Everyone does it and in any case, there’s nothing anyone can do about it

by John Quiggin on December 19, 2013

The general reaction to various revelations of spying by the US on its friends and allies, particularly in contexts such as trade negotiations has been “everyone does it” and “in any case, there’s nothing anyone can do about it”. And, as regards direct retaliation against the US, that’s pretty much right. The situation is a bit different for junior members of the Five Eyes1, such as Australia. A case now being heard at the Permanent Court of Arbitration in The Hague could set a precedent that will make such spying a high risk exercise.
The background is a 2004 treaty between Australia and East Timor over the division of oil and gas reserves. It’s now come out, via a whistleblower, that while generously building a cabinet room for the new East Timorese government, the Australian government took the opportunity to bug it, thereby gaining a negotiating advantage. East Timor is seeking nullification of the agreement.

IANAL, but the case seems unanswerable. This would be criminal conduct in a commercial negotiation just about anywhere. But, leaving aside the legalities, it’s hard to imagine a more sympathetic plaintiff or a less sympathetic defendant. East Timor is one of the poorest countries on the planet, heavily dependent on Australia. Even in Australia at the time, and without any knowledge of the commercial espionage behind it, the agreement was widely criticised as unfair. Since then, the Foreign Minister at the time, Alexander Downer, has set up a consulting firm which has, as a major client, Woodside Petroleum, the main beneficiary of the deal. And, just the other week, Australian police raided the office of the Australian lawyer acting for East Timor, and cancelled the passport of the key witness.

In these circumstances, an Arbitration Court that found in favor of Australia might as well make a public declaration that it is for sale to the highest bidder. Whatever contortions of legal reasoning the Australian lawyers might come up with are unlikely to convince anyone except other lawyers. In the face of what looks like certain defeat, I’d expect the Australian government to settle out of court. But even that would be enough to expose every commercial agreement negotiated by a Five Eyes country to legal challenge, not to mention any other governments caught engaging commercial espionage in international negotiations.

There is every reason to expect more whistleblowers. While the unnamed whistleblower in this case, like Snowden and Manning, appears to have acted out of moral repugnance at his government’s actions against a desperately poor country, many more might come forward if enough money was on offer. And, in the context of international trade negotiations, the leverage provided by a threat to revoke earlier agreements could be huge.


  1. As an aside, the Anglocentrism of the Five Eyes arrangement is striking in itself and as a demonstration of the fact that the security state is effectively independent of the rest of the government, and even of the military. New Zealand has remained a Five Eyes member in good standing since 1945 even though defense co-operation with the US was suspended for decades over NZ refusal to accept visits from nuclear armed and powered warships. 

{ 41 comments }

1

The Raven 12.20.13 at 1:48 am

Deploy email cryptography as a routine practice, like putting a paper letter in an envelope. That would do something about it.

2

Royton De'Ath 12.20.13 at 3:40 am

The Waihopai Valley base, part of Echelon or whatever its current incarnation, has been subject to regular protests for a number of years. In 2008 three protestor got into the compound and – gasp – deflated one of the domes enveloping the GCSB’s (government signals intelligence mob) listening gizmo/dish. Dammit.

The protestors had the temerity to pop the 30m balloon with sickles! Sheesh, that Isiah (2:4) has a bit to answer for.

The Waihopai Three were later acquitted using an interesting defence, but got stuck, as matters progressed via the government’s pursuit of them, with a $NZ1.2 mill “damage bill”.

As the previous link briefly describes, their damages bill is backgrounded by illegal monitoring of New Zealand residents by GCSB, and the subsequent scurrying of the right-wing government to rush legislation through to legalise the illegal activities of the spooks. (This is murky story with a more than a few strands to it).

A darkly humorous gleam resides in reports that one of the three protesters, a priest working in the Solomons, hasn’t had a bank account for fifty years: ‘… he said anyone demanding compensation from him would have to grab him by the ankles and shake him to find any money.’

So, yeah! PrQ has it right. Everyone does do it, but when someone does do something about it – you get Debt! Lots of it.

3

aussie sunshine 12.20.13 at 7:35 am

It would be a wonderful prize to see former foreign minister Alexander Downer get lots of egg on his face from this affair ;- more disillusionment is still needed. As in this case a lot of the spying may be economic spying, not security related. The 5 English speaking eyes arrangement is a statement to all those potential friends who aren’t included.
Before 9/11 governments were very shy about Echelon – after 9/11 they were quick to bragg about it . 20 years ago the idea of the government collecting meta-data from our letters sent thru the post would not have been accepted. Like that frog in slowly heated water we have somehow not noticed how hot it now is .
There should be lots of fun to come if Snowden really has only leaked 2% of what he has . When is the US going to apologise to Australia for allowing our embarrassing secrets to be sprayed all over the world anyway ?

