This week it was widely reported that the German chancellor Angela Merkel, intended to discuss the creation of a European communications network with the French president François Hollande in a meeting scheduled for today. (19/02/14.) The intent behind this ‘EU Internet’ is to avoid surveillance of emails and other sensitive information by storing data on servers located in Europe instead of in the US.
While it is positive that politicians finally see the need for drastic measures in order to safeguard people against NSA-style dragnet surveillance, the idea is still flawed. What has made mass surveillance of the Internet possible isn’t first and foremost that some of the most popular services of the Internet are hosted in the US, because big league players such as Google and Facebook obviously serves the European marked by servers located in the EU. Even if we use services owned by American companies, our data isn’t necessary stored on US soil.
But this didn’t prevent the NSA to conduct mass surveillance of European citizens, and it’s not likely that creating a Europe communications network will pose an insurmountable obstacle to foreign intelligence agencies wanting to eavesdrop on European data traffic. The problem has little to do with whereabouts the data is physically stored. Unfortunately the problem lies in the very essence of the technology used in much of the Internet today. Many of the services we use rely on obsolete standards that are intrinsically insecure.
Take for instance regular email… The technology itself goes back to the 1960’s, and even the protocols we use today were made in a time when online privacy was a non-issue. In general email messages are, in most cases, sent unencrypted over the Internet, which makes eavesdropping not only possible, but trivial for resourceful intelligence agencies such as the NSA. (Of course, it is possible to install external programs such as GPG/PGP in order to encrypt your email, but for the majority of users this apparently is too much of a hassle.)
The NSA isn’t only agency participating in mass surveillance, sadly their British counterpart GCHQ has been complicit in spying on European citizens as well. Creating an all European network doesn’t do anything to prevent European snooping, so this proposal isn’t doing anything at all to deal with the fundamental problem, which is a deficiency in much of the underlying technology of the Internet. If anything, such a European Intranet only makes things easier for European intelligence agencies. And it’s also highly doubtful how much of an obstacle to the NSA such a digital ‘European wall’ would pose. In a recent interview with the German broadcaster ARD, whistleblower Edward Snowden commented that “if the NSA can pull text messages out of telecommunications networks in China, they can probably manage to get Facebook messages out of Germany.”
There might be no final solution to the privacy dilemma in sight, but at least it is more than possible to have better privacy than we do today. The solution isn’t to create a centralized network, but to improve and replace existing standards. For instance, the Darkmail Alliance is working on a project that’ll create a new email protocol based on the XMPP standard. This new protocol will provide true end-to-end encryption, safeguarding that our emails stay private.
If Merkel and Hollande really wanted to do something for the privacy of us all, they would throw their money at projects like these, and they would propose legislation requiring that European email providers had to support such standards.