety equipment, like seat belts or airbags. They should just work, without the operator having a degree.
We needed to think about this stuff before the first sharpie hit the paper.
Coulda, shoulda, woulda….
In the mean-time, we need to use the tools that we have. Make security and cryptography ubiquitous. As technologists, we have the knowledge to protect ourselves (and if you’re not already, you’ve got no excuse), but we also have a duty to help our friends, neighbours and family as well.
So, encourage your friends to use encrypted email and OTR messaging on IM, explain why it’s important while helping them install and use the plugin. Install HTTPS Everywhere on your mum’s computer. Talk to your neighbours about the dangers of the guilt by association fallacy in relation to communication metadata while installing the TOR browser bundle on their laptop.
You get the idea, friends don’t let friends use cleartext!
It is important to stress here that I am not suggesting that any technological solution is the *only* solution, far from it, but as technologists it *is* an avenue we are in a unique position to pursue.
As _citizens_ however, we need to get MUCH more involved in the political process.
There has to be a grass-roots movement by technologists to push PGP and OTR. Moving off of dropbox and cloud file sharing for peer-to-peer. It has to be the point where we refuse or say, “Hey, if you want to communicate with me you need to be encrypted.”
Every email we send should be PGP signed with our public key and a brief explanation. Thunderbird + Enigmail is super easy to set up.
Trust has to be earned. Firefox + NoScript + HTTPS everywhere + Ghostery + BetterPrivacy + etc.
Switch to DuckDuckGo + StartPage for searches.
No private communications over social media networks.
In light of Groklaw and Lavabit, I have begun configuring my own self-hosted email server.
So many are complacent about it.
I absolutely agree… I’ve been meaning to move away from cloud services like dropbox etc for a while now, and this (combined with some work I’ve been doing on Indieweb projects) have given me the final push I’ve needed to make a consolidated effort (and, perhaps more importantly, the Snowden revelations have actually given me a strong enough business case so I could carve out the time to set everything up).
I’ll be blogging about it over the next few weeks.