A referendum is to be held on Switzerland’s proposed surveillance law, a decision lauded by supporters of privacy. ESET’s Cameron Camp discusses further.
Governments have struggled for years to find a balance between security and privacy, especially with electronic communications. Parading the argument “if you have nothing to hide, you have nothing to fear” in campaign variations worldwide, they argue that more open and seamless methods of finding bad guys’ communications would speed up rooting out those with nefarious intent.
“Once backdoors are purposefully baked into a technology, no one can be sure of the honest intentions of those with the keys.”
The Electronic Frontier Foundation (EFF) and a host of other organizations, now including the folks at Swiss-based encrypted email provider ProtonMail, have argued otherwise. They say once backdoors are purposefully baked into a technology, no one can be sure of the honest intentions of those with the keys. Also, they argue that those actions would erode trust in a communication vendor, so users would not have to wonder IF anyone has access, but WHO. And since they believe trusted backdoor access is a slippery slope to more potential abuse, the answer is a rather firm “no”.
And while the EU has risen up rather stalwartly on the side of privacy, with troubling international events unfolding recently in France and elsewhere, the conversations again bubble to the surface, with questions about providers knowingly providing something of an impenetrable shield for some element of the bad guys’ plans via secure and private email.
To address this global erosion, folks have, digitally speaking, flocked to Switzerland. Here they can benefit from secure, encrypted email, and feel comfortable in the knowledge that these servers are based in a country enjoying a historically politically neutral and privacy-focused climate. But while your private Swiss bank account is now coming under fire internationally, now so too might your email account be on the global hit list.
But can the pro-privacy crowd mobilize? Last week, the crew at ProtonMail mobilized their customer and fan base and gathered more than 70,000 signatures opposing the Nachrichtendienstgesetzt (NDG) or la Loi sur le renseignement (Lrens) legislation. The result is that they have forced the privacy issue to a public vote, arguing that these decisions should be made based on public – not simply political – will.
Here in the US we have been trying to explain to our Congress critters the technical background surrounding far-reaching privacy issues for years. And while there has been some progress along the way, these Swiss efforts highlight an attempt to turn the tables and give the decision directly back to the public. And while some do indeed feel they have nothing to hide/fear by letting governments take a look, the overwhelming number of signatures gathered in Switzerland suggests otherwise.
Globally there is often still due process required; meaning something like a judge-ordered warrant would be required to legally attain access to your communications. Still, many feel the governmental temptation to overreach in certain exceptional (or less than exceptional) cases may prove too strong, and if there are technical means, some amount of governmental sorting through your email might occur unbeknownst to you.
For years now, communication providers (especially in the area of email), like Lavabit and a host of others who lean toward privacy, have sought politically and legally favorable places to do business as they intend. When they feel the environment in their home country becomes too unfavorable, they often look to Switzerland. ProtonMail’s marshaling of the troops sends an interesting signal to the Swiss government (and others watching closely) that they believe the people would prefer to have a say, and believe they’ll vote to keep things private. We’ll see.