The owner of Lavabit tells us that he's stopped using email and if we knew what he knew, we'd stop too.
There is no way to do Groklaw without email. Therein lies the conundrum.
What to do?
What to do?
I've spent the last couple of weeks trying to figure it out. And the conclusion I've reached is that there is no way to continue doing Groklaw, not long term, which is incredibly sad. But it's good to be realistic. And the simple truth is, no matter how good the motives might be for collecting and screening everything we say to one another, and no matter how "clean" we all are ourselves from the standpoint of the screeners, I don't know how to function in such an atmosphere. I don't know how to do Groklaw like this.
Years ago, when I was first on my own, I arrived in New York City, and being naive about the ways of evil doers in big cities, I rented a cheap apartment on the top floor of a six-floor walkup, in the back of the building. That of course, as all seasoned New Yorkers could have told me, meant that a burglar could climb the fire escape or get to the roof by going to the top floor via the stairs inside and then through the door to the roof and climb down to the open window of my apartment.
That is exactly what happened. I wasn't there when it happened, so I wasn't hurt in any way physically. And I didn't then own much of any worth, so only a few things were taken. But everything had been pawed through and thrown about. I can't tell how deeply disturbing it is to know that someone, some stranger, has gone through and touched all your underwear, looked at all your photographs of your family, and taken some small piece of jewelry that's been in your family for generations.
If it's ever happened to you, you know I couldn't live there any more, not one night more. It turned out, by the way, according to my neighbors, that it was almost certainly the janitor's son, which stunned me at the time but didn't seem to surprise any of my more-seasoned neighbors. The police just told me not to expect to get anything back. I felt assaulted. The underwear was perfectly normal underwear. Nothing kinky or shameful, but it was the idea of them being touched by someone I didn't know or want touching them. I threw them away, unused ever again.
I feel like that now, knowing that persons I don't know can paw through all my thoughts and hopes and plans in my emails with you.
They tell us that if you send or receive an email from outside the US, it will be read. If it's encrypted, they keep it for five years, presumably in the hopes of tech advancing to be able to decrypt it against your will and without your knowledge. Groklaw has readers all over the world.
I'm not a political person, by choice, and I must say, researching the latest developments convinced me of one thing -- I am right to avoid it. There is a scripture that says, It doesn't belong to man even to direct his step. And it's true. I see now clearly that it's true. Humans are just human, and we don't know what to do in our own lives half the time, let alone how to govern other humans successfully. And it shows. What form of government hasn't been tried? None of them satisfy everyone. So I think we did that experiment. I don't expect great improvement.
I remember 9/11 vividly. I had a family member who was supposed to be in the World Trade Center that morning, and when I watched on live television the buildings go down with living beings inside, I didn't know that she had been late that day and so was safe. Does it matter, though, if you knew anyone specifically, as we watched fellow human beings hold hands and jump out of windows of skyscrapers to a certain death below or watched the buildings crumble into dust, knowing there were so many people just like us being turned into dust as well?
I cried for weeks, in a way I've never cried before, or since, and I'll go to my grave remembering it and feeling it. And part of my anguish was that there were people in the world willing to do that to other people, fellow human beings, people they didn't even know, civilians uninvolved in any war.
I sound quaint, I suppose. But I always tell you the truth, and that is what I was feeling. So imagine how I feel now, imagining as I must what kind of world we are living in if the governments of the world think total surveillance is an appropriate thing?
I know. It may not even be about that. But what if it is? Do we even know?
I don't know. What I do know is it's not possible to be fully human if you are being surveilled 24/7.
Harvard's Berkman Center had an online
class on cybersecurity and internet privacy some years ago, and the resources of the class are still
online. It was about how to enhance privacy in an online world, speaking of quaint, with titles of articles like, "Is Big Brother Listening?"
You'll find all the laws in the US related to privacy and surveillance there. Not that anyone seems to follow any laws that get in their way these days. Or if they find they need a law to make conduct lawful, they just write a new law or reinterpret an old one and keep on going. That's not the rule of law as I understood the term.
Anyway, one resource was excerpts from a book by Janna Malamud Smith,"Private Matters: In Defense of the Personal Life", and I encourage you to read it. I encourage the President and the NSA to read it too. I know. They aren't listening to me. Not that way, anyhow. But it's important, because the point of the book is that privacy is vital to being human, which is why one of the worst punishments there is is total surveillance:
One way of beginning to understand privacy is by looking at what happens to people in extreme situations where it is absent. Recalling his time in Auschwitz, Primo Levi observed that "solitude in a Camp is more precious and rare than bread." Solitude is one state of privacy, and even amidst the overwhelming death, starvation, and horror of the camps, Levi knew he missed it.... Levi spent much of his life finding words for his camp experience. How, he wonders aloud in Survival in Auschwitz, do you describe "the demolition of a man," an offense for which "our language lacks words."... I've quoted from that book before, back when the CNET reporters' emails were read by HP. We thought that was awful. And it was. HP ended up giving them money to try to make it up to them. Little did we know.
