Mass surveillance is becoming the new norm as countries relentlessly attempt to gather, evaluate, and share intelligence from different areas across the globe. Several states have entered coalitions that allow member countries to spy on each other’s citizens to obtain sensitive data and share it without breaching domestic laws governing privacy. Some of the coalitions that have since been formed include the Five Eyes, Nine Eyes, and Fourteen Eyes.
The Five Eyes coalition was incubated under the UKUSA Agreement, which initially comprised of the United Kingdom and the United States as the only member countries before Australia, New Zealand, and Canada joined the Pact. An expansion of the 5 Eyes saw Netherlands, Denmark, Norway, and France join the coalition to give birth to the 9 Eyes, which is not that intense in matters regarding espionage as its predecessor. Last but not least is the Fourteen Eyes Alliance which consists of Belgium, Sweden, Spain, Germany, Italy, and all member countries of the 5 Eyes and 9 Eyes.
The Key Disclosure Law
The key disclosure law expects a person under a criminal investigation to hand over the encryption key to the law enforcement authority conducting the investigation. However, the implementation of the key disclosure law varies from one country to the other, but a warrant ought to be obtained to kick start the whole process of criminal investigation. Besides, an individual can avoid handing over the encryption keys key to the relevant authorities by using either steganography or data encryption to prove reasonable deniability.
Stenography is the act of concealing sensitive information inside ordinary computer files, for instance, encrypting an audio file and hiding it in the image file. As an act of plausible deniability, data encryption ensures that sensitive data remains completely hidden from any adversary (for example, using one passcode to decrypt benign information and another passcode to decrypt sensitive information on that same file). That way, it becomes so hard for investigating authorities to confirm the existence of the information they are after.
Why You Should Avoid Services Based In The US
By choosing a US-based service, you risk putting your privacy under a microscope. The US has put in place stringent surveillance programs and uses NSLs (National Security Letters) accompanied by gag orders. Therefore, the government can efficiently conduct mass surveillance by secretly compelling firms to access full customer information.
Snowden’s case is a viable illustration of why you should think twice before using a US-based service. He found himself at the wrong side of the law after using Lavabit-a protected email service developed by Ladar Levison, and the FBI asked to be served with his records. But it turned out that Lavabit had not kept any logs, and its email contents were encrypted, prompting the FBI to issue a subpoena to acquire SSL keys. With the Lavabit’s SSL keys, they could access real time communications (both unencrypted content and metadata) from all customers.
After giving the SSL keys to the FBI, Levison shut down Lavabit with immediate effect. However, the United States government threated to arrest him on the grounds that he had violated the court order by shutting down Lavabit.