All service providers (such as lawyers, doctors, accountants, financial advisors, etc.) who believe their communications with clients are private — and in some situations, privileged — should take note. Conversely, all clients who believe their communications with trusted service providers are private should also take note.
If you believe the revelations reported by The Guardian after a recent July 17th interview with NSA whistleblower Edward Snowden, you should consider encrypting all such communications.
Here’s a summary of what Snowden said in his interview with The Guardian, along with Snowden’s original quotes:
- Your data collected by the government will likely be stored forever. “Because of the advance of technology, storage becomes cheaper and cheaper year after year and when our ability to store data outpaces the expense of creating that data, we end up with things that are no longer held for short-term periods, they’re held for long-term periods and then they’re held for a longer term period. At the NSA for example, we store data for five years on individuals. And that’s before getting a waiver to extend that even further.”
- The government believes it needs to be able to intercept all communication and therefore discourages use of message-level encryption, which makes mass collection more challenging. “And the government is saying that we need to be able to intercept all of these communications … And because of this they don’t like the adoption of encryption. They say encryption that protects individuals’ privacies, encryption that protects the public’s privacy broadly as opposed to specific individuals, encryption by default, is dangerous because they lose this midpoint communication, this midpoint collection.” Further, “The reality is every communication comes from an originating point and it ends up at a destination point. And these two points are computers, they’re devices, they’re cell phones or laptops and they can be hacked. They can be exploited, which gives law enforcement agencies and intelligence agencies direct access to those systems to be able to read those communications.”
- Lawyers and other service providers have obligations to maintain client confidentiality – but without encryption, they cannot. “Lawyers are in the same position. And investigators. And doctors. It’s a constantly increasing list and one that we’re not even aware of today. I would say lawyers, doctors, investigators, possibly even accountants. Anyone who has an obligation to protect the privacy interests of their clients is facing a new and challenging world and we need new professional training and new professional standards to make sure that we have mechanisms to ensure that the average member of our society can have a reasonable measure of faith in the skills of all the members of these professions.”
As Snowden suggests, the NSA has your information — and lots of it. And they will likely have it forever. But, can it be obtained by others? And, if it is obtained by others, can it be publicly exposed or even used against you? Assuming you are not a national security threat, it has yet to be seen whether a simple Freedom of Information Act request would compel the NSA to return to you your records, location information, conversations, and email that the NSA has collected. It will be interesting to see whether such a request would be successful. This has already been tested successfully in Germany with subpoena to T-Mobile of one’s personal stored metadata, which can then be used to map one’s location history to Google maps. (Check out this interactive map for yourself.)
In a developing storyline here in the United States, we will get to see whether Congress can obtain information on US citizens to hold against them in proceedings. CBS News recently reported, “The House Armed Services Committee has come up with a creative approach to look for emails from embattled former Internal Revenue Service (IRS) official Lois Lerner that were apparently lost in a computer crash.”
US citizens to hold against them in proceedings. CBS News recently reported, “The House Armed Services Committee has come up with a creative approach to look for emails from embattled former Internal Revenue Service (IRS) official Lois Lerner that were apparently lost in a computer crash.“
“They’re asking the National Security Agency (NSA) and the Defense Department. The panel approved a resolution Wednesday authored by Rep. Steve Stockman, R-Texas, that directs the Secretary of Defense to send the House of Representatives ‘copies of any electronic communication in the possession of the Secretary, the Director of the National Security Agency, or any office that reports to the Secretary or the Director that was transmitted to or from any electronic mail account(s) used by former Internal Revenue Service Exempt Organizations Division Director Lois Lerner at any time between January 1, 2009, and April 30, 2011.'”
If we are to believe what has been reported, the bottom line is:
- Your information is being collected.
- They’re asking the National Security Agency (NSA) and the Defense Department.
- The panel approved a resolution Wednesday authored by Rep. Steve Stockman.
- R-Texas, that directs the Secretary of Defense to send the House of Representatives.
- Division Director Lois Lerner at any time between January 1, 2009, and April 30, 2011.
- Your collected information is stored for a long time, and may be accessible through public requests for information.
- Encryption works to keep correspondence private, but only if used; and only if messages themselves are encrypted, even at the endpoint.
- Your service provider (lawyer, doctor, accountant, financial planner) may not understand or care enough to protect you by encrypting your private correspondence. If you are not encrypting your correspondence to them or you are not insisting that they encrypt correspondence with you, your correspondence will not be private.
RPost’s encryption service uses “True Direct Delivery,” a proprietary method of encrypted mail delivery whereby the message is encrypted in a secure PDF wrapper, delivered directly to the recipient (without being stored in the middle), and stays in an encrypted format in the recipient’s mailbox or on any recipient mail servers. Endpoint security is a critical requirement of message privacy, as entities such as the NSA have shown in recent years.
Learn more about RPost’s encryption service at http://www.rpost.com/esecurity.