Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance 115
An anonymous reader writes: Fusion has an op-ed where Ryan Calo, Assistant Professor of Law at the University of Washington, argues Google, Apple, and Microsoft pushing back against government surveillance may be our only real hope for privacy. He writes: "Both Google and Yahoo have announced that they are working on end-to-end encryption in email. Facebook established its service on a Tor hidden services site, so that users can access the social network without being monitored by those with access to network traffic. Outside of product design, Twitter, Facebook and Microsoft have sent their formidable legal teams to court to block or narrow requests for user information. Encryption tools have traditionally been unwieldy and difficult to use; massive companies turning their attention to better and simpler design, and use by default, could be a game changer. Privacy will no longer be accessible only to tech-savvy users, and it will mean that those who do use encryption will no longer stick out like sore thumbs, their rare use of hard-to-use tools making them a target."
Get a bear to guard your honey (Score:4, Interesting)
>"Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance"
Except they (tech companies) are just as guilty for surveillance. Plus, all the data they do gather is still information that the government can obtain legally through warrants and "illegally" through other means (which WILL continue).
Re:Get a bear to guard your honey (Score:5, Insightful)
Re: (Score:2)
Microsoft is also embracing the collecting info on their users business model with free Win10 that collects lots of info and sends it home, and the functionality has been backported to Win7 and Win8. Seems there is a lot of money in targeted advertising.
Re: (Score:2)
You know that Bing Ads is one of the largest ad networks around, right?
Actually, I had no idea - I've never seen one. Apparently they have 15.6% of the US market share, though it's not clear how much they have worldwide. Thanks for the info.
Re: (Score:2)
Just look at the Microsoft monitoring items.
But I think it will develop to some kind of trench warfare between those performing surveillance and those that will protect us against it.
Re: (Score:2)
>"Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance"
Except they (tech companies) are just as guilty for surveillance. Plus, all the data they do gather is still information that the government can obtain legally through warrants and "illegally" through other means (which WILL continue).
OTOH, the end-to-end encrypted e-mail solutions Google and Yahoo are building will keep them from seeing your email as well.
Re: (Score:2)
Which should honestly make us wonder if these solutions are trustworthy. What do Google or Yahoo have to gain from cutting off their own access to their users' email contents? If they're willing to not scan their users' email, they could start by no longer scanning their users' email, today.
There are many different ways for Google to subvert this system, being that it is an extension that runs in Google Chrome, stores the keys in Chrome, and will assumedly be provided and (silently) updated by Google. The O [github.com]
Re: (Score:2)
Depending on how far you're willing to go to assume bad faith, there's no way for them to really prove they don't have some way to sneak access to your data. But, they're making it all open source and calling for extensive public review. Also, if they were to be caught lying about this it would cause a huge PR shitstorm. Also, keep in mind that Google is under ongoing scrutiny from the FTC related to its privacy practices, since it signed a consent decree.
I'm neither a PR flack nor an attorney, but it see
Re: (Score:2)
I'm not presuming bad faith and I agree that it would be extremely risky to put a backdoor in this system. At the same time, there's no reason to trust Google and this extension doesn't align with their demonstrated motives, so your original comment doesn't really give any solace.
I'm also annoyed that this isn't a genuine attempt to make securely encrypted email mainstream, since mainstream use of encryption would limit Google's ability to harvest data and harm the core of their business. They can't make th
Re: (Score:2)
I'm also annoyed that this isn't a genuine attempt to make securely encrypted email mainstream
What makes you think it's not, other than your assumption that Google wouldn't do something to harm their business model?
Re: (Score:2)
Re: (Score:2)
Well, it's assumptions either way. At least one of them is credible.
One of them is "assume that the company with a lot to lose if it lies is telling the truth". The other is "assume that the company is lying, and risking a serious PR and possibly regulatory backlash". Yes, one of those is credible. Buttressing its credibility is the fact that the system is being built completely in the open, and security experts the world over are being invited to scrutinize it for any flaws, including any that could permit Google to get at the data.
Barring heavy confirmation bias, I see
Or the Gordon Dickson approach (Score:4, Funny)
Re:Or the Gordon Dickson approach (Score:5, Funny)
There is a special government program going on in the US right now where for $0.49 a uniformed representative of the government will hand deliver your sealed correspondence to its destination.
I find this to be a useful way to communicate and do business in the Digital Age.
