U.S. tech companies could go “dark” to regain trust
Going dark
The first recommendation he makes is to “hide in the network.” In essence, this means becoming part of the “dark Web” provided by technologies such as Tor. This advice has been heeded by many people, with the number of users of the Tor network surging in August from one million to five million daily users. Users rated by country reflect those most affected by the NSA spying, namely; U.S., Brazil, Germany, France, and Spain.
Using Tor is relatively straightforward involving the download of a Tor browser bundle that handles the connection to the network along with providing a browser that is set up to maintain anonymity.
Tor does restrict what you can do on the web and involves the user understanding that Tor hides the details of the Internet address you are using, not what you then subsequently do on the Internet. There is no point using Tor, for example, if you are then going to log on to Facebook. Secure applications that encrypt all communications do exist however. One such application, Cryptocat, can be used to provide secure encrypted internet messaging.
Schneier also argues users should be suspicious of commercial encryption software from large vendors. Here the question of who you trust becomes more challenging.
Apple has claimed it is not able to read user’s iMessage messages, but this has now been demonstrated to be false and certainly within the NSA’s capabilities even without Apple’s assistance.
Instead of using commercial software, Schneier recommends using public-domain and open source encryption.
If you can’t beat them, join them?
All of this has left companies like Google, Yahoo, Apple, and others in a quandary. It is one thing for individual users to decide to protect themselves and to implement encryption technologies on top of their services but it would become quite catastrophic for their businesses if governments started moving against them, following the lead of China, Iran, and other countries.
There is definitely a motivation for major technology companies to provide a verifiably secure means of allowing users to communicate securely without an ability for the companies to provide access to security agencies, even if requested to. Two companies, Silent Circle and Lavabit, have come together to form the Dark Mail alliance in an attempt to do exactly this.
The Dark Mail alliance will attempt to create open source protocols that allow for end-to-end encrypted e-mail without the possibility of back doors. Both companies do have the advantage of some credibility. Lavabit was the service that Edward Snowden used when communicating with journalists and was forced to shut down when the FBI demanded it hand over keys to access encrypted communication from Snowden.
Silent Circle was formed by Phil Zimmerman, the inventor of the open source PGP encryption software which is still one of the most secure and trusted ways of encrypting e-mail and other data available today.
The question is whether companies like Google would be equally trusted if they were to implement Dark Mail or even their own version of Tor. But this is just what they may have to do to retain the trust of users and avoid countries legislating against their use or moving to create their own national versions of Dark Mail.
David Glance is the director of the Center for Software Practice at University of Western Australia. This story is published courtesy of The Conversation (under Creative Commons-Attribution/No derivatives).