BY CHRIS DUCKETT
ZD NET – NULL POINTER
The prospect of security awareness and actual cryptography in the hands of regular citizens has the disturbing habit of sending agents of the state into all manner of silly name calling.
Long before Australia’s chief law officer decided that he was able to determine whether Edward Snowden was a traitor to the United States — which, the argument goes, led directly to theneed for Australia to implement a mandatory data-retention scheme — encryption was going to destroy the ability for police and spy agencies to do their work.
In one of the best talks from Linux.conf.au this year, chairman of the Software Freedom Law Center Eben Moglen recalled the debate that surrounded introducing PGP in the 1990s.
“People have been made afraid that if you let communications be secure, the villains will win,” he said. “I must tell you that I heard a lot of that in the early ’90s over PGP too.
“I had a bet with a reporter … whether it was going to be pedophilia or nuclear terrorism of which I was first going to be accused in every public meeting.”
Fast forward 20 years, and not only are a number of tech firms now “friendly to terrorists”, they are also ignoring their “corporate social responsibility” by making it harder for authorities to get access to data, Reuters reported Mark Rowley, London Metropolitan Police assistant commissioner for specialist crime and operations, as saying last week.
“It can be set up in a way which is friendly to terrorists and helps them … and creates challenges for law-enforcement and intelligence agencies. Or it can be set up in a way which doesn’t do that.” Rowley reportedly said.
Like petulant children that have had their favourite toys taken away, authorities are increasingly crying foul that encryption is getting in their way.
In March, European Police Office director Rob Wainwright saidencryption is the biggest problem in counter-terrorism.
“It only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet,” he said. “[Technology companies] are doing it, I suppose, because of a commercial imperative driven by what they perceive to be consumer demand for greater privacy of their communications.”
What Wainwright sees as a perception is quickly becoming reality.
Last week, Microsoft unveiled plans to limit staff accessing customer data, and will within the next 12 months allow for content-level encryption and for some customers to use their own encryption keys to store data on Microsoft servers.
For its part, Google executive chairman Eric Schmidt said last week that the search giant has embarked on a program to fully secure data, both in transit and at rest.
And it doesn’t always have to be a pure technical fix to achieve the same ends. Twitter announced last week that from mid May, all of its non-US users will be covered by Irish law. With the EU looking to bump up privacy in its data-protection law update, any extra protection that Europe can offer to users in jurisdictions where governments are not interested in such ideals is a welcome one.
In each of these cases, by the Rowley assessment, a quintet of the companies that are at the forefront of computing are “friendly to terrorists”.
The absolutely ridiculous element of that argument is that Microsoft has already shown it will, in perilous and proper circumstances, help law enforcement in double-quick time.
While increasing security and privacy may hamper the “good guys” in their investigations, it is countered by the extent to which it will also keep the “bad guys” at bay — who are a much greater threat to John Q Citizen than the state will ever be. In fact, the Australian equivalent of the NSA, the Australian Security Intelligence Organisation, recently told a Senate committee that 95 percent of metadata retained will be of no use.
If nearly all of the data hoovered up and retained is useless, what is the harm of letting the general populace protect themselves against the actual threats that they are much more likely to face online? The measures that authorities want to keep were only ever going to catch criminals that were ignorant or stupid.
What police are experiencing is the reaction to trust being broken when the documents of Edward Snowden slowly appeared. The consumer interest for privacy protection exists, and vendors are beginning to serve it and protect themselves in the process.
After having their privacy and security surreptitiously broken down for years, there are early signs that users may be getting some of their precious privacy back. It’s been a long time coming, and despite the hyperbolic cries of those who exploited the arrangements, this is nothing but good news.
“We sacrificed tens of millions of lives in the 20th century in order to avoid living in societies where the state kept track of everybody you knew and listened to every phone call,” Moglen said at the end of his LCA talk.
How times change. Fighting surveillance states used to make people national heroes; nowadays, it draws base insults from the those in power.