Over the past months we’ve started to collectively grow a different relationship with technology and online communications.
We have been spoiled with a convenient Internet, lulled into abstraction by easy tools, losing touch with the underlying technology in exchange for better efficiency and productivity.
Then we got punished. The revelations on the reach of the global surveillance apparatus came like a knife out of the dark to the unsuspecting public. It was a vindication to the — turns out prophetic — paranoids.
Users are dejected and technologists have been sabotaged and betrayed. I’ve seen fellow hackers either feeling resigned, distant or complicit. Overall, the Internet is discouraged and outraged. Everyone has been affected.
Fear not, my friends, it’s not all glum.
It’s when the established order collapse that there’s room for opportunity. We have that opportunity now.
It’s a chance to wipe the slate clean. We excitingly rushed into making technological history without considering the intended or unintended consequences, but that we can fix.
It’s time to play, tinker with toys. It’s time to build, touch, love and get back at hammering the machinery of the Internet. Time to discover a digital Renaissance, of which I believe we’re witnessing the budding.
Technology is the language of modern communication, we all have to learn it, guard it, and rediscover its beauty as we’d do when reading an old book.
The Internet is the embodiment of our freedom. Programmers can straighten up its spine and we, the security geeks, can strengthen it.
You, my friend, are the muscle to operate it.
It’s not easy. As more disturbing revelations have come out on the indiscriminate endeavors of NSA, GCHQ and intelligence agencies globally, it has become clear that we can’t afford to delegate so much of our trust to the traditinal Internet service industry. Their products will need to be back under our control. As such, it is businesses which will profoundly suffer for the spying.
Solving any issue as big as infrastructure decentralization is not an easy task. It will take time and hard choices.
Where we begin
Centralization of digital communication has been the Internet’s core business model of the last decade. Our social, professional and recreational uses of the Internet have been sliced up and monopolized by a handful of corporate giants, monetizing on the transiting and consumption of our own information.
This certainly helped bringing the Internet to the masses, but it was a point of failure.
When power is condensed, it is prone to abuse. We learned this at our expenses and it’s the reason why we fought, and somewhere still are fighting, for democracy.
Turns out, information is power and as such it needs to be decentralized.
At the cost of a little more effort, decentralization could drive a radical change in our experience of online communication and redistribute power and control.
We have the skills to do so and free software is the channel for it.
You can run your own document and file storage instead of Google Docs and DropBox, your own webmail instead of GMail and your own instant messaging platforms instead of Skype.
Be aware that I’m not condemning service providers as a whole, I do in fact enjoy them as vehicles for expressing creativity and opinion, but not as guardians of my rights and privacy.
There are certainly many more tools we use on a daily basis. There are gaps to fill in an open source distributed Internet. These times are calling open source developers to arms, but with our existing tools we have somewhere to start. And understanding what a distributed network is, we know where to go.
Providing privacy-enabling products and services will not be a burden anymore, but a path to economic growth.
Placing your data
Regardless whether you wish to run a file storage, a mail server, or just a webpage, you’ll need service from a hosting provider. This means relying on the integrity and the policies of both the company you choose and the laws of the country the company is based in.
In 1995, the European Union introduced a Data Protection Directive, which regulated the collection and distribution of personal information. Such directives are not fully legally binding to the member states, which are required to translate their content into local legislation. As a result each state has different interpretations and implementations of European privacy laws, which are enforced in different ways.
At the beginning of 2013 the European Commission started drafting a new set of laws for the General Data Protection Regulation. This updated directive should handle new technologies, such as the cloud, as well as introduce responsibility and accountability in case of negligence of data controllers.
The oppressions Europeans suffered during the fascist and communist regimes of the 20th century lead to a suspicion of any systematic collection and use of personal information.
Historically, this data was used to industrialize discrimination and assassinations. Europeans are particularly sensitive to privacy concerns.
Within the region, Germany is considered to have some of the best privacy laws, but the majority of other European countries are catching up.
Sweden also has a good reputation for protecting freedom of speech and freedom of press. It has also acted as a safe harbor for many controversial organizatrions such as The Pirate Bay and WikiLeaks. Although it has been involved in several crackdowns, the first on The Pirate Bay, I would still consider Sweden as a viable option, especially if you’re an European citizen: it has good connectivity, a rich menu of datacenters and a legal framework you can (usually) count on.
A little more up North, Iceland has been working on becoming a model for freedom of speech and information. As a reaction to the banking crisis, the International Modern Media Institute and its partners worked on drafting a number of legislative proposals that would make Iceland a haven for investigative journalism and whistleblowing. The proposal was unanimously adopted by the Icelandic parliament in June 2010 as a welcomed opportunity to renovate the country’s economy as well as a strong political stand against foreign powers. IMMI is still going through the process of transposing the content of the proposal into formal laws.
Latin America is also worth looking into. A number of countries on the continent have been — for one reason or another — strongly defending transparency and whistleblowing, at least from abroad. I wouldn’t find surprising if Latin America would follow Iceland’s example in the future.
In the United States the private sector has been largely self regulating on data protection matters, therefore you might find companies with very strong privacy policies. However, secret court orders and National Security Letters are overwhelming forces you can hardly deal with. Lavabit set a superb example.
While I do not feel able to recommend any particular company, I invite you to consider asking the following questions to the providers you’re evaluating:
- What personal information do you require and what do you store? Is it encrypted?
- How is such personal information being used and under what circumstances it is handed over to external individuals, organizations and law enforcement agencies?
- Do you provide encrypted communications to your services and your staff?
- Is the data hosted through your services encrypted on disk?
- Do you retain logs? What kind and for how long?
- Who in your company, and under which circumstances can gain access to my personal information, and to the services I lease?
- When our contract is over, is my information and data retained? For how long and for what purposes?
You should also make sure that both the company and the location of the infrastructure you lease are legally and phisically located in the jurisdiction of your choice.
Taking back control of the Internet is a process that requires dedication and discipline. However, getting acquainted with the systems we use daily should be an enjoyable effort. Operating them should be an inspiration and an incentive for building local and global communities.
Wouldn’t it be beautiful if we would organize locally to sustain our own digital needs? Bringing together your neighborhood, your hackerspace, your company or your group of friends providing them an email service for example?
Technology will not be an appetizer we’re served on silver platters anymore, it will be a collective treasure. Programmers will build it, politicians will protect it, lawyers will defend it, artists make it beautiful.
You will bring it to life.