Slashdot Mirror
Inside the Decision To Shut Down Silent Mail
Trailrunner7 writes with this snippet from ThreatPost:: "Silent Circle's decision to shut down its Silent Mail email service may have come quickly yesterday, and the timing of the announcement admittedly was prompted by Lavabit's decision to suspend operations hours before. But the seeds for this decision may have been sown long before Edward Snowden, who reportedly used Lavabit as a secure email provider, was a household name and NSA warrants for customer data were known costs of doing business. ... 'When we saw the Lavabit announcement, the thing we were worrying about had happened, and it had happened to somebody else. It was very difficult to not think I'm next,' Callas said. 'I had been discussing with Phil [founder and PGP developer Phil Zimmerman] over dinner the night before, should we be doing this and what the timing should be. I was looking at it from point that I want to be a responsible service provider and not leave users in a lurch. [The Lavabit announcement] told me I have to start moving on it now.'"
Too bad that all the other service providers don't look at it the same way as Zimmerman. They apparently see the NSA money as a profit center. Their customer's data is simply something to be monetized in any way possible. All those crap "privacy policy" documents they've mailed to us over the years aren't worth the paper they are printed on. Don't be surprised to see Google, Facebook, Amazon et al, plus all the cloud providers, start showing lowered revenue in the next few financial quarters. As always, consumers will vote with their wallets.
This is called "oppression," when you live in fear of being the "next" target of government "scrutiny."
I don't think there is any money directly attached. It's more of a threatened 'if you don't comply we throw you and your employees in jail' thing. Not sure how that would work out in a real world courtroom (I'd like to assume it would make it to court including a jury), but the companies likely don't want to chance it. Can't say I blame them in this case- it's looking like McCarthyism (http://en.wikipedia.org/wiki/Mcarthyism) all over again. Sorry for the rusty geek skills.
To reliably do this, they must move themselves and have a self-hosted solution. If you host your data with anyone else you need to believe they value your data more than the money to be made from it or you are worth the head-ache of annoyingly trying to protect it from government agencies.
Over the last 10 years from time to time people within my company (which highly depends on privacy) have suggested hosting our servers/services with external hosting providers/cloud solutions. Every time I refuse. Their arguments are valid. It could be cheaper. It removes the hosting burden. These large providers are experts and could have better security. Even all of that being true the overriding truth as I see it is even though they may be better, cheaper, etc I can promise you we care about our data more than they will. FBI raids a data center for someone elses server and grabs our with it? Sorry, it was the FBIs fault! Any business reality makes handing over our data a legal requirement or just more convenient legally? Sorry we had to!
The last few months revelations just confirm what I've always known. If security and privacy are your business and you take it seriously, you had better be hosting it yourself. Google may have better technical experts than you, but I promise the people who actually make decisions internally care more about your data and will fight for it more when you host internally.
"reality has a well-known liberal bias" - Steven Colbert
There's negligible money in complying with these (illegal) 'requests' fro data. Why spread FUD? If you want to do something about it, fix the damn US government. Personally,I'm still surprised a few of those companies haven't moved to Canada.
Secure email on mobile phones is not going to happen. The host is compromised.
1) Actually the number of people who have access to it is over a million, so this requirement is satisfied.
2) EVERYBODY is a reasonable suspect, so this requirement is satisfied.
3) Terrorism is defined by the law in such a way that hiding what you are doing is plausible grounds for suspicion of terrorism, so this requirement is satisfied.
Aren't you glad you're cool with mass survielance.
I think we've pushed this "anyone can grow up to be president" thing too far.
I don't think there is any money directly attached. It's more of a threatened 'if you don't comply we throw you and your employees in jail' thing. Not sure how that would work out in a real world courtroom (I'd like to assume it would make it to court including a jury), but the companies likely don't want to chance it. Can't say I blame them in this case- it's looking like McCarthyism (http://en.wikipedia.org/wiki/Mcarthyism) all over again. Sorry for the rusty geek skills.
sure there is money involved for the taps. it's not an extra tax. of course this applies only to the ~5 biggest service providers of nsa. and it's not a secret that telephone providers are not the one's footing the bill for phone taps.
plus, what good is a jury consisting of people chosen by the court in secret who can only give a verdict that's secret and can't speak of it to anyone....
world was created 5 seconds before this post as it is.
And no bullsh*t interpretations of the above rules.
You mean like
drugs==terrorism
child sex abuse==terrorism
child=<17 years old
The host is compromised.
This is a good point. Dare I enter my GPG passphrase on a Droid, when Motorola is uploading some fraction of what I do to its servers in the background?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
1) How would you guard against that?
2) If it's based on individual suspicion, it's not mass surveillance anymore. Or do you mean everything is recorded but only released if an individual case merits it? That is not unreasonable in principle, but there would have to be an ironclad mechanism for releasing these recordings in approved cases only.
3) Maybe you also want to include kiddie porn. And drug trafficking. And seeding sedition. And copyright violations. And if you don't want to include any of that, there are plenty of legislators and voters who do want this. See how that works?
