
For German, Swiss Privacy Start-Ups, a Post-Snowden Boom - BillFranklin
http://blogs.wsj.com/digits/2014/08/20/for-german-swiss-privacy-start-ups-a-post-snowden-boon/
======
pilif
If you trust a provider from Switzerland, be mindful that you also trust the
Swiss state: Since 2002 all communication providers are forced to keep a log
of all communication flowing over their pipes and hand that out to the
authorities on request. Reading the law, I think this isn't just metadata
(which would be bad enough) but actual data too. Also, data needs to be kept
for up to 30 years.

Now granted, our authorities are way less heavy handed in their approach than
the various US agencies, but still, if you don't trust the Swiss government
(btw: lately not willing to stand up to US demands), you should not, by any
means trust any Swiss company to handle data for you.

If you read german, here's the law:
[http://www.ejpd.admin.ch/content/dam/data/sicherheit/gesetzg...](http://www.ejpd.admin.ch/content/dam/data/sicherheit/gesetzgebung/fernmeldeueberwachung/entw-d.pdf)

~~~
_delirium
Huh, permanent full-data logging seems pretty onerous even just from a
technical perspective. Does a cloud provider like Exoscale really have to keep
a copy of _everything_ that ever touches their cloud? That'd be some pretty
massive data warehousing.

~~~
pyre
Don't worry. The government is working on building a warehouse to alleviate
them of that burden. They'll just forward all data to the government-run data
warehouse. Free of charge! ;-)

------
CaptainZapp

      Lavabit was forced to close down in August 2013, after being forced to disclose classified documents.
    

Sigh!

No it was not. They where forced to hand over the private server keys, which
is _much_ more significant than "disclosing some classified documents" and so
Mr. Levison decided to shut it down.

It may be just a pet peevee of mine, but can't journalists do some minimal
research before writing about a subject?

~~~
nodata
Mr Levison believed that shutting it down was the only decent option
available, so he _was_ forced to shut it down...

~~~
tptacek
It's worth remembering that he was forced to shut it down because he designed
it in a way that made it not just possible but inevitable that the DOJ would
eventually get a court order for keys.

There is no transition in the investigative state machine for "data relevant
to our investigation to which we are lawfully entitled exists and is available
to us, BUT we will not retrieve it because doing so would be invasive to other
members of the service". It's possible --- we could do some research --- that
that transition exists in the state machines of _no western government at
all_. Knowing that: if it's feasible to obtain information from a secure
message service, eventually, the courts will mandate its retrieval.

As of 2014, there is a fundamental tradeoff that we know for a fact exists:
you can design an encrypted mail service that is trivial for users to adopt,
or you can design an encrypted mail service that meaningfully resists judicial
power. You can't do both.

~~~
jeffrey8chang
Yes, you can design an encryption tool that's both trivial to adopt, and
resist judicial power at the same time. And this is exactly what I'm doing
now:

[https://www.kickstarter.com/projects/620001568/jackpair-
safe...](https://www.kickstarter.com/projects/620001568/jackpair-safeguard-
your-phone-conversation)

It's an end-to-end voice encryption device using Diffie-Hellman protocol for
completely-distributed key exchange, so the keys never leave the box and
there's no way we can hand over any key, or traffic, to the authorities.

The user interface of JackPair is minimal; it's connected with any phone and
headset through standard 3.5 mm audio jack. All you need to do is to press the
button on it to set up secure line over established phone calls. It's zero
configuration with no software to install, no service subscription, and it
works with any phone you already have.

~~~
danielweber
FYI, based on previous discussion, by "trivial to adopt" he means "you can use
it in your current browser and in a new browser if you remember your
password." Which is reasonable, but I totally see why you think your own
solution fits your own definition of "trivial to adopt." Domains are a bit
different.

I see you plan to publish the source -- do you have a way that someone can
verify what is running on their device, such as using common components so
they can load the code themselves, or maybe a version that runs as installed
software on a desktop computer? (This wouldn't be as convenient, but it could
provide safety to the ecosystem if it could detect hostile clients.)

 _EDIT_ I wonder how much computational power it would take for an attacker to
do a man-in-the-middle attack that recognizes each side saying "the code is
123" and change the voice to say "the code is 456."

~~~
jeffrey8chang
Got your point on "trivial to adopt". I didn't see discussions w.r.t. browser
here.

It's a good idea to find ways for users to verify what's running on the
device. Right now, the USB port on JackPair is only for user to re-charge
battery. We can open it up for user to load the code themselves, but this will
also make it vulnerable for USB hacks. Any suggestions here?

The encryption software of JackPair can be run on PC, except for the assembly
optimization for our ARM cortex M3 based DSP core. It's ok to verify software
this way; it'll be open sourced anyway. But I'm not convinced that average
users can make sure their PC or smart phone secure enough to run JackPair as
pure software solution.

For MitM human voice mimicking, in additional to computing power, it'll take a
large database with perfect voice samples, and manual adjustment & training so
far:

[http://dsp.stackexchange.com/questions/7833/how-to-mimic-
cop...](http://dsp.stackexchange.com/questions/7833/how-to-mimic-copy-fake-
someones-voice)

BTW, the Pairing Code in JackPair is 10 digits long, the 3-digit code you see
in the GIF animation is for illustration purpose.

------
brute
What the article does not mention is, that in Germany every email provider
with more than 10.000 customers is by law (TKÜV) required to install technical
equipment, that enables authorities to access all stored telecommunication
data of a person put under surveillance. The access happens automatic and does
not require further interaction with staff of the email provider.

It is even worse, as the same law extends to internet providers as well. Some
people argue that this effectively is a government controlled man-in-the-
middle infrastructure.

------
coldcode
Though it appears to be booming, virtually every country these days does
similar things to the NSA and the US, usually less effectively but possibly
less snowdened so you can't tell; it's also possible that some countries might
simply pass everything on to the US as well. Basically you are picking between
varying and possibly unknown evils.

~~~
Zigurd
While it is true that the threat from governments and criminals is nearly
universal to some extent, you are missing the fact that the US has orders of
magnitude more spying capabilities than other countries. A limited budget
limits capabilities in ways that don't scale linearly. Some countries are far
below the threshold of implementing any of the pervasive monitoring and
analysis programs the NSA has got.

~~~
ejain
> Some countries are far below the threshold of implementing any of the
> pervasive monitoring and analysis programs the NSA has got.

They don't need to implement their own, they can just subscribe to the
Monitoring as a Service program the NSA offers...

------
zmanian
The problem with Lavabit was not primarily the jurisdiction in which it
operated.

The primary problem is an architecture where keys are held on third party
servers and cryptographic code is secured only with an https connection.

We need to design our services to be robust and transparent in hostile
jurisdictions rather than resting on the relatively weak privacy assurances of
nation states.

~~~
BillFranklin
Exactly. Protect user privacy with zero-knowledge architecture, not with
geography. The article was discussing the merits of German and Swiss privacy
laws - which compared to the US' are better for our service.

------
D4AHNGM
Eh. Relying on simple geography in an age where everything is connected seems
beyond daft.

I've been trying to navigate away from a reliance on US-based services, but at
the same time I'd much prefer to move over to a service that didn't have any
data to hand over rather than trust Switzerland, Germany or any other country
not to just suck that data up themselves.

