Two years ago a young man left his girlfriend and home with his laptops and a fantastic story that has changed the world and the way we think about our Internet privacy. I am of course talking about the flight and plight of Ed Snowden and his cache of secret documents about the massive NSA surveillance of electronic communications.
Whether you think Snowden is a patriot or a traitor or somewhere in between, it certainly has been an interesting couple of years in the secure email biz. It is a continued series of ironies, starting with the fact that Snowden had trouble convincing his chosen scribes to make use of encrypted email technology. (He isn’t the only one.) While he ultimately was successful in securing his communications with the press, another irony was how things ended up for him: now he is living in Russia, certainly not one of the most privacy-friendly places in the world. It is also ironic that his Russian residency has enabled his new career as a professional speaker, albeit using various remote video technologies since he can’t get on a plane because he doesn’t have a passport. (Part of me is envious of this, having to still give speeches the old fashioned way by getting on planes. But I am glad that I have my passport.)
But the ironies extend beyond Snowden’s life to more important matters. We have evidence that shows how the NSA abused numerous statutes in what they call “bulk metadata collection” of phone calls and emails. And we all now know what metadata means, and how former NSA director Michael Hayden said last year: “We kill people based on metadata.” Certainly, the Snowden effect is quite real, given the current debates in Congress over reauthorizing various legislative means for them to continue these practices.
And the ultimate irony of them all is another Snowden effect: while the NSA revelations have closed down several secure email providers such as Lavabit and Silent Circle, others have taken their place and encrypted email usage is most likely at an all-time high, thanks to the paranoid and prudent among us.
I have spent a lot of time listening to Snowden’s various public discussions, held at SxSW, with John Oliver for his HBO show, and at a recent conference at Princeton where he exchanged words with a New York Times reporter that broke some of the early stories. And while I am not sure where I stand on the traitor/patriot index, Snowden certainly has a lot of interesting things to say. It is clear that he has spent a good portion of his clandestine career preparing for his media close ups and photo ops. He also has a lot of time on his hands to keep up with current events.
I think Snowden has done more than just about anyone since Phil Zimmerman (the creator of PGP and now involved with DarkMail) to encourage email encryption usage. When Marshall Rose and I wrote a book about corporate email use back in 1998 (cover reproduced above), we said that secure email was “best described as a sucking chest wound.” For most of the last 17 years, secure email was more a curiosity and almost unknown and unused in corporate America. That changed two years ago, and it is catching on in more places.
It is still too difficult to use, as this story in Ars Technica takes you through how to deploy it on an individual basis. Maybe not a sucking chest wound, but still more than just a mere blister to be sure.
I am interested in hearing more about your own secure email usage, and it is partly motivated by a review that I am writing for Network World comparing several of the more useful business-oriented tools. Having used some of these products for decades, I welcome your own thoughts and will let you know when the review is published, probably later this summer.
And if you want to re-read a semi-serious blog post that I wrote last year where I thanked the NSA for enabling all sorts of activities, here you go.
Cirrus is a provider of Virtual Desktop services (I worked there). You have a SSL connection to the Cirrus virtual desktop, and when you send email within this desktop to another Cirrus customer, it is very secure. Cirrus is based here in Canada, and the servers are all here (for what it is worth, because the Canadian equivalent of NSA is friendly with NSA).
cheers — Rick