Today at 1600 hours, the Swedish Parliament will vote on Data Retention. The vote is expected and hoped to result in a one-year postponement of the abhorrent mass surveillance, so the vote will have to wait a year, but nobody really knows. I will watch the vote from inside Parliament and post the result as soon as it happens. However, a tweet yesterday caught my attention and shows that it is already useless.
Whisper Systems has been busy securing our mobile phones with free-to-get beta software. The data retention depends on having an operator which actually saves your calls and texts, and the fact that Police can confiscate a phone and find a complete log of whoever we have called after we have been red flagged.
Free software such as Ubuntu GNU/Linux has long come with security provisions that entirely disable authorities’ access to citizens’ personal and private data, both in transit and storage, and other open software like TrueCrypt have solved the problem for those that prefer Microsoft software. However, citizens have not been able to secure their mobile phones. With the photo and mail repository that is normally on a phone, this is a cause for grave concern.
Therefore, I was happy to see yesterday that Whisper Systems have released an Android core with full disk encryption, making extraction of data from a phone impossible unless you are the right owner. I expect this will be the first of several alternatives. Whisper Systems has previously released Android software that makes voice calls encrypted and untrackable (RedPhone) as well as software that encrypts texting in transit (TextSecure). Alas, RedPhone is still US-only, but I hope that will change soon.
It is particularly important here to distinguish between “legal” and “just”. The telecoms standards are chock full of provisions on “lawful interception”, which is being used in Arab dictatorships as it is, well, lawful. But it is not just: citizens’ data is their own, and they have a just right to protect it from the snooping eyes of authorities. We have arrived at a point were code trumps law, and people are becoming aware of it.
As a side effect, I think this development (people moving their conversations off of snoopable nickel-and-diming networks) will kill the entire telecom industry in a decade or two. More on that in a later post.
At the same time, we see that authorities in countries with data retention in place are requesting data on everybody and their brother’s tiny transgressions. The average count of data requests is 140,000 a year. There is no European country with 140,000 serious crimes. None. France goes worse with requesting 500,000 pieces of data. Poland tops the list of shame with the full million.
So on one hand, it is obvious that authorities use this to go after Average Joe en masse, and not (only) against hardened criminals. On the other hand, the same hardened criminals have long had the capability to — justly — keep their data to themselves. This capability is now gradually seeping to larger masses. That’s a good development.
Now, if we could only get rid of the clueless Big Brother politicians. “Politicians are like diapers: they need to be changed often, and for the same reason.”