- Spitfire List - http://spitfirelist.com -

Knock, Knock. Who’s there? The Clipper Chip and Four Horsemen.

This is a LONG post so here’s a short summary:
Angela Merkel made an ominous announcement last week. She wants to move ahead with walling off the EU’s web traffic and begin a “massive” counter-espionage campaign against the US and its Five Eyes partners [1]. There’s also a new German anti-NSA state-backed email service [2]. Similarly [3], Brazil is moving ahead with its plans to remake the internet, including local data storage requirements [4] and possibly state-encrypted web services [5]. So domestic spying could be on the rise, the internet itself is at risk [6], state-encyption services are now being offered as an anti-NSA panacea, and the future of encryption standards are up in the air. Simultaneously, Kim Dotcom is working on making unbreakable encryption mainstream and easy to use [7].

With both state-backed anti-NSA encryption and unbreakable mainstreamed strong encryption on the horizon, it looks like an old enemy of privacy, the Clipper Chip [8], is back in the new form and the Clipper Chip’s own arch-nemeses, the Four Horsemen of the Infopocalypse [9], are back too. Should we welcome these guests? The Cypherpunks thinks so. [10] But these aren’t easy guests to have around and there are no obvious ways to uninvite them without a LONG talk.


In the mean time, while data-localization are laws gaining momentum, no governments are offering state-backed encryption services that even the state itself can’t break, including Germany and Brazil. Crises in trust can get weird and ugly fast [11]:

McClatchy in Berlin

Edward Snowden revelations prompt crisis of trust in Germany

European experts question whether they can rely on US computing models or whether they need to develop their own fail-safe equipment

PUBLISHED : Monday, 17 February, 2014, 5:02am
UPDATED : Monday, 17 February, 2014, 6:22am

When Germany’s federal criminal police office needs to share sensitive information these days, employees type the particulars and get them hand-delivered.

Last year, agents would have trusted the security of e-mail. But that was before Edward Snowden and the revelations about the US National Security Agency’s PRISM electronic intelligence-gathering programme. After Snowden, it’s a new digital world.

Note that the German police that previously thought their email was totally secure were probably rookies [12].

Continuing…


“We’re now carrying our information to our allies on foot,” said Peter Henzler, vice- president of the Bundeskriminalamt, known as the BKA. He was speaking recently at a German Interior Ministry discussion on the country’s digital future. The focus of the panel was how to counter US surveillance measures and what it will take for Germans to be safe again on the web. “We’re no longer using the open internet,” he said.

The message is clear: No longer can the US be trusted to honour the privacy of German life and policy.

Henzler’s concerns weren’t isolated. The worries appear to reflect the wider German, and even European, frustration with the reach of the NSA’s surveillance programme.

Hardly a week passes in Berlin without some new revelation about the dastardly depths to which the American spy programme invaded German privacy, or at least a new way in which to react to the scandal.

Last week, news broke that the United States had tapped the mobile phone of Gerhard Schroeder when he was German chancellor from 1998 to 2005. This came four months after news broke that the same American surveillance programme was tapping the mobile phone of the current chancellor, Angela Merkel.

There are many more examples beyond news stories. Thirty-two per cent of Germans told pollsters that they had either quit or cut their time on Facebook because of spying fears. German television ads note the peace of mind and freedom that comes with e-mail that doesn’t leave European servers. Providers now say that they encrypt all e-mail.

Such thoughts aren’t limited to Germany. A US$900 million French deal with the United Arab Emirates for two new intelligence satellites appears to be in doubt after the buyers noticed US components in the French satellites that they feared could compromise their data.

Florian Glatzner, a policy officer with the German Federal Consumer Protection Agency, says the office is fielding many consumer questions about how to ensure that communications and data are safe from the NSA.

“A lot of the trust in the big internet companies is gone,” he says. “And most of the big internet companies were based in the United States.”

Thomas Kremer, a data privacy board member for Deutsche Telekom, the German phone giant, recently noted that: “Regardless of what one thinks of Edward Snowden, he created an awareness of internet security and we should be grateful for that.”

Experts note that there may be no better place to find the effect of this distrust than in the emerging cloud computing market. Before Europe met Snowden, the continent was moving fast to an American-dominated cloud computing future.

The American dream of total cloud domination might be drifting away. There are signs of that: By 2016, US companies are expected to lose US$21 billion to US$35 billion in new contracts that they’d been expected to collect, according to some estimates.

German cloud companies are posting better-than-expected earnings. There have been signs that some US tech companies might be suffering. Network equipment maker Cisco, for instance, noted government issues when it predicted a revenue drop for the current quarter.

The new reality for some critics is that data that passes through the United States isn’t safe.

“A year ago, a German cloud was a bad idea,” says Daniel Castro, a senior analyst for the Information Technology & Innovation Foundation in Washington. “German business didn’t want a German product to help them in a global market. They wanted the best product. Today, even if businesses still believe a German cloud is a bad idea, they’re accepting it as a necessary idea.”

There’s even a new initiative, “German Cloud”, backed by a variety of German tech companies. The motto is “My company data stays in Germany.”

Castro noted that this is a bad time for the American brand to lose lustre. The market is growing rapidly. Castro wants hard evidence that confirms his earlier predictions that the international market share of US cloud providers should fall by 5 per cent this year, and up to 20 per cent by 2016, because of the spying allegations.

The news could be even worse for American companies. The recent Interior Ministry panel showed just how fearful Germany has become. Reinhold Achatz, head of technology and innovation at the German steel giant ThyssenKrupp, noted that “whoever can read data is also likely to be able to change data.”

“For example, they could switch off a power station,” he said. “So from my point of view, it wouldn’t be surprising if someone came up with the idea of switching off Germany. I’m serious about that.”

Note that ThyssenKrupp actually tried to get cyberattack insurance in 2012 over stuxnet concerns. It didn’t sound like the insurance industry was very interested [13].

Continuing…


Christian Stoecker, editor of Spiegel Online, the web version of Germany’s most prestigious news magazine, noted: “Before Snowden, I did not know that the NSA intercepts hardware shipped to European telecommunications companies by US manufacturers and swaps the BIOS to make the equipment usable for NSA purposes.” BIOS is the basic operating system that starts up a personal computer.

“The NSA practically turned the internet into a weapons system,” Stoecker says. “If we want to change things, we have to enter into disarmament talks.”

A round of surveillance “disarmament talks” should be quite a sight. Maybe it’ll be one big sweeping gesture at a UN-level [14] or a series of bilateral talks. Either way, it’s going to by complicated and almost doomed to fail if its just “disarmament talks” between the US and Germany. A single bilateral no-spy agreement just isn’t that useful in a world of joint intelligence-sharing agreements [15]:

Christian Science Monitor
Hyperbole in NYT report on Australia and NSA spying on Indonesia

A New York Times story about how Australian intelligence might have passed information involving a US law firm and Indonesia is heavy on the drama.

By Dan Murphy, Staff writer / February 16, 2014

James Risen and Laura Poitras at the New York Times have the latest scoop from the steady drip drip drip of National Security Agency files that former NSA contractor Edward Snowden stole and has been distributing to reporters since the middle of last year.

They report the news breathlessly, but there’s far less there there than their presentation would lead a casual reader to believe. They write:

A top-secret document, obtained by the former N.S.A. contractor Edward J. Snowden, shows that an American law firm was monitored while representing a foreign government in trade disputes with the United States. The disclosure offers a rare glimpse of a specific instance in which Americans were ensnared by the eavesdroppers, and is of particular interest because lawyers in the United States with clients overseas have expressed growing concern that their confidential communications could be compromised by such surveillance.

Scary, huh? No. Not at all. Here’s my summary of the key assertions in the article, stripped of spin, drama, and adjectives:

“A 2013 memo leaked by Edward Snowden shows that Australia’s version of the NSA, while engaged in electronic surveillance of an Indonesian trade delegation, came across communications between the Indonesian officials and a US law firm the country had hired for help with trade talks. Australia informed the NSA liaison office in Canberra that intelligence it was collecting and willing to share with the US might infringe on US attorney-client privilege laws. The liaison referred the matter to the NSA general counsel in the US and some sort of legal guidance was sent back. The memo does not say, nor has the Times been able to learn by other means, what that guidance was.”

Foreign governments hire US law firms and lobbyists all the time and it would be foolish to assume that US and foreign government signal intelligence collection operations targeting foreign governments don’t frequently come across communication between the targets and the US companies in their employ. Yet here’s an instance of what can safely be presumed to be a routine occurrence in which US ally Australia – not bound by any US law in its intelligence collection – immediately notified the US of a potential legal problem with intelligence sharing.

The guidance the US sent back (for all we know – the Times doesn’t) may well have been: “Feed us the stuff the Indonesian officials say but redact anything involving any American citizens who were involved.” Or it could have been: “Give us everything – our lawyers have determined that all of this is legal for us to collect.”

In fact, an NSA spokeswoman quoted in the article – if you read down to the 13th paragraph – says the agency takes attorney client privilege very seriously. The NSA’s Vanee M. Vines told the paper that in cases like the one described in the article that the agency’s legal office could recommend steps including “requesting that collection or reporting by a foreign partner be limited, that intelligence reports be written so as to limit the inclusion of privileged material and to exclude U.S. identities, and that dissemination of such reports be limited and subject to appropriate warnings or restrictions on their use.”

This all strikes me as very positive and a far cry from the Times’ recommendation in the story’s first paragraph to add “American lawyers… (to) the list of those caught up in the global surveillance net cast by the National Security Agency and its overseas partners.”

The article provides evidence that legal concerns are front and center when intelligence sharing comes up. And while Australia may be the junior partner in the defense relationship with the US, they punch far above their weight when it comes to neighbor Indonesia, the world’s fourth largest country. Australia has more linguists and specialists and resources focused on Indonesia than the US does and Australia’s willingness to share intelligence about the country of relevance to US interests is evidence of how the so-called “Five eyes” alliance (intelligence sharing between Australia, New Zealand, Canada, the UK and the US) is a two-way street.

To some, all US intelligence cooperation with foreign governments is nefarious. Take Glenn Greenwald, who’s been the most prominent of the reporters receiving documents from Snowden and has emerged as a sort of unofficial spokesperson and cheerleader for both the man himself and the supposedly earth-shattering implications of everything he has revealed. This was his response to the Times’ story on Twitter:

Glenn Greenwald@ggreenwald
There’s almost no separation between Five Eyes alliance on spying: Australian spying on US law firm w/NSA knowledge http://www.nytimes.com/2014/02/16/us/… [16]
9:07 AM – 16 Feb 2014
——————————————-
Eavesdropping Ensnared American Law Firm [17]

A top-secret document, obtained by the former N.S.A. contractor Edward J. Snowden, shows that an American law firm was monitored while representing a foreign government in trade disputes with the… [17] The New York Times @nytimes [18]

What is his point here? It would be better if Australia was conducting its spying activities while keeping the US in the dark? That America has some power to demand Australia rein in its intelligence targeting of Indonesia – one of the country’s two most important intelligence targets?

As for “almost no separation” what is actually shown is… separation. Australia, not as familiar with US laws as the NSA is – let the US know what was going on and asked for guidance.

The Five Eyes no-spy pro-spy agreement
When the above author asked the question “it would be better if Australia was conducting its spying activities while keeping the US in the dark?” it raises another aspect about creating a spy-free world: For instance, if two nations are to enter into a ‘no-spy’ agreement, they presumably are simultaneously entering into a ‘trust us to share with you any relevant info and also trust us to spy on our populace and identify threats so you don’t feel the need to spy on us”-agreement. It raises the question of how, for example, the relationship between the US and Germany would have changed in the wake of 9/11 if the US and Germany already had a ‘no-spy’ agreement with the US after the Hamburg cell was discovered [19]? Would 9/11 have been used as an excuse to elevate the domestic surveillance in Germany? Maybe not [20], but the fact remains that a ‘no-spy’ world is unprecented so a lot of tricky and unprecedented questions might get raised as we enter into the No-Spy World Order. Fortunately (for procrastinators) those unprecendented questions may not need to be asked for the foreseable future [21]:

February 13, 2014 11:14 am
Germany gives up on no-spy deal with US

By Jeevan Vasagar in Berlin

The German government has given up hope of a bilateral no-spy agreement with the US [22], according to a senior aide to chancellor Angela Merkel.

Phillipp Missfelder, Berlin’s co-ordinator for transatlantic relations, told a press briefing on Thursday that he did not expect talks would lead to a legally binding agreement.

He said: “I am realistic that we can’t expect a no-spy agreement that will be binding in international law. The Americans are not prepared to curtail their security measures.”

Germany has been pushing for a relationship similar to the “five eyes” agreement [23] between the US and four English-speaking allies, including the UK. This carries an understanding that they will not spy on each other.

There were reports of a stalemate in talks between Berlin and Washington last month, but until now the official line from Germany has been that discussions are ongoing.

Mr Missfelder said: “The Americans base their predominant position in the world not on economic or on military grounds, but on moral superiority. That is undermined when friends are spied upon. When were Gerhard Schröder or Angela Merkel a threat to US national security? Never.”

Mr Missfelder leavened his criticism with praise for President Barack Obama for giving an interview to a German broadcaster following his NSA speech. He added: “We are friends, we remain friends, and Snowden can’t change that.”

At a joint press conference with French president François Hollande on Tuesday, Mr Obama said there was no country with which the US has a no-spy agreement. He added the US endeavours to protect privacy rights as it gathers foreign intelligence.


It might sound surprising that President Obama announced that there was no country in the world with which the US as a no-spy agreement. After all, isn’t is the ‘Five Eyes’ agreement and its ‘no-spying’ membership perk that Angela Merkel has been coveting all along? Well, not exactly. The ‘Five Eyes’ aren’t supposed to spy on eachother’s citizens without permission but, as one might expect, that’s really more of a suggestion [24]:

NSA considered spying on Australians ‘unilaterally’, leaked paper reveals
2005 draft directive says citizens of ‘5-Eyes’ countries may be targeted without knowledge or consent of partner agencies

James Ball and Paul Farrell
theguardian.com, Wednesday 4 December 2013 22.29 EST

The US National Security Agency has considered spying on Australian citizens without the knowledge or consent of the Australian intelligence organisations it partners with, according to a draft 2005 NSA directive kept secret from other countries.

The draft directive leaked by the US whistleblower Edward Snowden reveals how the NSA considered the possibility of “unilaterally” targeting citizens and communication systems of Australia, New Zealand and Canada – all “5-Eyes” partners which it refers to as “second party” countries.

a) (S//SI//NF) Under the British-U.S. Communications Intelligence Agreement of 5 March 1946 (commonly known as the United Kingdon/United States of America (UKUSA) Agreement), buoth governments agreed to exchange communications intelligence products, methods and techniques as applicable so long as it was not prejudicial to national interests. This agreement has evolved to include a common understanding that both governments will not target each other’s citizens/persons. However, when it is in the best interest of each nation, each reserved the right to conduct unilateral COMINT action against each other’s citizens/persons. Therefore, under certain circumstances, it may be advisable and allowable to target Second Party persons and second party communications systems unilaterally when it is in the best interests of the U.S. and necessary for the U.S. national security. Such targeting must be performed exclusively within the directions, procedures and decision processes outlined in this directive.

“Under certain circumstances, it may be advisable and allowable to target second party persons and second party communications systems unilaterally when it is in the best interests of the US and necessary for US national security,” says the directive, which was classified as “NF” for No Foreign and is titled Collection, Processing and Dissemination of Allied Communications.

“Such targeting must be performed exclusively within the direction, procedures and decision processes outlined in this directive.”

Australia is one of the countries acting in partnership with Britain, the US, New Zealand and Canada to share intelligence and conduct surveillance operations around the world. These 5-Eyes states form part of the UKUSA agreement, which was believed to limit the ability of the partner countries to spy on each other. The Australian Signals Directorate maintains a close partnership with the NSA [25].

On Monday Guardian Australia revealed that the Defence Signals Directorate – now the Australian Signals Directorate – had offered to share citizens’ personal data [26] in a 2009 meeting. Last month an officer responsible for federal parliament’s IT systems left open the possibility that parliamentarians could be subject to US surveillance [27] through a Microsoft operating system vulnerability.

The draft 2005 directive, which was published in the Guardian in November [28], goes on to state that the US could conduct the targeting without the knowledge of Australian, Canadian or New Zealand authorities, and even if the countries had rejected a “collaboration proposal” for the operation.

b) (S//NF) Uniliterally by the Signals Intelligence Directorate:
When sharing the planned targeting information with a second party would be contrary to US interests, or when the second party declines a collaboration proposal, the proposed targeting must be presented to the signals intelligence director for approval with justification for the criticality of the proposed collection. If approved, any collection, processing and dissemination of the Second Party information must be maintaine in NOFORN channels

“When sharing the planned targeting information with a second party would be contrary to US interests, or when the second party declines a collaboration proposal, the proposed targeting must be presented to the signals intelligence director for approval with justification for the criticality of the proposed collection.”

The original 1946 UKUSA agreement [29] between the US and Britain was previously designed only for “foreign intelligence” operations. The draft memo appears to indicate that the agreement has changed.

