Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Privacy Businesses Facebook Google Government Microsoft The Internet Apple

Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance 115

An anonymous reader writes: Fusion has an op-ed where Ryan Calo, Assistant Professor of Law at the University of Washington, argues Google, Apple, and Microsoft pushing back against government surveillance may be our only real hope for privacy. He writes: "Both Google and Yahoo have announced that they are working on end-to-end encryption in email. Facebook established its service on a Tor hidden services site, so that users can access the social network without being monitored by those with access to network traffic. Outside of product design, Twitter, Facebook and Microsoft have sent their formidable legal teams to court to block or narrow requests for user information. Encryption tools have traditionally been unwieldy and difficult to use; massive companies turning their attention to better and simpler design, and use by default, could be a game changer. Privacy will no longer be accessible only to tech-savvy users, and it will mean that those who do use encryption will no longer stick out like sore thumbs, their rare use of hard-to-use tools making them a target."
This discussion has been archived. No new comments can be posted.

Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance

Comments Filter:
  • by markdavis ( 642305 ) on Tuesday September 08, 2015 @07:40AM (#50477285)

    >"Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance"

    Except they (tech companies) are just as guilty for surveillance. Plus, all the data they do gather is still information that the government can obtain legally through warrants and "illegally" through other means (which WILL continue).

    • by TheRaven64 ( 641858 ) on Tuesday September 08, 2015 @08:05AM (#50477391) Journal
      Exactly. With the exception of Microsoft (which sells software, yet still doesn't have a great track record, especially with the Windows 10 fiasco), all of the listed companies have business models that rely on collecting as much information as they possibly can from their users (not to be confused with their customers). If you want to resist surveillance, then don't buy into large centralised communication systems.
      • by dryeo ( 100693 )

        Microsoft is also embracing the collecting info on their users business model with free Win10 that collects lots of info and sends it home, and the functionality has been backported to Win7 and Win8. Seems there is a lot of money in targeted advertising.

    • by Z00L00K ( 682162 )

      Just look at the Microsoft monitoring items.

      But I think it will develop to some kind of trench warfare between those performing surveillance and those that will protect us against it.

    • >"Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance"

      Except they (tech companies) are just as guilty for surveillance. Plus, all the data they do gather is still information that the government can obtain legally through warrants and "illegally" through other means (which WILL continue).

      OTOH, the end-to-end encrypted e-mail solutions Google and Yahoo are building will keep them from seeing your email as well.

      • by chihowa ( 366380 )

        Which should honestly make us wonder if these solutions are trustworthy. What do Google or Yahoo have to gain from cutting off their own access to their users' email contents? If they're willing to not scan their users' email, they could start by no longer scanning their users' email, today.

        There are many different ways for Google to subvert this system, being that it is an extension that runs in Google Chrome, stores the keys in Chrome, and will assumedly be provided and (silently) updated by Google. The O [github.com]

        • Depending on how far you're willing to go to assume bad faith, there's no way for them to really prove they don't have some way to sneak access to your data. But, they're making it all open source and calling for extensive public review. Also, if they were to be caught lying about this it would cause a huge PR shitstorm. Also, keep in mind that Google is under ongoing scrutiny from the FTC related to its privacy practices, since it signed a consent decree.

          I'm neither a PR flack nor an attorney, but it see

          • by chihowa ( 366380 )

            I'm not presuming bad faith and I agree that it would be extremely risky to put a backdoor in this system. At the same time, there's no reason to trust Google and this extension doesn't align with their demonstrated motives, so your original comment doesn't really give any solace.

            I'm also annoyed that this isn't a genuine attempt to make securely encrypted email mainstream, since mainstream use of encryption would limit Google's ability to harvest data and harm the core of their business. They can't make th

            • I'm also annoyed that this isn't a genuine attempt to make securely encrypted email mainstream

              What makes you think it's not, other than your assumption that Google wouldn't do something to harm their business model?

