It was recently revealed that the NSA and FBI have been using the US Patriot act to conduct blanket, unwarranted, surveillance of US citizens (and anyone who happens to talk to a US citizen), and of course comes as no surprise. The fact that major companies, Google, Verizon, Apple, to name but a few, were complicit in this, is very disappointing.
In the UK, the security services already track your phone calls, RIPA makes it a criminal offence to refuse to decrypt data (or what they believe is encrypted data) on the government’s request, and with plans to re-introduce universal internet surveillance (shamelessly capitalising on the tragic murder in south London of a young man, re-branded as “Terrorism”), we are taking the lead in creating the “Cradle to Grave” Surveillance State.
History shows that the greatest threat to an individual’s liberty comes from the state itself, rather than some foreign actor. My good friend Ben Werdmuller recently coined a new “Second Amendment”, which I thoroughly agree with:
Privacy being necessary to the sanctity of a free state, the right of the people to own and encrypt data shall not be infringed.
Of course, it is easier said than done. You can’t trust cloud based services to protect you; Apple, Google, Twitter, Facebook, your phone company and ISP are all complicit.
Wider use of encryption would be a start, but that’s hard to do in isolation. Email encryption is a microcosm of the problem; I’ve had a public key available for over a decade, but the grand total of encrypted emails I’ve received can be counted on the fingers of one hand. This is not because encryption or key management is necessarily complicated, it’s just that there is no motivation for me to use it if nobody else is as well.
It is useless in isolation.
Newer technologies fare better, without the need to carry too much legacy baggage, they can afford to switch on encryption from the get-go. Many, especially IM clients, have another advantage in that they are synchronous, and so could do content negotiation ahead of time. So, perhaps a mail client/webmail client with Webfinger support, and wider adoption of that?
Might help.
However, I think the biggest issue is that society at large tolerates the state doing this sort of thing. Perhaps “We the people” should start presenting a more unified opposition.