I usually don’t write political blog posts, especially if it relates to a country of which I’m not a citizen off nor live in. While I definitely have very clear opinions and views, I want to stay neutral in this blog and only talk about the technology side of things.
It seems that the new US administration is in the process of shaking-up a lot of traditions and regulations, while also redefining the relations between the USA and the rest of the world. Even though a lot of these changes are very relevant to a lot of people on this planet, I want to focus on three topics that directly affect the IT, the free software world and especially my work at Nextcloud.
Crypto Wars and Backdoors
Some of you might remember the early times of the web in the 90s where we had the ‘crypto wars’. This was a time period where the US government tried to limit the access to strong cryptography, especially outside the US. The idea was that the US secret services should be able to crack and decrypt every encrypted communication that happens outside the US. For example software like PGP was not allowed to be exported outside of the US, and browsers like Netscape were only allowed to use weak 40Bit SSL keys while the US version supported 128Bit keys.
After a while the US realized that this was a very stupid idea and allowed other countries to also use strong encryption. It seems that the new Attorney General likes the idea of Crypto Backdoors and this is now back on the table. This would obviously be very bad for internet security. The EFF has a good summary.
Legal battle over overseas Microsoft data
A lot of organisations and companies are concerned about storing sensitive data on servers and cloud services hosted in the USA. The reason is that the US government organisations are allowed to access all the information and data, and this is something a lot of people and companies don’t agree with. Microsoft and the ‘Deutsche Telekom’ have implemented a workaround, making it is possible to get an Microsoft Office 365 subscription where the data is hosted in a hosting center in Germany. The current judicial interpretation is that this service is covered by the local German law and not the US law.
However, now you can read in the news that it is possible that the US might soon have a different interpretation here. In the near future US agencies might have full access to services where US companies are involved, like in this case of Microsoft. More information can be found here in this article on politico
Privacy Shield and Safe Harbor
Two days ago Trump signed an executive order which might kill the Privacy Shield agreement with the EU. This is an agreement which is the successor of Safe Harbor which basically allowed European based companies to use US based cloud services and still be compliant with EU law. If this agreement is being annulled, then this makes all data flow from the EU to US based cloud services illegal. More information from Techcrunch.
All this happened in only the last few days. It is not completely clear yet what the long term impact will be and what else might happen next, but it is safe to say that the security of computer systems, the internet and our privacy is under heavier attack than ever before.
Free software developers, organisations, companies and everyone else who cares about security and privacy should act now. We need to develop and support technology that implements strong cryptography and is distributed and federated. It is becoming very clear that the heavy dependency on US based IT, Cloud and web-services is not good for the rest of the world. One of the main benefits of free software like Linux, KDE, GNOME, ownCloud and Nextcloud is that everyone can host and install it wherever they want, can audit the code to make sure that there are no backdoors, while also being able to adapt it and enhance it however they want.
These are interesting times and we, as software developers, are in a key position to make sure that all people will have access to data privacy tools and secure communication in the future