One function of privacy is to provide a safe space away from terror or other assaultive experiences. When you remove a person's ability to sequester herself, or intimate information about herself, you make her extremely vulnerable....
The totalitarian state watches everyone, but keeps its own plans secret. Privacy is seen as dangerous because it enhances resistance. Constantly spying and then confronting people with what are often petty transgressions is a way of maintaining social control and unnerving and disempowering opposition....
And even when one shakes real pursuers, it is often hard to rid oneself of the feeling of being watched -- which is why surveillance is an extremely powerful way to control people. The mind's tendency to still feel observed when alone... can be inhibiting. ... Feeling watched, but not knowing for sure, nor knowing if, when, or how the hostile surveyor may strike, people often become fearful, constricted, and distracted.
Ms. Smith continues:
Safe privacy is an important component of autonomy, freedom, and thus psychological well-being, in any society that values individuals. ... Summed up briefly, a statement of "how not to dehumanize people" might read: Don't terrorize or humiliate. Don't starve, freeze, exhaust. Don't demean or impose degrading submission. Don't force separation from loved ones. Don't make demands in an incomprehensible language. Don't refuse to listen closely. Don't destroy privacy. Terrorists of all sorts destroy privacy both by corrupting it into secrecy and by using hostile surveillance to undo its useful sanctuary. I hope that makes it clear why I can't continue.
There is now no shield from forced exposure. Nothing in that parenthetical thought list is terrorism-related, but no one can feel protected enough from forced exposure any more to say anything the least bit like that to anyone in an email, particularly from the US out or to the US in, but really anywhere. You don't expect a stranger to read your private communications to a friend. And once you know they can, what is there to say? Constricted and distracted. That's it exactly. That's how I feel.
But if we describe a standard for treating people humanely, why does stripping privacy violate it? And what is privacy? In his landmark book, Privacy and Freedom, Alan Westin names four states of privacy: solitude, anonymity, reserve, and intimacy. The reasons for valuing privacy become more apparent as we explore these states....
The essence of solitude, and all privacy, is a sense of choice and control. You control who watches or learns about you. You choose to leave and return. ...
Intimacy is a private state because in it people relax their public front either physically or emotionally or, occasionally, both. They tell personal stories, exchange looks, or touch privately. They may ignore each other without offending. They may have sex. They may speak frankly using words they would not use in front of others, expressing ideas and feelings -- positive or negative -- that are unacceptable in public. (I don't think I ever got over his death. She seems unable to stop lying to her mother. He looks flabby in those running shorts. I feel horny. In spite of everything, I still long to see them. I am so angry at you I could scream. That joke is disgusting, but it's really funny.) Shielded from forced exposure, a person often feels more able to expose himself.
So. There we are. The foundation of Groklaw is over. I can't do Groklaw without your input. I was never exaggerating about that when we won awards. It really was a collaborative effort, and there is now no private way, evidently, to collaborate.
I'm really sorry that it's so. I loved doing Groklaw, and I believe we really made a significant contribution. But even that turns out to be less than we thought, or less than I hoped for, anyway. My hope was always to show you that there is beauty and safety in the rule of law, that civilization actually depends on it. How quaint.
If you have to stay on the Internet, my research indicates that the short term safety from surveillance, to the degree that is even possible, is to use a service like Kolab for email, which is located in Switzerland, and hence is under different laws than the US, laws which attempt to afford more privacy to citizens. I have now gotten for myself an email there, p.jones at mykolab.com in case anyone wishes to contact me over something really important and feels squeamish about writing to an email address on a server in the US. But both emails still work. It's your choice.
My personal decision is to get off of the Internet to the degree it's possible. I'm just an ordinary person. But I really know, after all my research and some serious thinking things through, that I can't stay online personally without losing my humanness, now that I know that ensuring privacy online is impossible. I find myself unable to write. I've always been a private person. That's why I never wanted to be a celebrity and why I fought hard to maintain both my privacy and yours.
Oddly, if everyone did that, leap off the Internet, the world's economy would collapse, I suppose. I can't really hope for that. But for me, the Internet is over.
So this is the last Groklaw article. I won't turn on comments. Thank you for all you've done. I will never forget you and our work together. I hope you'll remember me too. I'm sorry I can't overcome these feelings, but I yam what I yam, and I tried, but I can't.
Update: Bruce Scheier has some advice for those who do wish to remain on the Internet:
With all this in mind, I have five pieces of advice:
1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.
2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you're much better protected than if you communicate in the clear.
3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good.
4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.
5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.
See also Dan Geer's talk, Cybersecurity as Realpolitik:
Those of us who are backing
out our remaining dependencies on digital goods and services are
being entirely rational...
... I will busy myself with reducing my
dependence on, and thus my risk exposure to, the digital world even
though that will be mistaken for curmudgeonly nostalgia.