Lukas Z's Private Blog

(mostly about programming)

Hiding Our Data From the Government

The NSA-story is making headlines. That is a good thing. While it may not immediately change things for the better, it’s important that these issues are in the minds of the people so we can all reflect on them. Because they are important.

They probably matter more to people like programmers. (As Paul Graham pointed out somewhere: The personality traits that make a good programmer seem to be the same personality traits that make one question authority.) But ultimately, as we are heading for a highly technological future with interconnected devices becoming part of our daily routines, these issues matter to everyone. And will increasingly continue to do so.

First things first, though.

Yes, Edward Snowden should be considered a hero. He not only stood up for what he believed is right - at the cost of probably throwing away any chance of having a normal life for himself. He also raised a hand and spoke up in advocacy for something that is a very important cornerstone of a democracy. The ability for the people to check on what their government is doing and, like a referee, being able to call a foul-play.

And since democracy, at least in my view, is a very important achievement of human civilization, any energy invested in upholding it, is energy well spent. That includes what Mr. Snowden did. That includes the media reporting on it. And that includes the time spent by everyone thinking about these things. In order to answer a few questions for themselves.

Let’s ask ourselves some questions

For example:

  • Should the government be able to pass laws in secret in a country that considers itself a democracy?
  • Should the government be able to know as much as private companies? [2]
  • What do we have to gain if secret organisations spy on citizens on their behalf?
  • What do we have to lose?
  • What does history tell us about government spying on the people? [3]
  • Can we still trust internet service providers such as Google with our email?

And so forth.. Everyone can ask his or her own questions and try to come up with answers.

What Technoglogy can and can’t do

Since I am a programmer I can say something about the technological aspect of it. If we wanted to secure our data today, could we even do it? Well, let’s just take email as an example.

It should be known by now that sending an email is like sending a postcard. Everyone involved in the delivery of an email message (this includes a dozen computers owned by different organizations) can simply read that message.

Fortunately there’s a remedy for that: Encryption.[4]

Encrypting an email is a method to make sure that only the recipient of the message will be able to read its contents. That’s the equivalent of putting the letter in an envelope.

But the problem is: It’s almost impossible to do for the average person, because it simply is too complicated. You have to concern yourself with the basics of cryptography and install software that, at this point in time, still isn’t very intuitive to use.

The solution, of course, is to build products, let’s say an email client, that do provide encryption and are easy to use. (It’s not too difficult to imagine such a product.) We could have encrypted emails and most users wouldn’t even have to worry about it. It would just be, well, secure.

But would it?

Ultimately, the problem with security is that you have to trust someone. Simply because you cannot verify everything yourself. That is an impossible task.

And I am not even talking about understanding encryption alorithms (which, on a sidenote, aren’t that complicated). I am talking about the software and hardware your secure email is running on.

In the end, the security of encryption is based on keeping your (private) key secret. But if others have full access to your computer (= they can read files on it), they can steal your key and then your security is out the window.

How exactly would you know that the company that wrote the email software is not sharing your key clandestinely? How would you know your Operating System isn’t doing the same thing? Or how about the company that build your mobile phone? [5]

The answer is that, in practice, you really can’t. [6]

Other Forms of Protection

So far there has been “soft protection” in the sense that a deterrent for companies to spy on us has exited on the grounds that if they got caught, it would be bad for their business.

But if the state is passing sercret laws that force companies to spy on customers and then lie about it the protection is gone.

Meaning that we neither can have protection by technology, nor do we have protecton by business motives and/or protection by reputation.

So what is left?

The Only Viable Solution

In the end, the initiative must be directed at lawmakers. It must be directed at politicians. It must be ensured that these issues are at the core of the values in a democratic system.

We must have governments where each branch of it is accountable for its actions to some other entity. And where the checking-powers are, in fact, exercised. [7] Transparently.

In my view the problem is similar to the problem of corruption. It is very damaging to countries (from individual welfare to the economy as a whole), and very difficult to get rid of.

But, just like the surveillance state, corruption must be fought against. A battle at a time. Because the consequences can be truly horrible.

Call to Action

I encourage everyone to study the history of former soviet countries. Read books by George Orwell. Look at new democracies like Poland, Romania, Croatia. See what problems they are dealing with or have dealt with since the end of the iron curtain. Learn what it takes to become a democratic state in the sense of the EU. What independence means. What freedom means. Why the founders of the United States of America agreed on that constitution and not a different one.

Look at what is at stake here. Help to shape politics that make it difficult and illegal for the government to break important rules that justify and make up the basis for our civilizational achievements.

Finally

Edward Snowden sparked a very imporant debate. For that I want to thank him.

And now it’s time to look at America. I hope the Americans will kick some ass now. Because some asses truly deserve to be kicked. Right out of their chairs.

Notes:

[1] On Prism, partisanship and propaganda - The Guardian

[2] Should the government know less than Google? - The Economist

[3] The Lives of Others trailer - YouTube

[4] Encrypt Your Email With GPG

[5] He who smelt it, dealt it. Remember how the US government complained about the sale of Huawei phones in the USA? Because the Chinese could spy on Americans? How ironic, but not really suprising, that they would say that. Isn’t it. ;)

[6] That is a benefit of open source software though.

[7] A quick review of US government strucure

P.S.: You can follow me on Twitter.

Comments

Webmentions