Riots highlight the corrosion of privacy
One of the causalities of the UK riots was privacy. The riots that began in Tottenham and spread throughout England may now be over but many are questioning if justice has been properly served, given the swiftness and severity of the punishments doled out.
Many of the looters were, in typical teenage fashion, using BlackBerrys and social media [including] Twitter and Facebook to coordinate the looting, and this coordination took police by surprise at first. But the authorities and politicians soon reacted and turned the tables, tapping into social media and BBM messages in order to secure arrests and convictions.
One MP went so far as calling for social media sites, such as Twitter and Facebook to be shut down in times of emergency. This was ridiculed in the media, drawing comparisons with dictatorial regimes such as Egypt and China. Poor conservative MP Louise Mench never knew what hit her.
But it was clear that domestic support for the crackdown on civil liberties was strong with news running of how one man had been arrested for a Facebook status update that only lasted for four minutes.
While nobody would argue that the riots were deplorable and that virtually all the looting had nothing to do with a potentially racist shooting, the question that many of us have been left asking is, what happened to due process and what happened to the balance of trust and security.
Case in point, Research in Motion was quick to pledge to help authorities track down looters. In accepting their help, one question that was not asked (or not asked loudly enough) was what happens with the hosted messaging model when privacy meets national security.
RIM has built up its reputation of solid security, barring a very public hiccup in India and a few gulf states. But if a Canadian company is all too happy to help British authorities crack down on its citizens and other states spy on its own people, should we be worried and is that trust warranted?
While people of good conscience can easily accept a compromise of the privacy of the Tottenham rioters, how is it different, say, from protesters in Egypt, Syria or your pick of any Arab country this year? And what of China and its dealings with pro-democracy activists and religious minorities?
Can anyone spell slippery slope? Rioters should be punished. Those urging others to riot and loot without looting themselves have also been - arguably justifiably - punished. But how about those who express their support of rioters as a downtrodden underclass? Do they deserve to have their private messages rummaged through by police without a court order? One country’s freedom fighter is another’s insurgent and dissident.
In the real world, police usually need a warrant to search your property, a method of checks and balances that weighs the right to privacy with law enforcement. But in the cloud, that balance of power is tipped in favor of the state.
But there is an alternative for freedom fighters, journalists with sources to protect and terrorists planning the next big terror attack. PGP, pretty good privacy, has been ported to Android, called the Android Privacy Guard (APG). Closely coupled with the alternative K-9 email client, this pair of programs delivers pretty much plug and play total privacy (if not anonymity) that is simple enough for anyone to use on the go without having to lug a laptop around.
Indeed, short of issuing laws that require keys be handed over on demand (and many countries have done so) it renders state authorities impotent in this new war on privacy.
Of all the major platforms, Android is the only one that promises this level of freedom. But offering PGP is akin to opening Pandora’s box. Unless a backdoor is hidden (and being Open Source, checking for one is straightforward enough), there is no way for the network, the operator or the handset maker to cooperate (or collaborate) with authorities even if they wanted to. It also means that no major company can offer a product to compete as it would not be allowed to be sold or imported and indeed it is only possible through a grassroots, open source movement that such a solution is developed.
Put another way, Microsoft prides itself on the level of integration of Windows Phone 7, but could it officially offer such a disruptive solution? Technically it could be done, but it could not be done for commercial reasons. The closed nature of the system would mean any third party solution would be cumbersome at best. The same is true of the iPhone.
The best repressive regimes can do is ignore it and hope that people will prefer the ease of use of cooperative solution providers rather than the rough and ready DIY approach of APG. People who question the power of the state and believe in privacy would do well to equip themselves with a PGP key and try out APG and K-9 on their Android phones or Enigmail on their desktop.
The rest of us have a choice. We can sit back and trust our governments with our privacy, or we can take matters into our own hands and ensure our own privacy of messaging, rather than trusting the intermediaries as we have been doing so for years.