Since the leaks from whistleblower Edward Snowden revealed that the US government has been running an unprecedentedly enormous data gathering effort on basically all Americans, Congress has been slow to remove what many see as an unforgivable overreach of government power.  In fact, today’s Congress is barely even capable of naming a post office these days.  If the government is unwilling to go without spying on our phone records, maybe there’s a solution that doesn’t require Congress to do anything.  Can private companies find a way to just block the government from collecting this data in the first place?

More precisely, is it legally tenable to just encrypt your data so thoroughly that the NSA won’t be able to read it when they get it?  Recently, Snowden’s leaks revealed that RSA, a cybersecurity company, contracted with the NSA to spread the NSA’s random number generator in RSA’s security products.  The generator had been intentionally weakened to create backdoors for the agency for its domestic spying efforts.  The backlash has been fierce.

In light of such shenanigans, both in government and the private sector, the ongoing debate has been what the average person can do to keep the government from snooping on your Snapchats.  One solution is to just to encrypt your data in such a way that it becomes nearly unusable without a key.  The secure email service Lavabit used a method where all email was encrypted to a key known only to the user.  When a court ordered the metadata surrounding Snowden’s email (i.e. ‘to’ and ‘from’ headers) to be revealed, the founder was unable to comply and eventually ended up shutting down the service entirely rather than hamstringing his users’ privacy protections.

Cybersecurity companies are thus finding value in the notion of being “NSA-proof” and direct marketing efforts to find customers wary of potential government-endorsed breaches, but find themselves in uncharted legal territory.  What if you trust a company with your data, only to find the company’s NSA-proof security hobbled by some court order?  Because of this risk, and because of the sensitivity and huge amount of data involved, a former NSA official is now warning companies that collect data to be transparent about what they collect, lest they find themselves in some hot water.

Or maybe the solution is to leave your data outside the reach of US-based cybersecurity companies entirely.  The founder of Lavabit recommends just that in the farewell letter he posted when shutting down the service.  If you can’t beat ‘em, flee.

–Tom Hayden

Image Source

Tagged with:

Comments are closed.