Privacy enhancing programs fill a gap the legislation and common law don’t cover

December 29, 2014 |

Privacy protection is moving in a two pronged direction; through development of law and by technological innovation.

In Australia the law is moving painfully slowly, mainly through regulation of the Privacy Act 1988.  The Act was enacted in 1988 to cover government agencies, amended in 2000 to cover some but not all privacy sector organisations and amended again earlier this year to give the Privacy Commissioner enhanced powers, to actually do something about privacy breaches.  In the 9 months after the amendments came into force there has been little substantive action taken by the Privacy Commissioner.  As such compliance is patchy and the perceived risk of exposure to regulatory action low.  There are some other sector specific acts such as the Personally Controlled Electronic Health Records Act 2012 and provisions within the Telecommunications Act 1997.  The common law has taken a substantial step forward with the Victorian Court of Appeal decision in Giller v Procopets, broadening the equitable breach of confidence principles and adopting the UK line of authorities in misuse of private information actions.  But the Appellate courts have not gone so far as to establish a common right to privacy. And the likelihood is that they won’t unless there is a  reason to do so, a case so compelling which highlights the inadequacy of the protections and where the malefactor has not settled. The Australian legislatures have been allergic to providing more substantive privacy protections, in particular providing individuals a right to take action for a breach of their privacy.  The most recent outbreak of the allergy was the Government’s non/hostile reaction to the Australian Law Reform Commission’s latest report on privacy, Serious Invasions of Privacy in the Digital Era (ALRC Report 123).  It recommended a statutory cause of action for the protection of privacy as well as a reboot of the miscellaneous confused regulation of surveillance.  A House of Representatives Committee in Eyes in the Sky also recommended the enactment of a statutory right to privacy.  The Government’s antipathy to privacy law reform is typified in the report Stronger privacy laws needed to protect public from drones, parliamentary committee says where the Attorney General is reported as:

The House of Representatives’ standing committee on social policy and legal affairs calls on the Abbott Government to look at creating a tort of privacy.

But Attorney-General George Brandis has previously rejected such a move as an intrusion on personal freedoms.

The argument that filling a clear hole in the law intrudes into personal freedoms makes little logical or legal sense.  A right to autonomy should fall squarely within a libertarian belief in the right of the individual.  The issue is the scope, defences and safeguards that may distinguish an unacceptable intrusion from a valuable, if not indispensable right.  There are ample models where such a right lives side by side with other rights and does not intrude on personal freedoms.

Where the law does not cover basic privacy protections on line technology has developed to fill the gap.  This is clearly described in Revealed: the encryption tools spies can (and can’t) crack and Wired’s excellent article in 8 Free Privacy Programs Worth Your Year-End Donations which provides:

Free software isn’t free. Someone’s got to shell out for the expensive development, maintenance, bug fixes and updates for programs that so many of us who live online have come to see as almost natural resources. And increasingly, those taken-for-granted tools have become vital for the privacy and security of millions of people.

So as the end of 2014 approaches, this might be the time to add a few free software security projects like the ones we’ve listed below to your annual tax-deductible donations. “There’s no way around it. If we want tools that are secure and usable, then these projects need funding,” says Trevor Timm, executive director of the Freedom of the Press Foundation, a non-profit that has run fundraising campaigns for encryption software. “They don’t have a business model. They’re not doing this to make money. Their first priority is the security of users.”

A year of Snowden-fueled privacy interest, Timm adds, has driven a new crowd to cash-strapped free software privacy projects for whom every new user often represents a new demand on resources. “When a lot of these projects started, there wasn’t a giant user base. Now so many people depend on these tools for privacy,” says Timm. “If we’re going to use them, it’s important to give back to the projects that created them.”

Here are a few of WIRED’s suggestions for your yuletide crypto philanthropy:

Tor

Tor, whose name comes from the acronym The Onion Router, remains perhaps the world’s most effective tool for evading surveillance online. By encrypting a user’s traffic in layers and routing it through randomly chosen computers spread around the world, Tor makes it nearly impossible to track down a user’s identity or censor his or her Web browsing. In the wake of Snowden’s revelations, the tool has nearly doubled in usage to around two million active users, straining its infrastructure.

Tor receives much of its funding from the U.S. military and the State Department. But Freedom of the Press’s Timm says that government funding shouldn’t dissuade individuals from donating. “One part of the US government may the biggest funder of an encryption project, at the same time as other parts of the government want to see it outlawed,” says Timm, referring in part to the FBI director James Comey’s recent statements about encryption’s dangers. “If people really want to support projects like Tor, they should help them become less reliant on that government funding.”

