Edward Snowden’s greatest fear was that his sacrifice would have no effect. To the contrary, it’s having an effect throughout the entire Internet – and the biggest effect in the parts of the net you never see or notice.
They say that a good sysadmin is like a window: if they work optimally, you never notice them. Encryption is very similar, in that you should barely notice it’s there, and yet, it needs to safeguard your privacy. There’s the everpresent conflict between convenience and security – and until a few years ago, convenience (and cost) had won that battle. Not anymore.
You can see it in the launch of new messaging services: pre-Snowden, nobody asked for encryption. Now it’s a sales point everywhere. Moreover, the large data centers didn’t use to encrypt their internal links between data centers – until it was discovered that those unprotected internal links had been a primary wiretapping source for the NSA. Now, it seems everybody is encrypting even internal datalinks.
The important thing here is where your loyalty lies, if you’re a data provider or service provider. Is it with your clients, who pay your wages, or is it with your government, which… well, does something else? More and more IT firms are choosing to side with their clients, and by necessity, thereby also siding against their government. Governments are obviously not happy about that fact.
Before 2010, you would rarely if ever see a service supplier’s government as part of the threat model against a service. Today, you’re not a serious business if you’re not taking adversarial governments into account as part of your threat model against your clients.
This is the context where governments are starting to demand backdoors into all encryption. They have basically mistaken an occasional ability to wiretap everybody for a right to that ability, which are two entirely different things, and are threatening force unless they get their way. David Cameron of the UK may be the most prominent example, who’s arguing that there should be no encryption which the government can’t break, and who – as a result – is branded completely incompetent in all technical matters by a unified IT industry. It’s good to see that an increasing number of IT companies are taking this kind of stand for their clients – for us. In the end, this is a fight governments cannot win: if central services are forced to comply, encryption will just move to the edges, to the users.
Encryption has gone from being a niche curiosity to being taken seriously in just a few years. And everybody’s building more of it.
Privacy remains your own responsibility.