For those who have been living under a rock for the past month or so, Edward Snowden is the whistleblower and political dissident who leaked evidence of vast illegal US and UK internet surveillance projects, and who has currently been granted asylum in Russia. Given the American government’s shockingly poor record on the treatment of its political prisoners, as well as their clear desire to make an example of him, I for one am relieved Russia stepped up to its obligations under international law. Granting Mr Snowden some respite from persecution, however temporary that may be, was both legally and morally the right thing to do, even if the cognitive dissonance that I feel from the reversal of the traditional narrative is giving me a migraine.
Lavabit, a Texas based provider of encrypted email apparently used by Snowden, shut down to avoid becoming “complicit in crimes against the American people”. Later Silent Circle, based in Maryland, did the same, taking the view that it was better to close down and destroy its servers than to deal with the inevitable bullying.
The message seems to be simple. You can’t rely on the security of services where the data is out of your control, especially if the machines or companies involved have ties to the USA, but to say you’re safe from this sort of thing because you use a non-us provider (as many seem to be saying) is frankly delusional.
For those who are looking for alternatives to giving all your data to a third party, I do suggest you check out the #indieweb community, especially if you’re a builder. #indiewebcamp-uk is happening in September in Brighton, RSVP here.
It seems it is fast becoming a dangerous time to be a software creator, and no matter how secure your platform, you always run the risk of the rubber hose technique. As an industry, we are living in “interesting times“, it will be interesting where we go from here.
Update: Graham Klyne points out that Silent circle haven’t shuttered their end-to-end encryption offerings.
Image “Security” by XKCD.