[liberationtech] PrivateSky Takedown

shelley at misanthropia.info shelley at misanthropia.info
Thu Dec 12 10:40:57 PST 2013 

>>The team at CertiVox have the upmost respect for the folks we 
interacted with at GCHQ.

>> a commercial 
communications service that gives the upmost in privacy to its users

"The word wanted there is, of course, "utmost." This word comes from the Middle English word utmest, which itself comes from the Old English  utmest.  The Old English adverb ut means "out," and mest is the ancestor of our word "most."  "Utmost" (or "outermost") is a superlative, meaning situated at the farthest, most distant point. Thus it designates the extreme, the greatest or highest degree. This idea, of the highest degree, is probably what leads to the erroneous use of "upmost" in this sentence."

http://grammartips.homestead.com/utmost.html

Petty? Perhaps, but it's the visual equivalent of nails on a chalkboard.


 On Dec 12, 2013 9:08 AM, Yosem Companys <companys at stanford.edu> wrote: 

Certivox Asked That We Share Their Side of the Story on the PrivateSky Takedown.



YC







http://www.certivox.com/blog/bid/359788/The-real-story-on-the-PrivateSky-takedown



The real story on the PrivateSky takedown.



Posted by Brian Spector on Thu, Dec 12, 2013



With the story about our PrivateSky takedown now public, I want to

take the opportunity to clarify a few points in various articles that

have appeared since yesterday covering the story.



Some headlines strongly infer our friends at GCHQ "forced" us to take

PrivateSky down. That's not the case.



Secondly, a very important point wasn't printed. GCHQ couldn't, by

law, request a blanket back door on the system. There are a very rigid

set of controls that mean only specific individuals can come under

surveillance. The legal request for such surveillance has a due

process that must be stridently followed. At no time did I or anyone

at CertiVox talk about CertiVox in relation to any RIPA warrant, only

the generic process by which these warrants are served.



By saying "our friends at GCHQ", there is no facetiousness intended.

The team at CertiVox have the upmost respect for the folks we

interacted with at GCHQ. They took the due process I outlined in the

previous point very seriously. We found that as an organisation, and

every individual involved there, were as worried about a breach of

public trust as much as we are.



Finally, I believe very strongly the following should be a larger part

of the public discourse of these subjects. What everyone needs to

understand is that every developed democracy in the world, even where

privacy rights are enshrined to the maximum efficacy by statute, has

laws on the books that mandate that Internet Service Providers have

facilities to work with law enforcement for the purposes of legal

intercept, to enforce public safety and security.



Being L.I. capable is a very important set features and functions that

must be in place for any credible, commercial service on the Internet.

In endeavouring to make PrivateSky as secure as possible, we

overlooked this critical requirement when we built PrivateSky.



When CertiVox positioned PrivateSky as the easiest to use and most

secure encrypted messaging service, we really had two significant

points of differentiation. First, even though we held the root

encryption keys to the system, it was architected in such as way that

it would have been all but impossible for our internal staff to snoop

on our customer's communications, or for the service to leak any of

our customer¹s data. Secondly, our possession of the root keys, and

our use of identity based encryption, made the system incredibly easy

to use. For the user, there were no private or public keys to manage,

every workflow was handled for the user in an easy to grasp pure HTML5

interface, no hardware or software required, just an HTML5 browser.



We boxed ourselves into a feature set and market position that when

called upon to comply with legal statues, we simply had no alternative

but to shut the service down. We built it, but we couldn't host it.



Why? Because as you can probably surmise, there is an inherent

impedance mismatch between being able to host a commercial

communications service that gives the upmost in privacy to its users,

against any breach, whilst at the same time being able to operate

safely within the confines of the law as it is on the books in most

countries on the planet.



In summary, it's the abuse of the communications interception in the

Snowden revelations that has everyone up in arms, as so it should. But

that¹s not what happened with PrivateSky.



What is our next move?



Watch this space.

-- 

Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20131212/af2a8c5a/attachment.html>

More information about the liberationtech mailing list