Re: (Score:1, Informative)
Therein lies the rub. The laws regarding the sanctity of the mail were written prior to the wholesale auction of the government, and the entire distribution chain is controlled to where any shenanigans by either the government or private entity is obvious. I've even had mail carriers inform me of my right to refuse a package when there were signs of tampering or something else seemed amiss, thereby limiting my legal liability for the contents. Try getting that from a private business without the NSA breathi
Re: (Score:1, Troll)
You want less surveillance? Then you need a government that does less. You know "small government." ooooooo can't have that.
Re: (Score:2)
I disagree. If you look at how government was done in the 1800's or early 1900's things *are* better. Better support of health and safety, education, research, a professional civil service, product safety, help for the elderly, assistance for the elderly etc. Unfortunately there are forces that want to gut these initiatives and turn back the clock to the 1800s.
Re: (Score:3)
Is there no happy medium between regulatory micromanagement and your description of how horrible it was in the 1800s?
Re: (Score:2)
"Do you not feel that we have gone too far in the way of centralized control?"
Yes, corporations need to be less centralized and more focused on human values.
"You're not horrified at a child's lemonade stands being closed down due to lack of licensing?"
Citation please.
"Or that you must have a fence around your pool else a trespasser who falls in your pool can sue you?"
That's just common sense. I would do it any way as I do not want children or pets drowning.
"
Is there no happy medium between regulatory microm
Re: (Score:2)
and instead of thinking I was bull$hitting you could have googled it: The following will give you a good list.
https://www.google.com/webhp?s... [google.com] Re 1970s - I agree in a large part of everday life - except for the ridiculous laws on drugs, sex.
But the overwhelming mercantile regulations were bad then too. You are a big corporation (airlines) you get protected. You make money. No competition. And prices are out of reach for everyone but the wealthy
Re: (Score:2)
No, it is not my job to provide your references for you. YOU are making the positive assertion, YOU have to back it up. Not me.
Re: (Score:2)
Re: (Score:1)
Here in Canada we've got a right wing authoritarian government (the only kind of right wing government that seems to have success in a democracy).They've been preaching and shrinking government as much as they can as they believe the only functions of government are helping the oil business, bombing brown people and especially spying on the citizens. Small government doesn't help if you're only left with the spying (too expensive to monitor the spies) part of government.
Unluckily fear is a great way for a g
Re: (Score:1)
Re: (Score:1)
If you believe that bit of stupidity you haven't fucking been paying attention and are justly parroting something you heard once like a fucking moron.
Between tough on crime legislation which is unconstitutional, or surveillance legislation which is unconstitutional, or bringing in US style "politics is money is free speech" ... Harper is no no fucking way "left of the democrats".
It's a cute fucking meme, but you're apparently too fucking stupid to know what it means or why it's wrong.
It's the same faux-libe
Re: (Score:2)
Actually Harper is so far right that he is actually to the right of Obama. Slightly more authoritarian too. See the political compass. http://www.politicalcompass.or... [politicalcompass.org] http://www.politicalcompass.or... [politicalcompass.org]
Re: (Score:2)
Re: (Score:2)
Harper is smart and knows that if he raises most of those issues, he'd be gone to the same fate as the Reform Party. Instead he is doing the slow frog thing, small changes that add up. Instead of attacking health care, underfund it until people get pissed off enough to reject. Campaign Finance reform. First thing he did when he got the majority was cut public funding. Then with the "Fair Voting Act" he snuck in a bit about if the election was longer then the usual 6 weeks, spending limits go up. Notice how
Re: (Score:2)
The truly paranoid still make regular use of the mail as the manpower required to monitor it is prohibitive, and you are pitting government agency against government agency in maintaining its fidelity.
Which is why Snowden's leaks revealed that the NSA is routinely intercepting electronics packages heading to surveillance targets, installing surveillance software/malware, repackaging them as if they were new, and then sending them on their way. The leaks indicated that they were even jailbreaking iPhones in order to install their surveillance package, before repackaging the phones and making it look like they were still brand new.
The battle over maintaining the fidelity of the mail system was silently los
Re: (Score:2)
I'm trying to imagine, at the time the postal service was organized, what the public reaction would have been if it was announced that your mail would be opened and read, and the information so gained would be sold to merchants, employers, and police in your area. Would people have accepted that in exchange for free postage?
Re: (Score:2)
Don't worry though, the Postmaster General says [ap.org] they only keep the data for 1-4 weeks.
