The M3AAWG keynote address today was a talk from Ladar Levinson about the shut down of Lavabit mail service after receiving demands from the NSA to hand over their SSL keys.
@maawg tweeted different quotes from the session. There is a conflict between privacy and security, and these are questions we need to resolve.
Ladar talked about his potential new service called darkmail, which pushes encryption back to the user level. I think there is relevance to this, as many online services are used for political and other organizing. As someone said to me last night, some of the people using our service could be killed if we don’t protect their privacy. He wasn’t speaking of the US residents, but people in places like Ukraine or Arab countries or other places undergoing violent revolutions.
Privacy is important, how we treat privacy is important. Handing over SSL keys to governments strikes me as a big problem.
Lavabit and darkmail
L
The conflict is not between “security” in the abstract and “privacy” in the abstract, I think, but between the individual’s privacy and security and the security of a larger community or society. To the extent that the security of the group requires monitoring individual behavior, it’s an irreconcilable conflict. There isn’t a solution to it, just workable compromises that might change over time. :/
Facts are sometimes unpalatable. I don’t like this one, but I think we’re stuck with it.