This post was published on bitcoinmagazine.com on June 8th, 2013
The past few days we have seen shocking revelations from the sphere of digital communications. The Guardian published a leaked top-secret court order requiring Verizon to hand over the metadata (caller, receiver, time, location, duration) of all phone calls made through Verizon’s networks (and not tell anyone about the order’s existence), and the site also verified the authenticity of a leaked slide presentation about PRISM, a program through which the NSA was collecting data including emails, chat messages, photos and stored data from nine major corporations. The White House has now admitted this and President Obama himself has seen it fit to deliver a speech defending the surveillance. Much less recent, but equally shocking, is the fact that, as Business Insider reminds us, the US government has the right to demand the disclosure of any email more than six months old – no warrants required.
Larry Page, Mark Zuckerberg and other CEOs have rushed out to defend their companies against the more extreme allegations, saying that they have never heard of PRISM until today and reminding users of their strict commitment to only complying with those government requests that they are legally required to. One poster on Hacker News noticed that the defenses are all suspiciously similar, perhaps suggesting some kind of coordination either before or immediately after the leak. But this, while interesting, is beside the point; what these events show more than anything else is that, in this day and age, simply complying only with those court orders and subpoenas that follow the correct legal procedures and being open about as much as legally possible is not enough. This may seem absurd at first glance; it is obviously ridiculous to expect established large corporations to brazenly violate court orders and federal laws simply to preserve a few individuals’ privacy. But Google, Facebook and all of the other companies that run the critical technological infrastructure that we use today also have a third option: deliberately act to make their services mathematically unsubpoenable.
The way to do so is simple: keep minimal logs and, more importantly, use encryption wherever possible. Private messages inside services like Facebook should be actually private, encrypting every message sent with the recipient’s public key on the client side. Browser-based Javsacript cryptography today has plenty of weaknesses, but Google, with its heavy influence over Firefox and Chrome, is in the prime position to fix many of the issues by pushing for a standardized set of cryptography tools to be included in all browsers. Email encryption and signing will take a massive leap forward if Google enables it internally for Gmail-to-Gmail emails by default. Google should back down on its decision to move away from open protocols like XMPP, and focus on creating a powerful chat and hangout protocol suited for the modern web, with encryption mechanisms like OTR built-in from the start.
These suggestions are certainly radical; they go against what has so far been the dominant philosophy of these corporations, that of gathering as much data as possible to maximize advertising revenue. However, technology is bringing about an age of extremes, and “going dark” may be the only way we have to prevent society from losing the last traces of any privacy that it has left. Otherwise, services like Mega are rapidly picking up speed, with Mega itself expressing an implicit intent to become “the privacy company”, and decentralized approaches like Bitcoin and BitMessage are gaining strength weekly. The internet has brought us the first great wave of unprecedented global freedom, and companies like Google and the telecom industry were instrumental in making that happen. Now, either join us or we will continue the revolution without you.