"...it's naive to imagine that if you introduce a weakness into a system, you will be the only one to use it."
"Imagine you had a private email exchange with your doctor about your mental illness, that ended up in the hands of your competitor, who used it to destroy your professional reputation. What if you filed for bankruptcy, and your emails to your lawyer became public, humiliating your family?"
Ladar Levison recently closed his Lavabit email service due to demands from the US Govt that he hand over cryptographic keys that would allow the emails of all of the users of his service to be exposed.
Until a few months ago I viewed privacy advocates with a healthy deal of skepticism and considered the "tin foil hat" brigade, afraid of big brother watching them, as paranoid.
Now it appears that they are not paranoid - in fact, given the scope of what has been revealed, I think many of them were being optimistic. I have studied the ongoing Snowden revelations, first with bemusement, then with indignation, then despair and now, I'm angry.
I class myself as a law-abiding, pragmatic sort of person when it comes to security. I have no doubt that if targeted for a valid reason, given the appropriate warrant, law enforcement could and should be able to access my online history, tap my phone, view my email. However, after what has been revealed in the past 4 months I realise that the things that are going on under the guise of 'anti- terrorism' are not the result of targeted, legal interceptions.
Deliberate weaknesses being built into systems
What is being done by the U.S. and it's 5 eyes partners (inc. Australia and New Zealand) is unacceptable and undermines the Internet as a platform for business. The security protocols all our Banking, E-Commerce and data exchanges rely on are potentially compromised. With the wholesale interception of data and their decryption capabilities, back-doors built into routers, Operating Systems , the services we use and even the CPU's running our computers, no data can truly be declared safe.
"When the National Security Agency deliberately sabotages key parts of the encryption infrastructure that protects communications, it's opening doors for criminals, not just law enforcement. Imagine that the government required you to use a crummy lock on your front door, so that local police—and your local burglars—could easily enter your home."
Any system that is deliberately made vulnerable has the potential to be usurped and used by criminals.
In addition, the potential for abuse is enormous. Starting with the 1000 Sysadmins like Snowden to the Operators using the system to track spouses, ex-girlfriends etc (prevalent enough to have its own name "LOVEINT" ), the collection of this data creates a honeypot that can be used illegally or inappropriately.
So what does all this mean to myPractice and why should you care?
Every person who uses the internet should care about and rally against the erosion and undermining of the security protocols that underpin our banking, business transactions and personal communications. We consider the interception and capture of bulk data by Government Agencies as a threat to our business and the business of our customers. Living in a democratic country, we should not tolerate these actions by Our Governments acting in Our Name. Security is tough enough without having to secure ourselves from those that are supposed to be our friends and having our "friends" actively working to undermine us.
We have taken and are taking ongoing actions to protect our data and yours from being intercepted to the best of our ability. This involves moving data and services from providers such as Google and Microsoft to systems that are under our own control. We've moved email and all backup storage, beefed up encryption and updated our security protocols internally.
myPractice supports the EFA and others in their call for an inquiry into surveillance oversight and call on the Australian and New Zealand Governments to stop the madness and reign in the Agencies involved in the wholesale interception of data and stop the systematic undermining of cryptographic solutions and standards. The Governments tactic of attempting to "shoot the messenger", whilst politically expedient, does not solve this issue.