“[The 1946 UKUSA] agreement has evolved to include a common understanding that both governments will not target each other’s citizens/persons. However, when it is in the best interest of each nation, each reserved the right to conduct unilateral Comint [communications intelligence] action against each other’s citizens/persons.”

In a later part of the draft cleared for release to the 5-Eyes countries, the document suggests there may be circumstances in which Australia, Canada and New Zealand should co-operate to allow the US to target their citizens.

b) (S//SI//REL to UK, CAN, AUS, NZ and USA) There are circumstances when targeting of Second party persons and communications systems, with the full knowledge and co-operation of one or more second parties, is is allowed when it is in the best interests of both nations,” the 2005 document says. “This targeting will conform to guidelines set forth in this directive.”

“There are circumstances when targeting of second party persons and communications systems, with the full knowledge and co-operation of one or more second parties, is allowed when it is in the best interests of both nations,” the 2005 document says. “This targeting will conform to guidelines set forth in this directive.”

It says this type of collaborative targeting is most commonly achieved “when the proposed target is associated with a global problem such as weapons proliferation, terrorism, drug trafficking or organised crime activities”.

Yes, the much vaunted ‘No spying’-feature in the ‘5 Eyes’ club actually appears to be a moot point within a larger ‘Pro spying’ agreement. Or, more precisely, it appears to be a ‘please don’t spy on us without asking first and we’d likely be more than happy to help…unless we don’t want to help, in which case go ahead and spy on us anyways’-club that fosters the collection and sharing of intelligence including the intelligence on ‘5 Eyes’ citizens [28].

I spy you spying on me spying on you
So if the ‘5 Eyes’ treaty doesn’t actually prevent spying, why would Angela Merkel be putting such an emphasis on extracting a ‘No Spy’ agreement out of the US by joining a pro-spying intelligence ring? Well, one reason Merkel might want to gain entry into the ‘5 Eyes’ – a move that presumably entails a great deal of data-sharing with the ‘5 Eyes’ partners – is simply because Germany’s intelligence agencies are already in club with the NSA and already sharing large volumes of data [30] and who doesn’t like an upgrade on their club membership status? [31]:

Portrait of the NSA: no detail too small in quest for total surveillance
The NSA gathers intelligence to keep America safe. But leaked documents reveal the NSA’s dark side – and show an agency intent on exploiting the digital revolution to the full

Ewen MacAskill and James Ball
The Observer, Saturday 2 November 2013 12.13 EDT

Barack Obama [32] hailed United Nations secretary general Ban Ki-moon as a “good friend” after the two had sat down in the White House in April to discuss the issues of the day: Syria and alleged chemical weapons attacks, North Korea, Israel-Palestine, and climate change.

But long before Ban’s limousine had even passed through the White House gates for the meeting, the US government knew what the secretary general was going to talk about, courtesy of the world’s biggest eavesdropping organisation, the National Security Agency.

One NSA document – leaked to the Guardian by whistleblower Edward Snowden just a month after the meeting and reported in partnership with the New York Times [33] – boasts how the spy agency had gained “access to UN secretary general talking points prior to meeting with Potus” (president of the United States). The White House declined to comment on whether Obama had read the talking points in advance of the meeting.

Spying on Ban and others at the UN is in contravention of international law, and the US, forced on the defensive this week over the Snowden leaks about worldwide snooping, ordered an end to surveillance of the organization, according to Reuters.

That the US spied on Ban is no great surprise. What is a revealing is that the disclosure is listed in the NSA’s ‘top-secret’ weekly report from around the world as an “operational highlight”.

It sits incongruously alongside other “operational highlights” from that week: details of an alleged Iranian chemical weapons program; communications relating to an alleged chemical weapons attack in Syria and a report about the Mexican drug cartel Los Zetas.

Bracketing the benign, US-friendly Ban alongside drug traffickers and weapons in the Middle East and Central Asia points to a spy agency that has lost its sense of proportion.

The incident is consistent with the portrait of the NSA that emerges from the tens of thousands of documents leaked by Snowden. Page after page shows the NSA engaged in the kind of intelligence-gathering it would be expected to carry out: eavesdropping on Taliban insurgents planning attacks in remote Afghanistan valleys, or listening in on hostage-takers in Colombia.

But the documents reveal, too, the darker side of the NSA. It is indiscriminate in the information it is collecting. Nothing appears to be too small for the NSA. Nothing too trivial. Rivals, enemies, allies and friends – US citizens and ‘non-Americans’ – are all scooped up.

The documents show the NSA, intent on exploiting the communications revolution to the full, developing ever more intrusive programmes in pursuit of its ambition to have surveillance cover of the whole planet: total command of what the NSA refers to as the ‘digital battlefield’.

The 5-Eyes

The NSA operates in close co-operation with four other English-speaking countries – the UK, Canada, Australia and New Zealand – sharing raw intelligence, funding, technical systems and personnel. Their top level collective is known as the ‘5-Eyes’.

Beyond that, the NSA has other coalitions, although intelligence-sharing is more restricted for the additional partners: the 9-Eyes, which adds Denmark, France, the Netherlands and Norway; the 14-Eyes, including Germany, Belgium, Italy, Spain and Sweden; and 41-Eyes, adding in others in the allied coalition in Afghanistan.

The exclusivity of the various coalitions grates with some, such as Germany, which is using the present controversy to seek an upgrade. Germany has long protested at its exclusion, not just from the elite 5-Eyes but even from 9-Eyes. Minutes from the UK intelligence agency GCHQ note: “The NSA’s relationship with the French was not as advanced as GCHQ’s … the Germans were a little grumpy at not being invited to join the 9-Eyes group”.

Significantly, amid the German protestations of outrage over US eavesdropping on Merkel and other Germans, Berlin is using the controversy as leverage for an upgrade to 5-Eyes.

with top-tier spying ambitions [34]:

Tech Dirt
Germany’s Spies Have NSA Envy: Currently Working To Build Their Own Comprehensive Snooping System
from the it’s-not-actually-a-competition dept
by Glyn Moody

Wed, Jun 19th 2013 11:08pm

One unfortunate knock-on effect of the revelations about the extent of NSA information gathering seems to be that the spies in other countries are starting to feel under-informed by comparison. Of course, many of them already knew about what was going on: in addition to the British [35] and the Dutch [36], there are now reports that Germany was also kept informed at the highest levels (original in German [37].) That would probably explain the revelation by the news magazine Der Spiegel that Germany has been trying to beef up its own snooping capabilities for a while [38]:

Last year, [Germany’s foreign intelligence agency] BND head Gerhard Schindler told the Confidential Committee of the German parliament, the Bundestag, about a secret program that, in his opinion, would make his agency a major international player. Schindler said the BND wanted to invest €100 million ($133 million) over the coming five years. The money is to finance up to 100 new jobs in the technical surveillance department, along with enhanced computing capacities.

Small beer compared to the NSA, but it’s a start. Der Spiegel’s article provides some details on how they do it in Germany:

The largest traffic control takes place in Frankfurt, in a data processing center owned by the Association of the German Internet Industry. Via this hub, the largest in Europe, e-mails, phone calls, Skype conversations and text messages flow from regions that interest the BND like Russia and Eastern Europe, along with crisis areas like Somalia, countries in the Middle East, and states like Pakistan and Afghanistan.

But the BND still has a long way to go before it attains NSA-like levels of snooping:

In contrast to the NSA, though, the German intelligence agency has been overwhelmed by this daunting wealth of information. Last year, it monitored just under 5 percent, roughly every 20th phone call, every 20th e-mail and every 20th Facebook exchange. In the year 2011, the BND used over 16,000 search words to fish in this data stream.

As in the US, the idea is that this targets foreigners:

German law allows the BND to monitor any form of communication that has a foreign element, be it a mobile phone conversation, a Facebook chat or an exchange via AOL Messenger. For the purposes of “strategic communications surveillance,” the foreign intelligence agency is allowed to copy and review 20 percent of this data traffic. There is even a regulation requiring German providers “to maintain a complete copy of the telecommunications.”

Here’s how the BND tries to achieve that:

If e-mail addresses surface that end in “.de” (for Germany), they have to be erased. The international dialing code for Germany, 0049, and IP addresses that were apparently given to customers in Germany also pass through the net.

Of course, as in the US, it doesn’t quite work out like that:

At first glance, it’s not evident where users live whose information is saved by Yahoo, Google or Apple. And how are the agencies supposed to spot a Taliban commander who has acquired an email address with German provider GMX? Meanwhile, the status of Facebook chats and conversations on Skype remains completely unclear.

Given this evident desire to create its own snooping apparatus, coupled with the fact that Germany has doubtless benefited from NSA spying, perhaps it’s no surprise the German government’s protests about its citizens being subject to extensive NSA surveillance [39] have been muted….


I spy on you spying on me and now I’m pissed
Yes, protestations by the German government when the Snowden documents initially hit the news were indeed rather muted…at least before the hacking [40] of Angela’s Merkel’s cell phone was made public [41]. Now, it’s pretty clear that Germany’s government is very intent on changing how the spy games are played one way or another. Of course, changing how spy games are played in the age of global digital communications might actually change how global communications work too. It might also increase spying [1]:

The Independent
Surveillance revelations: Angela Merkel proposes European network to beat spying by NSA and GCHQ

Tony Paterson
Berlin

Sunday 16 February 2014

Chancellor Angela Merkel of Germany has announced plans to set up a European communications network as part of a broad counter-espionage offensive designed to curb mass surveillance conducted by the US National Security Agency and its British counterpart, GCHQ.

The move is her government’s first tangible response to public and political indignation over NSA and GCHQ spying in Europe, which was exposed last October with revelations that the US had bugged Ms Merkel’s mobile phone and that MI6 operated a listening post from the British Embassy in Berlin.

Announcing the project in her weekly podcast, Ms Merkel said she envisaged setting up a European communications network which would offer protection from NSA surveillance by side-stepping the current arrangement whereby emails and other internet data automatically pass through the United States.

The NSA’s German phone and internet surveillance operation is reported to be one of the biggest in the EU. In co-operation with GCHQ it has direct access to undersea cables carrying transatlantic communications between Europe and the US.

Again, note that German intelligence works closely with the NSA on the surveillance of German phone and internet [42]. It’s a theme these days [43].

Continuing…


Ms Merkel said she planned to discuss the project with the French President, François Hollande, when she meets him in Paris on Wednesday. “Above all we’ll talk about European providers that offer security to our citizens, so that one shouldn’t have to send emails and other information across the Atlantic,” she said. “Rather one could build up a communications network inside Europe.”

French government officials responded by saying Paris intended to “take up” the German initiative.

Ms Merkel’s proposals appear to be part of a wider German counter-espionage offensive, reported to be under way in several of Germany’s intelligence agencies, against NSA and GCHQ surveillance.

Der Spiegel magazine said on Sunday that it had obtained information about plans by Germany’s main domestic intelligence agency, the Federal Office for the Protection of the Constitution, for a “massive” increase in counter-espionage measures.

The magazine said there were plans to subject both the American and British Embassies in Berlin to surveillance. It said the measures would include obtaining exact details about intelligence agents who were accredited as diplomats, and information about the technology being used within the embassies.

Last year information provided by the whistleblower Edward Snowden revealed that US intelligence agents were able to bug Ms Merkel’s mobile phone from a listening post on the US Embassy roof. Investigations by The Independent subsequently revealed that GCHQ ran a similar listening post from the roof of the British Embassy in Berlin.

Intelligence experts say it is difficult if not impossible to control spying activities conducted from foreign embassies, not least because their diplomatic status means they are protected from the domestic legislation of the host country.

Der Spiegel said Germany’s military intelligence service, (MAD) was also considering stepping up surveillance of US and British spying activities. It said such a move would mark a significant break with previous counter-espionage practice which had focused on countries such as China, North Korea and Russia.

Germany’s counter-espionage drive comes after months of repeated and abortive attempts by its officials to reach a friendly “no spy” agreement with the US. Phillip Missfelder, a spokesman for Ms Merkel’s government, admitted recently that revelations about NSA spying had brought relations with Washington to their worst level since the US-led invasion of Iraq in 2003.

Will potentially breaking the internet by walling it off [44] actually obtain some degree of additional digital privacy for Europeans? Well, according to Bruno Kramnm, a German ‘Pirate’ that presumably cares quite deeply about maximizing digital privacy protections, no, breaking the internet won’t actually help and will just make things worse [44]:

RT
Merkel’s mirage: ‘This new old idea of a Schengen net is basically a step back’
Published time: February 17, 2014 14:50

The idea of the internet with borders means that national states will be able to put much more mass surveillance on their own people, Bruno Kramm from the Pirate Party told RT.

RT: What kind of future do you see for this proposal of Angela Merkel to create a pan-European communications network that would prevent private data from leaking across the Atlantic?

Bruno Kramm: Actually, for this proposal I don’t see any future. For me it’s just another symbol of the way how Chancellor Merkel is doing her politics. It’s symbolism, nothing else, especially when it comes to net politics, and when we look into the whole NSA affair, what happened recently about the mass surveillance, there had been no measurements at all, and no actions at all, and now she comes up with this new old idea of a Schengen net, what is basically a step back and nobody wants that and this will definitely not happen.

RT: It’s been revealed last summer that the US is spying on Europe. How come it took EU officials so long to go from anger to action?

BK: Actually, they are still not having any kind of action on the whole thing. Of course, they tried to play, to be a little bit more [active], because the people on the street are really angry about the mass surveillance. Why it takes so long, we have several reasons. First of all, it is that all the secret agencies, also in Germany, are doing massive surveillance on the people, on the privacy. There has been a breach of democracy rights long time ago, and therefore, they are just now trying to clean out what has happened so far and to find a new definition. But basically, actual measurements haven’t been done so far.

As we look back, there had been that wish of Merkel to start this kind of a no-spy agreement with the US. Of course, the US were not accepting that; it would have helped nothing, because when you have a no-spy agreement it doesn’t mean that for example some other state from the Five Eyes, these five countries who do mass surveillance, won’t then do the espionage, so basically this doesn’t help. What we need is a complete new law about data, security, and this needs to be implemented internationally. And in fact we have a good chance when we look at Transatlantic Trade and Investment Partnership (TTIP), we could start putting this into it right now.

RT: British and German intelligence agents have reportedly been collaborating with the NSA. If that cooperation remains, how would that affect the proposed European network?

BK: Well, basically as long as Tempora, this British espionage is going on, nothing would change, especially with this idea of Schengen net. But basically to explain why it is not working, to create these national networks is just quite simple. Today all the data flows constantly around the world, we work with big data, we need to do like this internet travel between many accounts, through all borders. So you cannot create a kind of a national network. In fact, it’s quite sad that the NSA especially with this whistleblowing leaks from Snowden, it helps at the moment most of the national states to think about an internet with borders. What this basically means is that they can put much more mass surveillance on their own people. We can see this in Russia, we can see this in China, we can see this most likely now as a try also in Europe. And basically this is really sad because that is a step-back from the great opportunities what the internet gives all the people in the world, when we start now putting borders around it. It doesn’t help us at all, it just helps states to better control their people.

As we have recently seen what a kind of infiltration ways the US and NSA have, starting from Malware starting to copying all kind of communications from cell phones, from smart phones, from WLAN routers, from everywhere, I think that this kind of measurement would not help at all. Just look at the Germany, two of the big international mass surveillance stations of the NSA are right here in Germany.

RT: The proposal ultimately suggests fracturing the internet into independent zones. Would this change the World Wide Web as we know it?

BK: Of course, it would change it. In fact, in the last ITU conference there was a large discussion about fracturing the internet more and more, especially for states. If you look at the Far East, where [the countries] have much more control there over their people, over their citizens because they are afraid that some revolution like the Arab Spring could happen, they like to have more and more of these kinds of measurement. The sad the story is that most of the software from this is developed inside the Europe. In fact, we have a lot of programs on the European side, which help better to do this mass surveillance in the internet, which is fragmented in national states. And we, as a party, we fight really strictly against it because it means that the freedom which we all have voted for, the idea of the future which was put it into basic seed of the internet would be destroyed by a national totally controlled internet. And in fact, I don’t think that the people of the world would accept this. It is just at the moment we call it somehow that wet dream of some politicians, who like to have better control over their citizens but this, I hope, is over, and I think people in Europe would go to the street if something like this would happen.


Uh oh! So, at least according to this particular Pirate Party representative, Angela Merkel’s plan to wall off the European internet [45] will not only do nothing to prevent foreign surveillance, but it might also cause a restructuring of the internet around a state-based borders paradigm that could make it even easier for governments to control and surveil their citizens. But at least he sounds quite confident that no such internet-balkanization plan will ever come to fruition.


So what’s an actual solution that can balance privacy and security? What does Edward Snowden have to say on these topics? Might strong cryptography that no one can break be the answer [46]:

The Daily Beast
Edward Snowden: Not All Spying Is Bad
In an online Q&A, the fugitive leaker rejected a plea deal and issued some surprising statements on state surveillance.
01.24.14
Jacob Siegel

Edward Snowden may be under constant supervision in Russia, unable to return to the United States or travel freely, but the 30-year-old has never been more powerful.

President Obama’s announcement last Friday [47] of reforms to the United States surveillance program was addressed to the American public but the speech was also an answer to Snowden. The former NSA contractor’s massive leak of classified intelligence documents set in motion the public debate about federal spying that led to the proposals in President Obama’s speech and the even more extensive overhauls recommended by an independent agency [48] on Thursday.

