Dear Dr. Schneier, new surveillance laws will not do, we also need “auto-guaranteeing” user-controlled ICT services

Bruce Schneier, arguably the world top security expert, in todays post More on NSA Commandeering the Internet, report about the owner Lavabit, until a few weeks ago one of the world most private email service, with half million users:

Last month, Levison reportedly received an order — probably a National Security Letter — to allow the NSA to eavesdrop on everyone’s e-mail accounts on Lavabit. Rather than “become complicit in crimes against the American people,” he turned the service off.

It’s what happened next that is the most chilling. The government threatened him with arrest, arguing that shutting down this e-mail service was a violation of the order.

Schneier concludes:

Every Lavabit-like service that shuts down — and there have been several — gives us consumers less choice, and pushes us into the large services that cooperate with the NSA. It’s past time we demanded that Congress repeal National Security Letters, give us privacy rights in this new information age, and force meaningful oversight on this rogue agency.

I invite Dr Schneier to reason if even perfect new legislation can be sufficient to prevent, or even detect, continuous and wide-spread abuses to the privacy of citizens by NSA and others. Or if maybe the solution may be technological or, more precisely, in the procedural and organization processes behind private Internet service offering.

Even we had perfect (and non-secret) legislation in regards to Surveillance and its oversight, and even publicly-disclosed NSA internal regulations interpreting those laws, users of any Internet device, service or end-to-end solution may still have no reasonable or substantial way neither to detect nor to prevent wide and continuous violations of their constitutional rights.

The solution may reside in building large-scale no-profit end-to-end communication service offerings, and in particolare their procedural, organizational and certification processes, that do away altogether with the need for trust in anyone – as argued by Lawrence Lessig, and as is the basis of the security ballot boxes during well-run paper-based governmental elections – because the quality and precision of those processes, covering both devices and servers-side of a given end-to-end ICT service, intrinsically “auto-guarantee” their own constitutionality.

Here’s how such process could work as applied to server room management processes, in an excerpt from User Verified Social Telematics project:

The CivicRoom is a server room inside the CivicLab, that hosts the servers providing UVST services, the latest version of the CivicPod/Phone firmware and approved applications, and the keys that are necessary for law officers to decrypt communications and logs among UVST end users. In addition to state-of-the-art end-to-end security provisions, live streaming and many other transparency procedures, any physical access to the server room (CivicRoom) will be physically conditional to the presence and approval (through keypad locks) of at least a «jury» of 5-10 randomly-selected rotating users and/or with conflicting interests, in ways similar to the what is possibly the “most beneficial security invention of human history”, democratic procedures for polling stations and ballot boxes for well-run paper-based governmental elections. If an admin, rogue state agency and/or anyone wants to commit an illegal OR unconstitutional act in the server room, then each «jury user» – before, during or after – can type in their key pads their «emergency code» instead of their “access code”. If two of them do, then all user are automatically notified of a potential breach, if a majority of them do, then an automated procedure to make «scorched earth» as done by Silent Circle, possibly automatically switching the service to a P2P solution. It will not be detectable who of them typed the «access code» and who typed the «emergency code» of them did. In the case of unconstitutional access, but legal (secret or public law). The will therefore allow for effectively allow for peaceful civil disobedience actions to protect all users.

Who then guarantees and certifies the adequacy of the software, hardware and procedures, and updates those standards? It sure needs to be an extremely competent and independent body, let’s call it CivicAuthority. And who would then control the controllers? CivicAuthority may potentially accrue a huge power that need to be thoroughly checked, through effective and democratic organization procedure and body, let’s call it CivicOvershight.

Such organization could be intergovernmental but it would probably inspire more trust if it was non-governmental but thoroughly democratically accountable.

Here’s how such body could work, in an excerpt from the User Verified Social Telematics project:

The CivicAuthority, a global dedicated committee made mostly of leading IT security experts digital civil rights organizations – but also consumer, authors and content rights holders associations – also responsible for the updating of the certification specifications. It is run by proceeds from certification revenue and from % of revenue generated by CivicProviders. We’ll propose membership in order to: Privacy International, EFF, EPIC, CDT, Human Rights Watch, Amnesty International, Altroconsumo, and more. Such board would be re-elected by and accountable directly to an informed sample of ordinary citizens through deliberative polling(tm) procedures, CivicOversight.

If our hopes are in the politicians hands, we have little reason to hope. But with user-controlled user-verifiable auto-guaranteeing services, that enable digital civil disobedience, we can directly protect our freedom and affirm technologies and practices that improve even the ability of security agencies to promote their missions, proving that security and privacy are no zero-sum game, on the contrary.

Leave a Reply