By Cameron Camp
tags
Governments have struggled for years to find a
balance between security and privacy, especially with electronic
communications. Parading the argument “if you have nothing to hide, you have
nothing to fear” in campaign variations worldwide, they argue that more open
and seamless methods of finding bad guys’ communications would speed up rooting
out those with nefarious intent.
“Once backdoors are
purposefully baked into a technology, no one can be sure of the honest
intentions of those with the keys.”
The Electronic
Frontier Foundation (EFF) and a host of other organizations, now
including the folks at Swiss-based encrypted email provider ProtonMail, have argued otherwise. They say once backdoors are
purposefully baked into a technology, no one can be sure of the honest
intentions of those with the keys. Also, they argue that those actions would
erode trust in a communication vendor, so users would not have to wonder IF
anyone has access, but WHO. And since they believe trusted backdoor access is a
slippery slope to more potential abuse, the answer is a rather firm “no”.
And while the EU
has risen up rather stalwartly on the side of privacy, with troubling
international events unfolding recently in France and elsewhere, the
conversations again bubble to the surface, with questions about providers knowingly
providing something of an impenetrable shield for some element of the bad guys’
plans via secure and private email.
To address this global erosion, folks have,
digitally speaking, flocked to Switzerland. Here they can benefit from secure,
encrypted email, and feel comfortable in the knowledge that these servers are
based in a country enjoying a historically politically neutral and
privacy-focused climate. But while your private Swiss bank account is now
coming under fire internationally, now so too might your email account be on
the global hit list.
But can the pro-privacy crowd mobilize? Last week,
the crew at ProtonMail mobilized their customer and fan base and gathered more
than 70,000 signatures opposing the Nachrichtendienstgesetzt (NDG) or
la Loi sur le renseignement (Lrens) legislation. The
result is that they have forced the privacy issue to a public vote, arguing
that these decisions should be made based on public – not simply political –
will.
Here in the US we have been trying to explain to
our Congress critters the technical background surrounding far-reaching privacy
issues for years. And while there has been some progress along the way, these
Swiss efforts highlight an attempt to turn the tables and give the decision
directly back to the public. And while some do indeed feel they have nothing to
hide/fear by letting governments take a look, the overwhelming number of
signatures gathered in Switzerland suggests otherwise.
Globally there is often still due process required;
meaning something like a judge-ordered warrant would be required to legally
attain access to your communications. Still, many feel the governmental
temptation to overreach in certain exceptional (or less than exceptional) cases
may prove too strong, and if there are technical means, some amount of
governmental sorting through your email might occur unbeknownst to you.
For years now, communication providers (especially
in the area of email), like Lavabit and a host of others who lean toward privacy, have
sought politically and legally favorable places to do business as they intend.
When they feel the environment in their home country becomes too unfavorable,
they often look to Switzerland. ProtonMail’s marshaling of the troops sends an
interesting signal to the Swiss government (and others watching closely) that
they believe the people would prefer to have a say, and believe they’ll vote to
keep things private. We’ll see.