4

Z 12.20.13 at 9:17 am

Thank you for drawing my attention to this quite extraordinary case. Even when endowed with a reasonable amount of cynicism, it is still remarkable how far powerful states will go to advance their interests.

5

Pete 12.20.13 at 11:37 am

“Arbitration Court that found in favor of Australia might as well make a public declaration that it is for sale to the highest bidder”

This is still the most likely outcome, surely.

@Raven: cryptography does very little against metadata collection; you can’t easily hide whom you communicate with and when.

6

Andrew F. 12.20.13 at 1:01 pm

These two statements,

In these circumstances, an Arbitration Court that found in favor of Australia might as well make a public declaration that it is for sale to the highest bidder.

and

Whatever contortions of legal reasoning the Australian lawyers might come up with are unlikely to convince anyone except other lawyers.

seem contradictory. If the Permanent Court of Arbitration is for sale, then that implies that the PCA makes its decisions not on the basis of any law or legal reasoning, but on the basis of corrupt influence. If however Australia’s legal case is persuasive to other lawyers, then that implies that Australia has a legal case considered persuasive by experts in the law – and so a PCA decision based on law would then be in Australia’s favor. “Legal reasoning…unlikely to convince anyone except other lawyers” is like “mathematical reasoning unlikely to convince anyone except other mathematicians.”

In any event, without knowing much about the case or the PCA, an argument for invalidating the treaty seems difficult to make. According to the Vienna Convention on the Law of Treaties, specifically articles 48-52, a treaty can be voided if:
(1) a party was mistaken as to a fact which formed an essential basis of that party’s decision to agree, and circumstances were such as to not put the party on notice as to the possibility of such an error,
(2) a party was induced to agree by fraud,
(3) a party was induced to agree by the corruption of its representative(s),
(4) a party was induced to agree by the coercion of its representative(s),
(5) a party was induced to agree by force or the threat of force that violated the UN Charter,
(6) the treaty conflicts with a peremptory norm of international law, e.g. the norm against genocide.

Beyond the clear problems that text raises for East Timor, there are strong policy reasons not to invalidate the treaty. If espionage by a state were grounds for voiding a treaty, a presumably vast array of treaties could be voidable. This would reduce the reliability of treaties as instruments of int’l law.

7

John Quiggin 12.20.13 at 2:13 pm

“If espionage by a state were grounds for voiding a treaty, a presumably vast array of treaties could be voidable. This would reduce the reliability of treaties as instruments of int’l law.”

Well, yes. But that seems to be a problem for espionage, not for treaties. Try substituting “contracts”, and “firms” and see how you go.

8

otto 12.20.13 at 2:22 pm

Is there a good academic book/ monograph on the ‘five eyes’ relationship?

9

sanbikinoraion 12.20.13 at 2:36 pm

Re: cryptography, yes, it would not defeat traffic analysis but if you really cared you could probably knock up some sort of system that would fire arbitrary encrypted emails to arbitrary targets with ignoreable contents to defend yourself.

I really am gobsmacked that someone like Google or Microsoft have not yet come up with auto-encrypted email as a feature on their online webmail. Whoever offers it first is probably going to get my business.

10

Mao Cheng Ji 12.20.13 at 2:44 pm

@9, It is encrypted by SSL, between you and Google. But then Google probably forwards a decrypted copy to the NSA. So, you don’t really want Google to encrypt things for you.

11

Katherine 12.20.13 at 2:52 pm

Andrew F, trying to interpret “the law” whilst making reference only to the black letter law of the Vienna Treaty is stupid and pointless. Don’t do it.

12

mjfgates 12.20.13 at 3:03 pm

The general reaction to various revelations of spying by the US on its friends and allies, particularly in contexts such as trade negotiations has been “everyone does it” and “in any case, there’s nothing anyone can do about it”. And, as regards direct retaliation against the US, that’s pretty much right.

Saab wins $4.5bn Brazil fighter jet contract

I don’t think that there’s anything that you can only get from the US nowadays.

