[liberationtech] Trusting tools under US jurisdiction

Sat Nov 28 12:02:59 PST 2015

Couple of things.

Just to be clear, Riseup has never turned information over to anyone and
I would know. Both us at May First and Riseup have fought intensely
(sometimes together) to stop NSA data theft and other forms of
informational bullying and so far we've been successful. It's a fight
but riseup takes it on and that *does* separate it (and us at May First)
from the commercial server crowd. We fight this fight every
day...believe me.

I've written a whole bunch on NSA surveillance and the main theme is
that nobody is protected from it. National borders mean absolutely
nothing. While it's true that the European Court recently seemed to
outlaw data gathering under PRISM, it's also true that the Trans Pacific
Partnership makes lots of data sharing among spy agencies not only legal
but obligatory.

What's more, because the commercial providers are all on Cloud storage
systems, which are spread internationally, you can't protect data in one
country. Any company, like Google, can pull its data from all its
servers internationally as long as pieces of that data are in the U.S.

Thing is most data has no national boundary, it moves back and forth
across every ocean and the NSA (and its sister spy agencies in Europe)
can intercept that data at any moment.

No, your data isn't safe because you're in the U.S. but the point is
that it's not safe anywhere unless you stake steps to secure it and
fight politically to make surveillance of this type illegal. In the
world of communications, the Internet makes national boundaries irrelevant.

Abrazos,

Alfredo

On 11/27/2015 05:28 AM, carlo von lynX wrote:
> On https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/
> I frequently see VPN service providers explaining their reason for operating
> from the US as follows:
> 
> 	>> We choose to operate in the US in order to provide no logging service, as there is no mandatory data retention law in the US. Additionally, our beloved clients are given access to some of the strongest consumer protection laws, and thus, are able to purchase with confidence. <<
> 
> ... which may be correct if you look at all the laws except for the Patriot Act
> by which companies such as DuckDuckGo, OpenWhisperSystems and even NGOs such as
> riseup.net must quietly allow the authorities to obtain full access to all 
> data, tell as little as possible people about it (frequently the CEO is not
> informed so that they can evangelize convincingly how safe their product is,
> not be all shaky and nervous like Gen. Clapper), and order the company to carry 
> on promoting the notion that privacy be in safe hands. We know from PRISM and 
> Lavabit how much that isn't true, but since then the US is pretending times
> have changed, which - knowing the NSA - cannot be true. It would be strategic
> madness to leave the knowledge over data to other nations.
> 
> In any case it is reasonable to assume that all of these privacy companies
> based in the US are selling snake oil because they just cannot refuse when
> the letter comes. The question is if *formally* anything has changed with
> the adoption of the Freedom Act. Is PRISM a little bit more illegal now than
> it was before? Would there be any judicial consequence if companies get
> caught selling out to authorities again?
> 
> In any case I don't understand how people happily use riseup instead of a/i,
> Duck Duck Go instead of ixquick, Signal instead of Telegram. I haven't found
> any place that offers an independently built Android binary for Signal. How
> reasonable is it to assume that OpenWhisperSystems can operate on US soil
> without shipping an NSA backdoor in all Signal installations? What other
> reason can there realistically be to actively fight the existence of
> deterministically or alternatively built copies of the Signal client?
> 
> Have we learned anything from the Snowden revelations at all? The last thing 
> we can do is trust humans to have the integrity to withstand the power of the
> US government. It is inappropriate to expect all the crypto pop stars to be 
> heroes and entrust our safety to them. Trust the maths and the facts, not the
> figureheads. Do not overload the people with responsibility. One thing humanity
> knows very well is how to corrupt people.
> 
> 

-- 
Alfredo López
Member, Leadership Committee
May First/People Link
https://mayfirst.org
alfredo at mayfirst.org