Yesterday Snowden had his chance to respond, fielding selected questions sent by Twitter using the hashtag #AskSnowden.

Though Snowden gave some surprising answers [49], his exchange with the public was also notable for the questions he did not address, most notably the terms of his asylum or anything else to do with his hosts in Russia.

Here are the Five Biggest Revelations from Snowden’s Twitter Symposium:

He won’t take a plea deal to return to the U.S.

After the United States Attorney General Eric Holder rejected clemency but suggested the possibility of a plea deal yesterday, Snowden flatly ruled it out in a response to CNN’s Jake Tapper. Answering Tapper’s question, “Under what conditions would you agree to return to the U.S.?” Snowden stated that repatriation wasn’t possible due to the inadequacy of whistleblower protection laws in America, which he said would mean, “no chance to have a fair trial, and no way I can come home and make my case to a jury.”

“I never stole any passwords, nor did I trick an army of co-workers.”

Snowden denied reports [50] that he had gained access to some of the classified files he leaked by tricking coworkers into giving up their passwords in order to access their accounts. This point is significant because, in Snowden’s telling, it was the daily exposure to evidence of surveillance overreach in the course of doing his own job that led to his disillusionment and inspired his breach. If it’s true that Snowden deceived co-workers to access their accounts, it suggests that he went out of his way to find documents rather than coming across them in the course of his routine work, as he’s said.

Not all spying is bad

Answering a question about the appropriate scope of the U.S. national security program and whether any spying is justified, Snowden said, “Not all spying is bad. The biggest problem we face right now is the new technique of indiscriminate mass surveillance, where governments are seizing billions and billions and billions of innocents’ communication every single day.” What Snowden didn’t address is the kind of spying that he considers legitimate. More on that later.

Most spooks are good people; it’s the one percent that’s out to get you

“People at the working level at the NSA, CIA, or any other member of the IC are not out to get you. They’re good people trying to do the right thing,” Snowden said before warning that “the people you need to watch out for are the unaccountable senior officials authorizing these unconstitutional programs.”

We need a world body to oversee surveillance programs

Snowden, who twice contributed [51] money to Ron Paul’s election campaign, and is reported to have supported Paul’s call for a currency tied to the gold standard, seems highly out of step with the libertarian line on this one. How exactly a world body made up of states with competing interests and independent surveillance programs would agree to rules of spying is left a mystery, though Snowden does say that the key would be “the development of security standards that enforce our right to privacy not through law, but through science and technology.”

Woah!? Did uber-Libertarian [51] Edward Snowden call for a global body to oversee global surveillance programs? That’s a disarmingly optimistic goal and yet kind of weird. How exactly would that work since surveillance is not supposed to be detected? Will this world body have really power counter-espionage abilities and just operate everywhere to make sure no spying takes place? Will the UN get an ‘un-NSA’ ‘ to de-spy everything? Let’s take a closer look at Snowden’s ‘world body’ idea [52]:

freesnowden.is

Live Q&A with Edward Snowden: Thursday 23rd January, 8pm GMT, 3pm EST

@mperkel #ASKSNOWDEN They say it’s a balance of privacy and safety. I think spying makes us less safe. do you agree?

Intelligence agencies do have a role to play, and the people at the working level at the NSA, CIA, or any other member of the IC are not out to get you. They’re good people trying to do the right thing, and I can tell you from personal experience that they were worried about the same things I was.

The people you need to watch out for are the unaccountable senior officials authorizing these unconstitutional programs, and unreliable mechanisms like the secret FISA court, a rubber-stamp authority that approves 99.97% of government requests (which denied only 11 requests out of 33,900 in 33 years http://www.motherjones.com/mojo/2013/06/fisa-court-nsa-spying-opinion-reject-request [53]. They’re the ones that get us into trouble with the Constitution by letting us go too far.

And even the President now agrees our surveillance programs are going too far, gathering massive amounts of private records on ordinary Americans who have never been suspected of any crime. This violates our constitutional protection against unlawful searches and seizure. Collecting phone and email records for every American is a waste of money, time and human resources that could be better spent pursuing those the government has reason to suspect are a serious threat.

I’m going to stop here. My deepest thanks to everyone who sent questions, and whether or not we agree on where the lines should be drawn, I encourage you to contact your members of congress and tell them how you feel about mass surveillance. This is a global problem, and the first step to tackling it is by working together to fix it at home.

If you’d like to more ideas on how to push back against unconstitutional surveillance, consider taking a look at the organizations working together to organize https://thedaywefightback.org/ [54].

Note Snowden’s statement, “This is a global problem, and the first step to tackling it is by working together to fix it at home”. This is an important underlying tension at work in crafting policy solutions to the problems of mass-surveillance. Like many global problems, mass-surveillance in an age where technology increasingly enables mass-surveillance abuses is going to require some sort of ‘mass’ response. A global response of fixes at home. But as is also the case with many global problems, nations that unilaterally attempt to implement a solution (curtailing surveillance, in this instance) are potentially going to find themselves at a disadvantage if their neighbors don’t follow suit. Yes, global problems require global solutions and global solutions which is why so few global problems actually get solved.

Skipping down…

@LukasReuter #AskSnowden How should the community of states react to the new information concerning surveillance? What actions have to be made?

We need to work together to agree on a reasonable international norm for the limitations on spying. Nobody should be hacking critical-to-life infrastructure like hospitals and power stations, and it’s fair to say that can be recognized in international law.

Additionally, we need to recognize that national laws are not going to solve the problem of indiscriminate surveillance. A prohibition in Burundi isn’t going to stop the spies in Greenland. We need a global forum, and global funding, committed to the development of security standards that enforce our right to privacy not through law, but through science and technology. The easiest way to ensure a country’s communications are secure is to secure them world-wide, and that means better standards, better crypto, and better research.

@midwire How quickly can the NSA, et. al. decrypt AES messages with strong keys #AskSnowden Does encrypting our emails even work?

As I’ve said before, properly implemented strong encryption works. What you have to worry about are the endpoints. If someone can steal you keys (or the pre-encryption plaintext), no amount of cryptography will protect you.

However, that doesn’t mean end-to-end crypto is a lost cause. By combining robust endpoint security with transport security, people can have much greater confidence in their day to day communications.

@savagejen Do you think it is possible for our democracy to recover from the damage NSA spying has done to our liberties? #AskSnowden

Yes. What makes our country strong is our system of values, not a snapshot of the structure of our agencies or the framework of our laws. We can correct the laws, restrain the overreach of agencies, and hold the senior officials responsible for abusive programs to account.

Yes, we can “correct the laws, restrain the overreach of agencies, and hold the senior officials responsible for abusive programs to account” in the US. Hypothetically. And maybe even across Europe. But as Snowden pointed out above, ending mass surveillance is a global problem that requires a global political solutions. But, of course, there’s nothing stopping a government from secretly spying even if they claim they aren’t, so technical solutions are also required if we really want to create a spy-free world. As Snowden put it:

A prohibition in Burundi isn’t going to stop the spies in Greenland. We need a global forum, and global funding, committed to the development of security standards that enforce our right to privacy not through law, but through science and technology. The easiest way to ensure a country’s communications are secure is to secure them world-wide, and that means better standards, better crypto, and better research.


Yes, we can hold as many ‘global forums’ as we want, but setting up global regulations on surveillance is kind of like trying to get governments to promise not to lie: how we enforce those rules isn’t exactly obvious, especially given the secretive nature of spying. An easier, and much more effective approach to thwarting spying, would be to develop the hardware, software, and encryption standards that are virtually unbreakable. For example, if agencies like the NSA didn’t find loopholes and exploits our digital infrastructure for the purpose of spying but instead found these vulnerabilities and then informed the public and manufacturers about the vulnerabilities and helped fix them we would actually have a much much more secure internet. Everything could be truly encrypted. So we just need folks to develop strong encryption software tools and then fix up the backdoors in the hardware and everyone can have strongly encrypted digital communications, right? Well, not quite. We already have stronge encryption tools that no one can defeat. At least not that we know of. But it’s not a “if you build it, they will come scenario”…it’s more of a ‘ignorant chicken and apathetic egg’ scenario [55]:

The Washington Post
NSA-proof encryption exists. Why doesn’t anyone use it?

By Timothy B. Lee
June 14, 2013 at 10:50 am

Computer programmers believe they know how to build cryptographic systems that are impossible for anyone, even the U.S. government, to crack. So why can the NSA read your e-mail?

Last week, leaks revealed that the Web sites most people use every day are sharing users’ private information with the government. Companies participating in the National Security Agency’s program, code-named PRISM, include Google, Facebook, Apple and Microsoft.

It wasn’t supposed to be this way. During the 1990s, a “cypherpunk” movement predicted that ubiquitous, user-friendly cryptographic software would make it impossible for governments to spy on ordinary users’ private communications.

The government seemed to believe this story, too. “The ability of just about everybody to encrypt their messages is rapidly outrunning our ability to decode them,” a U.S. intelligence official told U.S. News & World Report [56] in 1995. The government classified cryptographic software as a munition, banning its export outside the United States. And it proposed requiring that cryptographic systems have “back doors” for government interception.

Make a mental note of the “cypherpunk” movement. Also note the US government’s concerns over encryption tools overtaking government’s code-breakers and the proposal to require “back doors”. We’re going to be returning to those topics a lot later.

Continuing…


The cypherpunks won that battle. By the end of the Clinton administration, the government conceded that the Internet had made it impossible to control the spread of strong cryptographic software. But more than a decade later, the cypherpunks seem to have lost the war. Software capable of withstanding NSA snooping is widely available, but hardly anyone uses it. Instead, we use Gmail, Skype, Facebook, AOL Instant Messenger and other applications whose data is reportedly accessible through PRISM.

And that’s not a coincidence: Adding strong encryption to the most popular Internet products would make them less useful, less profitable and less fun.

“Security is very rarely free,” says J. Alex Halderman, a computer science professor at the University of Michigan. “There are trade-offs between convenience and usability and security.”

Most people’s priority: Convenience

Consumers have overwhelmingly chosen convenience and usability. Mainstream communications tools are more user-friendly than their cryptographically secure competitors and have features that would be difficult to implement in an NSA-proof fashion.

And while most types of software get more user-friendly over time, user-friendly cryptography seems to be intrinsically difficult. Experts are not much closer to solving the problem today than they were two decades ago.

Ordinarily, the way companies make sophisticated software accessible to regular users is by performing complex, technical tasks on their behalf. The complexity of Google, Microsoft and Apple’s vast infrastructure is hidden behind the simple, polished interfaces of their Web and mobile apps. But delegating basic security decisions to a third party means giving it the ability to access your private content and share it with others, including the government.

Most modern online services do make use of encryption. Popular Web services such as Gmail and Hotmail support an encryption standard called SSL. If you visit a Web site and see a “lock” icon in the corner of your browser window, that means SSL encryption is enabled. But while this kind of encryption will protect users against ordinary bad guys, it’s useless against governments.

That’s because SSL only protects data moving between your device and the servers operated by Google, Apple or Microsoft. Those service providers have access to unencrypted copies of your data. So if the government suspects criminal behavior, it can compel tech companies to turn over private e-mails or Facebook posts.

That problem can be avoided with “end-to-end” encryption. In this scheme, messages are encrypted on the sender’s computer and decrypted on the recipient’s device. Intermediaries such as Google or Microsoft only see the encrypted version of the message, making it impossible for them to turn over copies to the government.

Software like that exists. One of the oldest is PGP, e-mail encryption software released in 1991. Others include OTR (for “off the record”), which enables secure instant messaging, and the Internet telephony apps Silent Circle and Redphone.

But it’s difficult to add new features to applications with end-to-end encryption. Take Gmail, for example. “If you wanted to prevent government snooping, you’d have to prevent Google’s servers from having a copy of the text of your messages,” Halderman says. “But that would make it much harder for Google to provide features like search over your messages.” Filtering spam also becomes difficult. And end-to-end encryption would also make it difficult for Google to make money on the service, since it couldn’t use the content of messages to target ads.

A similar point applies to Facebook. The company doesn’t just transmit information from one user to another. It automatically resizes users’ photos and allows them to “tag” themselves and their friends. Facebook filters the avalanche of posts generated by your friends to display the ones you are most likely to find the most interesting. And it indexes the information users post to make it searchable.

These features depend on Facebook’s servers having access to a person’s private data, and it would be difficult to implement them in a system based on end-to-end encryption. While computer scientists are working on techniques for creating more secure social-media sites, these techniques aren’t yet mature enough to support all of Facebook’s features or efficient enough to serve hundreds of millions of users.

Other user headaches

End-to-end encryption creates other headaches for users. Conventional online services offer mechanisms for people to reset lost passwords. These mechanisms work because Apple, Microsoft and other online service providers have access to unencrypted data.

In contrast, when a system has end-to-end encryption, losing a password is catastrophic; it means losing all data in the user’s account.

Also, encryption is effective only if you’re communicating with the party you think you’re communicating with. This security relies on keys — large numbers associated with particular people that make it possible to scramble a message on one end and decode it on the other. In a maneuver cryptographers call a “man in the middle” attack, a malicious party impersonates a message’s intended recipient and tricks the sender into using the wrong encryption key. To thwart this kind of attack, sender and recipient need a way to securely exchange and verify each other’s encryption keys.

“A key is supposed to be associated closely with a person, which means you want a person to be involved in creating their own key, and in verifying the keys of people they communicate with,” says Ed Felten, a computer scientist at Princeton University. “Those steps tend to be awkward and confusing.”

And even those who are willing to make the effort are likely to make mistakes that compromise security. The computer scientists Alma Whitten and J.D. Tygar explored these problem in a famous 1999 paper called “Why Johnny Can’t Encrypt.” They focused on PGP, which was (and still is) one of the most popular tools for users to send encrypted e-mail.

PGP “is not usable enough to provide effective security for most computer users,” the authors wrote.

Going with the flow

Felten argues that another barrier to adopting strong cryptography is a chicken-and-egg problem: It is only useful if you know other people are also using it. Even people who have gone to the trouble of setting up PGP still send most of their e-mail in plain text because most recipients don’t have the capability to receive encrypted e-mail. People tend to use what’s installed on their computer. So even those who have Redphone will make most of their calls with Skype because that’s what other people use.

Halderman isn’t optimistic that strong cryptography will catch on with ordinary users anytime soon. In recent years, the companies behind the most popular Web browsers have beefed up their cryptographic capabilities, which could make more secure online services possible. But the broader trend is that users are moving more and more data from their hard drives to cloud computing platforms, which makes data even more vulnerable to government snooping.

Strong cryptographic software is available to those who want to use it. Whistleblowers, dissidents, criminals and governments use it every day. But cryptographic software is too complex and confusing to reach a mass audience anytime soon. Most people simply aren’t willing to invest the time and effort required to ensure the NSA can’t read their e-mail or listen to their phone calls. And so for the masses, online privacy depends more on legal safeguards than technological wizardry.

The cypherpunks dreamed of a future where technology protected people from government spying. But end-to-end encryption doesn’t work well if people don’t understand it. And the glory of Google or Facebook, after all, is that anyone can use them without really knowing how they work.

Edward Snowden called for the use of “end-to-end crypto” to secure everyday communications in the question and answer session above:

“However, that doesn’t mean end-to-end crypto is a lost cause. By combining robust endpoint security with transport security, people can have much greater confidence in their day to day communications.”

But as we just saw, truly strong encryption requires peer to peer implementation to remain truly strong. If Bob wants to send an email to Alice they can both do so in a manner that no one should be able to thwart, but only if it’s only Bob and Alice setting up the enrypted communication. Once Bob and Alice start using a third party service to handle these steps, that encryption is now only as strong as the trustworthiness of that third party.

And then then there’s the fact that an ever growing list of cryptographic keys have to be safely stored by the individual and if those keys are lost no one can ever get that data again. As Cryptolocker has been teaching a growing number of people [57], it kind of sucks when your data gets encrypted and you don’t have the keys.

you might be able to use text searchable strongly enrypted email services that even the goverment can’t read [7]

ZDNet
Mega to fill secure email gap left by Lavabit

Summary: Kim Dotcom’s privacy company Mega prepares a ‘cutting-edge’ email encryption service.
By Rob O’Neill | August 11, 2013 — 06:40 GMT (23:40 PDT)

Kim Dotcom’s “privacy company” Mega is developing secure email services to run on its entirely non-US-based server network as intense pressure from US authorities forces other providers to close.

Last week, Lavabit, which counted NSA leaker Edward Snowden as a user, closed and Silent Circle closed its secure email service. Lavabit’s owner, Ladar Levison, said [58] he was shutting it down to avoid becoming “complicit in crimes against the American people”.

Last week, Mega chief executive Vikram Kumar told ZDNet that the company was being asked [59] to deliver secure email and voice services. In the wake of the closures, he expanded on his plans.

Kumar said work is in progress, building off the end-to-end encryption and contacts functionality already working for documents in Mega.

“The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side,” Kumar said.

“If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That’s] not quite impossible, but very, very hard. That’s why even Silent Circle didn’t go there.”

