The Crypto Protest
Now that Edward Snowden has started people talking about this, I think it's time for everyone to consider the possibility that cryptography is a major part of their lives.
When SOPA was a big deal to people, those who had both the interest and the power, brought the issue to peoples' attention by shutting down their popular web sites "in protest." It may have been part of the reason why Congress was afraid to make it happen.
I've never been a fan of using political solutions to technical problems. When people whined about SOPA, saying "Congress shouldn't be allowed to shut down our DNS for such spurious reasons" I wanted to slap them. In my mind, nobody should be capable of shutting down DNS and whether Congress declared their intention to ruin it (in the name of intellectual property or national security or whatever) was really of subordinate importance to why is it even possible to shut down DNS at all? SOPA didn't need to be defeated in Congress if you could simply defeat it in the Internet by changing DNS to be more bittorrent-like; distributing name resolution across a multitude of hosts.
Unlike SOPA, the NSA's rampant spying is not a purely technical issue; it's a cultural one, too. We need to attack this on both the technical and cultural fronts if we are going to have any semblance of privacy in this world.
Of course, there is the typical evangelizing. People need to know why the East German Ministerium für Staatssicherheit was an issue, why controlling information is one of the state's most effective weapons against its own population, and why it is that any lawyer worth his salt is going to advise you don't talk to the police!
But more than that, those who have both the power and interest in privacy on the Internet are going to have to make this an issue for everyone else in the same way they did when they were shutting down their web sites "in protest."
When your average Joe fires up the browser to open Facebook and sees, instead of the thing he expects, a message saying "stop what you're doing and help us change the state's opinion about this thing" they are forced to care.
The way we do this for privacy is to publish our web pages or any other similar public information in encrypted form. So instead of seeing the Twitter feed full of English, we see a feed full of illegible, base-64 encoded strings depicting the encrypted bytes of the actual feed – along with a little link that says something to the effect of: "we are encrypting data in protest of the attacks on privacy that are going on in the NSA. You can decrypt this data by using the key found here" and link to the information that is needed to decrypt the feed.
This may call for a browser extension or something that makes encrypting/decrypting parts of a web page easy for your average end user. Yes, it's not real crypto if you publish your private keys, but then shutting down your web servers wasn't the same as a "no" vote from your Congressman, either.
The point is that you get the idea in peoples' faces. Show both the users and developers that…
- The issue of privacy exists and it really is important to all of us; if you really do have nothing to hide (though it is more likely that you just don't know what you should be hiding), that just means that the NSA has nothing to find when they spy on you so you've actually cost them nothing by not showing it.
- That there are simple things that can be done to protect one's privacy that don't require them to associate with terrorists… unless you're like me and you think that Facebook actually is a form of terrorism.
- There is a wealth of opportunity in helping users encrypt their data. We should write software in such a way that data is encrypted by default so the user doesn't have to stop and consider whether he should be encrypting any given piece of information. This can do wonders in protecting people from identity theft and black hats as well as modern Stasi.
It seems to me, with wire tapping making all journalists scared, with folks giving up their paychecks and risking treason charges to moan about it, that it really is time for society as a whole to get more familiar with the technologies that can protect us.
The duty now falls to the various service providers of the Internet to get users on the same page so we can preempt the trouble that inevitably follows state information policing.
My contributions: