Legal Compliance

During the 3 years I have been involved with MaidSafe, the question of whether the government will shut the company has been discussed more than once. This may seem paranoid at first glance, however, for a company determined to ensure privacy, security and freedom for all at the expense of those who like to listen in it doesn’t seem that far fetched, particularly in light of recent events.

With companies such as encrypted email provider Lavabit closing their doors, closely followed by legal news website Groklaw, it’s worth asking the question; are companies that prioritise their users privacy and security going to face closure at the hands of the government?

In uncertain times like these it’s easy to get carried away, but what is the legal position?

In the UK, where MaidSafe is based, the government does close companies, but not for protecting their users. Businesses are shut over repeated failure to file accounts, think TweetDeck, or for making false advertising claims, as seen within the injury compensation industry. In fact, companies operating within the UK are legally obligated to protect the rights of their users. The UK Data Protection Act (1998) was enacted to bring UK law into line with the EU Data Protection Act of 1995. This legislation requires Member States to protect people’s fundamental rights and freedoms and in particular their right to privacy with regard to the processing of personal data.

In the US, where most of the large technology companies are based, it’s less clear. There seems to be no evidence that the government will close companies who closely guard user privacy, in fact the opposite seems to be true, they may try to recruit them. The infamous Foreign Intelligence Surveillance (FISA) Court warrants that companies assist in state sponsored surveillance programs. It has been reported that individuals within companies who don’t comply are pressurised or even threatened.

In contrast with Europe, which has a blanket regulatory system, the US has a patchwork quilt of legislation that is designed to protect citizens personal information. However, as pointed out by encryption communication experts Silent Circle in their excellent blog post:

“…the Communications Assistance for Law Enforcement Act, makes it clear that communications service providers can deliver products to their customers that use encryption to protect their communications without having the ability to decrypt those communications”.

Interestingly and despite how counter-intuitive it may seem, rather than attracting adverse attention from the Government, Silent Circle actually count 9 world Governments as clients.

They have also received no Law Enforcement requests for user information. They believe the reason for this is due to their policy of minimum data retention, they store as little information as possible about their customers.

So it would seem that, legally at least, the UK and US governments do not and cannot shut companies for protecting their customers privacy, in fact firms are obligated to protect it. Governments on both sides of the Atlantic need to overcome the conflict that exists between providing users with the basic freedoms that many fought so hard to achieve and mass state sponsored surveillance dressed up as protecting national security.

As George Orwell (1984) wrote; “Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.”

Written by Nick Lambert