A big issue is handling emails to and from non-encrypted contacts when Mega’s core proposition is end-to-end encryption, Kumar said.

“On this and other fronts, Mega is doing some hugely cutting-edge stuff,” he said. “There is probably no one in the world who takes the Mega approach of making true crypto work for the masses, our core proposition.”

Kumar said Mega is taking theoretic sounding technology such as Bloom filters [60], and making them work for the masses. Work is also under way to keep Mega secure, even if SSL/TLS is compromised.

“[It’s] exciting stuff, but very hard, so I think it will take months more to crack it,” he said. “But Mega will never launch anything that undermines its end-to-end encryption core security proposition and doesn’t work for the mythical grandmother.”

Meanwhile, Kim Dotcom has said [61] that he may have to pull parts of Mega out of New Zealand if new surveillance legislation is passed into law.

Dotcom told TorrentFreak that the US government and the other Five Eyes partners, the UK, Canada, Australia, and New Zealand, are pushing new spy legislation to provide backdoors into internet services.

“The NZ government is currently aggressively looking to extend its powers with the GCSB [Government Computer Services Bureau] and the [Telecommunications Interception Capabilities] Act, which will force service providers with encryption capabilities to give them secret decryption access,” Dotcom said.

He added that it might force some relocation of Mega’s network to other jurisdictions, such as Iceland.

Dotcom explained that by design, Mega doesn’t hold decryption keys to customer accounts and “never will”.

Lavabit’s Levison said: “This experience has taught me one very important lesson: Without congressional action or a strong judicial precedent, I would — strongly — recommend against anyone trusting their private data to a company with physical ties to the United States.”

So there might indeed be true “end-to-end” encryption that even the NSA can’t break coming to the masses for services like email that, for the the first time, actually include features like text searching. And it will also overcome a key hurdle of getting everyone to use the same strong enryption tool. It doesn’t sound like it will be easy but it’s possible.

Kim Dotcom’s new plans are also a reminder that “end-to-end” encryption is only as good as the “ends”. In this case, it sounds like the plans for incorporating real service functionality, like searching, is all going to happen on the “client-side” (the user’s own computer) so if the end user’s computer is hacked, the emails are still being read by the NSA anyone else with access to the systsem. Encryption inherently complicates using and processing informatino. It’s not just a balance of privacy vs security. It’s also a balance of privacy vs utility. This is part of why the entire global discussion about this whole slew of topic is such mess: it’s inherently complicated. There are issues of access to data (like Germany’s plans to balkanizing the internet and encouraging domestic internet service providers), issues about whether or not you can do anything with the data even if you get your hands on it (encryption and government/private backdoors), and partly about something that encryption can’t do anything about: bugs in hardware and software design that inevitably pop up and can be exploited by anyone [62]. And then there’s the realpolitik and whether or not governments should have the rights to spy on one another at all.


Jacob Appelbaum’s anti-NSA
But it’s never really been about the right of the average person to have access plug-and-play access to fully encrypted digital technology that is beyond the reach of all third parties, public or private, because in order to make average people protected, you’d have to see governments working to basically prevent themselves from being able spy on any digital communication at all. Imagine the NSA working to stop all of the tricks and vulnerabilities it finds.

That’s actually of the solutions recommended by one of the key figures in the Snowden affair, Jacob Appelbaum. Appelbaum, a cyber-anarchist member of Wikileaks and the creator of Tor [63], first interacted with Edward Snowden when he was used by Laura Poitrois to verify Snowden’s technical expertise [64] in mid-May of 2013 (although questions about that timeline [65] have been raised). Appelbaum brought up the topic of encrypting everything and even getting the NSA to public announce and help fix all the expoits it finds during his recent presentation on advanced NSA surveillance at the 2013 Chaos Communication Congress [66]. Turn the NSA into the anti-NSA. The entire presentation is available here [67]. It’s just over an hour long and worth watching. The transcript of the entire talk is also available here [68]:

Naked Capitalism
Transcript: Jacob Appelbaum at 30c3: To Protect And Infect, The Militarization of the Internet
Posted on January 5, 2014 by Lambert Strether

Lambert here: A few days ago, Yves posted on Jacob Appelbaum’s talk on the NSA at 30c3 [69] computing conference, and said:

You must watch this talk, even if some parts are a bit technical for mere mortals. No matter how bad you think the NSA’s information surveillance and capture is, I can just about guarantee that this will show you that it’s an order of magnitude worse than you imagined.

This post is a transcript of Appelbaum’s talk, including the 50-odd slides, and some reference material from Der Spiegel. Note that if you click on a slide, you are taken to the point in Applebaum’s talk where the slide appears. (For more information on the slides, see “Notes on transcript slides” at the end of the transcript.)

By the transcriber, with editorial assistance from Cujo359, flora, hipparchia, jcasey, panicboy, weldon, and an unknown individual who threw their own transcript over the transom, at Corrente.

30c3: To Protect And Infect, Part 2 The militarization of the Internet

YouTube [70] published on Dec 30, 2013 by: Jacob “@ioerror” Applebaum

Audio file on Soundcloud [71]

The Transcript

Act One

Jacob Appelbaum: So recently we heard a little bit about some of the low-end corporate spying that’s often billed as being sort of like the hottest, most important stuff, so the FinFisher, the Hacking Team, the VUPEN and sort of in that order it becomes more sophisticated and more and more tied in with the National Security Agency. There are some Freedom of Information Act requests that have gone out that actually show VUPEN being an NSA contractor, writing exploits, that there are some ties there.

Skipping down to ~17 minutes into the talk…


This is a Close Access Operations box. It is basically car metasploit for the NSA, which is an interesting thing. But basically they say that the attack is undetectable, and it’s sadly a laptop running free software. It is injecting packets. And they say that they can do this from as far away as eight miles to inject packets, so presumably using this they’re able to exploit a kernel vulnerability of some kind, parsing the wireless frames, and, yeah. I’ve heard that they actually put this hardware, from sources inside of the NSA and inside of other intelligence agencies, that they actually put this type of hardware on drones so that they fly them over areas that they’re interested in and they do mass exploitation of people.

Now, we don’t have a document that substantiates that part, but we do have this document that actually claims that they’ve done it from up to eight miles away.

So that’s a really interesting thing because it tells us that they understand that common wireless cards, probably running Microsoft Windows, which is an American company, that they know about vulnerabilities and they keep them a secret to use them. This is part of a constant theme of sabotaging and undermining American companies and American ingenuity. As an American, while generally not a nationalist, I find this disgusting, especially as someone who writes free software and would like my tax dollars to be spent on improving these things, and when they know about them I don’t want them to keep them a secret because all of us are vulnerable. It’s a really scary thing.

Skipping down to ~25 minutes into the talk…

So this is important, because members of the U.S. Congress, they have no clue about these things. Literally, in the case of the technology. Ask a Congressman about TCP/IP. Forget it. You can’t even get a meeting with them. I’ve tried. Doesn’t matter. Even if you know the secret interpretation of Section 215 of the PATRIOT Act and you go to Washington, D.C. and you meet with their aides, they still won’t talk to you about it. Part of that is because they don’t have a clue, and another part of it is because they can’t talk about it because they don’t have a political solution. Absent a political solution, it’s very difficult to get someone to admit that there is a problem.

Well, there is a problem, so we’re going to create a political problem and also talk about some of the solutions.

The Cypherpunks generally have come up with some of the solutions when we talk about encrypting the entire internet. That would end dragnet mass surveillance in a sense, but it will come back in a different sense even with encryption. We need both a marriage of a technical solution and we need a political solution to go with it, and if we don’t have those two things, we will unfortunately be stuck here.

But at the moment the NSA, basically, I feel, has more power than anyone in the entire world – any one agency or any one person. So Emperor Alexander, the head of the NSA, really has a lot of power. If they want to right now, they’ll know that the IMEI of this phone is interesting. It’s very warm, which is another funny thing, and they would be able to break into this phone almost certainly and then turn on the microphone, and all without a court.

And, finally, Skipping down to ~50 minutes into the talk…


Here’s a hardware back door which uses the I2C interface because no one in the history of time other than the NSA probably has ever used it. That’s good to know that finally someone uses I2C for something – okay, other than fan control. But, look at that. It’s another American company that they are sabotaging. They understand that HP’s servers are vulnerable and they decided, instead of explaining that this is a problem, they exploit it. And IRONCHEF, through interdiction, is one of the ways that they will do that.

So I want to really harp on this. Now it’s not that I think European companies are worth less. I suspect especially after this talk that won’t be true, in the literal stock sense, but I don’t know. I think it’s really important to understand that they are sabotaging American companies because of the so-called home-field advantage. The problem is that as an American who writes software, who wants to build hardware devices, this really chills my expression and it also gives me a problem, which is that people say, “Why would I use what you’re doing? You know, what about the NSA?” Man, that really bothers me. I don’t deserve the Huawei taint, and the NSA gives it. And President Obama’s own advisory board that was convened to understand the scope of these things has even agreed with me about this point, that this should not be taking place, that hoarding of zero-day exploits cannot simply happen without thought processes that are reasonable and rational and have an economic and social valuing where we really think about the broad-scale impact.

As Jacob Appelbaum and Edward Snowden both acknowledge, dramatically increasing encryption standards would go a long way towards curtailing spying, but even perfect encryption wouldn’t stop surveillance because there are all sort of other ways to gain access to the data once its decrypted on your computer. But the mass dragnet-style spying could, at least in theory, be heavily curtailed if spy agencies actually set out to pre-emptively close off the vulnerabilities they find, but encrypting the internet won’t stop the Spywarepocalypse [72].

Now, take a moment and imagine the scenario where the public in nations demanding that their spy agencies publicly announce any secret backdoors those agencies find. It’s a political solution that forces the implementation of a technical solution to the problem of spying that intelligence agencies probably aren’t inclined to implement on their own. It’s also one heck of a political solution to the problem of states surveillance abuses because it entails nations intentionally defanging their ability to know what’s going on in the world. But it’s a useful possibility to imagine because it highlights the fact that – should we ever acheive a world without want, need, poverty, extremism, and ecological collapse, and all the other factors that lead to major conflicts – we could actually create a world were there’s no need to spy and no need to fear embracing the anti-spy agency. Now take another moment and compare that vision of a world without want, need, poverty, extremism, and ecological collapse, and all the other factors that lead to major conflicts and compare that vision to the world we live in [73]. It’s a reminder that meaningful guarantees of privacy for the public at large can’t easily be separated from world peace and prosperity in the modern age.

Weaponized privacy?
But what if some countries aren’t willing to turn their spy agencies into anti-spy agencies and aren’t willing to stop “sabotaging” their domestic software by either refusing to inform the public of exploits its agencies find or even forces the inclusion of secret backdoors? There is one thing that could prevent the proliferation of spyware and backdoor exploits: labeling companies like Microsoft that work with governments to set up secret backdoors as sabtours and no just no long using that software. Just boycott all software developed in countries with governments that mandate backdoors and never use any web services by comanies operating in those countreis. That would work. After all, Appelbaum notes, why would people want to buy software developed in the US when everyone knows the NSA can hack it?

These are valid question to be asking, but the idea of turning the NSA into an anti-spying agency raises a number of questions that don’t get asked enough. For instance, let’s imagine a hypothetical country that was very intent on securing all of its communications from external and internal surveillance. Let’s call this country Jermanee. What if Jermanee developed and sold virtually unhackable hardware and software that was made extra-secure with the help of Jermanee’s intelligence services. And what if this software was sold all over the world as a safe, secure alternative to global competitors and user-friendly enough to really catch on for mainstream use and overcome the “chicken and egg” problem currently facing strong encryption. No one can spy on anyone, at least not on their digital communications if they’re using these hardware and software platforms. Governments can’t spy on other their citizens’ digital communtications or on other governments. Hackers effectively become obsolete. And, simultaneous, no one can censor anyone too. People could, in theory, swap whatever content they want safely and anonymously even under repressive regimes as long as they can obtain this super-hardware and software. And this security would be government-backed, at least to the best abilities of Jermanee’s government services

That sort of describes a dream scenario, right? Well, it does sound really nice, but it raises questions. Questions like: what happens when there’s forms of digital content that are genuinely harmful that we’de actually really like to censor because its just devastating to individuals if it isn’t somehow interdicted and censored after we’ve encrypted the internet? What happens when we’ve established the infrastructure that makes it effectively impossible to know who is sending what to whom and gain legal access to that data when legitimate law enforcement or national security operations are underway? What are the implications of that kind of choice in technology and what are our options at that point in dealing with harmful digital content?

Cypherpunks: Freedom and the Future of the Internet [74]. As mentioned above [55], the Cypherpunks and affiliated anarchists have been fixated on these issues for decades. That’s partly because it was the early cypherpunk community of the early 90’s that was helping to ensure strong encryption tools were going to be available to the public at all [10]:

The Verge
Cypherpunk rising: WikiLeaks, encryption, and the coming surveillance dystopia

By R. U. Sirius on March 7, 2013 10:32 am

In 1989, when the internet was predominantly ASCII-based and HyperCard [75] had yet to give birth (or at least act as a midwife) to the world wide web, R.U. Sirius launched Mondo 2000. “I’d say it was arguably the representative underground magazine of its pre-web day,” William Gibson said in a recent interview [76]. “Posterity, looking at this, should also consider Mondo 2000 as a focus of something that was happening.”

Twenty years ago, it was cypherpunk that was happening.

And it’s happening again today.

Early cypherpunk in fact and fiction
Cypherpunk was both an exciting new vision for social change and a fun subculture dedicated to making it happen

Flashback: Berkeley, California 1992. I pick up the ringing phone. My writing partner, St. Jude Milhon, is shouting down the line: “I’ve got it! Cypherpunk!”

Jude was an excitable girl and she was particularly excitable when there was a new boyfriend involved. She’d been raving about Eric Hughes for days. I paid no attention.

At the time, Jude and I were contracted to write a novel titled How to Mutate and Take Over the World. I wanted the fiction to contain the truth. I wanted to tell people how creative hackers could do it — mutate and take over the world — by the end of the decade. Not knowing many of those details ourselves, we threw down a challenge on various hacker boards and in the places where extropians gathered to share their superhuman fantasies. “Take on a character,” we said, “and let that character mutate and/or take over.” The results were vague and unsatisfying. These early transhumanists didn’t actually know how to mutate, and the hackers couldn’t actually take over the world. It seemed that we were asking for too much too soon.

And so I wound up there, holding the phone away from my ear as Jude shouted out the solution, at least to the “taking over” part of our problem. Strong encryption, she explained, will sever all the ties binding us to hostile states and other institutions. Encryption will level the playing field, protecting even the least of us from government interference. It will liberate pretty much everything, toute de suite. The cypherpunks would make this happen.

For Jude, cypherpunk was both an exciting new vision for social change and a fun subculture dedicated to making it happen. Sure, I was skeptical. But I was also desperate for something to hang the plot of our book on. A few days later I found myself at the feet of Eric Hughes — who, along with John Gilmore and Tim May, is considered one of the founders of the cypherpunk movement — getting the total download.

This was my first exposure to “The Crypto Anarchist Manifesto.” Written by Tim May, it opens by mimicking The Communist Manifesto: “A specter is haunting the modern world, the specter of crypto anarchy.” In a fit of hyperbole that perfectly foreshadowed the mood of tech culture in the 1990s — from my own Mondo 2000 to the “long boom” of digital capitalism — May declared that encrypted communication and anonymity online would “alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret.” The result would be nothing less than “both a social and economic revolution.”

Just as a seemingly minor invention like barbed wire made possible the fencing-off of vast ranches and farms, thus altering forever the concepts of land and property rights in the frontier West, so too will the seemingly minor discovery out of an arcane branch of mathematics come to be the wire clippers which dismantle the barbed wire around intellectual property.

Those words were written way back in 1988. By 1993, a bunch of crypto freaks were gathering fairly regularly in the San Francisco Bay Area. In his lengthy Wired cover story [77], Steven Levy would describe them as mostly “having beards and long hair — like Smith Brothers [cough drops] gone digital.” Their antics would become legendary.

John Gilmore set off a firestorm by sharing classified documents on cryptography that a friend of his had found in public libraries (they had previously been declassified). The NSA threatened Gilmore with a charge of violating the Espionage Act, but after he responded with publicity and his own legal threats, the NSA — probably recognizing in Gilmore a well-connected dissident who they couldn’t intimidate — backed down and once again declassified the documents.

Phil Zimmermann’s PGP (Pretty Good Privacy) software was being circulated largely thanks to cypherpunk enthusiasts. According to Tim May’s Cyphernomicon, PGP was “the most important crypto tool” available at the time, “having single-handedly spread public key methods around the world.” It was available free of charge for non-commercial users, and complete source code was included with all copies. Most importantly, May wrote, “almost no understanding of how PGP works in detail is needed,” so anyone could use its encryption to securely send data over the net.

In April 1993, the Clinton administration announced its encryption policy initiative. The Clipper Chip [78] was an NSA-developed encryption chipset for “secure” voice communication (the government would have a key for every chip manufactured). “Not to worry,” Phil Zimmermann cuttingly wrote [79] in an essay about PGP. “The government promises that they will use these keys to read your traffic only ‘when duly authorized by law.” Not that anyone believed the promises. “To make Clipper completely effective,” Zimmermann continued, “the next logical step would be to outlaw other forms of cryptography.” This threat brought cypherpunks to the oppositional front lines in one of the early struggles over Internet rights, eventually defeating government plans.