13

Cranky Observer 12.20.13 at 3:15 pm

Saab requires dozens of approvals from the US State Dept & DoD to export those planes, starting with the engines. There are a few EU and French weapons systems that have no US-controlled content, but not many.

Cranky

14

hix 12.20.13 at 3:18 pm

Yep, not obvious why one cant retaliate against the US. That would only be true if there were no coordination between smaller staates and the US response always an irrational escalation. Sure, the US can do more damage than smaller staates in relative terms, but the absolute welfare loss is rather similar for both sides from hostilities.

15

stevenjohnson 12.20.13 at 3:27 pm

If there is no privacy in electronic communications, that can only mean that there is ultimately no security for anyone who doesn’t possess a military grade encryption/decryption organization. But, doesn’t that mean anything discovered by tapping electronic communications is by definition unreliable as evidence? Couldn’t pretty much anything in principle be an electronic spoof, or remote controlled mischief?

16

sanbikinoraion 12.20.13 at 3:28 pm

Mao – the link between my web browser and Google’s servers is encrypted but that has nothing to do with the encryption of the email itself. As far as a I know — and I’m a web developer — emails are themselves transmitted completely in the clear between different servers until they reach their destination. Any of those boxes might be point-to-point encrypted (though I doubt it, that’s a lot of effort to go to) but anyone who is in the chain between Google’s mail server and the target mail server is going to be able to read the entire message in the clear.

There’s a really bloody simple solution to this (PGP), which has been around for ages, which is just waiting for someone to make a really usable UI and/or package it with desktop mail clients and switch it on by default. But somehow no-one seems to want to bother.

17

P O'Neill 12.20.13 at 3:46 pm

One might wonder about small Eurozone countries doing mysteriously bad deals regarding large country bank bondholders in 2008 …

18

Mao Cheng Ji 12.20.13 at 3:53 pm

Right, PGP or GPG. But you probably want that gui to be from opensource, because any proprietary software might have an NSA backdoor. Besides, you need to collect the public keys of your correspondents, and that sounds like a pain in the ass.

19

Pete 12.20.13 at 4:33 pm

“Saab requires dozens of approvals from the US State Dept & DoD to export those planes”

What, Swedish export control is run by the US? It’s a strange imperialist world.

20

sanbikinoraion 12.20.13 at 4:46 pm

> you need to collect the public keys of your correspondents, and that sounds like a pain in the ass

Only if you have to do it manually. Like I say, there’s an opening here to do it automagically in a way that users won’t hate. It should be as simple as clicking a link to ‘friend’ someone.

21

The Raven 12.20.13 at 6:19 pm

sanbikinoraion@9: Google, especially, makes money keyword scanning the e-mails they carry, and serving advertising, so they’re not going to offer that service. But also the NSA, and probably other surveillance agencies, have acted to discourage the wide use of encryption. Any company that did so would come under pressure and, if it did not bow to it, face legal action and covert penetration.

22

UserGoogol 12.20.13 at 7:46 pm

The Raven@21: It’s entirely possible for Google to encrypt emails so that third parties can’t read them in transit while still allowing themselves to read them. E-mail breaks up into two stages, transferring emails between mailservers and then transferring emails from those mailservers to the end-user. If both steps are encrypted that still leaves the spot in between which allows the mailserver (ie Google) to read it. And even if you did complete end-to-end encryption, the fact that Google Mail is a web-based program gives Google the opportunity to read the emails once it gets to the web browser and then send the data back to Google that way. Technically speaking the way web-based mail services work inherently gives many different ways for them to peek in even if they encrypt things to prevent anyone else from looking in.

As for your second point yeah maybe. But even though NSA discourages the wide use of encryption, encryption is in fact widely used, (just not in email) so there’s only so much they can do. Covert penetration would happen, but the NSA does that anyway, so that’s not really much of a threat.

23

Chaz 12.20.13 at 10:06 pm

Pete @19,

I assume that Cranky means that the Saab planes include a lot of U.S.-designed components. Saab would then have gone through U.S. export controls when they originally got that technology, and as a condition the U.S. probably demanded that they agree not to pass the technology on to third parties without additional U.S. consent. I don’t think it would be feasible for Saab to develop technologically competitive planes without foreign technology. The R&D’s very expensive and Sweden + their small export customers are not a big enough market to support it.