  • by smittyoneeach ( 243267 ) * on Tuesday September 08, 2015 @07:41AM (#50477293) Homepage Journal
    Would it not be ironic if a parallel, completely pre-Information Age system of handwritten, couriered messaging evolved in response to the whole Big Brother thing?
    • by Anonymous Coward on Tuesday September 08, 2015 @07:48AM (#50477337)

      There is a special government program going on in the US right now where for $0.49 a uniformed representative of the government will hand deliver your sealed correspondence to its destination.

      I find this to be a useful way to communicate and do business in the Digital Age.

      • Re: (Score:1, Informative)

        by Anonymous Coward

        Therein lies the rub. The laws regarding the sanctity of the mail were written prior to the wholesale auction of the government, and the entire distribution chain is controlled to where any shenanigans by either the government or private entity is obvious. I've even had mail carriers inform me of my right to refuse a package when there were signs of tampering or something else seemed amiss, thereby limiting my legal liability for the contents. Try getting that from a private business without the NSA breathi

        • Re: (Score:1, Troll)

          by GLMDesigns ( 2044134 )
          Wholesale auction? Surveillance is not a bug - it's a feature of government.

          You want less surveillance? Then you need a government that does less. You know "small government." ooooooo can't have that.
          • by dryeo ( 100693 )

            Here in Canada we've got a right wing authoritarian government (the only kind of right wing government that seems to have success in a democracy).They've been preaching and shrinking government as much as they can as they believe the only functions of government are helping the oil business, bombing brown people and especially spying on the citizens. Small government doesn't help if you're only left with the spying (too expensive to monitor the spies) part of government.
            Unluckily fear is a great way for a g

            • As much as I dislike the Harper Government, in Canada, what we call "Authoritarian right-wing" is the equivalent of "left of the Democrats" in the US.
              • by Anonymous Coward

                If you believe that bit of stupidity you haven't fucking been paying attention and are justly parroting something you heard once like a fucking moron.

                Between tough on crime legislation which is unconstitutional, or surveillance legislation which is unconstitutional, or bringing in US style "politics is money is free speech" ... Harper is no no fucking way "left of the democrats".

                It's a cute fucking meme, but you're apparently too fucking stupid to know what it means or why it's wrong.

                It's the same faux-libe

              • by dryeo ( 100693 )

                Actually Harper is so far right that he is actually to the right of Obama. Slightly more authoritarian too. See the political compass. http://www.politicalcompass.or... [politicalcompass.org] http://www.politicalcompass.or... [politicalcompass.org]

                • Perhaps I was being slightly facetious, and I agree that the Convervatives have shifted more authoritarian in the past few years (which is why they have lost my support). While I'd agree that they are fiscally more right than the democrats, as hard to believe as it is, the Conservatives (when compared to the US) are left. Abortion, same sex marriage, healthcare, campaign finance reform, prostitution, while perhaps not vocally supportive of these, the Conservatives have remained largely hands off (when they
                  • by dryeo ( 100693 )

                    Harper is smart and knows that if he raises most of those issues, he'd be gone to the same fate as the Reform Party. Instead he is doing the slow frog thing, small changes that add up. Instead of attacking health care, underfund it until people get pissed off enough to reject. Campaign Finance reform. First thing he did when he got the majority was cut public funding. Then with the "Fair Voting Act" he snuck in a bit about if the election was longer then the usual 6 weeks, spending limits go up. Notice how

        • The truly paranoid still make regular use of the mail as the manpower required to monitor it is prohibitive, and you are pitting government agency against government agency in maintaining its fidelity.

          Which is why Snowden's leaks revealed that the NSA is routinely intercepting electronics packages heading to surveillance targets, installing surveillance software/malware, repackaging them as if they were new, and then sending them on their way. The leaks indicated that they were even jailbreaking iPhones in order to install their surveillance package, before repackaging the phones and making it look like they were still brand new.

          The battle over maintaining the fidelity of the mail system was silently los

      • I'm trying to imagine, at the time the postal service was organized, what the public reaction would have been if it was announced that your mail would be opened and read, and the information so gained would be sold to merchants, employers, and police in your area. Would people have accepted that in exchange for free postage?