The Clipper Chip is a piece of history [80] that deserves extra attention these days because its pretty much the 1993-94 analogue to today’s debate over whether or not anything or everything should be mandatorially hackable for law enforcement purposes. Would intimidating transparency – like the public enforcement of a “Clipper Chip” in everyone’s communication device – be a catalyst for improving surveillance oversight and reforming the legal system? This is where parallel universes would be handy. We’re going to be returning to the topic of the Clipper Chip.

Continuing…

John Gilmore summed up the accomplishments of the cypherpunks in a recent email: “We did reshape the world,” he wrote. “We broke encryption loose from government control in the commercial and free software world, in a big way. We built solid encryption and both circumvented and changed the corrupt US legal regime so that strong encryption could be developed by anyone worldwide and deployed by anyone worldwide,” including WikiLeaks.

As the 1990s rolled forward, many cypherpunks went to work for the man, bringing strong crypto to financial services and banks (on the whole, probably better than the alternative). Still, crypto-activism continued and the cypherpunk mailing list blossomed as an exchange for both practical encryption data and spirited, sometimes-gleeful argumentation, before finally peaking in 1997. This was when cypherpunk’s mindshare seemed to recede, possibly in proportion to the utopian effervescence of the early cyberculture. But the cypherpunk meme may now be finding a sort of rebirth in one of the biggest and most important stories in the fledgeling 21st century.

I am annoyed
This is beginning to sound very much like a dystopian fantasy

Flashback: 1995. Julian Assange’s first words on the cyperpunk email list: “I am annoyed.”

Of course, Julian Assange has gone on to annoy powerful players all over the world as the legendary fugitive editor-in-chief and spokesperson for WikiLeaks, publisher of secret information, news leaks, and classified media from anonymous sources. And while the mass media world has tracked nearly every aspect of Assange’s personal drama, it’s done very little to increase people’s understanding of WikiLeaks’ underlying technologies or the principles those technologies embody.

In the recent book Cypherpunks: Freedom and the Future of the Internet, Assange enlists the help of three fellow heroes of free information to set the record straight, aligning those principles with the ideas that Tim May dreamed up in 1989 with “The Crypto Anarchist Manifesto.”

Note that the ideology of Tim May, godfather of the cypherpunks, is discussed quite a bit in Robert Manne’s 2011 article The Cypherpunk Revolutionary – Julian Assange [81]. Quite the optimist, May “thought the state to be the source of evil in history. He envisaged the future as an Ayn Rand utopia of autonomous individuals dealing with each other as they pleased. Before this future arrived, he advocated tax avoidance, insider trading, money laundering, markets for information of all kinds, including military secrets, and what he called assassination markets not only for those who broke contracts or committed serious crime but also for state officials and the politicians he called “Congressrodents”. He recognised that in his future world only elites with control over technology would prosper. No doubt “the clueless 95%” – whom he described as “inner city breeders” and as “the unproductive, the halt and the lame” – “would suffer, but that is only just”. May acknowledged that many cypherpunks would regard these ideas as extreme.”

Continuing…


The book is based on a series of conversations filmed for the television show The World Tomorrow while Assange was on house arrest in Norfolk, England during all of 2011. Attending were Jacob Appelbaum, the American advocate and researcher for the Tor project who has been in the sights of US authorities since substituting as a speaker for Assange at a US hackers conference; Andy Müller-Maguhn, one of the earliest members of the legendary Chaos Computer Club; and Jérémie Zimmerman, a French advocate for internet anonymity and freedom.

The conversation is sobering. If 1990s cypherpunk, like the broader tech culture that it was immersed in, was a little bit giddy with its potential to change the world, contemporary cypherpunk finds itself on the verge of what Assange calls “a postmodern surveillance dystopia, from which escape for all but the most skilled individuals will be impossible.”

How did we get here? The obvious political answer is 9/11. The event provided an opportunity for a vast expansion of national security states both here and abroad, including, of course, a diminution of protections against surveillance. The legalities involved in the US are a confusing and ever-shifting set of rules that are under constant legal contestation in the courts. Whatever the letter of the law, a September 2012 ACLU [82] bulletin gave us the essence of the situation:

Justice Department documents released today by the ACLU reveal that federal law enforcement agencies are increasingly monitoring Americans’ electronic communications, and doing so without warrants, sufficient oversight, or meaningful accountability.

The documents, handed over by the government only after months of litigation, are the attorney general’s 2010 and 2011 reports on the use of “pen register” and “trap and trace” surveillance powers. The reports show a dramatic increase in the use of these surveillance tools, which are used to gather information about telephone, email, and other Internet communications. The revelations underscore the importance of regulating and overseeing the government’s surveillance power.

“In fact,” the report continues, “more people were subjected to pen register and trap and trace surveillance in the past two years than in the entire previous decade.”

Beyond the political and legal powers vested in the US intelligence community and in others around the world, there is the very real fact that technology once only accessible to the world’s superpowers is now commercially available. One example documented on WikiLeaks (and discussed in Cypherpunks) is the Zebra strategic surveillance system sold by VASTech [83]. For $10 million, the South African company will sell you a turnkey system that can intercept all communications in a middle-sized country. A similar system called Eagle was used in Gadhafi’s Libya, as first reported by The Wall Street Journal in 2011. Sold by the French company Amesys, this is a commercial product, right down to the label on the box: “Nationwide Intercept System.” In the face of systems designed to scoop up all electronic communication and store it indefinitely, any showcase civil libertarian exceptions written into the surveillance laws are meaningless. But the threat isn’t limited to the surveillance state. There are more than a few self-interested financial players with $10 million lying around, many of whom would love to track all the private data in a several thousand mile radius.

All of this is beginning to sound very much like a dystopian fantasy from cyberpunk science fiction.
Total surveillance

If, in 1995, some cypherpunks had published a book about the upcoming “postmodern surveillance dystopia,” most commentators would have shrugged it off as just a wee bit paranoid and ushered them into the Philip K. Dick Reading Room. Now, it is more likely that people will shrug and say, “that ship has already sailed.”

David Brin seems to think so. The author of The Transparent Society is well known for his skepticism regarding the likelihood of maintaining most types of privacy as well as his relative cheerfulness in the face of near universal transparency. In an email, I asked him about the cypherpunk ethic, as expressed by Julian Assange: “privacy for the weak and transparency for the powerful.”

Brin’s response was scathing. The ethic, he says, is “already enshrined in law. A meek normal person can sue for invasion of privacy, a prominent person may not.” He’s just getting started:

But at a deeper level it is simply stupid. Any loophole in transparency ‘to protect the meek’ can far better be exploited by the mighty than by the meek. Their shills, lawyers and factotums will (1) ensure that ‘privacy protections’ have big options for the mighty and (2) that those options will be maximally exploited. Moreover (3) as I show in The Transparent Society [83], encryption-based ‘privacy’ is the weakest version of all. The meek can never verify that their bought algorithm and service is working as promised, or isn’t a bought-out front for the NSA or a criminal gang.

Above all, protecting the weak or meek with shadows and cutouts and privacy laws is like setting up Potemkin villages, designed to create surface illusions. Anyone who believes they can blind society’s elites — of government, commerce, wealth, criminality and tech-geekery — is a fool…

In other words, cypherpunk may be doing a disservice by spreading the illusion of freedom from surveillance.

I posed a similar question to Adrian Lamo, who reported Bradley Manning to federal authorities. Not surprisingly, Lamo is even more cynical.

“Privacy is quite dead,” he responded to me in an email. “That people still worship at its corpse doesn’t change that. In [the unreleased documentary] Hackers Wanted I gave out my SSN, and I’ve never had cause to regret that. Anyone could get it trivially. The biggest threat to our privacy is our own limited understanding of how little privacy we truly have.”

In Cypherpunks, Assange raises an essential point that at least partly refutes this skepticism: “The universe believes in encryption. It is easier to encrypt information than it is to decrypt it.” And while Appelbaum admits that even strong encryption can’t last forever, saying, “We’re probably not using one hundred year (safe) crypto,” he implies that pretty good privacy that lasts a pretty long time is far better than no privacy at all.

Assuming that some degree of privacy is still possible, most people don’t seem to think it’s worth the effort. The cypherpunks and their ilk fought to keep things like the PGP encryption program legal — and we don’t use them. We know Facebook and Google leak our personal online habits like a sieve and we don’t make much effort to cover our tracks. Perhaps some of us buy the good citizen cliché that if you’re not doing anything wrong, you don’t have anything to worry about, but most of us are just opting for convenience. We’ve got enough to deal with day to day without engaging in a privacy regimen. Occasionally, some slacker may lose his job because he posted a photo of himself cradling his bong or the like, but as with civil liberties more generally, as long as the daily outrages against individuals don’t reach epic proportions, we rubberneck in horror and then return to our daily activities.

Beneath this complacent surface lies a disquieting and mostly unexamined question. To what degree is the ubiquity of state surveillance a form of intimidation, a way to keep people away from social movements or from directly communicating their views?

Do you hesitate before liking WikiLeaks on Facebook?

As Jacob Appelbaum said, “we’re probably not using one hundred year (safe) crypto,” (encrpytion is so strong that it’ll take computers 100 years from now to decrypt) but pretty good privacy that lasts a pretty long time is far better than no privacy at all. And that’s certainly true under most circumstances. But what about the Cypherpunk proposals to “encrypt the internet”? Appelbaum pointed out in his Chaos Communication Congress talk [68] that encrypting the the internet (and just generally maximizing encrpytion standards) cannot thwart all spying, and a political component is necessary because future exploits can alway be found as long as you have agencies with vast resources dedicated to learning how to spy more effectively. In other words, the public needs to demand the political reforms that basically turn spy agencies into anti-spy agencies. A sort of ‘no-spy’ agreement for everyone.

The Cypherpunks and The Four Horesment of the Infopocalypse
But if we do embrace strong encryption for the masses – making it the default setting for hardware and software – what about the kind of stuff Tim May was advocating that could be enabled with an unhackable digitial infrastructure? Stuff like “insider trading, money laundering, markets for information of all kinds, including military secrets, and what he called assassination markets not only for those who broke contracts or committed serious crime but also for state officials and the politicians he called “Congressrodents”.” How do we balance the need for privacy with the need not to have truly anonmyous assassination markets? And what happens of an assassination market operating in Country A is successfully used against politicians in Countries B and C? Is that an act of war if the Country A’s laws specifically protect the assassination markets? And what about child pornography? Is it just open season at that point?

Well, we get quite a few answers in Cypherpunks: Freedom and the Future of the Internet [74]. The entire four-way conversation was filmed and is available online (the book is basically a transcript of the conversation). The uncut version is broken up into two parts (part 1 [84] and part 2 [85]) and it gives us an idea of what kind sacrifices have to be made if a society that embraces strong encryption. The whole thing is about 3 1/2 hours long and it’s certainly worth viewing. Many of the questions asked during the 3 1/2 are actually important issues that society should have been asking itself years ago. And as you’ll find out when you hear their answers to these difficult questions, privacy isn’t free.

For example, jump to ~31 minutes into part 1 [84] and you’ll hear a discussion about the balance between the need for privacy vs legitimate law enforcement needs. Keep listening for the next 5 minutes or so. At ~34 minues Julian Assange interjects that, in theory, society with the technological infrastructure that allow mass surveillance but, in practice, such a system would be so technologically complext that there is no way possible that any society could restrain abuse through policies. In other words, policy solutions might be nice in theory but are also impossible. Keep in mind that Assange is an anarchist, but it does also suggest that in Assange’s view the political and technical solutions where governments regulate themselves aren’t really possible.

Now jump to ~57 1/2 minutes on part 1 [84] where Assange draws parallels between the the US 2nd Amendment and cryptographic tools. Similar to the idea that the right to bear arms prevents tyranny in the US because the populace can engage in an armed revolt is, Assange sees the for the public to develop cryptographic tools to wage a digital revolt and retake control of digital privacy by force. ~59 minutes, Jacob Appelbaum jumps in to make an important point that one difference in the analogy between guns and encryption tools is that encryption tools are inherently resistant to violence: no matter how powerful a government might be, if it can’t solve the math problem encrypting the data it can’t see it. No matter what. This is an important point that must be reiterated: we can design encryption that no existing entity can crack. Maybe in the future it’ll be cracked, but, at least in theory, virtually unbreakable-for-a-period-of-time encryption should be possible.

This reality of the potential for unbreakable encryption, again, raises the question: what do we do about things like terrorism-related communcations, money-laundering, or child pornography that suddenly become much harder to stop? Well, jump to ~1 hour 7 minutes into part 1 [84] and you’ll hear Jacob Appelbaum’s answer: we should just accept that these things will be super-encrypted and accept that as the price paid for unbreakable digital privacy.
And in case Appelbaum wasn’t clear enough in his answer, jump to ~1 hour 19 minutes in part 2 [85] where Jeremie Zimmermann discusses child pornagraphy as an example of the type of data that even Cypherpunks would agree must be actively removed from servers. But they didn’t all agree. Jacob Appelbaum actually said that Zimmermann’s attitude towards child pornography made him want to vomit because it would be an act of erasing history and that historical information could help catch the perpetrators (this topic is apparently a pet peeve of Appelbaum’s [86]). Julian Assange then chimes in with an anecdote suggesting that the removal of child pornography also has the unfortunate effect of reducing the public drive to crack down on it and catch the perpetrators.

While few would probably expect an internet built to the whims of cyber anarchists to be very child-friendly, it may be a little surprisingto learn just how child-unfriendly the encrypted internet might be. Unless, of course, Assange and Appelbaum are correct in their assumption that a world that legalizes child pornography would actually lead to less abuse (again, this is where parallel universes would be nice). It’s a strangely optimistic outlook for such cynics. But when you’re a cyber anarchist – where all governments are deemed to be inherently untrustworthy, all censorship leads to out of control abuse of power, and, more generally, all potential abuses of power will eventually transpire – risks will have to be taken by society and sacrifices will have to be made. Sometimes child sacrifices.

So what Merkel’s solution? How about we all get chipped?
So, let’s take a moment to review some of what we’ve learned so far about relationship between spying, encryption, the barriers facing the creation of a truly private and useful global digital infrastructure, and the associated with creating that world. And then let’s try and relate it to Angela Merkel’s proposal to wall off the EU internet and begin an agressive counter-espionage campaign. So we’ve learned:

1. [87] The German public is freaking-out about NSA spying while the government feins ignorance.

2. [88] The Five-Eyes spying alliance don’t spy on each other without permission.

3. [89] Merkel wants in on the Five-Eyes alliance in order to obtain a no-spy agreement.

4. [90] Oh wait, the Five-Eyes actually spy on each other without permission.

5. [91] Germany is already in the 14-Eyes and Merkel was already really pissed about not getting “upgraded” to the 9-Eyes.

6. [92] Germany already has plans to significantly expand their surveillance capabilities.

7. [93] In response to not getting a no-spy agreement, Merkel is proposing an EU-intranet and agressive counter-espionage against the US and UK. It would also break the internet.

8. [94] German Pirate Bruno Kramm views this EU-intranet scheme as theatrics that would do little to prevent surveillance and might actually make it easier for oppressive regimes to censor and surveil their populaces. Only international treaties can truly stop the spying.

9. [95] Edward Snowden asserts that better cryptography world-wide is the key to greater privacy and end-to-end cryptography is still usefull.

10. [96] End-to-end cryptography that is anti-NSA proof does indeed already exist. It’s free. It’s a pain in the ass to use. It’s only useful if the other other people you’re communicating with are also using it. And it mostly breaks the functionality of most of the software that actually makes that data you want encrypted worth having in the first place.

11. [63] German data-storage king Kim Dotcom is planning on developing fully-functional, NSA-proof email services using client-side (end user) tools to carry out the useful features on the data. It’s expensive, but possible.

12 [97]. Wikileaks hacker and co-reporter on the Snowden documents [98], Jacob Appelbaum, is also advocating much stronger encryption standards as the primary tool for prevent surveillance abuses. He also wants to see the NSA turned into the anti-NSA.

13 [99]. Appelbaum, Julian Assange, and two other Cypherpunks published a manifesto that strongly predicted the current global debate and all four largely agree that extremely strong cryptographic tools are, indeed, required. There was, however, some disagreement on whether or not every form of digital content should be legalized in order to avoid even the possibility of censorship.

Now, looking at all that, there’s a REALLY BIG question: What on earth does Angela Merkel have in mind? Is this entire EU-firewall plan purely symbolism that will accomplish nothing in terms of enhances privacy as Bruno Kramm suggests? Could the German government actually be planning on developing an entire new suite of unhackable hardware and software? After all, if the new EU-intranet is still hackable what’s the point? But it it really was unhackable, wouldn’t Germany and the entire EU become become some sort of digital crime safehaven? How can the EU set up an internet that the NSA can’t hack but EU law enforcement can? Is that even possible?

