While this series was being written, from June 2013, Edward Snowden began leaking top-secret documents from the United States National Security Agency, showing that the agency was capable of Internet surveillance on a massive scale with the PRISM surveillance system and with the XKeyscore interface into their amassed data. The fact that covert government surveillance was possible and was taking place does not come as particularly surprising news to network engineers and conspiracy theorists, but the revelations have finally given the general, non-technical public an idea of how badly the proprietary systems around which they have built much of their digital lives can be used to harm them and compromise their privacy.
Concerned people in the United States will be only too aware of how the secret abuse of power to exercise this surveillance and the failed motions to curtail it by the United States Congress has dented their trust in their own government. However, the leaks’ implications are international as well. The foreign intelligence agency in my own country of New Zealand, the Government Communications Security Bureau, was earlier this year accused of illegally spying on New Zealand citizens, and diplomatic cables from WikiLeaks show the GCSB is potentially already cooperating with the NSA. In spite of this, new legislation is set to extend the GCSB’s powers, despite independent reviews condemning the bill from both a legal and human rights perspective, even after amendments. The scandal and the anger over surveillance abuse extends to the United Kingdom, Germany, Sweden, and many other countries.
I do hold out some hope for the efforts such as the Electronic Frontier Foundation’s class action suit to curtail the surveillance or at the very least to register the public’s anger about this unwarranted intrusion into private lives. However I am concerned not just by the possibility of the rise of a global surveillance state, but by the implications this has for the right to secure communications using cryptography for authentication and encryption.
It’s no secret that cryptography and encryption presents a problem to the NSA’s surveillance systems, and that they expend a great deal of effort in attempting to circumvent it, including demanding private keys from businesses for applications like HTTPS. My concern is this: If it becomes publically accepted that governments spy warrantlessly on international networks and that this is justified or necessary, then we may reach a point where the legality of the general public’s use of cryptography itself may again be called into question.
Computing professionals of my generation likely did not begin their careers until after the United States’ cryptographic export controls were relaxed in 1999, perhaps prompting us to take for granted the availability of algorithms like RSA and AES with high key sizes for cryptographic purposes. A world where a government agency would actively attempt to curtail the use of such technology may seem very far-fetched to us — perhaps less so to those who remember that Pretty Good Privacy was a radical new idea that caused its activist creator Phil Zimmermann real legal trouble.
I believe that computing enthusiasts and users of free software operating systems, not just cryptographic experts, are in a special position to assist their concerned friends and family with defending their online privacy and securing their communications, and that if we value both freedom and security of information, then we in fact have a responsibility to do so. I believe that people need to be aware of not just the implications of massive surveillance on a global scale, but also how to exercise their rights to fight against it. If the legality of cryptography is ever called into question again as the result of its impeding warrantless surveillance, then its pervasiveness and the public’s insistence on its free availability should make restricting its use not just impractical, but unthinkable.← Linux Crypto: Disks