Trust-less or bust: the future of canaries
The trust destroying Acts
Imagine running a successful online business with many consistently pleased customers who have over the years not only gained respect for the quality of services provided, but also a level of trust with you as a reputable business person. Like most online services, interacting with sensitive customer data is a regular occurrence for your organization resulting in a natural prioritizing of resources towards building and maintaining strong security. One day, you receive a letter requesting private information about one or more customers due to a potential terrorist threat. The letter contains zero evidence about the claim against your customers and includes a clause to keep the request itself a secret. If this letter was sent from a private individual or company, either ignoring, reporting or investigating the request would be appropriate responses considering how many resources you have. However, if instead this letter was sent from a government agency within the jurisdiction your business operates, then your freedom of choice is drastically reduced. Legal fees, fines and being put in a cage become potential consequences for questioning the request and all of a sudden, the resources you’ve put towards securing private data in addition to the trust you’ve built over the years is jeopardized.
This is a situation that all US businesses face since the approval of the Patriot Act in 2001 which grants government power to issue secret subpoenas also known as national security letters (NSL) to businesses regarding any user who may have information related to counter-intelligence or terrorism investigations. The act has been renewed multiple times, most recently by President Obama in 2011. Similar laws exist in the UK most notably the Regulation of Investigatory Powers Act from 2000 which has since been extended by the Data Retention and Investigatory Powers Bill (DRIP) of 2014. Regardless of your reputation as a trusted service provider and the lack of evidence supporting the investigation, there is no way to resist supplying this data or making this compromise public knowledge without harsh punishment or drastic consequences. While most do nothing about the potential threat, others are more proactive in providing users and the general public with as much detail as possible through transparency and accountability standards. Over the years, it has become respectable practice for businesses to issue transparency reports and other accountability measures. Some U.S. organizations who have not yet been served NSLs or another type of legally binding gag order use a mechanism known as a warrant canary to periodically deny having received a gagged legal process which compromise the privacy of users data. The Electronic Frontier Foundation claims that organizations which are using a warrant canary to report legal processes they have not been served can take advantage of First Amendment protection against compelled speech. If for example, an NSL is served to the organization, they can simply stop or alter the warrant canary, indirectly warning the public that data might be compromised without saying they have received anything. This tactic may help deter the possibility of being served a notice for some but it also may draw unwanted attention from authorities for others. It is important to note that European and UK law does not protect against compelled speech the way that the First Amendment does. In other words, the legal protection of freely removing or altering a canary does not exist for European businesses at all. Instead of facing these threats on user data, what if these companies could use an Internet which removed the ability to compromise user data entirely? Enter the SAFE Network.
A trust-less, open Internet for ultimate data privacy
As you may or may not be aware, the technology behind the SAFE Network is built based on the understanding that servers are the main weakness in the current Internet infrastructure. Evolving our Internet by removing dependence on servers and the associated security risks of centralizing data will help organizations build powerful tools knowing customers data is exponentially more secure by default. Recent successful attacks on Target and Sony databases are examples of other threats to centralized data but massive loss due to other situations like disaster scenarios is very real as well. After all, Amazon Web Services’ global infrastructure serving 190 countries is based on merely eleven core database centers (one of them for sole use by the CIA). At a certain size, it becomes more expensive to maintain security of a single entity than it is to incorporate the natural security that comes from distributing the major points of failure. If businesses built their tools with the SAFE Network as the back end and take advantage of the built-in cryptography and obfuscation schemes, their resources spent on security would drop drastically. Instead of storing their own copies of private data, organizations would simply have restricted, temporary access under the control of the user. The data itself would be stored via the distributed, encrypted chunking mechanism built into the SAFE Network’s core. The result is a new, trust-less Internet where users are in complete control while the liability of organizations is remarkably reduced.
Another source of protection from gagged legal threats comes from open standards. Like many other privacy and freedom conscious organizations, MaidSafe is built using core principles of open code, open schematics and open development. These concepts provide additional layers of integrity and verification especially when actively reviewed by third parties. It is also part of the MaidSafe mission to promote open source applications and implementations of the SAFE network, which is one of the main reasons we have opted for the network to be released under General Public License. GPL forces derivatives or any service using the network to also be open source. Developers already inclined to create free and open applications will see a direct benefit by being the first services to take advantage of and showcase the network’s efficiency and resiliency. The result will be a completely open network, guaranteeing the propagation of it’s trust-less properties throughout.
The small business benefit
Some of my favorite services on the Internet today are provided by an organization called the Riseup Collective. They are a security conscious, activism driven and donation funded autonomous group building tools and hosting for email, mailing lists, chat, virtual private networks (VPN) and etherpad services to name a few. Their long-standing reputation of staying true to their values in combination with their open practices provide a consistent growth in trust from activists worldwide who’s values align. While operating within the current Internet, a lot of their resources naturally go towards providing better security, not only for their servers hosting various data but also providing information on best security practices for users. Riseup is a U.S. company that maintains a dedicated warrant canary page so the public is able to deduce whether the collective has been served a legally binding gag order.
Now, let’s imagine if Riseup were to build these tools for the SAFE Network. They would instantly have the freedom to prioritize their focus and resources from security to improving features and user experience. The inherent privacy, security and freedom for users of the SAFE Network is a major advantage to organizations looking to build Internet services without much capital such as donation-based models like Riseup Collective uses. The warrant canary would become unnecessary due to the lack of access to client’s data in the first place. Similarly, European companies concerned for their reputation to keep customers data secure will have the same advantages of lacking ability to compromise data with the added bonus of also avoiding the difference in speech freedoms which gives U.S. companies justification to issue a warrant canary.
Until there is a widespread Internet evolution, promoting greater user controlled security, education of that security and business accountability with available tools must continue. This is why MaidSafe supports the practice of issuing warrant canaries for U.S. businesses however due to restrictions on freedom of speech for European-based companies and particularly those in the UK like ourselves, we cannot support the practice in those locations. We stand in solidarity with businesses using open source standards as a general defense towards secret backdoors and guarantee our commitment to grow the community with the SAFE Network. It is our hope that the network will eliminate Internet privacy concerns and security resources that weigh down businesses and individuals sooner than later but until then, we thoroughly support logical efforts to promote practices improving privacy, security and freedom on the current Internet.
**Note: If you are a U.S. business looking to set up a canary, please refer to the Riseup Collective and Rsync.net canaries for great examples. To do it properly, you will need to become familiar with using GPG to digitally sign texts.