Where will you step when there is no more safe ground?

You thought you’re safe and you have privacy because you use some fancy-schmancy encrypted email provider? I don’t think so.

This year saw some remarkable changes, bear with me while I go off on some tangents:

  • The UK voted to leave the EU and subsequently introduced one of the most far-reaching and invasive surveillance laws in the world.
  • The USA elected Donald Trump under speculations of Russian involvement, possibly thawing US-Russian relations and forcing Edward Snowden to be extradited to the US, where he might be executed for revealing truths the US didn’t want revealed. Keep in mind that he never invented anything, he didn’t lie, unlike the US President-elect. He merely told the truth.
  • Switzerland, which had formerly been ready to offer asylum to Snowden, was pressured by the US government to stop that. All the while, US intelligence agencies were illegaly patrolling through Swiss cities and running surveillance operations in Berne and Geneva. The Swiss government stopped any investigation of these operations after the US increased their pressure.

This is all accompanied by some changes in society:

  • You are no longer innocent until proven guilty. New legislation in Switzerland now aims to collect enough data about citizens to convict them of things they haven’t even done. Remember the Precrime Division from Philip K. Dick’s Minority Report? Somewhat like that. The old way, which was to understand the circumstances of a crime and to only punish after a crime has been committed, is going out of fashion with lawmakers. Instead right-wing parties have successfully used fearmongering to make everyone a suspect.
  • People by and large even agree with this. Facebook, Twitter and others have made it “normal” for people not to have or want privacy. When collecting signatures against Switzerland’s own new snooping law, people were puzzled and the normal thing they’d say was “but they already know everything about me, and I don’t mind”. It’s the good-people-have-nothing-to-hide-fallacy. With such a public opinion it’s needless to say that Switzerland has accepted that new snooping law. By public vote. That’s how little the Swiss care about privacy. Maybe Switzerland soon isn’t the right territory for an encrypted email provider anymore.

So we are heading into a time of asymmetric priviliges: politicians in power can hide everything, they can even lie in public and go unpunished. Normal people on the other hand can no longer hide anything, even their deepest secrets, and are punished before they have done something wrong. Just on the basis of statistical probabilities of what members of a “like-minded” group might do. This is a new sort of group punishment doled out by algorithms and statistics. And even people with boring lives might end up punished by association.

Group punishment and terrorism by association

Muslims might be just such a nasty group of evildoers. After Trump, American muslims are flocking to fully encrypted, zero-access email providers like ProtonMail. So now it’s muslims, the 1940s Jews of the 21st century. But soon it might be environmentalists because they’re a nuisance to the oil and nuclear industry. They have been targeted before; in Switzerland, opponents of nuclear power in the 80s were routinely put under surveillance and some were even put under occupational ban. That’s something we know because Switzerland has in the past spied on hundreds of thousands of innocent citizens and created secret files about them.

But back to group punishments. People who still want the same level of privacy they’ve had for the last 20 years could soon be labeled as terrorists, opening up new avenues for politicians to demand even more surveillance and conformity. Is simply agreeing with the independence of the Kurds now an act of terrorism? Is it terrorism if I forward you a Kurdish indepdence organization’s plea for donations after Turkish troops have destroyed the homes of hundreds of innocent Kurds in Turkey?

It’s as if we had mixed the most disturbing dystopias of Philip K. Dick with those of George Orwell and sprinkled the sheer hopelessness of Kafka’s The Trial on top. When will they add a union of judicative and executive powers so you won’t have to go through pesky judges at all anymore, just like in Judge Dredd? I know Erdogan is working on it.

Switzerland might not be safe either

For now ProtonMail is safe ground. But what if the Swiss government leans on ProtonMail so that ProtonMail introduces a small piece of JavaScript into their login process to intercept people’s mailbox passwords? ProtonMail could also be forced to fake the login audits so that American muslims or Syrian doctors don’t notice the Swiss government snooping in the name of the NSA. We have seen the Swiss government buckle under US pressure before.

By the way, the Swiss Bundespolizei can hand out gag orders, so ProtonMail, if forced to do such a thing, wouldn’t be allowed to talk about it.

Should we not consider ProtonMail safe after all? I know someone people in the IT industry who completely distrust them just for this reason alone. It is technically impossible to prove that they’re really running the software they’re claiming to run. While we have the source code for their client, there is nothing stopping them from manipulating this client on a per-customer basis. This can happen as soon as the USA leans on the Swiss government for whatever reason.

Customers might not be technically savvy enough to notice such a manipulation. Only technically savvy people can notice it, e.g. by hashing the JavaScript the client pushes to you and running only known trusted versions. But ProtonMail was created specifically to make encrypted email easy — if you are already technically savvy, you don’t need their service. If you’re not savvy enough, you can never verify if it is doing what it claims it’s doing, so you wouldn’t notice if you’re being watched. What protection does this offer then?

Illegal US observation in Switzerland has gone unpunished (e.g. in Berne and Geneva). Countries outside the EU cannot count on any EU privacy protection. So you might be screwed in these cases.

What if you’re a journalist? An informant? A doctor? A lawyer? A muslim? A homosexual? What if you’re one of those people that the ruling government of a superpower doesn’t like anymore? Where is the safe ground you will step on?

Leave a Reply

Your email address will not be published. Required fields are marked *