      • by crtreece ( 59298 )
        And, they are only sure to scan [nytimes.com] the item to log the source address, destination address, and post office where the item was postmarked.

        Don't worry though, the Postmaster General says [ap.org] they only keep the data for 1-4 weeks.

  • by Mostly a lurker ( 634878 ) on Tuesday September 08, 2015 @07:46AM (#50477327)

    Big Brother is here to stay. Surveillance tools are being built into the hardware and BIOS. End to end encryption becomes moot when the data is collected at source.

    • Re: (Score:2, Interesting)

      by rmdingler ( 1955220 )
      It seems the consortium of Google, Apple, and Microsoft would have little incentive to push back against the governments' surveillance, except perhaps where those acts of surveillance hinder the corporations' operations and profits.

      There does not, as yet, appear to be enough (or even any) outrage from the average internet user that might inspire the Big 3 to go to the trouble. The social media crusaders are busy wielding the power of the electronic mob for other inferred social injustices.

      Realistically, u

  • No (Score:5, Insightful)

    by TCM ( 130219 ) on Tuesday September 08, 2015 @07:47AM (#50477329)

    Cryptographers are our best hope.

    What is this headline supposed to suggest? Trust cloud providers? LOL.

    • Cryptographers are our best hope.

      What is this headline supposed to suggest? Trust cloud providers? LOL.

      I'll see your cryptographers (in the public domain) and raise you an NSA with a virtually unlimited budget and fuckloads of computing power.

      Cryptographers in the corporate world are at the mercy of corporate interests that are willing to take money to install backdoors.

      • The key in your statement is backdoors and people suspect that some may have been put in to things like bitlocker, Android and iOS full device encrypt and other closed source products. This however doesn't prevent you from using things like TrueCrypt (included because there hasn't been shown to be any real red flags even with the limited audit), PGP/GPG, the various TrueCrypt successors, other encryption programs. Something that requires 2^256 bit flips is going to be awfully energy intensive even if it is
        • The key in your statement is backdoors and people suspect that some may have been put in to things like bitlocker, Android and iOS full device encrypt and other closed source products. This however doesn't prevent you from using things like TrueCrypt (included because there hasn't been shown to be any real red flags even with the limited audit), PGP/GPG, the various TrueCrypt successors, other encryption programs. Something that requires 2^256 bit flips is going to be awfully energy intensive even if it is done with the magic of quantum computers which can speed up the process but not that much (I want to say it can cut the exponent in half but I may not be remembering it correctly). So if we take an optimistic view with quantum computers that still means it takes 2^128 bit flips and good luck finding enough energy to do that. Basically proper cryptography without backdoors or flaws is something that cannot be broken even using all of the available energy in the universe. If that doesn't offer enough protection then you could always use a one time pad.

          You're making the assumption that those attacking it are using the same technology that you are aware of - which may be the case. Then again it may not.

          Whatever you rely on, there will be ways around it and governments just have a lot more resource to throw at something than you do. Of course they probably don't care enough to make the effort.

          • Hence, why the big three play such an important roll in protecting privacy. Yes, the NSA can circumvent just about any safeguard, beyond encrypting the entire hard drive before unplugging the machine and destroying the keys, but that is only the case for one person.

            Why are they in such a tizzy about google and apple's default encryption? Because when everyone is encrypted it means no more free lunch. They will have to dedicate resources at the individual level, and that will obscure the normal persons da

          • You're making the assumption that those attacking it are using the same technology that you are aware of - which may be the case. Then again it may not.

            At this point if they have something more than a dwave quantum annealer or I'll go so far as to even say a theoretical 256 bit quantum computer for technology then they likely have moved into the realm of magic pixie dust and unicorn farts. Even assuming that they have some magical theoretical device that is capable of cycling through a 256bit key space without actually destroying data, i.e. the bit flips cost zero energy, they still wouldn't have done any checks on those keys which will take energy at leas

    • There is plenty of great encryption already, it hasn't helped much unless someone implements it. There is also the problem that at some point it has to be decrypted to be used.
  • by Anonymous Coward

    Windows 10 has telemetry and backdoors that no user asked for. It looks like it was designed with the NSA in mind.

