Category: crypto

DIY privacy, because the law no longer works

<originally a Webwereld column – in Dutch>

 Over the last few years it seems as though everything that is centralised fails. Governments fail to solve societal problems (or even just complete a successful IT project), central banks fail to monitor the behaviour of ordinary banks, IT companies fail to offer us solutions that are safe and respect our privacy somewhat …

Decentralisation works better: bittorrent, non-Western popular revolts, open source software, hacktivism and to a certain extent the Occupy movement. I’m glad Bits of Freedom and international counterparts such as the EFF exist because they put issues on the agenda that most of the over-50 politicians would not otherwise consider. In Berlin, the Pirate Party has over 9% of the seats in local government and is spreading rapidly across Germany.

But is all this really upholding our "rights"? Because despite all petitions, motions, actions and other initiatives our (digital) civil liberties are still evaporating. In the Netherlands it is virtually impossible to finish high school without buying Microsoft or Apple products, despite a long string of promises and agreements about this from our government. There are so many PCs that are controlled by cyber criminals that Microsoft had to set up a specific spring-cleaning for the Netherlands without user consent. This also makes it immediately apparent who really controls all these systems. Meanwhile, the government uses its own catastrophic Diginotar failure as a pretext for yet more government regulation of the online world.

The way the ACTA treaty brutally sweeps all issues of democratic control off the table clearly indicates where the interests of our Atlantic partners lie. SOPA is just the cherry on the icecream to show why we should no longer be dealing with the US-based IT services: Unsuitable.

It might be a better use of our time just to accept that our government is no (longer?) capable of resisting corporate power. Somehow or other a slow-motion palace revolution has occurred where the government wants to increase “efficiency” by relying on lots of MBA-speak and corporate management wisdoms that worked so well for the banking sector. The fact that the government’s primary function thereby evaporates does not seem to bother it. And meanwhile the companies themselves are apparently too busy making profits and fighting each other to worry about civil rights and other archaic concepts from the second half of the 20th century.

So rather than always trying to influence a system that ignores our interests, we can simply take care of ourselves and each other. This conclusion is not pleasant, but it gives clarity to what we have to do.

One good example is the Bits of Freedom weekly workshops on how to install encryption software and its publications that help people get to grips with these tools. The organisation should use its clout to get the slogan of "crypto is cool” on everyone’s lips. The NLnet Foundation should focus its energies on promoting the hip and user-friendly aspects of these pieces of software. Webwereld journalists should be looking for a modern, technical Deepthroat to make anonymous-advanced-OV-chip-card-hacking available to the general public.

Civil rights organizations and hacktivists can play a very different but probably even more effective role. Since 2006 I have ensured my own email privacy by no longer relying on the law, but by using a server outside the EU, SSL connection to it through a VPN tunnel entering the open Internet also outside the EU. And then I encrypt as many emails as possible individually with GPG. I suppose the fact that all those hordes of terrorists (who, our government asserts, are swamping Europe) have no doubt adopted such measures – for less than 20 Euros a month – making all the data retention measures a complete and pointless waste of resources.

What is possible now with email will soon be possible with telephony by using VOIP through international VPNs. This will even happen soon with mobiles (although your location information will remain a problem).

Then add an anonymous public transport card hack, a future version of Bitcoin for money transfers, and all you will need is a freshly installed Linux laptop (with an encrypted hard disk) and Bob’s your uncle. Just resist the temptation to put your whole life on Facebook and auto-tweet your GPS-data from you phone.

Then you can forget about any digital privacy legislation. You do not need government. You empower yourself as a modern citizen – better living through technology. Too bad it had to come to this – that old democracy concept seemed a really nice idea.

Update 2012: At Cryptoparty.org you can find places where citizens are teaching each other how to use privacy enhacing tools. If your locale is not on the list then add it and find people to get going where you live!