
Tools For Treason - llambda
http://techcrunch.com/2013/07/06/tools-for-treason/
======
smoyer
Excellent article ... The comments on the article's page are interesting. He's
obviously not advocating treason, but one of the comments goes to great
lengths explaining that those controlling the data collection are duly
elected.

I was tempted to compare this type of end-to-end security to the second
amendment (the right to bear arms), which was a right given to the people (in
part) to ensure they could overthrow a corrupt government should one form - I
don't think we're to that point and overreaching by the government has
contracted back to reasonable levels before.

But thinking about this issue from a constitutional level, we have indeed (as
the article states) given away our fourth amendment rights, and I don't see
how developing the systems described in the article could be construed as
treason - I'm simply making myself personally responsible for enforcing my
fourth amendment rights.

My steps:

\- Replace Google Apps for domains with my own servers.

\- Stop using drop-box

\- Establish private communications channels for IM (and perhaps something
like Twitter.

Then I'll only use public infrastructure for data/messages I want to be
public. Unfortunately, the list above represents a lot of work and is exactly
the reason we seeded control of our data to outside corporations. We gave them
our data as a means to simplify our lives or to gain greater "connectivity".
It won't be so easy to go back.

~~~
temphn

      one of the comments goes to great lengths explaining that 
      those controlling the data collection are duly elected.
    

And how powerless are they? The unelected Clapper did anything, while the
elected Wyden could do nothing. The technologist Snowden did everything.
Democracy didn't bell the cat of the government bureaucracy. Technology did.
Technology is more powerful than both democracy and bureaucracy, as it is not
subject to dilution and co-optation.

~~~
rayiner
> Technology is more powerful than both democracy and bureaucracy

That's an interesting statement, and I think one I represents a a troubling
undercurrent of thought in the tech community. "We refuse to submit to the
democratic process and will override the democratic consensus through
technology."

~~~
eloisius
And I think it invokes the rarely considered idea that maybe democracy isn't
the pinnacle of human social organization.

Corrupt power structures may have finally optimized for dominating a
democratically organized society and we should be at least philosophizing
about a favorable post-democracy world. I.e., what's more "democratic" than
democracy?

~~~
tptacek
This is a scary comment; it reifies the abstract concern Rayiner had upthread.
Favorable post-Democracy though technology? That sounds like something Aldous
Huxley would write about.

~~~
eloisius
Using technology to improve our social organization doesn't have to mean some
sort of dystopian techno-unanimity.

In a more primitive time, would it be "scary" to suggest that through
technological advancements like agriculture, writing, and calendars we could
achieve a better, more just society?

~~~
tptacek
It's possible to look at the antagonists of most dystopian fiction and find
the noble intentions.

Rayiner's point wasn't that technology intrinsically subverts the social
contract; only that some technologists seem to want it to.

~~~
eloisius
I feel like we're talking past one another so I'll shut up after this reply. I
think this disagreement comes down to a difference of values and not just how
they are implemented.

Specifically, you seem to hold a notion of a social contract: a concept that I
reject. Subverting a "contract" which has been forced upon me and to which I
never agreed sounds like a noble endeavor to me, but I'm sure you'd be
repulsed by the idea.

Given our starkly different motivations, I believe the best outcome either of
us could hope for in a debate is that we both remain reasoned and civil, as
there's probably little chance of winning the other to our side.

~~~
tptacek
I agree about our prospects. Have a good rest of your weekend.

------
Zigurd
Hopefully this article describes the outcome: That spying eventually makes us
more free by making people truly secure their documents and communications
against all intrusion short of the government running a black bag job on them.
That provides a natural restraint on government intrusion.

------
noonespecial
Just like in medicine, if its not strong enough to kill, its not strong enough
to cure either.

~~~
mistercow
Of course, in medicine that's not actually true. Where do people come up with
these silly sayings?

~~~
noonespecial
I think it was supposed to be a "rule of thumb" not a law of nature. I heard
it used in response to "snake oil" cures that were supposed to be completely
harmless but cure everything from cancer to pancreatitis.

If you carry it out to the point of absurdity, even water can kill people if
too much is ingested too fast.

------
venomsnake
I am a bit disturbed of him calling virtualized hardware safe. It by
definition is not.

I think that every person should have personal encryption router from whih to
access the cloud services

~~~
grugq
You got that so close, but wrong. Cloud services are inherently insecure
because you don't have physical control over the devices containing your data.
You have to trust that the remote end is secure, and exploiting trust is what
intelligence agencies do best.

For an encrypted router, here is my script for making a RaspberryPi into a
PORTAL:
[https://github.com/grugq/PORTALofPi](https://github.com/grugq/PORTALofPi)

And an older blog post on why encryption and tradecraft only get you so far:
[http://grugq.github.io/blog/2013/03/12/anonymity-is-
hard/](http://grugq.github.io/blog/2013/03/12/anonymity-is-hard/)

Here is the Ruckus Society's manual on "security culture" which has some brief
info on why you need physical control over your data storage devices. Includes
also some pointers on how to establish strong(er) physical security for your
data.
[http://ruckus.org/article.php?id=789](http://ruckus.org/article.php?id=789)

------
rainsford
I found the almost throw away shot the article took at Spideroak to be kind of
odd. While I'm sure they comply with the law, their service would not seem to
allow them to very easily "decrypt on command".

In fact services like Spideroak would seem to be a reasonable tradeoff between
convenience and security. A service you run on your own server from open
source code reviewed by experts could be more secure, but it's a lot more of a
hassle to set up.

~~~
devindotcom
I don't think that Spideroak would just decrypt your data if someone said
pretty please, but the fact is that they retain the ability to do so if they
are legally obligated to. It follows that they may do so if they are _not_
legally obligated to, though I don't mean to imply that they would (and I
don't think I do in the article, sorry if it comes across that way). It does
mean that they can decrypt on command, though. If they have access
theoretically, they have it practically, in this case. There's a difference
between them and other cloud services but it's more like the difference
between varieties of apple than between apples and oranges, I think.

------
rch
Freenet has been around for a long time. I wonder about it having been
compromised though.

