US tech companies could go ‘dark’ to regain trust

With more internet users going dark, will tech companies follow them? Owen's/Flickr

With each new revelation of the scope of the American National Security Agency’s spying, perceptions of the importance of privacy are hardening around the world.

Systematic monitoring of the world’s communications can possibly be justified when terrorism is the driver, but it’s clear the spying has not been limited to terrorist targets.

Brazil’s largest oil company Petrobas has been spied on along with the United Nations and possibly the most shocking of all, the phone calls of German Chancellor Angela Merkel.

There could be no justification for spying on Angela Merkel on the basis of protecting the US or anyone else against terrorism. This was plain political espionage using the massive technological monitoring capabilities at the NSA’s disposal.

German Chancellor Angela Merkel has been the subject of spying. EPA/Wolfgang Kumm/AAP

Nobody could be left in any doubt that the US’s interests extend beyond terrorism and for that reason corporations and civilians worldwide are always going to be “subjects of interest”.

After discovering that it has been subjected to NSA spying, Brazil has initiated calls for internet infrastructure and governance that bypasses the US. Brazilian President Dilma Rousseff is trying to legislate that internet companies like Google and Facebook store all data relating to Brazilian users locally, a move being opposed by these companies.

Brazil is also building a “BRICS Cable” that connects Brazil, Russia, India, China and South Africa in order to bypass the the current cable that is routed through Miami.

At the same time, internet users are revisiting their use of encryption and anonymisation technologies. Although the move to try and protect privacy might have started because of concerns over the NSA, there is now general acceptance that it’s not simply the US that is engaging in systematic monitoring. This has been a worldwide phenomenon with the only distinction being whether the spying was done simply in the individual country’s interests or on behalf of another like the US.

Security analyst Bruce Schneier has outlined 5 pieces of advice for those wishing to remain secure from the NSA and other agencies.

Going dark

The first recommendation he makes is to “hide in the network”. In essence, this means becoming part of the “dark web” provided by technologies such as Tor. This advice has been heeded by many people, with the number of users of the Tor network surging in August from 1 million to 5 million daily users. Users rated by country reflect those most affected by the NSA spying, namely; US, Brazil, Germany, France and Spain.

Using Tor is relatively straightforward involving the download of a Tor browser bundle that handles the connection to the network along with providing a browser that is set up to maintain anonymity.

Tor does restrict what you can do on the web and involves the user understanding that Tor hides the details of the internet address you are using, not what you then subsequently do on the internet. There is no point using Tor, for example, if you are then going to log on to Facebook. Secure applications that encrypt all communications do exist however. One such application, Cryptocat, can be used to provide secure encrypted internet messaging.

Schneier also argues users should be suspicious of commercial encryption software from large vendors. Here the question of who you trust becomes more challenging.

Apple has claimed it is not able to read user’s iMessage messages, but this has now been demonstrated to be false and certainly within the NSA’s capabilities even without Apple’s assistance.

Instead of using commercial software, Schneier recommends using public-domain and open source encryption.

If you can’t beat them, join them?

All of this has left companies like Google, Yahoo, Apple and others in a quandary. It is one thing for individual users to decide to protect themselves and to implement encryption technologies on top of their services but it would become quite catastrophic for their businesses if governments started moving against them, following the lead of China, Iran and other countries.

There is definitely a motivation for major technology companies to provide a verifiably secure means of allowing users to communicate securely without an ability for them to provide access to security agencies, even if requested to. Two companies, Silent Circle and Lavabit, have come together to form the Dark Mail alliance in an attempt to do exactly this.

The Dark Mail alliance will attempt to create open source protocols that allow for end-to-end encrypted email without the possibility of back doors. Both companies do have the advantage of some credibility. Lavabit was the service that Edward Snowden used when communicating with journalists and was forced to shut down when the FBI demanded it hand over keys to access encrypted communication from Snowden.

Silent Circle was formed by Phil Zimmerman, the inventor of the open source PGP encryption software which is still one of the most secure and trusted ways of encrypting email and other data available today.

The question is whether companies like Google would be equally trusted if they were to implement Dark Mail or even their own version of Tor. But this is just what they may have to do to retain the trust of users and avoid countries legislating against their use or moving to create their own national versions of Dark Mail.