I also think that there are cases where mass surveillance would be warranted. But in practice I think the downsides and dangers, not to mention any honest person's right to privacy, far outweigh the potential benefits. Even if those benefits include not having the occasional occupied building or train blow up. Freedom does come at a price
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
It's not the threat of jail, but the threat that things can start going wrong for any provider that does not play ball with the NSA.
It's like the mafia thugs that come into the restaurant and sell the owner "insurance" because "a lot of bad things can happen, you know?"
There is a very short window of opportunity to stop the Panopticon now. Unfortunately, the people in power have made it clear that nothing in the political process is going to stop them. The solutions, if they come, will be outside of the political process. They made it that way, so people who resist ubiquitous surveillance and surrender of privacy can be seen as "radicals" and "terrorists" and worse.
There are some bad times coming, I fear.
You are welcome on my lawn.
With corporations, unless they are some group like the EFF and "profits be damned we'll fight for our customers rights" the various legal requests, etc. will make fighting it so expensive that they eventually comply...
Unfortunately, when it comes down to the individual, things happen.
"Anonymous drug tip" results in a SWAT raid at 3am where you are shot. Or your family is shot. Same with "anonymous terrorist tip". Or "opps wrong address".
Ok, I'll turn down the paranoia...
"Sir, we'd really like to check things out but don't have time to get a Warrant. Do you have something to hide?"
or
"Well we know we can't legally get a warrant, but we can harass him with various criminal charges until his lawyer fees bankrupt him or until he complies".
Or I'll turn the geek paranoia back up
Slowly but surely over a number of years a back door has made it into GCC and other critial parts of the compiling tool chain that those "terrorists and criminals who use black terminals wtih white text instead of Windows Vista" use... and between access at your ISPs end and exploits that are now present on your computer, via kernel or userland stuff, and they manufacture the evidence or just suck it all off your computer.
Don't blame me, I voted for Kodos
There are no cases where mass surveillance is warranted. Thats what a WARRANT is for, enabling justified and warranted action in a very limited scope. The idea being that Liberty infringement is a more serious concern then being able to record everything for possible safety. In principle, mass surveillance is unreasonable for human beings.
Good-bye
The Constitution is not a suicide pact. There are options between colonoscopy-level-surveillance and nuclear-price-of-feedom.
Too bad that all the other service providers don't look at it the same way as Zimmerman.
So unless all service providers shutdown nothing will get done. The hard fact is the American people *DO NOT CARE* about this, you would have to forcibly take away all service provider options for them to act, and even then it's dubious as to whether they actually would. Are they shutting down their gmail and hotmail accounts en masse? No. What is happening now is *exactly* what they claim they need the right to bear arms for.
How do you think tons of drugs from Mexico and Colombia get into the US every day?
The Overlords want you to think that it is all due to corrupt policemen and politicians south of the border, but how does it get in and then gets distributed?
Same answer, corrupt policemen and politicians. But they want the market for themselves, so yes, you try to do it on your own, you're a terrorist!
Be very, very careful what you put into that head, because you will never, ever get it out. - Cardinal Wolsey
Well that depends, right? It's reportedly $25 a request. Do you know how many requests they are making? That could add up to a lot of millions.
That really isn't where the profit is.
The profit is in not being blacklisted from government work, being harassed by the FTC, not having your car randomly crash into a tree and explode into flames, et cetera.
Oh please! The American public tweets their favorite sexual positions and post pics of themselves stoned on FB, think they are gonna give a rat's ass about privacy or the NSA?
I'm sorry but the NSA have the perfect position here in the states with the majority doing mindless exhibitionism so blatant you'll often be able to find out more about them than their lovers know which makes the few that still care about privacy stick out like sore thumbs and that much easier to track. The future is Big bro all right but its gonna be "Big Brah" and it'll be the public gladly handing over every scrap of info about themselves hoping to score a few more likes on whatever social shit is popular this week.
ACs don't waste your time replying, your posts are never seen by me.
The American public tweets their favorite sexual positions and post pics of themselves stoned on FB
Some people do that stuff. And some people run large corporations and associations that guard their data and communications quite closely. America is not a homogenous group of pot-heads and sex-crazed teenagers.
Some people are criminal defense attorneys and healthcare law attorneys and civil rights attorneys that are busy suing the government to defend the rights of citizens. You think they want their private emails reviewed by big brother?
Kiddie with a (semi)nude picture of itself on their own phone => kiddie-porn manufacturer
Kiddie having received an above picture of same-agged other kiddie => pedofile
A couple of kiddies having a relationship and the older one of them (even by couple of a months) becomes 18 => pedofile
As a male taking a leak in the bushes and someone sees you => pedofile
Drawing a nude kiddie on paper => kiddie-porn manufacturer
And those are just the ones that went to court.
Sorry, can't remember good generic examples about terrorism, save for that pretty much everything gets tagged with it
Robbing a bank ? Terrorism
Someone sees you when you show a gun to some friends ? Terrorism
Taking pictures of a public object ? Terrorism
Disagreeing with some "authority" which tries to tell you that that is illegal ? You're (must be) a terrorist.
On other words: don't hold your breath. The ones with the authority probably have to much fun with having manufactured yet another reason to harras the common citizens and the citizenry is too eazy to scare (one way or the other) into cooperation.