09 August 2013

The Privacy Tragedy or NDA Considered Impossible

The classic tragedy is a sad story - as protagonists usually suffer from serious losses.

The last few weeks have shown that our privacy had been lost years ago - without us (protagonists) realising it.

Now, with the heroic help of guys like Ed Snowden, the magnitude of this privacy-loss became visible:

* Governments (especially from the US, Germany, UK and maybe several others) violate fundamental privacy rights (like the American Constitution and the German Grundgesetz).

* Companies trying to keep their users' data private are forced by governments to either shut down their operation or violate privacy rights.

* All Internet traffic is systematically monitored by government agencies - without users' consent. They are reading ALL our communications.

The Root of All Evil: Yes - We Scan!

The root of this evil is located in the USA and its villains (Germany and the UK as prime examples). Storing and processing (private) data and communication via companies located in these countries has from now on to be considered unsafe, sometimes harmful!

Ok - you probably already knew that. And you knew Obama's slogan "Yes, We Scan"?

The Tragedy

We cannot do a single thing about it - without giving up the comfort zone:

* Our operating systems are designed (sometimes well, sometimes worse) in the USA. I personally find it *very* likely that modern operating systems already contain backdoors for governments.

* Most communication and social networking services are located in the US (Facebook, Twitter, Google, Yahoo, LinkedIn) or Germany (Web.de, GMX, Telekom) - and actively cooperate with governments! They freely give away your private data!

* Many convenience services are located in the US (Dropbox, Evernote, GoogleDrive, Microsoft-SkyDrive). Despite their claims to keep our data private, they all cooperate with Governments.

* The fundamental infrastructure for large portions of software development is tightly connected to US companies (Java -> Oracle, C# and dotNet -> Microsoft, VMWare (SpringSource), JavaScript (Apple, Google)).

* OpenSource is only better in theory: For larger systems (like Linux, Firefox, BSD, Gnome, KDE, MySQL) it is simply not viable to inspect the source code for potential security or privacy issues. How can I keep my trust in systems like TrueCrypt or the EncFS (encrypted file system)?

We Are Lost

I have never in my life been more frustrated with politics and these so called "democratic" governments (this incompetent morons that failed in protecting our Grundgesetz or the US constitution). They value secret agencies higher than our rights to keep private information private!

We lost privacy in digital life. No (comfortable) way out of this!

NDA Considered Impossible

I earn my money with software and computer stuff. It involves private and sometimes even secret information.

I usually sign privacy agreements (NDA, non-disclosure-agreement). I promise in this legally binding documents not to give away *any* private or secret data.

From now nobody in our business can keep such a promise! Somebody gives me digital data - some rogue government will be able to read it!

Hope In Small And Painful Doses

Yes - you can encrypt your email (PGP, GPG or S/Mime). All of these solutions require a considerable investment in software and organizational infrastructure.

Yes - you can move to self-compiled Linux kernels and window drivers. If you're willing to invest days to get the most fundamental system up-and-running. None of the sexy software packages run on your exotic system. It's not nearly as comfortable as the commercially available alternatives.

And - what will be a trustworthy compiler? Is the backdoor already build into your hardware (which is most likely driven by US-designed chips…)

Yes - you can move away from *all* the comfortable network and cloud-based services. No Google or Bing searches, no tweets, no Facebook, no Dropbox, LinkedIn or Xing any longer.

Despite myself trying some of these steps - tragedy struck. We're lost our privacy.

Thanx, Ed, for making this clear.