The Snowden expose may have increased ‘market’ for services whose USP is privacy protection
Email has come a long way in the last decade. Much of this has to do with the rise of centralised services offered by the likes of Google,
Microsoft and Yahoo. But, the fact that user data rests physically on their servers, located mostly within the legal jurisdiction of the U.S.
State, raises serious questions about how user data is vulnerable to the snooping eyes of the State. The abrupt shutdown of Lavabit and Silent Mail, two services that offered robust encryption at the server-end to protect user privacy, has highlighted the need to explore alternative services and approaches to mail storage.
Cryptography at the user-end
“When the service comes for free, as it is with Google or Facebook, it is the user who has been made into the product,” says Sarath Madayil, a free software activist. Even the use of secure HTTPS encryption in free services such as Gmail does not really address the problem of privacy infringement.
As the PRISM revelations show, the ability of NSA to decrypt messages at the server-end makes mail encryption with HTTPS redundant.
User-end encryption techniques such as GPG (GNU Privacy Guard) to encrypt mails sent via Gmail, for instance, are decrypted not on Google’s servers, but on the user’s computers. This reduces the chances of snooping of mails. However, metadata tracking still remains a live threat, especially when the servers are based in the U.S.
Data Swiss banks
Another protective step would be to “migrate” to services, which are conducted from countries which have legal regimes that offer a healthier respect for privacy. European countries such as Iceland, Switzerland, Sweden and others have more resilient laws for user privacy protection.
Using mail service providers whose data servers physically reside in these countries can increase protection to users. Paid mail service options offered by https://mykolab.com/ is one such example.
Increased the market?
In fact, the Snowden expose may well have increased the ‘market’ for email services such as these because their USP is privacy protection, which users may regard as valuable.
Decentralised solutions to electronic communication on the Bitcoin model are also being attempted. Bit Message is one such peer-to-peer model of electronic communication.
Because a centralised service provider is eliminated, the possibility of PRISM-like surveillance is also reduced.
The panacea to the problem of surveillance of electronic communication would be to set up one’s own mail server using free software, on a machine residing in a privacy-friendly country.
An additional layer of security would achieved by deploying GPG encryption for mails and disc encryption for the servers. Of course, this may be a difficult task for many users.
Ironically, the growing sense of betrayal that users feel about the way their data has been compromised by the established service providers, may well be the spark that makes them take the harder route to privacy protection.
“Very few Indian mail service providers have had the vision to set up such a service. It might be a good startup offering, and the timing seems right now,” says Mr. Madayil.