Re: (Score:2)
The professor is an optimist (Score:4, Interesting)
Big Brother is here to stay. Surveillance tools are being built into the hardware and BIOS. End to end encryption becomes moot when the data is collected at source.
Re: (Score:2, Interesting)
There does not, as yet, appear to be enough (or even any) outrage from the average internet user that might inspire the Big 3 to go to the trouble. The social media crusaders are busy wielding the power of the electronic mob for other inferred social injustices.
Realistically, u
No (Score:5, Insightful)
Cryptographers are our best hope.
What is this headline supposed to suggest? Trust cloud providers? LOL.
Re:No (Score:5, Insightful)
Communication is too basic to not be a commodity. If you have a software "vendor" then you're doing it wrong.
What is really getting fucked up here, is that we are using the names of these three companies in our discussion, rather than the names of standard protocols. Because the public isn't using standard protocols. That's intolerable.
Re: (Score:2)
Cryptographers are our best hope.
What is this headline supposed to suggest? Trust cloud providers? LOL.
I'll see your cryptographers (in the public domain) and raise you an NSA with a virtually unlimited budget and fuckloads of computing power.
Cryptographers in the corporate world are at the mercy of corporate interests that are willing to take money to install backdoors.
Re: (Score:3)
Re: (Score:3)
The key in your statement is backdoors and people suspect that some may have been put in to things like bitlocker, Android and iOS full device encrypt and other closed source products. This however doesn't prevent you from using things like TrueCrypt (included because there hasn't been shown to be any real red flags even with the limited audit), PGP/GPG, the various TrueCrypt successors, other encryption programs. Something that requires 2^256 bit flips is going to be awfully energy intensive even if it is done with the magic of quantum computers which can speed up the process but not that much (I want to say it can cut the exponent in half but I may not be remembering it correctly). So if we take an optimistic view with quantum computers that still means it takes 2^128 bit flips and good luck finding enough energy to do that. Basically proper cryptography without backdoors or flaws is something that cannot be broken even using all of the available energy in the universe. If that doesn't offer enough protection then you could always use a one time pad.
You're making the assumption that those attacking it are using the same technology that you are aware of - which may be the case. Then again it may not.
Whatever you rely on, there will be ways around it and governments just have a lot more resource to throw at something than you do. Of course they probably don't care enough to make the effort.
Re: (Score:2)
Hence, why the big three play such an important roll in protecting privacy. Yes, the NSA can circumvent just about any safeguard, beyond encrypting the entire hard drive before unplugging the machine and destroying the keys, but that is only the case for one person.
Why are they in such a tizzy about google and apple's default encryption? Because when everyone is encrypted it means no more free lunch. They will have to dedicate resources at the individual level, and that will obscure the normal persons da
Re: (Score:2)
You're making the assumption that those attacking it are using the same technology that you are aware of - which may be the case. Then again it may not.
At this point if they have something more than a dwave quantum annealer or I'll go so far as to even say a theoretical 256 bit quantum computer for technology then they likely have moved into the realm of magic pixie dust and unicorn farts. Even assuming that they have some magical theoretical device that is capable of cycling through a 256bit key space without actually destroying data, i.e. the bit flips cost zero energy, they still wouldn't have done any checks on those keys which will take energy at leas
Re: (Score:2)
Microsoft, really? (Score:1)
Windows 10 has telemetry and backdoors that no user asked for. It looks like it was designed with the NSA in mind.
Re: (Score:2, Interesting)
I'm also worried about the later Linux kernels - how much hidden features are there in them?
An independent review of one of the later kernels should be worth considering. However this doesn't really help against a leaking BIOS.
If I want to be clandestine and run a reasonably secure solution with encryption I would look at designing something using an old 8-bit microprocessor.
Re: (Score:2)
The problem is Intel's new SGX [intel.com] ("Software Guard Extensions"). They allow the creation of memory regions that "maintain confidentiality even when an attacker has physical control of the platform and can conduct direct attacks on memory". The CPU encrypts RAM so you cannot pull keys out of it with a cold boot attack or a logic analyser on the memory bus.
Of course, the rare news article about SGX likes to assume this is something intended for the user so they can protect their GPG keys. What nobody is talking
Re: (Score:2)
Fortunately, we have choices that are not Intel or Microsoft. BIOS is s tougher problem, but hardly insurmountable.
Uh uh (Score:1)
Just make sure you get the source code and verify that it matches the binary you run. Not gonna happen? Exactly.
Re: (Score:2)
Being compiled on your computer doesn't imply that the binary matches the source code. Your compiler may be maliciously inserting code into other binaries.
