At TrustyCon, privacy experts held a candid talk on government methods for obtaining citizen information – and on how the industry can help buffer unfettered data collection.
On Thursday morning, Chris Soghoian, principal technologist at the American Civil Liberties Union (ACLU), and Marcia Hofmann, who runs a law practice specializing in technology issues, such as electronic privacy and online security, delivered a joint presentation.
The talk, titled “The Laws and Ethics of Trustworthy Technology,” delved into the government's increasingly audacious methods for accessing firms' customer data.
Both Soghoian and Hofmann drew comparisons to encrypted email service Lavabit's legal battle. Lavabit's founder Ladar Levison opted to shutter the business last August to keep the government from having access to the data of Lavabit's 400,000-strong customer base via a master encryption key it requested.
Hofmann, who gave a detailed overview of the case and its significance to privacy and security advocates, advised attendees at the conference to “not think about Lavabit as a unicorn,” as the bold requests for corporate data are likely to continue on the government's end.
Hofmann has represented Levison in his ongoing legal proceedings.
On Thursday, Soghoian also counseled the crowd that government data requests, which often grab the attention of the media and public, are just a segment of what the industry should be watchful of.
He said that, not only clear text data from service providers, but tech services and application programming interfaces (APIs), which gives the government insight on software component interactions, are also within arms reach of law enforcement.
“If a service exists – if an API exists – the government can come and ask to use it,” Soghoian said.
He further explained that this practice could be used to the government's advantage in a way, and at a point in time, that companies handing over the information may not have anticipated when first cooperating.
Soghoian advised that practitioners should lead the way in utilizing new alternatives for securing communications from the government's prying eyes.
He mentioned encrypted communications firm Silent Circle and Levison's joint effort late last year to introduce a secure emailing tool with end-to-end encrypted protocol and architecture – and that, if the industry doesn't use it, other users won't catch on either.