It is indeed possible, at least in theory. There happens to be a solution that is both technical and political. It’s the same solution the NSA was pining for and the Cypherpunks successfully fought against in the early 90’s. Yep! Remember the Clipper Chip mentioned above? That’s the political and technical solution that Germany and the EU needs. Instead of making encryption publicly available (thus forcing the NSA and other law enforcement agencies to secret backdoors around the encryption), the Clipper Chip solution takes a very different approach: the decryption keys for all encrypting hardware and software are escrowed away by a government agency, only to be used when needed for law enforcement purposes. That way, incredibly strong encryption can be employed by public at large without worry about random hackers but governments are still able to decrypt the data when neccesary. It’s certainly not an ideal solution if it’s a government agency that can’t be trusted, but, at least in theory, such an approach could limit the spying to only the governments that have access to that decryption key database. Sound tempting? No? Kind of creepy and Orwellian? Yeah, that’s how Americans felt about the ‘Clipper Chip’ idea two decades ago when the NSA was trying to convince everyone to get chipped [8]:

Wired
Don’t Worry Be Happy

The National Security Agency states its case for why key escrow encryption – aka the Clipper Chip – is good for you. A Wired exclusive.

By Stewart A. Baker
Issue 2.06 | Jun 1994

With all the enthusiasm of Baptist ministers turning their Sunday pulpits over to the Devil, the editors of Wired have offered me the opportunity to respond to some of the urban folklore that has grown up around key escrow encryption — also known as the Clipper Chip.

Recently the Clinton administration has announced that federal agencies will be able to buy a new kind of encryption hardware that is sixteen million times stronger than the existing federal standard known as DES. But this new potency comes with a caveat. If one of these new encryption devices is used, for example, to encode a phone conversation that is subject to a lawful government wiretap, the government can get access to that device’s encryption keys. Separate parts of each key are held by two independent “escrow agents,” who will release keys only to authorized agencies under safeguards approved by the attorney general. Private use of the new encryption hardware is welcome but not required. That’s a pretty modest proposal. Its critics, though, have generated at least seven myths about key escrow encryption that deserve answers.

MYTH NUMBER ONE: Key escrow encryption will create a brave new world of government intrusion into the privacy of Americans.

Opponents of key escrow encryption usually begin by talking about government invading the privacy of American citizens. None of us likes the idea of the government intruding willy-nilly on communications that are meant to be private.

But the key escrow proposal is not about increasing government’s authority to invade the privacy of its citizens. All that key escrow does is preserve the government’s current ability to conduct wiretaps under existing authorities. Even if key escrow were the only form of encryption available, the world would look only a little different from the one we live in now.

In fact, it’s the proponents of widespread unbreakable encryption who want to create a brave new world, one in which all of us — crooks included — have a guarantee that the government can’t tap our phones. Yet these proponents have done nothing to show us that the new world they seek will really be a better one.

In fact, even a civil libertarian might prefer a world where wiretaps are possible. If we want to catch and convict the leaders of criminal organizations, there are usually only two good ways to do it. We can “turn” a gang member — get him to testify against his leaders. Or we can wiretap the leaders as they plan the crime.

I once did a human rights report on the criminal justice system in El Salvador. I didn’t expect the Salvadorans to teach me much about human rights. But I learned that, unlike the US, El Salvador greatly restricts the testimony of “turned” co-conspirators. Why? Because the co-conspirator is usually “turned” either by a threat of mistreatment or by an offer to reduce his punishment. Either way, the process raises moral questions — and creates an incentive for false accusations.

Wiretaps have no such potential for coercive use. The defendant is convicted or freed on the basis of his own, unarguable words.

In addition, the world will be a safer place if criminals cannot take advantage of a ubiquitous, standardized encryption infrastructure that is immune from any conceivable law enforcement wiretap. Even if you’re worried about illegal government taps, key escrow reinforces the existing requirement that every wiretap and every decryption must be lawfully authorized. The key escrow system means that proof of authority to tap must be certified and audited, so that illegal wiretapping by a rogue prosecutor or police officer is, as a practical matter, impossible.

MYTH NUMBER TWO: Unreadable encryption is the key to our future liberty.

Of course there are people who aren’t prepared to trust the escrow agents, or the courts that issue warrants, or the officials who oversee the system, or anybody else for that matter. Rather than rely on laws to protect us, they say, let’s make wiretapping impossible; then we’ll be safe no matter who gets elected.

This sort of reasoning is the long-delayed revenge of people who couldn’t go to Woodstock because they had too much trig homework. It reflects a wide — and kind of endearing — streak of romantic high-tech anarchism that crops up throughout the computer world.

The problem with all this romanticism is that its most likely beneficiaries are predators. Take for example the campaign to distribute PGP (“Pretty Good Privacy”) encryption on the Internet. Some argue that widespread availability of this encryption will help Latvian freedom fighters today and American freedom fighters tomorrow. Well, not quite. Rather, one of the earliest users of PGP was a high-tech pedophile in Santa Clara, California. He used PGP to encrypt files that, police suspect, include a diary of his contacts with susceptible young boys using computer bulletin boards all over the country. “What really bothers me,” says Detective Brian Kennedy of the Sacramento, California, Sheriff’s Department, “is that there could be kids out there who need help badly, but thanks to this encryption, we’ll never reach them.”

If unescrowed encryption becomes ubiquitous, there will be many more stories like this. We can’t afford as a society to protect pedophiles and criminals today just to keep alive the far-fetched notion that some future tyrant will be brought down by guerrillas wearing bandoleers and pocket protectors and sending PGP-encrypted messages to each other across cyberspace.

MYTH NUMBER THREE: Encryption is the key to preserving privacy in a digital world.

Even people who don’t believe that they are likely to be part of future resistance movements have nonetheless been persuaded that encryption is the key to preserving privacy in a networked, wireless world, and that we need strong encryption for this reason. This isn’t completely wrong, but it is not an argument against Clipper.

If you want to keep your neighbors from listening in on your cordless phone, if you want to keep unscrupulous competitors from stealing your secrets, even if you want to keep foreign governments from knowing your business plans, key escrow encryption will provide all the security you need, and more.

But I can’t help pointing out that encryption has been vastly oversold as a privacy protector. The biggest threats to our privacy in a digital world come not from what we keep secret but from what we reveal willingly. We lose privacy in a digital world because it becomes cheap and easy to collate and transmit data, so that information you willingly gave a bank to get a mortgage suddenly ends up in the hands of a business rival or your ex-spouse’s lawyer. Restricting these invasions of privacy is a challenge, but it isn’t a job for encryption. Encryption can’t protect you from the misuse of data you surrendered willingly.

What about the rise of networks? Surely encryption can help prevent password attacks like the recent Internet virus, or the interception of credit card numbers as they’re sent from one digital assistant to another? Well, maybe. In fact, encryption is, at best, a small part of network security.

The real key to network security is making sure that only the right people get access to particular data. That’s why a digital signature is so much more important to future network security than encryption. If everyone on a net has a unique identifier that others cannot forge, there’s no need to send credit card numbers — and so nothing to intercept. And if everyone has a digital signature, stealing passwords off the Net is pointless. That’s why the Clinton administration is determined to put digital signature technology in the public domain. It’s part of a strategy to improve the security of the information infrastructure in ways that don’t endanger government’s ability to enforce the law.

MYTH NUMBER FOUR: Key escrow will never work. Crooks won’t use it if it’s voluntary. There must be a secret plan to make key escrow encryption mandatory.

This is probably the most common and frustrating of all the myths that abound about key escrow. The administration has said time and again that it will not force key escrow on manufacturers and companies in the private sector. In a Catch-22 response, critics then insist that if key escrow isn’t mandated it won’t work.

That misunderstands the nature of the problem we are trying to solve. Encryption is available today. But it isn’t easy for criminals to use; especially in telecommunications. Why? Because as long as encryption is not standardized and ubiquitous, using encryption means buying and distributing expensive gear to all the key members of the conspiracy. Up to now only a few criminals have had the resources, sophistication, and discipline to use specialized encryption systems.

What worries law enforcement agencies –what should worry them — is a world where encryption is standardized and ubiquitous: a world where anyone who buys an US$80 phone gets an “encrypt” button that interoperates with everyone else’s; a world where every fax machine and every modem automatically encodes its transmissions without asking whether that is necessary. In such a world, every criminal will gain a guaranteed refuge from the police without lifting a finger.

The purpose of the key escrow initiative is to provide an alternative form of encryption that can meet legitimate security concerns without building a web of standardized encryption that shuts law enforcement agencies out. If banks and corporations and government agencies buy key escrow encryption, criminals won’t get a free ride. They’ll have to build their own systems — as they do now. And their devices won’t interact with the devices that much of the rest of society uses. As one of my friends in the FBI puts it, “Nobody will build secure phones just to sell to the Gambino family.”

In short, as long as legitimate businesses use key escrow, we can stave off a future in which acts of terror and organized crime are planned with impunity on the public telecommunications system. Of course, whenever we say that, the critics of key escrow trot out their fifth myth:

MYTH NUMBER FIVE: The government is interfering with the free market by forcing key escrow on the private sector. Industry should be left alone to develop and sell whatever form of encryption succeeds in the market.

In fact, opponents of key escrow fear that businesses may actually prefer key escrow encryption. Why? Because the brave new world that unreadable encryption buffs want to create isn’t just a world with communications immunity for crooks. It’s a world of uncharted liability. What if a company supplies unreadable encryption to all its employees, and a couple of them use it to steal from customers or to encrypt customer data and hold it hostage? As a lawyer, I can say it’s almost certain that the customers will sue the company that supplied the encryption to its employees. And that company in turn will sue the software and hardware firms that built a “security” system without safeguards against such an obvious abuse. The only encryption system that doesn’t conjure up images of a lawyers’ feeding frenzy is key escrow.

As encryption technology gets cheaper and more common, though, we face the real prospect that the federal government’s own research, its own standards, its own purchases will help create the future I described earlier — one in which criminals use ubiquitous encryption to hide their activities. How can anyone expect the standard-setting arms of government to use their power to destroy the capabilities of law enforcement — especially at a time when the threat of crime and terror seems to be rising dramatically?

By adopting key escrow encryption instead, the federal government has simply made the reasonable judgment that its own purchases will reflect all of society’s values, not just the single-minded pursuit of total privacy.

So where does this leave industry, especially those companies that don’t like either the 1970s-vintage DES or key escrow? It leaves them where they ought to be — standing on their own two feet. Companies that want to develop and sell new forms of unescrowed encryption won’t be able to sell products that bear the federal seal of approval. They won’t be able to ride piggyback on federal research efforts. And they won’t be able to sell a single unreadable encryption product to both private and government customers.

Well, so what? If companies want to develop and sell competing, unescrowed systems to other Americans, if they insist on hastening a brave new world of criminal immunity, they can still do so — as long as they’re willing to use their own money. That’s what the free market is all about.

Of course, a free market in the US doesn’t mean freedom to export encryption that may damage US national security. As our experience in World War II shows, encryption is the kind of technology that wins and loses wars. With that in mind, we must be careful about exports of encryption. This isn’t the place for a detailed discussion of controls, but one thing should be clear: They don’t limit the encryption that Americans can buy or use. The government allows Americans to take even the most sophisticated encryption abroad for their own protection. Nor do controls require that software or hardware companies “dumb down” their US products. Software firms have complained that it’s inconvenient to develop a second encryption scheme for export, but they already have to make changes from one country to the next — in language, alphabet, date systems, and handwriting recognition, to take just a few examples. And they’d still have to develop multiple encryption programs even if the US abolished export controls, because a wide variety of national restrictions on encryption are already in place in countries from Europe to Asia.

Times sure have changed! Except they haven’t. Until the the early 90’s, when digital communications and the internet to the mainstream for the first time in history, we never really had to ask ourselves “should we create the infrastructure that makes unbreakable encryption routine for everyone” before. And we still haven’t really answered the question. Sure, the public pretty resoundingly rejected the Clipper Chip solution, with the proposal dead by 1997 [100], but the public has also never accepted the idea that there should be digital content that is outside of the reach of a law enforcement. And that’s not really changed, even after all of the Snowden revelation. If you look at the general state of the debate over privacy and security these days, there’s seem consensus that people don’t like the government even having the capacity to spy on themselves [101] but they don’t really like the idea of a government that can’t spy on, say, the mafia either.

That’s sort of the default view point that most people would probably have on these kinds of topics, but it’s not a viable one because there really is a choice that has to be made: if you don’t want governments to have the capacity to engage in mass-surveillance in an age when everyone’s connecting up their computers together in giant global networks and sending gobs of information back and forth you need unbreakable personal encryption to somehow become standardized and that means unbreakable encryption for the mafia too. As Jacob Appelbaum puts it in the Cypherpunks discussion [84], the Four Horsemen of the Infopocalypse [9] (terrorists, pedophiles, drug dealers, and organized crime) are preferable to state-sanctioned spying but it’s not at all clear that the public at large shares those priorities.

How about we all get chipped and break the internet too!
Then again, the question over what kind of solutions the public would prefer are somewhat moot because the driving force in how the internet and digital security norms evolve going forward is clearly coming from the governments of Germany and Brazil and there are absolutely no indications that either government has any plans at all of fostering the developing of standardized unbreakable digital communications. Instead, the only plans are to make an anti-NSA infrastructure that fixes NSA-exploits. And one way to do that while still maintaining the abilities of Brazillian and German governments to continue spying on all the traffic flowing through their networks is to break the internet [9]:

The Verge
Will the global NSA backlash break the internet?

Brazil and Germany make moves to protect online privacy, but experts see a troubling trend toward Balkanization

By Amar Toor on November 8, 2013 10:30 am

The NSA’s ongoing surveillance has spurred many governments to pursue stronger data-protection laws, but there are growing concerns that this backlash could divide the internet along national borders, threatening the principles of openness and fluidity that it was founded upon.

In September, Brazil announced [102] plans to build a fiber-optic cable that would route internet traffic away from US servers, theoretically keeping its citizens’ data away from the NSA. The policy has yet to be implemented, and many question whether it will actually be effective, but others appear to be following Brazil’s lead.

In Germany, telecommunications companies are working to create encrypted email and internet services [103] that would keep user data within the country’s borders, and Switzerland’s Swisscom has begun building [104] a domestic cloud-service to attract companies that may have grown leery of American spying.

The idea is that such country-based networks will keep user data within national borders and away from the NSA, which would be forced to comply with governments’ privacy laws. But experts fear that they may lead to greater “Balkanization” — a term derived from the division of the Balkan Peninsula in the 19th century — transforming the unified web into a fragmented collection of national internets.

Note that the promises by the German government and their new “email mad in Germany” system will keep the traffic in Germany should not be confused with the claim that the newly proposed German internet (and now EU internet) won’t get spied on by the German government [105]. We’ll take a closer look at that below.

Continuing…

“The US has done a disservice to netizens everywhere — forcing people to choose between interconnectivity and privacy,” Sascha Meinrath, director of the Open Technology Institute at the New America Foundation, said in an email to The Verge. In an editorial [106] published last month, Meinrath likened internet Balkanization to the European railway system, where an array of different signaling technologies leads to “delays, inefficiencies, and higher costs” as trains cross borders.

The concept of a national internet is hardly new, though it has traditionally been associated with more repressive regimes. China’s so-called “Great Firewall” has effectively censored the internet for years, and Iran began laying the groundwork [107] for its own state-controlled web earlier this year. But the NSA controversy appears to have reignited and legitimized debates over national web sovereignty, raising the specter of an internet divided by firewalls and border controls.

“A Balkanized internet will look like the online world through the lens of the Chinese firewall or Iran’s Halal Internet,” Meinrath says. “It will be functionally stunted, less interoperable, more expensive to build and maintain, and full of unexpected pitfalls.”

But there have been lingering tensions over America’s web hegemony.Several countries called for a more globally representative [108] governance system at a summit last year in Dubai, and the NSA scandal that ignited seven months later only amplified calls for change.

“What the NSA has shown is that countries can still exert a great amount of force over the internet,” says Friedman, who authored a paper [109] last month on how governments can use web regulations to erect trade barriers. “It’s also shown that there are very different types of power, and it’s not distributed equally.”

Not surprisingly, the two countries to react most strongly to the NSA scandal — Brazil and Germany — are also the two spearheading calls for regulatory change. This week, the two countries formally proposed a UN resolution [110] calling for stronger internet privacy protection, echoing an impassioned speech that Brazilian president Dilma Rousseff delivered to the organization in September, after it was reported that the NSA had been conducting surveillance on her office.

“The concentration of power in the hands of a very few large companies — Facebook, Google — that’s what’s driving Balkanization,” says Geert Lovink, founding director of the Institute of Network Cultures research center in Amsterdam. “That actually is Balkanization.”

“Balkanization is seen as an atavism — something of the past that returns,” he continues. “But that is really not the case.”

Lovink acknowledges that American hegemony may have made the web more fluid and interoperable, though he says the NSA scandal has proven that “usability” isn’t the only thing citizens value. He welcomes the conflict that Brazil and Germany have introduced because it signals a shift away from a web dominated by the US “engineering class.”

What this new internet would look like remains uncertain. Some say further fragmentation may only make it easier for governments to flex their online muscles, leading to more of the surveillance and espionage that Brazil and Germany are looking to combat. In the absence of a governance structure based on consensus and openness, they say, regimes could lord over their domestic networks with impunity.