Re: (Score:1)
Is that Microsoft Gentoo, Apple Gentoo or Google Gentoo?
Windows 10 = privacy tool (Score:2)
I'd say Free Software is our best hope, not companies like Microsoft who build surveillance into the operating system and encourage people to store all of their files in the cloud. Didn't Microsoft destroy Skype's decentralized architecture so that they could make it possible to wiretap?
Re: (Score:2)
Didn't Microsoft destroy Skype's decentralized architecture so that they could make it possible to wiretap?
Oh no no no, they did it for "performance reasons" ;-)
Winston, hide your razor blades (Score:1, Troll)
While Microsoft hands them the keys (Score:2, Funny)
Windows 10 will safely backup your key to the cloud whenever you encrypted data with Bitlocker. Making the whole process useless. Any government agency, Microsoft employee or hacker who can get in there has full access to your data.
Hotmail wouldn't attach encrypted zip file (Score:5, Interesting)
With all the information, since Snowden, about Microsoft working hand in glove with the U.S. government I have to laugh a little at them being included here - as it seems a PR stunt on their part.
http://www.theguardian.com/wor... [theguardian.com]
Re: (Score:2, Informative)
Assuming the file is below whatever the attachment size limit for Hotmail, try renaming it to a JPEG or some other picture format file extension.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
Had this problem when I was in the military. Charged the extension to .txt or .ppt to get around it.
If that is true.... (Score:3, Insightful)
Re: (Score:2)
That's completely untrue. The lower bidders get a lot of that sweet data as well.
Re: (Score:1)
Re: (Score:2)
... we are screwed. If our best hope against government surveillance are companies who spend most of their time collecting our information to sell to the highest bidder, then we are in for some heavy government surveillance.
What makes that even more disgusting is the way in which our government is "paying" these companies in exchange for information.
Tell me IRS, how much did these companies pay in taxes in recent years as the largest entities in the history of capitalism?
Yup. Thought so.
Oh yes lawmakers, tell us again how we should raise taxes. I just love hearing that fucking line again...
Hey - hear him out! (Score:2)
Really good for him to put the facts on the table for all to appreciate.
And it's also been very brave of Google, Apple, Microsoft and Facebook to criticize governements and corporations who don't have high standards of privacy or care to protect the rights of others.
Well done these four!
They all deserve a big award.
Who guards the henhouse? (Score:1)
Tech companies = front door surveillance? (Score:1)
As a European:
Goverments have no credibility, especially US gov.
Corporations in general has no credibility, especially Microsoft and all telecoms companies
I suggest letting privacy oriented organizations dictate terms to both governments and corporations, and let the shitshow play out.
Rapists in savior's clothing (Score:4, Insightful)
"Tech companies" are no saviors of anyone but their executive staff and their shareholders. It has been well established that, as a general rule, sociopaths are in executive control of virtually every human hierarchy, be it a corporation or gang or government or military. The Peter Principle is a myth, a misdirection; the real principle at work is that sociopaths willing to make the "hard" unethical decisions that disproportionately benefit each organizational tribe are the ones who consistently get elected, appointed, promoted. Tribalism is very alive and well, and it's sociopaths who benefit the most from exploiting it.
In the case of tech companies, at the same time they appear to be resisting government oppression they are also supplying government (and anyone else with cash in hand) with the tools it needs to oppress. That doesn't sound messianic to me at all.
So who is this Ryan Calo that he is motivated to publish such misdirecting tripe?
You don't fool me Microsoft! (Score:2)
Govenment Is Not Working For It's People (Score:3)
Is this how it ends?
Trouble is (Score:1)
What the hell sort of propaganda is THIS!? (Score:2)
..Google, Apple, and Microsoft pushing back against government surveillance..
Are you FUCKING KIDDING ME!? Especially Microsoft, with it's gods-be-damned spyware package entitled "Windows 10"!? Seriously!? What the actual fuck!?
Re: (Score:2)
The law is the problem (Score:2)
Until the law is changed, providers cannot be trusted as they can be compromised with an NSL.
End-to-end encryption in email (Score:3)
Unless the keys reside only on the end devices then it ain't secure.
If that's true, then we're doomed (Score:2)
All of those companies (albeit Apple least of all) are pretty cavalier about their own invasions of our privacy. None of them are defenders. At best, they're just giving us the choice of who will be spying on us.
If they are our best hope, then we've already lost.
Re: (Score:1)