24

roger gathman 12.20.13 at 11:27 pm

23 – I think it is highly unlikely that the US would deny American manufacturers and designers a market just to spite Saab or Brazil for dissing Boeing. Of course, you can never bet too much against American stupidity: we can all look to DC’s unblemished record over the last thirty, forty years to cure us of that. Still, it is outweighed by American greed (unless the two are in alliance).
There is a reason that members of the business community are starting to communicate their discomfort with the NSA. I find it pretty amusing that the same people who claim that there is nothing to see in Snowden’s revelations (while calling Snowden a traitor whose done immense harm to the the USA) also predicted that the revelations and their affects would all quickly blow over.
I think, or maybe just hope, that this will get even bigger next year.

http://www.washingtonpost.com/world/national-security/amid-nsa-spying-revelations-tech-leaders-call-for-new-restraints-on-agency/2013/10/31/7f280aec-4258-11e3-a751-f032898f2dbc_story.html

25

Barry 12.21.13 at 12:59 am

I imagine that any large US and UK tech companies are now assumed (and correctly) to have installed NSA back-doors in any and all products. Beforehand, it was a possibility and risk; now it’s a possibility that it’s *not* happening.

26

Ken_L 12.21.13 at 1:30 am

It’s easy now to understand why America and its allies are so determined to deny Chinese firms like Huawei any participation in projects that might have national security implications. It’s a clear case of projection (which might of course also be completely justified).

27

Ed Herdman 12.21.13 at 2:13 am

How do you make the jump from “we do it” to “therefore it’s projection?” Seems you have to ignore a lot of evidence of the Chinese state acting in a similar manner – from the concerns surrounding regulations implementing hardware on domestic PCs spreading to foreign-built machines, to the gigantic amount of counterfeit hardware used by the US government (including the military) and which mostly originates in China, to the amply documented cases of the Chinese state or its beneficiaries seeking to take secrets, from poisoned USB keys to direct hacking.

I am with you in rejecting a “holier than thou” attitude because the drive and unsubtle nature of the Chinese espionage efforts probably just speak to the “developing state” of that country compared to the subtle and perhaps intentionally restrained efforts of the U.S. – but this doesn’t mean that one cannot make a comparison in terms of who is doing more and worse, just that it has to be qualified.

That being said I do think that the NSA’s poisoning of encryption routines is incredibly potentially damaging to worldwide interests, though also the unprincipled mass theft and warehousing of information (arguably mostly unused so far) by the PRC and the PLA is itself a kind of ticking time bomb.

28

heckblazer 12.21.13 at 3:36 am

Pete @ 19:

The RM 12 engine for Saab’s Gripen fighter is made by Volvo Aero in partnership with General Electric. 60% of the engine parts are manufactured inside the United States, and presumably those parts need to pass through American export controls when they’re shipped to Sweden for assembly. The two largest aircraft power plant manufacturers are US-based GE and Pratt & Whitney, with the third being UK-based Rolls Royce. Unless you’re buying fighters from Russia or China you’re going to end up with an engine from one of those three. That includes the Embraer Super Tucano, which is made in Brazil with a Pratt & Whitney engine.

29

Pete 12.21.13 at 9:45 am

Thanks for the aircraft information. The whole thing reminds me of the Matrix-Churchill fiasco: http://en.wikipedia.org/wiki/Arms-to-Iraq

It’s also just occured to me that the UK MI5/Huawei facility that was allegedly for checking that Huawei wasn’t backdooring their equipment may actually have been putting the backdoors *in* instead.

30

hix 12.21.13 at 11:30 am

The fighter jet just sounds like the typical international supply chain where everyone is shooting himself in the foot by acting hostile (well expect that the thing is built for more serious hostilities, which makes it a special case). Dont know the military ones, in the civilian turbines, youll find (important, high tech) components from all over the world, not just US ones. Similar with the telecommunication infrastructure. Ericsson and Cisco systems are full of Chinese components.

31

heckblazer 12.21.13 at 4:36 pm

Pete @ 28:

One difference from the Matrix-Churchill thing is that last I heard the US is still on track to buy 20 Super Tucanos from Brazil. Thoroughness also compels me to add that France also builds their own fighter engines. The big three companies still dominate the jet engine market though, to the point that indigenous fighter designs in India, South Africa, Japan, Turkey and Iran(!) all use GE engines. (If the Azaraksh fighter really does use J-85 engines I have no idea how Iran sources them, though the fact that it’s a widely used military jet engine that’s still being built after over 50 years probably helps.)

Oh, and I’d say “in addition” is much likelier than “instead” with Huawei.

