While development of TrueCrypt has ended in rather mysterious and abrupt manner, during its lifetime program became much more than just another encryption utility. The reason for its popularity and status could summarised in one word: unbreakable. While TrueCrypt was just a method of applying AES, it became synonymous with the encryption that protects you from police raiding your hard drives. Indeed it was impossible to find more polished, user-friendly and available full disc encryption solution. Furthermore encryption solution crawled out of hard drives and in newest development Google and Apple declared that companies will not decrypt devices even at government’s request. Law enforcement, as it could be expected, declared such attitude will make it impossible to solve certain cases and compared encryption to ‘house or safe that cannot be searched’. Unfortunately officials failed to provide precise examples and argumentation of cost/benefit analysis regarding evidence collection and right to privacy, instead using common ‘think of the children’ emotional appeal and absurd hyperboles such as ‘Apple will become the phone of choice for the pedophile’ . What is even more interesting while FBI officials were opposed to the idea, ACLU said that it is a move in right direction and will greatly increase personal privacy. What about internet browsing? Mozilla hinted at default integration of Tor into Firefox, certainly bold move that, depending on relay and exit nodes support, could be a gamechanger for both Tor and internet anonymity.
At first glance recent ruling by European Court of Justice in Google Spain v AEPD and Mario Costeja González was nothing but victory of privacy rights. Restriction in Google’s seemingly unlimited power in revealing or obscuring content related to personal data might be seen as a significant step towards transferring control over personal information back to those who are most interested in their flow. On the other hand isn’t it a form of censorship and ‘re-writing history’? As always with intersection of law and new technologies question remains whether there are technical means to implement the ruling – while everyone is aware that Google is able to control the search results content (eg SafeSearch) it appears that removing specific information about specific person is much more challenging – to begin with how many ‘Gonzalezes’ are there in Spain. Google v Gonzales is not first judgement of the year related to privacy and personal data. In April ECJ ruled that retention directive is invalid due to interference with fundamental rights – which from legal standpoint is even more interesting since at the time directive came into force, fundamental rights were not codified within European Union. However let’s begin with Google Spain v Gonzales.
On June the 6th, 2013 Washington Post and The Guardian simultaneously released informations about US surveillance program broader in its scope that anything seen before. Furthermore PRISM as it is called targeted most sensitive data – collecting informations from providers of services that we use so often and for private communication. It is hard to name type of data that was not captured by government. Emails, videos, photos, VoIP and user activity among many more is captured straight from the servers of biggest vendors on the market – Microsoft, Apple and Google to name most significant. Affair become even more movie-like with reveal of man behind the leak. A lone whistleblower who left his family, six figures and comfortable life to reveal abuse of power and had to escape to Hong Kong to conclude in an interview ‘I don’t want to live in a society that does these sort of things’
The only reaction that could result from such a revelation was massive and universal outrage expressed on nomen omen, the internet. First responders were naturally tech savvy users from around the world, at least those whose response wasn’t ‘I told you so.’ But coming back to former group it’s really hard to blame them for their reaction. Is it possible not to feel sick while looking at documents saying that basically any of your emails can be accessed without any oversight?