    • Re: (Score:2, Interesting)

      by Z00L00K ( 682162 )

      I'm also worried about the later Linux kernels - how much hidden features are there in them?

      An independent review of one of the later kernels should be worth considering. However this doesn't really help against a leaking BIOS.

      If I want to be clandestine and run a reasonably secure solution with encryption I would look at designing something using an old 8-bit microprocessor.

      • by Endymion ( 12816 )

        The problem is Intel's new SGX [intel.com] ("Software Guard Extensions"). They allow the creation of memory regions that "maintain confidentiality even when an attacker has physical control of the platform and can conduct direct attacks on memory". The CPU encrypts RAM so you cannot pull keys out of it with a cold boot attack or a logic analyser on the memory bus.

        Of course, the rare news article about SGX likes to assume this is something intended for the user so they can protect their GPG keys. What nobody is talking

        • Fortunately, we have choices that are not Intel or Microsoft. BIOS is s tougher problem, but hardly insurmountable.

  • by Anonymous Coward

    Just make sure you get the source code and verify that it matches the binary you run. Not gonna happen? Exactly.

  • by Anonymous Coward

    I'd say Free Software is our best hope, not companies like Microsoft who build surveillance into the operating system and encourage people to store all of their files in the cloud. Didn't Microsoft destroy Skype's decentralized architecture so that they could make it possible to wiretap?

    • Didn't Microsoft destroy Skype's decentralized architecture so that they could make it possible to wiretap?

      Oh no no no, they did it for "performance reasons" ;-)

  • Just look at all the ways that big tech companies partner with the very governments we are supposed to be protected from. Google especially looks like a branch of DARPA.
  • by Anonymous Coward

    Windows 10 will safely backup your key to the cloud whenever you encrypted data with Bitlocker. Making the whole process useless. Any government agency, Microsoft employee or hacker who can get in there has full access to your data.

  • by sasparillascott ( 1267058 ) on Tuesday September 08, 2015 @08:34AM (#50477523)
    Yesterday I wanted to get a small file from one computer to another, didn't want to use a thumb drive (didn't have cloud storage on one as well) so I just figured I'd Hotmail myself (via its web interface) an e-mail with the attached file zipped and encrypted (it was a tax doc) to another e-mail address of mine...no problem right? So I try to attach the file and Microsoft decided it had to be able to scan and identify (and log?) what I had in that zip file before it would allow it to be attached (since it was encrypted it wouldn't allow it to be attached...tried it several times...the NSA must be pleased)....so much for user's privacy.

    With all the information, since Snowden, about Microsoft working hand in glove with the U.S. government I have to laugh a little at them being included here - as it seems a PR stunt on their part.

    http://www.theguardian.com/wor... [theguardian.com]
    • Re: (Score:2, Informative)

      by Anonymous Coward

      Assuming the file is below whatever the attachment size limit for Hotmail, try renaming it to a JPEG or some other picture format file extension.

      • by N1AK ( 864906 )
        That would likely allow you to send the file, but you're rather missing the point: By sending the file in that way it is in no way encrypted or protected. The file data would make it clear what kind of file it actually was, and the content of the file would remain unchanged. Security sufficient to stop casual uninterested parties isn't hard (in fact it's hardly needed), but things like this make real security (sufficient to actually be of use against someone interested) much harder.
        • by Nemyst ( 1383049 )
          The parent meant sending the encrypted zip file with a JPEG extension, thus generally bypassing zip archive recognition and analysis.
    • Re: (Score:3, Informative)

      by Anonymous Coward

      Had this problem when I was in the military. Charged the extension to .txt or .ppt to get around it.

