Free speech, crypto, and Free Software

Posted by gerloff on 0

On Document Freedom Day (March 26), FSFE and the Greens/EFA group in the European Parliament are organising an event in the European Parliament to discuss how cryptography can help us break the grip of the surveillance state.

The draft program looks amazing. We’ll have Werner Koch (of GnuPG fame, and one of FSFE’s founders), Karen O’Donoghue (Internet Society), French journalist Amaelle Guitton, and Swedish IT security expert Joachim Strömbergson.

Free speech is a human right, and a cornerstone of any democratic society. To enable communication, it is important that documents can be opened and read by the people who are meant to receive them. In today’s world, it is equally important that we have the ability to ensure that documents are read /only/ by the people meant to receive them, to prevent a scenario where both censorship and self-censorship degrade the ability of citizens to speak freely to each other, develop new ideas, and drive the progress of our society.

If encryption tools are to be considered trustworthy, their workings must be fully transparent. The encryption programs themselves need to be Free Software, so that anyone can independently assess how they work, and verify that they do not contain any defects or back doors.

The encryption methods are perhaps even more crucial. Encryption can only work with Open Standards. Cryptography as a field is developing rapidly, and the topic has long been far too complex for any single person to comprehend it fully. The best way of dealing with this complexity is to standardise cryptographic methods.

Such standards need to be created in a process that is open to public participation and assessment; collaborative; and fully transparent. In other fields of technology, closed, proprietary methods are merely an inefficient approach. In cryptography, such methods mean that the tools relying on them cannot be audited, and are therefore considered untrustworthy. In addition, the lack of independent review of the methods used frequently leads to poor-quality programs and systems.

Open Standards in the field of encryption, on the other hand, mean that cryptographic tools can rely on widely accepted methods which have been extensively reviewed, criticised, and validated by experts in the field. If those encryption tools are distributed as Free Software, the tools themselves can be efficiently audited. This is not only essential to ensuring that the tools do not contain any critical mistakes or back doors. It also opens those tools up to an ongoing process of improvement.

Registration for the March 26 event will open soon.