Last Week in Privacy, Encryption, and Surveillance

A lot of stuff has been going on recently in encryption and privacy’s confrontation with the government. I’ll start off on a couple high points.

WhatsApp

WhatsApp turned on encryption for all of its users. WhatsApp is not a big deal here in the United States (at least among the mainstream), but it is huge around the world. I know many people with family in Latin America and they all use WhatsApp to message, chat, and video conference with them. This is a huge deal for privacy and would be rendered virtually illegal should Feinstein and Burr’s bill become law. I hope that other tech companies will take notice and follow WhatsApp’s example.

Microsoft vs the US Government

Microsoft is suing the US Government over their custom of accompanying warrants with gag orders that prevent them from informing their customers that their data has been searched by law enforcement. Often these gag orders do not have an expiration date, meaning that people the government holds an interest in may never know that their data has been accessed. Microsoft is much more balanced in their statements than I would have been:

We believe that with rare exceptions consumers and businesses have a right to know when the government accesses their emails or records. Yet it’s becoming routine for the U.S. government to issue orders that require email providers to keep these types of legal demands secret. We believe that this goes too far and we are asking the courts to address the situation.

To be clear, we appreciate that there are times when secrecy around a government warrant is needed. This is the case, for example, when disclosure of the government’s warrant would create a real risk of harm to another individual or when disclosure would allow people to destroy evidence and thwart an investigation. But based on the many secrecy orders we have received, we question whether these orders are grounded in specific facts that truly demand secrecy. To the contrary, it appears that the issuance of secrecy orders has become too routine.

The urgency for action is clear and growing. Over the past 18 months, the U.S. government has required that we maintain secrecy regarding 2,576 legal demands, effectively silencing Microsoft from speaking to customers about warrants or other legal process seeking their data. Notably and even surprisingly, 1,752 of these secrecy orders, or 68 percent of the total, contained no fixed end date at all. This means that we effectively are prohibited forever from telling our customers that the government has obtained their data.

We believe these actions violate two of the fundamental rights that have been part of this country since its founding. These lengthy and even permanent secrecy orders violate the Fourth Amendment, which gives people and businesses the right to know if the government searches or seizes their property. They also violate the First Amendment, which guarantees our right to talk to customers about how government action is affecting their data. The constitutional right to free speech is subject only to restraints narrowly tailored to serve compelling governmental interests, a standard that is neither required by the statute being applied nor met by the government in practice here.

BlackBerry and the Mounties

The Royal Canadian Mounted Police have access to the encryption keys for BlackBerry phones. This is an interesting companion to the WhatsApp news. Despite BlackBerry’s end to end encryption the RCMP have access to the keys and there is risk that these keys cannot be kept secure and every BlackBerry customer, including many corporations and government organizations world wide, is exposed to potential harm.

CGP Grey Videos

CGP Grey made a couple great explainer videos on encryption, comparing them to physical keys and pointing out how they are vastly different. In the second video Grey discusses how private and intimate phones actually are.

Nothing to Hide?

The Washington Post discusses how knowledge of surveillance increases self censorship, thereby surpressing minority opinions. I know it’s made me think twice about saying something I felt strongly about here and there. Speaking of the Post, take another look at Top Secret America, a revealing pre-Snowden project detailing government surveillance in America.

Surveillance Encryption Security Privacy NSA Technology