For the past few weeks I have included the following message in my email signature:

IMPORTANT NOTE, PLEASE READ:

Unless this email is encrypted, it will
almost certainly be read by multiple unknown
third parties; archived, processed and any
information contained in the email used for
purposes unknown.

If this makes you uncomfortable, please
read up on OpenPGP and email encryption. I
am happy to help you get started.

Please also read my data jurisdiction
statement:
http://mapkyc.me/158prCK

This is to draw attention to the fact that nearly all traffic that crosses UK and US borders is intercepted and read by the government, and in the case of the US, used for economic as well as political espionage.

If this makes you uncomfortable, and it should, especially if you’re using email for business, you should look at implementing email encryption throughout your company, and training your staff accordingly.

Jurisdiction The other day, in response to Ben’s suggestion, I declared my data jurisdiction, so that those wishing to contact me knew exactly what risks their data could be exposed to.

It occurred to me that simply naming the jurisdiction wasn’t really much good unless I could also point to something that would explain the risks in plain English, so, the other afternoon, I took some time out and put together Data-Jurisdiction.org.

Data-Jurisdiction.org is a community project that anyone can contribute to (either by submitting a patch for, or raising an issue on, the GitHub project) so get hacking! It is my hope that as more people declare their data jurisdiction the site will become a handy source of information.

As a reminder of my jurisdiction; I am based in the UK, with servers in the US and Germany.

Today, Groklaw, a site responsible for, among other things, victory in the SCO patent troll attack on the Linux kernel, followed Lavabit and shut it’s doors. It did so because there is now no way to communicate securely on the internet; traffic is routinely intercepted, servers can be stolen and operators forced to reveal confidential sources.

This is the world we live in, and have been living in for a while now, but thanks to a whistleblower we are all forced to confront this reality.

So, as technologists, what can we do to protect ourselves and our loved ones?

Truth is there is no silver bullet, but that doesn’t mean we just give up and go home. While the technology is only a small part of the issue here, it is something that we as technologists and makers are in a position to do things about.

While we work to solve the political problems that have caused this current situation, I think that we need to work towards making cryptography ubiquitous. Analysis of some of the leaked material already suggests that if the level of cryptographic content was raised, it would raise the cost of analysis by government agencies to an impractical level, and at the very least we’d remove “use of encryption” as grounds for suspicion.

When we build systems we need to decentralise, so there’s no one server and operator to intimidate. We need to protect content and metadata, because who talked to whom, and where, is still sensitive information. We need to work on the UX of the systems that are available, so that cryptography isn’t something someone who just wants to use the computer needs to think about. Think of these sorts of things as safety equipment, like seat belts or airbags. They should just work, without the operator having a degree.

Don’t be this guy.

We needed to think about this stuff before the first sharpie hit the paper.

Coulda, shoulda, woulda….

In the mean-time, we need to use the tools that we have. Make security and cryptography ubiquitous. As technologists, we have the knowledge to protect ourselves (and if you’re not already, you’ve got no excuse), but we also have a duty to help our friends, neighbours and family as well.

So, encourage your friends to use encrypted email and OTR messaging on IM, explain why it’s important while helping them install and use the plugin. Install HTTPS Everywhere on your mum’s computer. Talk to your neighbours about the dangers of the guilt by association fallacy in relation to communication metadata while installing the TOR browser bundle on their laptop.

You get the idea, friends don’t let friends use cleartext!