“The problem with internet governance is that the Americentric model is the worst one, except for all the others,” says Meinrath, channeling Winston Churchill. “I would like to see legal clarity — domestically and internationally — that re-establishes rule of law over surveillance and monitoring.”

“Otherwise, we create a new international norm whereby acceptable behavior includes widespread spying and hacking that detrimentally impacts us all.”

What’s going to follow the Americentric model and a web dominatd by the US “engineering class”? That’s the question of the day for the digital age. Brazil and Germany, in particular, presumably have something pretty specific in mind after calling for that upcoming conference on the future of the internet and we know its going to involve preventing NSA spying (or at least that will be the public spin). But it’s also obviously going to allow countries to continue spying on their own citizens as much as they want. And we know it President Rouseff is very interested in keeping as much of the internet traffic and data storage within Brazil as much data. But is that it? We’re going to potentially fragment the internet just to make it somewhat harder for countries to get their hands on the raw data flows? Nothing else much will change? Won’t governments just set up secret data-sharing agreements and/or find new ways to tap those cables [111]?

Could there be something else in mind? Could that something else possibly be a global balkanized Clipper Chip/key escrow system for a global balkanized internet? Might governments perhaps try to ensure that the hardware and software run inside their country have keys they only they have access to but no other government or entity has access to? Might a national hardware and software key escrow system at least be getting its foot in the door in Brazil [5]?

Al Jazeera America
On Internet, Brazil is beating US at its own game
by Bill Woodcock September 20, 2013 2:45PM ET
Analysis: Brazil’s official response to NSA spying obscures its massive Web growth challenging US dominance

U.S. National Security Agency documents from 2012 revealed this month by Glenn Greenwald show [112] that the intelligence agency recorded email and telephone calls of Brazilian and Mexican heads of state as well as the Brazilian state oil producer Petrobras and other energy, financial and diplomatic targets. It is unsurprising that a national intelligence agency would attempt to gather such information, and it can be argued that it was, however overzealously, doing the job American taxpayers are paying for. But it is also a disappointing, though illuminating, commentary on the state of the Internet that it was successful.

In response to the revelations, on Tuesday Brazilian President Dilma Rousseff announced measures to protect the privacy of Brazil’s citizens from NSA spying:

* Increase domestic Internet bandwidth production

* Increase international Internet connectivity

* Encourage domestic content production

* Encourage use of domestically produced network equipment

Rousseff could make these significant announcements not because of any government resolution or investment but because they are, by and large, successful existing Brazilian private-sector initiatives that have been under way for many years. Only those who haven’t been paying attention to Brazil’s phenomenal Internet development mistook the announcement for news; it was opportunistic spin on what Brazil has already been successfully doing for most of the past decade.

Nor is Brazil’s plan a repudiation of the United States. Brazil is following the path of Internet development that has been proven in the U.S. and is advocated [113] by the U.S. State Department. What’s interesting about Brazil is not that it’s defying the United States’ under-the-table agenda but that it’s doing so by executing moves from the U.S.’s above-the-table playbook so masterfully.

Encouraging domestic content

Regardless of where the cables run, users’ Internet traffic and stored data are not private if users select services that are provided from jurisdictions that do not respect their privacy. For instance, if a Brazilian user has a Hotmail email address and uses the Google-owned Orkut social-networking site, her email and social-network data are stored on servers in the United States and are thereby accessible to the NSA. Encouraging the formation and use of domestic alternatives allows Brazilian users’ communications to remain on Brazilian domestic infrastructure and their data to reside on hard disks in data centers in Sao Paulo and Rio de Janeiro rather than Redmond, Wash., and Portland, Ore.

Users follow the fickle winds of fad, however, and it is notoriously difficult for unhip governments to attract the attention of youth. So it may be difficult for the Brazilian government to pick a winner in the domestic social-networking space and promote its success. More likely, continuing to decrease the cost of domestic Internet traffic routing through infrastructural initiatives like IXPs and fiber-optic cable systems will create a strong economic incentive for all content providers, foreign and domestic, to host Brazilian users’ data within Brazil and thus within Brazilian regulatory jurisdiction. This appears to be where the Brazilian government is heading: toward a common understanding with the European Union on data privacy, harmonizing with its standards of protection for users’ personally identifiable information, or PII. Brazil hopes to compel companies that provide services to Brazilians to do so from servers in Brazil — which would subject them to Brazilian privacy regulation.

The president’s office has asked Correios, the Brazilian public postal service, to provide an encrypted email system to the public at no cost by next year. This comes less than a year after the postal service shuttered CorreiosNet, its prior hosted email offering. Coincidentally, the U.S. Postal Service operated the first such publicly hosted email system, E-COM [114], from 1982 to 1985, though with little success. Government-operated email systems can, however, succeed; the French Minitel system was wildly popular, serving 25 million people for 34 years. The proposed Brazilian system has the distinct advantage of being free, so it may succeed. If executed well, it could employ strong encryption, potentially with Brazilian governmental key-escrow [115], which would allow Brazilian law enforcement access but effectively deny access to foreign intelligence agencies.

Domestic network equipment

Perhaps the most controversial portion of the Brazilian plan is to encourage private-sector network operators in Brazil, whether foreign or domestic, to use only Brazilian-designed and -produced telecommunication equipment in their networks. This is intended to address the fear that “back doors” will come installed in equipment sourced internationally, making it vulnerable to wiretapping by foreign intelligence agencies. This same precaution has led some countries to ban [116] the use of Chinese-produced Huawei and ZTE gear from sensitive networks, but it also seems to penalize products [117] from Cisco and Juniper that have not shown similar vulnerabilities.

The near-term winners from any such policy are likely to be Datacom and Padtec (based in Rio Grande do Sul and Sao Paulo, respectively), which are the current suppliers of networking equipment for Brazilian government networks. This is likely to backfire in the long term, however, when those manufacturers try to grow beyond the Brazilian domestic market.

Like the satellite-development deal, this policy follows Brazil’s well-established pattern [118] of using high tariffs to displace foreign imports with domestic products. This strategy has worked brilliantly for Brazil in the past in the automotive and aerospace sectors and has been notably successful for many Asian economies. Nevertheless, stratospheric import tariffs on high-tech electronics have failed to jump-start a Brazilian electronics industry and have created substantial friction [119] with international computer and networking-equipment producers.

Unlike the automotive and aerospace industries, computer-networking and information technologies scale with the network effect: Their value is partly determined by their relationship with other technology products and their users. Such products are entirely dependent on seamless interoperability between them and equipment made by different companies. So if Datacom and Padtec profit from Brazilian governmental protectionism in the near term, they will pay the price in the long term when they try to expand into international markets, since they will face the suspicion of other governments that the reason the Brazilian government favors them is that they incorporate unique Brazilian back doors. In other words, this form of protectionism leads to the problems that Huawei and ZTE face today.

A free state-sponsored email system using strong encryption run out of the post office that could use government key escrows? Encouraging private-sector network operators to use Brazilian-designed and-produced telecommunication equipment in their networks? That sure sounds a lot like the “hey, we think you all should use this new Clipper Chip!”-approach that the US government was trying 20 years ago. Only instead of the internet being this fun new toy in 1994 that only seemed like it could be scary, it’s now 2014 and we know the internet is scary kind of scary with all sort of real life boogie men. And now that the NSA is the official global boogie-man-in-chief, the selling points of a Brazilian-Clipper Chip-like system that’s purportedly NSA-proof are more compelling than ever. These days, as long as it’s anti-NSA it sort of takes the the sting off of knowing the government has all those keys in escrow.

Worried about Brazil? Don’t be. They’re going to be protecting their privacy, European-style.
So could we be seeing the start of a Brazilian campaign on selling the idea of state-sponsored encryption services to the public? It’s starting to look like that sure looking like that. And it won’t be too surprising if the idea catches on, because who likes the idea of the NSA rooting around through their stuff. But it still be kind of surprising that there isn’t more concernt from privacy advocates over these plans with potentially global ramifications because Brazil isn’t just planning on offering voluntary state-sponsored excryption in response to the NSA scandal. As the above article points out, Brazil is also about to pass a law that mandates the local storage of personal data by internet firms [120] like Google and Facebook and the Brazilian parliament just passed an amendment to the upcoming Brazilian ‘Bill of Rights’ law that mandates internet service providers store personal data for 6 months no matter what [121].

So why aren’t there growing concerns that that the new Brizilian Bill of Rights will lead to widespread privacy abuses against Brazilians by the Brazilian government? Oh, right, Brazil’s new ‘Internet Bill of Rights’ and new European-style data protection framework. That’s why no one is concerned [4]:

PrivacyTracker.org

Will the New Year Bring New Privacy Laws to Brazil?
By The Hogan Lovells Privacy Team
01.28.14

The World Cup is not the only event to look out for in Brazil this year. Brazil has been developing two significant pieces of privacy legislation since the late 2000s, and it looks like they may be voted on soon. The Marco Civil da Internet (“Civil Internet Bill”) would establish what some have called an “Internet Bill of Rights” that includes data protection requirements and the preservation of net neutrality. The Data Protection Bill would establish a comprehensive, European-style data protection framework governing the processing of all personal data. The proposed laws would replace Brazil’s current sector-specific privacy framework. Brazil is the fifth largest country in the world, and the number of Brazilian Internet and smartphone users is growing rapidly. The new laws would therefore have a significant impact on organizations offering digital products or services to Brazilian consumers. We here provide background on the proposed laws and insights as to their potential impacts.

Brazil’s Civil Internet Bill would do more than just establish online privacy protections. The draft legislation effectively establishes an Internet Bill of Rights for Brazilians. These rights include privacy protections along with a fundamental right to access the Internet and a mandate for net neutrality. The law also regulates the enforcement of digital copyright issues and the online collection of evidence in criminal and civil investigations. In recent months, President Rousseff and members of the Worker’s Party have added new provisions to the Civil Internet Bill. The most controversial of these is a data localization rule, which would give Brazil’s executive branch the right to force operators of online services to store Brazilian data only in Brazilian data centers. Other amendments to the Civil Internet Bill include requiring service providers to obtain express consent from users prior to processing personal data online and providing that companies violating the Bill would be subject to suspension of Brazilian data collection activities or fines of up to 10% of the organizational revenues.

Critics have argued that the Civil Internet Bill, especially with its localization requirements, would raise operating costs significantly for companies doing business in Brazil. Several industry groups have noted that the localization requirements would undermine the decentralized nature of the Internet, which has facilitated the growth of global digital trade.

Brazil’s Data Protection Bill is modeled primarily on the European Data Protection Directive and would regulate the online and offline processing of personal data. The bill would give Brazilians the rights to access, correct, and delete personal data and require that organizations generally obtain express, informed consent prior to processing a Brazilian’s personal data. The Data Protection Bill would create a data protection authority, the National Data Protection Council. In the event of a data breach, companies would be required to notify the Council and sometimes the media. Like the EU data protection framework, the Data Protection bill would generally prohibit organizations from transferring personal data to countries not providing adequate protections for personal data. Although the Data Protection Bill does not specify which countries do provide adequate protections, it is likely that the Data Protection Council would not deem the United States to be one of those countries. Organizations violating the Data Protection Bill would face penalties of up to 20% of organizational revenue.

If one or both of these bills are passed into law, companies with Brazilian operations would likely have to implement significant changes to their privacy and security practices. Data localization requirements and cross-border transfer restrictions would have a substantial effect on business operations with questionable privacy and security benefits. For example, cyberattacks can occur no matter where data is stored.

In spite of the arguments being raised against the bills, however, the desire to establish Brazil as a leading player in the Global Multistakeholder Meeting on the Future of Internet Governance [122] to be held in São Paulo on April 23-24 may well prompt the Brazilian legislature to pass one or both laws in the next few months. Some reports indicate that the Civil Internet Bill will be voted on in February. A vote on the Data Protection Bill is likely to happen soon after. We will be watching the developments closely and evaluating how the changes may effect Brazilian companies as well as Latin American and global trade.

European-syle data-protection laws are coming to Brazil! That should be quite an exciting set of new rules for Brazilian internet users to anticipate once the EU finally decides ( via a secret trilogue [123]) what those laws are going to look like [124]. And it sounds like those new rules will also cut off data transmission to the United States over concerns over US spying, although, presumably Google, Facebook and other US firms that set up operations on Brazilian soil will continue to be able to offer services. It raises the question of what other countries will be cut off from Brazil over data-privacy concerns. China and Russia must certainly be on the no-go list and the rest of the Five Eyes would almost have be excluded. EU companies may not need to open branches in Brazil because they will presumbly already be compliant with Brazil’s new data-privacy laws (since those laws are supposed to be based on the “European-style” data privacy). But will any other nations on the planet be compliant? Micro-nations without intelligence agencies might be, but anyone else? What if Iceland turns itself into Kim Dotcom’s The Pirate Bay [7]? How about Sweden [125]?

And why is there so little outcry over the over the fact that Brazil is trying to get all this personal data stored locally using Brazilian-government sponsored hardware and software? The previous article [5] mentions concerns that this plan for encouraging Brazilian hardware and software could end up hurting the international brand for those Brazilian products specifically out of fears of Brazilian government backdoors. Why wouldn’t those fears exist? Is Brazil’s government planning on cutting itself off from ever accessing its own citizen’s digital data by building government-implemented strong-encryption that it can’t even decrypt itself? The recent amendment to Brazil’s Internet Bill of Rights calling for 6 months of data retention [121] certainly doesn’t suggest Brazil suddenly decided to turn itself into The Pirate Bay (not that some aren’t trying [126]). Doesn’t local data retention put Brazilians at greater risk of privacy abuses simply due to the possibility that the government will violate the new Bill of Rights after forcing its relocation to Brazilian servers? Did Brazil’s government suddenly obtain non-corruptibility credibility? It’s often argued that we should assume that if the NSA can violate your privacy it definitely will, regardless of the rules. That’s a core belief of the Cypherpunks (they are mostly anarchists, after all).

Oh, you thought European-style data-privacy included strong encryption? Uhhh…
Shouldn’t that skepticism apply to all intelligence organizations? For instance, when Germany set up its own “Email made in Germany” as an “anti-NSA” alternative to US email services, shouldn’t we be assuming the BND is spying on the new ‘anti-NSA’ “Email made in Germany” system since that ‘secure’ email service leaves the email completely unencrypted on Germany servers? Maybe? Maybe perhaps? [2]

Art Technica
Crypto experts blast German e-mail providers’ “secure data storage” claim
GPG developer calls move a “great marketing stunt at exactly the right time.”

by Cyrus Farivar – Aug 10 2013, 7:08am CDT

In the wake of the shutdown [127] of two secure e-mail providers in the United States, three major German e-mail providers have banded together [128] to say that they’re stepping forward to fill the gap. There’s just one problem: the three companies only provide security for e-mail in transit (in the form of SMTP TLS) and not actual secure data storage.

GMX, T-Online (a division of Deutsche Telekom), and Web.de—which serve two-thirds of German e-mail users—announced [129] on Friday that data would be stored in Germany and the initiative would “automatically encrypt data over all transmission paths and offer peace of mind that data are handled in compliance with German data privacy laws.” Starting immediately, users who use these e-mail services in-browser will have SMTP TLS enabled, and starting next year, these three e-mail providers will refuse to send all e-mails that do not have it enabled.

“Germans are deeply unsettled by the latest reports on the potential interception of communication data,” said René Obermann, CEO of Deutsche Telekom, in a statement [129]. “Our initiative is designed to counteract this concern and make e-mail communication throughout Germany more secure in general. Protection of the private sphere is a valuable commodity.”

These companies have dubbed this effort “E-mail made in Germany [130],” and tout “secure data storage in Germany as a reputable location.” In practice, that appears (Google Translate) [131] to simply mean that starting in 2014, these providers will “only transport SSL-encrypted e-mails to ensure that data traffic over all of their transmission paths is secure.”

Germany has notoriously strong data protection laws—likely the strongest in the world. But those laws do have law enforcement exceptions for security agencies, like the BND, Germany’s equivalent to the National Security Agency. The BND likely can easily access e-mails stored unencrypted on German servers with little legal or technical interference. Clearly, forcing users (particularly less tech-savvy ones) to use SMTP TLS provides a modicum of better protection for data in transit, but it’s hardly anywhere close to improved security for stored data.

Law enforcement can still get stored e-mail

German tech media and the well-respected Chaos Computer Club have lambasted this approach, dismissing it as “pure marketing.”

“The basic problem with e-mail is that it’s a postcard readable by all—[this] changes nothing,” wrote Andre Meister on the noted Netzpolitik.org blog [132] (German).

Lukas Pitschl of GPGTools [133] told Ars this was merely a “marketing stunt,” which would “not add real value to the security of e-mail communication.”

“If you really want to protect your e-mails from prying eyes, use OpenPGP or S/MIME on your own desktop and don’t let a third-party provider have your data,” he told Ars. “No one of the ‘E-Mail made in Germany’ initiative would say if they encrypt the data on their servers so they don’t have access to it, which they probably don’t and thus the government could force them to let them access it.”

The Chaos Computer Club practically laughed [134] (Google Translate) at this new announcement:

“What competitors [have had] for years as standard—a forced encryption when accessing a personal e-mail account—is now sold promotionally as a new, effective technological advancement,” the group wrote. “The NSA scandal has shown that centralized services are to be regarded as not trustworthy when it comes to access by secret [agencies].”

