The far flung colonies of Facebook, Twitter, Google et al and the communications giants are faced with an uprising. Will they follow King NSA or will they patriotically stand for the individual and their freedoms? Can they step aside from the emerging world or must they lock-in the emerging market users (as they adopt smartphones) for both business and political reasons? While it seems recent events leave email as a communications mechanism hemorrhaging, and heading for death for anything other than the most banal of correspondence.
How long till email dies? Are we anywhere near an inflection point where we re-consider how we interact with organizations, governments and even our friends and families? The answer for individuals is probably not yet. Companies may well be different. Since the Snowden case effectively closed down the encrypted Email service Lavabit discussion has increased. In particular, Phil Zimmerman the inventor of PGP encryption and co-founder of Silent Circle is also back in the news (Quotes and links below related to email, privacy, big data, and liberty). Consider:
- As a business how could you reframe your relationships with your customers / collaborators to be secure? Consider how this may also relate to payments and security around financial transactions. Does the bank, phone company etc have to be privy to the transaction?
- As an individual. How can we manage our identity relationships for both security and simplicity. No Facebook isn’t it. Consider how apps are evolving and increasingly we sign in before we can do anything. Do app represent a set of walled gardens that should also be secure? Can they even be if they have API’s too?
- If Silent Circle is so secure why don’t they provide their “code” so the Open Source Community can confirm its integrity? The can you be sure test? By nature shouldn’t a “secure” service be transparent about how it is achieved? Download the app and it’s not clear to me even what the activation / provisioning code is and how that relates to the account that is set up. (Note that with the Silent Text app it actually asked for access to my contacts before stopping at an Activation code request. Maybe they already have all my contacts!) You can’t test it without paying. The apps need a “front-end” telling first time users what they are about.
- What price would you be willing to pay for more privacy? – Silent Circle is too expensive to go mainstream. If a security solution is scalable then a number of models could be created. The base service should be free if you really believe in liberty and privacy. In the beginning (although no longer) Skype provided a “secure” chat service.
I suspect the NSA and government have usurped too much power and it is impossible to turn back the clock. The metaphor I’d use for the current state is creating the colonies or the colonization of the internet (A little like the spice trades did). The masters were really disconnected. What really matters as mobile brings the next few billion online. If you cannot live without the net and you are suppressed by it then you have little choice about the “rulers” until there is an uprising. It bugs me no-one in power seems to believe that it is “my data” first and foremost. Rather than help me use it and protect individual rights – it appears more likely it will be used against me, and it’s hard if not impossible to effectively opt out. Why email security has been questioned for years the majority didn’t think it possible that it all could be collected.
Zimmermann: The body of email can be encrypted and PGP does just that. In our case, we offer our services on mobile — iPhone, tablets and Androids — for that reason we cannot run PGP for email since it doesn’t exist. So we had to run PGP on a server and it is called PGP Universal. Now for IT departments (inside organizations), it made sense to have this run on their servers and offer it to their employees and control the (encryption) keys. A box sat next to the mail server and did its job. That was the kind of solution we were using until yesterday….
…”I agree it is not just a matter of surveillance. Big data intentionally creates a concentration of data and has a corrupting influence. It really concentrates the power in the hands of whoever holds that data — governments, companies.The PC revolution of the late 1970s and 1980s and the later early Internet (of the 1990s) seemed to hold so much promise and empowered the individual. Now with big data there is a shift of power in the other direction as it concentrates power in fewer hands.
Of course, one can get cynical about all this but one has to fight that urge. A lot of people are getting more cynical because we are living in a surveillance state. Cynicism is the fertile soil where corruption can grow. Cynicism has a paralyzing effect and I think we need to resist that temptation of cynicism and hold on to our ideals in order to bring about change and push back. via Zimmermann’s Law: PGP inventor and Silent Circle co-founder Phil Zimmermann on the surveillance society — Tech News and Analysis.
“All email messages “leak metadata” they say. That information includes data about who you are talking to and where you are. That info is visible even if the message itself is encrypted. E-mail as we know it today is fundamentally broken from a privacy perspective,” Callas says. That’s a pretty strong statement coming from this particular guy” Guys That Invented Encrypted Email Say Email Can Never Be Safe From NSA Snooping via Silent Circle Shutters Private Email Service – Business Insider.
ISPs and email hosting providers need to be willing to and plan for the need to work with government officials. Are small-fry encrypted email ISPs using feds as excuse for closure? | ZDNet.
Note: Apps like Silent Circle still rely on humans to use the App. That’s the problem and the challenge in getting groups to start using a secure system. It’s only going to be as good as the weakest link and that might just be when an employee or CEO loses a data connection or decides to dictate the text rather than type it. It would make a great deal of difference if Android or Apple decided that secure communication was what was required and the keys decentralized to the individuals. When security is built into the core of the device rather than bundled onto it is more likely to get used. Unless business demands this it is highly unlikely to happen.