32

Martin Bento 12.21.13 at 11:08 pm

In related news, it appears the NSA has not been able to build a case that domestic surveillance has thwarted any significant attacks.

http://investigations.nbcnews.com/_news/2013/12/20/21975158-nsa-program-stopped-no-terror-attacks-says-white-house-panel-member

33

faustusnotes 12.22.13 at 4:02 am

I don’t think mail encryption will achieve anything. I don’t think it’s legal for the big mail providers to use encryption methods that the military can’t crack; they would have to move offshore to do that. The solution here is not to look for workarounds!

34

Martin Bento 12.22.13 at 8:47 am

faustusnotes, I think people are talking about encrypting on your own computer and then sending an opaque message so that your email provider can’t read it either,. The problem here is keyloggers and such: the NSA (and others) can spy on your own computer. At which point, it is an arms race.

35

Manta 12.22.13 at 4:20 pm

(My previous post was eaten)
Raven @1: unless you know what you are doing and understand the algorithms and check that they are properly implemented by whatever software you are using, cryptography will not save you:
http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220

36

hix 12.22.13 at 6:02 pm

They still need some calculations that will cost too much money to target virtually as they everyone as they do right now even with the backdoor right? That would already be progress.

37

roger gathman 12.22.13 at 6:52 pm

32 – the lunatic thing about the arguments concerning intelligence is that we simply ignore the fact that, as far as we know, it is the intelligence agencies that make us more vulnerable, not the whistleblowers. Did Edward Snowden provide arms to Osama bin Laden in the 80s? Did he distribute pamphlets to jihadis explaining how easy it would be to strike a superpower in its own territory (see Coll’s Ghost Wars for details)? Did Snowden recommend that the Blind Mullah Omar get a visa to the U,S. – which it looks like some Cia man in Sudan did? Did Edward Snowden set up a network to shuffle “black” money and arms around the world, as was done in the Iran contra days? Or, even moving up to the present day, did Snowden “accidentally” lose sight of Osama bin Laden, by then more valuable as a bogeyman/threat, after Tora Bora? Did Snowden participate in the Kunduz airlift in 2001, which nobody has ever truly investigated, and which basically restored the Taliban fighters to their old bases in Pakistan? Any objective view of the past fifty years would show that not only have american intelligence forces systematically violated human rights and collaborated in mass murder and torture – bad things – in such places as Indonesia and Guatamala, but that they have left America more vulnerable, and have produced situations where the increase of U.S. military forces to cope – with the subsequent toll in paying for that shit, which of course may be the point – is made much more likely. Between the “threat” posed by Snowden and the threat posed by the normal operations of the NSA and CIA, the rational choice is to go with Snowden and abolish the NSA and CIA. Of course, the latter won’t happen, but definitely Snowden’s revelations, in as much as they curb intelligence agencies, make us safer.

38

Collin Street 12.22.13 at 8:50 pm

Getting all the metadata together in advance of need is just silly, anyway. Need-to-know: if noone needs to know, noone should be able to know.

Rather than actually building your own metadata-collecting system all you need to do is get someone inserted into the US one. If the US program were restricted to actually-current threats to the US it’d be a lot less useful to the chinese.

Basic stuff.

39

Oxbird 12.23.13 at 2:25 am

Andrew F: I have not read the entire thread but it strikes me that the conduct at issue might well fall within “(2) a party was induced to agree by fraud,” so the treaty could be invalidated. It is not a far reach to view as fraud or constructive fraud holding out that one is negotiating without improper access to the strategies of your counter-party. If Australia had bribed an official of East Timor would you have difficulty finding that there was fraud and that the undisclosed fraud was an inducement to entering into the treaty? And, is planting a bug to gain access to information you should not have any less fraudulent?

40

Andrew F. 12.23.13 at 10:15 am

John: Well, yes. But that seems to be a problem for espionage, not for treaties. Try substituting “contracts”, and “firms” and see how you go.

But espionage is a common, normal undertaking for states interacting with one another, even for those who are often closely allied with one another. States have publicly declared intelligence agencies, and frequently declare the local head of station to the host government. By contrast, it’s not a common, normal undertaking for firms interacting with one another to commit similar acts (electronic eavesdropping, theft, etc.). So it’s much more problematic to declare espionage grounds for invalidating a treaty.

Katherine: Andrew F, trying to interpret “the law” whilst making reference only to the black letter law of the Vienna Treaty is stupid and pointless. Don’t do it.