Oh wow, does this mean Germany isn’t turning its government-built email service into The Pirate Bay either? Well that’s sure unexpected.

Still, it could be argued that one should feel safer having the BND controlling thier personal data vs the NSA if one was given the choice. But it’s unclear why the BND would be deemed more acceptable since, as the Snowden Documents demonstrate, the BND has already been caught handing off “massive amounts” of phone data to the NSA [42] and Germany is clearly very interested in dramatically expanding its surveillance capabilities [34]. And, perhaps more importantly, the moves by Brazil and now the EU to wall off and balkanize internet traffic and potentially mandate local data storage are actually removing the choice where your data is held. This is currently being hailed as a necessary measure to protect citizen’s privacy but, again, it’s really unclear why that’s the case [6]:

indexoncensorship.org
Don’t gerrymander the internet

By Leslie Harris / 4 November, 2013

We can partially blame gerrymandering for the current gridlock in the U.S. Congress. By shaping the electoral map to create politically safe spaces, we have generated a fractious body that often clashes rather than collaborates, limiting our chances of resolving the country’s toughest challenges. Unfortunately, revelations about the global reach of American security surveillance programs under the National Security Agency (NSA) are leading some to propose what amounts to gerrymandering for the internet in order to route around NSA spying. This will shackle the internet, inherently change its technical infrastructure, throttle innovation, and likely lead to far more dangerous privacy violations around the globe.

Nations are rightly upset that the communications of their citizens are swept up in the National Security Agency’s pervasive surveillance dragnet. There is no question the United States has overreached and violated human rights in its collection of communications information on innocent people around the globe; however, the solution to this problem should not, and truly cannot, be data localization mandates that restrict data storage and flow.

The calls for greater localization of data are not new, but the recent efforts of Brazil’s President, Dilma Rouseff, to protect Brazilians from NSA spying [135] reflected the view of many countries suddenly faced with a new threat to the privacy of the communications of their citizens. Rouseff has been an advocate for internet freedom, so undoubtedly her proposal is well intentioned, though the potential unintended repercussions are alarming.

First, it’s important to consider the technical reasons why data location requirements are a really bad idea. The Internet developed in a widely organic manner, creating a network that allowed data to flow from all corners of the world – regardless of political boundaries, residing everywhere and nowhere at the same time. This has helped increase the resilience of the internet and it has promoted significant efficiencies in data flow. As is, the network routes around damage, and data can be wherever it best makes sense and take an optimal route for delivery.

Data localization mandates would turn the internet on its head. Instead of a unified internet, we would have a fractured internet that may or may not work seamlessly. We would instead see districts of communications that cater to specific needs and interests – essentially we would see Internet gerrymandering at its finest. Countries and regions would develop localized regulations and rules for the internet to benefit them in theory, and would certainly aim to disadvantage competitors. The potential for serious winners and losers is huge. Certainly the hope for an internet that promotes global equality would be lost.

Data localization may only be a first step. Countries seeking to keep data out of the United States or that want to exert more control over the internet may also mandate restrictions on how data flows and how it is routed. This is not far-fetched. Countries such as Russia, the United Arab Emirates, and China have already proposed this [136] at last year’s World Conference on International Telecommunications.

Most important though, is the potential for fundamental harm to human rights due to data localization mandates. We recognize that this is a difficult argument to accept in the wake of the revelations about NSA surveillance, but data localization requirements are a double-edged sword. It is important to remember that human rights and civil liberties groups have long been opposed to data localization requirements because if used inappropriately, such requirements can become powerful tools of control, intimidation and oppression.

When companies were under intense criticism for turning over the data of Chinese activists to China, internet freedom activists were united in theirs calls to keep user data out of the country. When Yahoo! entered the Vietnamese market, it placed its servers out of the country in order to better protect the rights of its Vietnamese users. And the dust up between the governments of the United Arab Emirates, Saudi Arabia, India, and Indonesia, among others, demanding local servers for storage of BlackBerry messages [137] in order to ensure legal accountability and meet national security concerns, was met with widespread condemnation. Now with democratic governments such as Brazil and some in Europe touting data localization as a response to American surveillance revelations, these oppressive regimes have new, albeit inadvertent, allies. While some countries will in fact store, use and protect data responsibly, the validation of data localization will unquestionably lead to many regimes abusing it to silence critics and spy on citizens [138]. Beyond this, data server localization requirements are unlikely to prevent the NSA from accessing the data. U.S. companies and those with a U.S. presence will be compelled to meet NSA orders, and there appear to be NSA access points around the world.

Data localization is a proposed solution that is distracting from the important work needed to improve the Internet’s core infrastructural elements to make it more secure, resilient and accessible to all. This work includes expanding the number of routes, such as more undersea cables and fiber runs, and exchange points, so that much more of the world has convenient and fast Internet access. If less data is routed through the U.S., let it be for the right reason: that it makes the Internet stronger and more accessible for people worldwide. We also need to work to develop better Internet standards that provide usable privacy and security by default, and encourage broad adoption.

Protecting privacy rights in an era of transborder surveillance won’t be solved by ring fencing the Internet. It requires countries, including the U.S., to commit to the exceedingly tough work of coming to the negotiating table to work out agreements that set standards on surveillance practices and provide protections for the rights of privacy and free expression for people. Germany and France [139] have just called for just such an agreement with the U.S. This is the right way forward.

In the U.S., we must reform our surveillance laws, adopt a warrant requirement for stored email and other digital data, and implement a consumer privacy law. The standards for government access to online data in all countries must likewise be raised. These measures are of course much more difficult in the short run that than data localization requirements, but they are forward-looking, long-term solutions that can advance a free and open internet that benefits us all.

So, at least in theory, some countries might store, use, and protect data responsibly once we transition to a local storage paradigm. But also, in theory, these same countries could mandate local data storage, set up fancy privacy laws, and then proceed to violate them. Clearly we should all hope that the former scenario is what will actually take place, but which scenario should we actually expect? Is Brazil going to abide by its new Internet Bill of Rights [140]? Will Germany actually abide [141] by its notoriously strict privacy laws [142]? How about the rest of the EU [143]? How about the rest of the world?

Now, here’s twisted possibility: Could it be that Germany and Brazil are currently trying to gain access to data on their own citizens that only NSA and/or US tech firms have access to and isn’t sharing? After all, we keep hearing about how Angela Merkel wants to establish a ‘no spy’ agreement. But, as we’ve [90] seen [91], the Five Eye’s agreement that Angela Merkel wants to join isn’t a no spy agreement. It’s a pro-spy agreement. So, could it be that the Snowden affair is being used as an opportunity to mandate that citizens in Brazil, Germany, and now the entire EU must leave virtually all of their online digital data on servers that are fully accessible to those governments? And might the move to develop non-US hardware and software in order to thwart the NSA’s actions simultaneously be maximixing access to personal data by those exact same governments using their own government backdoors and key escrows? Could the balkanization of the internet actually lead to a concentration of personal data storage in everyone’s home country. Maybe?

And might Angela’s proposal to wall off the EU and begin engaging in counter-espionage actually be an attempt to drive people away from US-based technology and into the arms of EU and Brazilian hardware manufacturers that with new, fancy, all-exclusive back-doors? Are there any indications that these governments are planning on building hardware and software that even their own security services can’t hack? Or might the anti-NSA backlash also be acting as a backdoor for selling the globe on the new Clipper Chip 3.0 paradigm? We’ve already seen the Clipper Chip 1.0 get rejected by the public. The seemingly endless technical exploits that can attack any system that the Snowden Documents are exposing are basically Clipper Chip 2.0. It’s like a meta-Clipper Chip. Could this new wave anti-NSA hardware and software [144] (and the breakup of the internet) be the rollout of Clipper Chip 3.0? The anti-NSA meta-Clipper Chip all sorts of new exploits in supposedly newly secured platforms?

It’s Back to the Future. Specifically, it’s Back to 1993-94 and then the Future
These are just a handful of the questions that have been raised about how we’re going to balance privacy and security. They’re critical questions to ask not only because we actually need answers to them to know how to move forward but also because the global debate seems to be taking place as if these questions have already been answered and the Cypherpunk solution of standardizing unbreakable strong encryption is the global public’s choice. The CCC laughed off [2] Germany’s “Email made in Germany” service because law enforcement could still access the content and across the world people are shocked that the NSA can hack into just about anything. And the public at large naturally recoils at the idea of something like a Clipper Chip that makes so easy for governments to hack into you personal data. But was the US’s public rejection of the Clipper Chip in the 1990’s, when the internet was still in its infancy, an open embrace of the Four Horesmen of the Infopocalyse [2]? Because that’s how the topic is generally treated…if the NSA or any intelligence or law enforcement agency is discovered to have found or built-in a vulnerability that is seen, by default, as a horrible threat to society that will surely be abused. At the same time, nearly everyone seems to agree that there are legitimate reasons for spying. Even Snowden [145].

So how exactly do we create the world where legitimate spying takes place if we also decide to create a world where strong encryption become routine and standardized? Sure, as we saw above, actually making strong encryption routine and standardized is costly and time-consuming, but it’s possible. What model, other than the Clipper Chip/government key-escrow model run by a trustworthy government, actually satisfies those conditions? Are there any other models? The above article ends with some very good advice:


Protecting privacy rights in an era of transborder surveillance won’t be solved by ring fencing the Internet. It requires countries, including the U.S., to commit to the exceedingly tough work of coming to the negotiating table to work out agreements that set standards on surveillance practices and provide protections for the rights of privacy and free expression for people. Germany and France [139] have just called for just such an agreement with the U.S. This is the right way forward.

In the U.S., we must reform our surveillance laws, adopt a warrant requirement for stored email and other digital data, and implement a consumer privacy law. The standards for government access to online data in all countries must likewise be raised. These measures are of course much more difficult in the short run that than data localization requirements, but they are forward-looking, long-term solutions that can advance a free and open internet that benefits us all.

Now, it was probably a mischaractization to describe what Germany and France called for as a common set of standards that will “provide protections for the rights of privacy and free expression for people” since they clearly want in on the pro-spying Five Eyes club. But the larger point is absolutely critical: There really is no long-term solution to balancing privacy and security that doesn’t involve governments engaging in self-restraint and acting for the greater good. In other words, The real challenge is electing the kind of elected officials that appoint the kind of public officials that appoint the kind of senior officers that hire that kind of professionals that you would trust to baby sit your kids and just generally be good and decent. THAT’s the challenge of the surveillance age. Creating governments you can trust. Everywhere. Yeah, that’s a really hard soultion to implement, but it’s also our only real choice in the long run because it’s the only solution that can help fix all of the other horrible problems facing humanity and life on earth over the next century. Help us, Obi-Wan Kenobie high-quality democratic societies working together, you’re our only hope.

One of the reasons it’s so important to take a step back and question some of the underlying assumptions on this topic is that the Cypherpunk perspective is basically leading the global discussion on these matters and that perspective assumes that accountable goverments are simply impossible. At least, that’s the perspective that appears to be held by folks like Jacob Appelbaum and Julian Assange (and presumably Edward Snowden, given his political leanings [51]). But, at the same time, we keep hearing from folks like Snowden, Appelbaum, and Assange that we’ll need technical and political solutions to the challenges of balancing privacy and security. The technical solution offered by the Cypherpunks is clear: strong encryption that no one can break [146] for the masses. The political solution offered by Snowden seem to revolve around fixing the laws on warrants and prosecuting senior US officials involved with setting policy [52]. Similarly, Jacob Appelbaum thinks “it’s important to find out who collaborated and who didn’t collaborate. In order to have truth and reconciliation, we need to start with a little truth.” [68] And as we saw above, he also wants the NSA to become the anti-NSA.

Now, that would be pretty sweet if we had an actual truth and reconcilition commission on anything because, wow, the odds of that happening for any topic anywhere are so tiny its sad and there are a lot of different area of reality that need truth and reconciliation. But is the prosecution of senior US officials and widespread implementation of strong encryption that even the NSA can’t break a realistic set of long-term solutions? Has the public really internalized the idea of embracing standardized unbreakable strong excryption and accepting the Four Horesmen of the Infopocalypse [9] as the price to be paid for digital privacy? Until the global public actually engages in that debate for real in the global internet age we’re not really going to be able to come up with solutions and that the public can get behind. And if we can’t get real solutions that the public can get behind that means crappy solutions that enable more spying by even more governments and break the internet are more likely to succeed. Real privacy is going to require real sacrifices. Right now, the US’s solution appears to involve shifting data storage to the private-sector. Is that an improvement? [147] Are you sure? [148]

Maybe we have to begin talking about how we’re going to deal with the Four Horsemen of the Infopocalypse [9]: terrorists, drug-dealers, money-launderers, and pedophiles. At least one of those Horesmen can be dealt with pretty easily: End the insane war on drugs and treat it as a medical issue. That would sure help with some privacy concerns [149]. It would probably help out a lot with the money-laundering too [150]. But those last two Horsemen, terrorists and pedophiles…it’s not at all obvious that the public is going to ever accept enabling those activities regardless of the cost to their privacy. Can you blame them?

So how can we come up with solutions to the issues of privacy, security, and managing this global internet thing that the global community can actually accept when the prevailing assumption is that state-sanctioned backdoors are to be abolished, strong encryption is to be mainstreamed, and the consequence of those two actions are that at least two of the Four Horsemen of the Infopocalypse show up (plus the much-feared pedo-terrorists)? One answer is that we come up with confused solutions that don’t actually address our needs or expectations. Solutions that seem like they’re protecting privacy, like mandating local data-storage, but actually end up shifting around who is doing the spying and potentially breaks the internet in the process. Solutions that governments around the world might love right now, but people around the world may not really appreciate in the long-run.

Another part of solution is to the actually have that Clipper Chip debate again because the issue of unbreakable encryption has been forced again. Brazil and Germany have have it pretty clear that state-sponsorship of encryption is now a global product so we might as well start talking about these things again. Do the Chinese want a China-chip? Do Americans want a Five-Eyes Chip? Now that Angela Merkel has announced plans for an aggressive counter-espionage campaign against the US (presumably using exploits described in the Snowden Documents) might that be used to sell the US populace on a Clipper Chip of its own. It’s a very creepy solution but it would also allow the transmission of data across the planet without the fear of other nations spying on that traffic. Just your nation-of-choice that built the chip could spy (and anyone they share the keys with..anyone else that breaks the code). Something like that could avoid breaking up the internet and the topic is being forced anyways so should we talk about it?

And should we also start talking about how to handle the mainstreaming of unbreakable encryption? Because one of the consequences of the Snowden Affair is that we might suddenly get a lot closer to having truly unbreakable encryption go mainstream again. These secret exploits that are being exposed held off the Four Horesmen for two decades but they’re back, knocking on the door again. Don’t forget: the whole point behind all the NSA’s exploits are that it can’t defeat these algorithms through brute force if they are implemented correctly. The NSA needs to cheat. It’s raw math at that level. Depending on how things change, we could build the infrastructure where encryption really is effectively unbreakable and cheating is effectively impossible.

Ok, so what’s the balance? Ever since the Clipper Chip debate got resolved in the 90’s, the public has been having its cake and eating it too on the costs and benefits of making near-absolute data privacy tools readily available. Or at least it thought it was having its cake. The blue pill [151] is delicious after all. Since the NSA and other spy agencies were secretly finding or creating exploits the whole time, the public was able to maintain a pretense that the bad guys got their data hacked as a routine course because the government hackers are super bad ass. But, curiously, we also seemed to assume that our our own personal hardware and software wasn’t, like, a giant rube-goldberg machine of hardware and software exploits. These weren’t really compatible assumptions. Remember all the shock when it was discovered that *gasp* even BlackBerry is hackable [152]? Both the iPhone and BlackBerry were considered NSA-proof [153] until recently and, ominously in retrospect, the government wasn’t complaining.

So we’ve never really had the debate over the costs and benefit of absolute encryption because we’ve never really had absolute encryption. It was sort of assumed we had strong encyption available except most of us simultaneously assumed the NSA could hack everything. It was a weird headspace, those pre-Snowden days of yore.

Today, it’s a different kind of weird headspace. We’re having a global discussion over a maelstrom of intertwined topics that almost require a replay of the Clipper Chip debate and the key figures and assumptions in this global debate almost all come from the Cypherpunk perspective. Except for the assumption that we need all have security needs. That same Clipper Chip debate is back because it never really went away. So it’s Back to the Future [154] time: if we can somehow resolve the Clipper Chip debate of 1993-94, the present can move forward into the future.

Now, will the public actually accept the Clipper Chip solution? Does everyone want to get chipped? Well, no, the idea of official back doors is so creepy that the public probably isn’t going to be much more receptive today than it was two decades ago but at least we’ll be having a meaningful debate about the implication of mainstreaming unbreakable encryption. And while we’re having that debate, let’s not kid ourselves: no matter how this debate over the digital privacy gets resolved, digital privacy is only one element of privacy that’s at growing risk these days. It may seem like we’re living on the internet, but we’re aren’t Tron yet [155]. Unless we also start dialogues on privacy topics that extend well beyond the realm of digital privacy, that annoying fly on the wall is probably getting an upgrade [156].