It’s been a long and eventful summer which has kept me away from the blog, what spurned me on today was the first bit of good news I’ve seen since Snowdon raised the issue, it’s not much, but it something in the right direction.
Facebook have reported the extent of some of their disclosures to various countries agencies, 3 aspects of this I comforting, firstly that governments and agencies are needing to request this data and don’t already have it using their own methods of snooping, secondly they have been refusing a sizable number of these requests and lastly they have committed themselves issuing regular reports. A full list of the disclosures can be found here.
It should be noted that the fact that the governments are making these requests casts doubt on Snowden’s “they can access everything” claims.
A piece of news that shocked me quite a bit was the shutting down of Groklaw last week, although I it is not a forum a regularly followed. It is/was extremely popular, and proves the justified concerns of anyone in the legal field, I have advised a number of Human Rights Lawyers and political commentators/bloggers on security for a number of years, and in light of what we’ve learnt my advice is having to change drastically now. The founder of Groklaw, Pamela Jones posted this one last message.
“The owner of Lavabit (who recently shut down their email service) tells us that he’s stopped using email and if we knew what he knew, we’d stop too.
There is no way to do Groklaw without email. Therein lies the conundrum.
What to do?”
They are right; the only secure (from any prying eyes) method of email now can only be achieved with end to end encryption. While I have PGP setup, which does offer “Pretty Good Privacy”, of the 300 odd contacts I have in Outlook, only a couple of my contacts are setup to facilitate any mutually secure communication. The problem is as Patrick Lambert at TechRepublic notes, using encryption software isn’t terribly user-friendly. I can setup any number of clients with PGP, once it’s setup its fairly easy to use, but unless the people they are communicating with outside of their domain are also setup, it’s a pointless exercise. PGP has been around for over 2 decades, it’s excellent in its technical simplicity, it never gained enough users to become a common feature. Hopefully when people realise how insecure the email systems they use are, that will change.
Of course most people and businesses have nothing to fear, so what if the NSA or other government agency are snooping on one of my Model Agency clients (I have a few) communications, I know the directors of those companies rightly wouldn’t care, and if they were being snooped on, I think they’d be happy that national security was being taken seriously. But they aren’t they issue, and it’s not like the NSA has not been accused of abusing its snooping powers.
Back to the Groklaw conundrum, I actually think they are wrong “no way to do Groklaw without email”, there is a way, and it should have always been that way by using a forum script with an SSL certificate and communicating with each other over HTTPS using the forums personal messaging. Simply put, just don’t use email.