Tails

The operating system Tails, or The Amnesiac Incognito Live System, has all the properties of the ideal private operating system. It boots from a USB drive, leaving no trace on the computer it’s running on. And it routes all the user’s traffic over Tor, foiling even malware attacks that might be designed to cause a Tor user’s computer to leak identifying data.

Edward Snowden himself has praised Tails as a means to strengthen vulnerable communication endpoints. And filmmaker Laura Poitras used Tails when communicating with Snowden for months to arrange his unprecedented leak of NSA secrets. Despite all of that, Tails has received little mainstream support and may be the security software most in need of users’ donations.

SecureDrop

SecureDrop, which started with some of the last code written by free information activist Aaron Swartz, aims to turn every news organization into a potential WikiLeaks. The software integrates Tor to allow sources to anonymously upload secret documents. The Freedom of the Press Foundation has adopted SecureDrop, manages its fundraising, and has now helped more than a dozen news outlets to install it, including The Washington Post, The Guardian, and The Intercept. It promises to become a crucial investigative journalism tool that allows reporters to stay a step ahead of any surveillance that would seek to identify their most sensitive sources.

GPG
When privacy conscious users think of the venerable encryption software PGP, they think of Phil Zimmermann, the folk hero cryptographer who first released PGP in 1991. Less heralded is the group which now maintains the open-source version of PGP known as Gnu Privacy Guard. (The original PGP became the product of a private company and ended up being acquired by the security giant Symantec.) GPG, which you can donate to here, and an offshoot project for Mac known as GPG Tools make an enormous swathe of strong encryption use cases possible. In a sign of its tight resources, GPG Tools began charging for downloads of its Mail plugin last month. But other versions of the GPG Tools software remain free, and could use a little financial support.

Open Whisper Systems
Open Whisper Systems, created by the hacker and privacy activist Moxie Marlinspike, is quickly becoming the world’s most widely implemented tool for encrypting smartphone messaging. The project began in 2010 with the Android apps Redphone and Textsecure, which allow end-to-end, strongly encrypted voice calls and text messages. Then earlier this year, OWS added Signal, which enables the same encrypted calls from iPhones, too. And then, in a landmark move last month, the ultra-popular messaging app Whatsapp announced that it would be integrating Textsecure into its Android app installed on hundreds of millions of phones, with an iPhone implementation to follow. With that kind of mass adoption, Textsecure is on its way to becoming the go-to protocol for anyone who wants to add surveillance-breaking protection to their smartphone messaging program. You can donate to the project through the Freedom of the Press Foundation.

Cryptocat
Cryptographer Nadim Kobeissi has made it his mission to create the world’s simplest crypto applications; Cryptocat makes Web-based encrypted messaging so simple a five-year-old can use it. Despite early criticism for security flaws, the ultra-usable program now gets strong reviews from the cryptography community, and has been downloaded more than 750,000 times. Kobeissi’s newer project is Minilock, a public key encryption program designed to be so simple that it doesn’t even require creating an account or storing a key on the user’s machine. You can donate support Cryptocat via Paypal here.

Off The Record Messaging
Cryptocat and Textsecure have both integrated Off-The-Record (OTR) messaging, the gold standard protocol for encrypted instant messaging. (Though Textsecure has recently shifted to using its own code instead.) Created by Ian Goldberg and maintained by his research group at the University of Waterloo, (which also hosts its fundraising) OTR’s plugins for Jabber clients like Adium and Pidgin have made it popular for everyone from WikiLeaks to Russian drug dealers.

OpenSSL
OpenSSL provides the crypto protocol used by two thirds of the web’s SSL-encrypted websites. And until last summer, it had only four core programmers and a single full-time employee. The lack of love for such an important open-source project only came to light in April, when the flaw in OpenSSL known as Heartbleed made it possible to compromise millions of servers around the world that implement the protocol. OpenSSL has since received more development help and funding from major tech firms. But the project is still seeking more donations (though not tax deductible ones, unfortunately) and corporate sponsorships.

One Response to “Privacy enhancing programs fill a gap the legislation and common law don’t cover”

  1. Privacy enhancing programs fill a gap the legislation and common law don’t cover | Australian Law Blogs

    […] Privacy enhancing programs fill a gap the legislation and common law don’t cover […]

Leave a Reply