  • by Revarg ( 4035425 ) on Tuesday September 08, 2015 @08:37AM (#50477545)
    ... we are screwed. If our best hope against government surveillance are companies who spend most of their time collecting our information to sell to the highest bidder, then we are in for some heavy government surveillance.
    • That's completely untrue. The lower bidders get a lot of that sweet data as well.

      • by Revarg ( 4035425 )
        Correct. At the end of the day the companies don't care about the government having the information, they just to sell it to them, not have the gov collect it on their own.
    • ... we are screwed. If our best hope against government surveillance are companies who spend most of their time collecting our information to sell to the highest bidder, then we are in for some heavy government surveillance.

      What makes that even more disgusting is the way in which our government is "paying" these companies in exchange for information.

      Tell me IRS, how much did these companies pay in taxes in recent years as the largest entities in the history of capitalism?

      Yup. Thought so.

      Oh yes lawmakers, tell us again how we should raise taxes. I just love hearing that fucking line again...

  • His argument comes with the weight of jurisprudence.

    Really good for him to put the facts on the table for all to appreciate.

    And it's also been very brave of Google, Apple, Microsoft and Facebook to criticize governements and corporations who don't have high standards of privacy or care to protect the rights of others.

    Well done these four!

    They all deserve a big award.
  • Not that I'm disagreeing with the summary, but the idea that we're resting our hopes of protection from spying on a different group of spies is probably cause for concern. The government gets away with this thanks to voter apathy. The private companies get away with this thanks to consumer apathy... While more ubiquitous encryption is only something to celebrate, the real cause for celebration might simply be that its presence calls attention to itself and maybe possibly gets people to be slightly less apat
  • by Anonymous Coward

    As a European:
    Goverments have no credibility, especially US gov.
    Corporations in general has no credibility, especially Microsoft and all telecoms companies

    I suggest letting privacy oriented organizations dictate terms to both governments and corporations, and let the shitshow play out.

  • by macraig ( 621737 ) <mark.a.craigNO@SPAMgmail.com> on Tuesday September 08, 2015 @09:58AM (#50478099)

    "Tech companies" are no saviors of anyone but their executive staff and their shareholders. It has been well established that, as a general rule, sociopaths are in executive control of virtually every human hierarchy, be it a corporation or gang or government or military. The Peter Principle is a myth, a misdirection; the real principle at work is that sociopaths willing to make the "hard" unethical decisions that disproportionately benefit each organizational tribe are the ones who consistently get elected, appointed, promoted. Tribalism is very alive and well, and it's sociopaths who benefit the most from exploiting it.

    In the case of tech companies, at the same time they appear to be resisting government oppression they are also supplying government (and anyone else with cash in hand) with the tools it needs to oppress. That doesn't sound messianic to me at all.

    So who is this Ryan Calo that he is motivated to publish such misdirecting tripe?

  • Microsoft pushing back against government surveillance on the one hand, while monitoring our computer usage on the other.
  • by BrendaEM ( 871664 ) on Tuesday September 08, 2015 @10:57AM (#50478543) Homepage

    Is this how it ends?

  • The corporations want to protect your data; from everyone but themselves.
  • ..Google, Apple, and Microsoft pushing back against government surveillance..

    Are you FUCKING KIDDING ME!? Especially Microsoft, with it's gods-be-damned spyware package entitled "Windows 10"!? Seriously!? What the actual fuck!?

  • Until the law is changed, providers cannot be trusted as they can be compromised with an NSL.

  • by nickweller ( 4108905 ) on Tuesday September 08, 2015 @01:12PM (#50479693)
    "Both Google and Yahoo have announced that they are working on end-to-end encryption in email."

    Unless the keys reside only on the end devices then it ain't secure.
  • All of those companies (albeit Apple least of all) are pretty cavalier about their own invasions of our privacy. None of them are defenders. At best, they're just giving us the choice of who will be spying on us.

    If they are our best hope, then we've already lost.

"Morality is one thing. Ratings are everything." - A Network 23 executive on "Max Headroom"

Working...