Well, I certainly wouldn’t use that comment as a memorandum of law, but as it turns out the plain language of the Vienna Convention is actually pretty telling. Early drafts and discussions of the relevant provisions don’t shed much light, and there are no cases in which a state sued for invalidation of a treaty on the basis of fraud – much less on a legal claim that somehow rested entirely on an allegation of espionage (though I believe a dissenting judge mentioned fraud briefly in one case). A Commentary on the Vienna Convention by Dorr and Schmalenbach is fairly decent. You can likely access relevant pages of it via Google books for free – just search for treaty invalidity.

Oxbird: I have not read the entire thread but it strikes me that the conduct at issue might well fall within “(2) a party was induced to agree by fraud,” so the treaty could be invalidated. It is not a far reach to view as fraud or constructive fraud holding out that one is negotiating without improper access to the strategies of your counter-party.

I agree with you that fraud is probably East Timor’s best chance – but it strikes me as a long shot. The essence of fraud, in almost any system, is a deliberate misrepresentation of facts which were relied upon to enter into an agreement, and I believe that the drafts and discussions of the Vienna Convention indicate a similar understanding. So, there would likely be at least be a case for fraud if Australia represented that no espionage was occurring, and East Timor relied on that representation to enter into the treaty.

But it seems unlikely that Australia did so even constructively, and even if it did, it would be hard for East Timor to prove that this representation was essential to its decision to enter into the treaty.

If Australia had bribed an official of East Timor would you have difficulty finding that there was fraud and that the undisclosed fraud was an inducement to entering into the treaty? And, is planting a bug to gain access to information you should not have any less fraudulent?

Bribed an official to do what? Disclose information? If so, neither that nor planting a bug is sufficient to give rise to fraud, imho. It gives you access to information you shouldn’t have; but it also doesn’t misrepresent facts essential to East Timor’s decision, i.e. it doesn’t have an affect on the ability of East Timor to consent freely to a treaty on the basis of facts known to it and facts represented as known to be accurate by Australia.

Combine the weakness of East Timor’s case given the text of the Vienna Convention, with the compelling policy reasons for an international court NOT to recognize espionage as a valid factual ground for a case to invalidate a treaty, and I don’t give East Timor very good odds.

Anyway, all that said, perhaps East Timor’s real strategy is political (embarrass Australia into agreeing to some modifications to the treaty), and/or perhaps the Permanent Court of Arbitration (about which, as I said, I know very little) has some sort of equitable grounds for decision that could apply here. There’s conceivably a more speculative argument to be made that Australia breached good faith/fair dealing in its approach to the negotiations in such a way as to fundamentally undermine the process of treaty negotiation envisioned implicitly by the Vienna Convention, in which states free from coercion and in good faith deal with one another to come to an agreement. Espionage in this instance grievously reduced East Timor’s ability to negotiate as a free and separate party, for its ability to consult and discuss the matter – an ability essential to being a free party- was undermined.

And there’s something to that argument intuitively. But it’s a creative and substantial departure from the text, there are strong policy reasons not to make such a jump, and even overlooking both those things, it’s not entirely persuasive – sure, espionage gives country A and advantage over country E, but country E nonetheless, in full knowledge of the facts describing the matter of the treaty and of its own free volition, agreed to the treaty. If East Timor thought the treaty itself was not in its interests, it was free to say no; and none of the facts essential to determining that were misrepresented or the subject of a mistake.

41

Matt 12.23.13 at 11:18 pm

I don’t think mail encryption will achieve anything. I don’t think it’s legal for the big mail providers to use encryption methods that the military can’t crack; they would have to move offshore to do that. The solution here is not to look for workarounds!

It’s perfectly legal for mail providers to use any grade of encryption under US law. If they have the encryption keys under their control they can’t say no to a warrant or NSL, but at least encryption forces spooks to actually make a request in writing instead of passively, invisibly gobbling up everything.

It’s also technically possible and currently legal in the US to offer a system where only the end-user has the private encryption keys, and the service provider has no power to help law enforcement obtain plaintext copies of email — this is basically how it works if you use Gmail with PGP. The flow could be made easier, but it always relies on end-users being careful with key preservation and management. I think the business risk is that people would sign up for super-secure mail but still blame the provider when they lose the private key and their old mail is irrevocably unreadable, no matter how many warnings were given about the importance of private key management. Nonetheless, the NSA revelations have spurred some smaller companies to work together on building truly secure email-like systems.

Comments on this entry are closed.