In light of the shocking revelations regarding the United States surveillance machine (the National Security Agency) and their PRISM initiative - one has to ask how do we move forward? As you can see from my previous blog post, I have personally written to President Barroso of the European Commission asking that the Commission immediately revoke the Safe Harbour status of the United States, ban all US companies from EU markets until such time as the US Government acknowledge and uphold the fundamental and constitutional rights of European citizens and begin a formal investigation into the allegations that the UK Government's signals analysis agency GCHQ used PRISM to circumvent the legal processes in place governing the acquisition and interception of citizens' communications.
Well all that is well and good and would be a good start, but it is unlikely to happen, at least not the first two - the Commission might well investigate the GCHQ issue if enough people make a noise about it, but it is unlikely to take any direct action against the United States. So what options do we have moving forward, if the European Commission won't protect our rights and the European Parliament are sold to the United States lobby on dissolving what few rights we do have? The only thing we can do is to stop using companies that have any legal links to the US, that includes companies that are incorporated in the US, companies that are not incorporated in the US but use US data centers, companies which are not incorporated in the US and do not use data centers in the US but use data centers outside the US which are owned by US companies (yes I know it is a lot to get your head around).
People have already started to ask me to recommend some alternatives to the popular services we use online, to be honest there aren't very many. However, one discussion I have had on Twitter is regarding private search and many people asking me if DuckDuckGo are a good alternative to Google and Bing and sadly I have to say, absolutely not. This seems to have upset the people at DuckDuckGo but as I said on Twitter, the very fact that they are based in the United States means they can't be trusted because they are under the jurisdiction of the Foreign Intelligence Surveillance Court (FISC) the very same court which is responsible for the Verizon order and PRISM. It doesn't matter how many reassurances DuckDuckGo want to give me, it doesn't matter how many messages I get from their founder, it doesn't matter what their privacy policy says - the facts are that they can be compelled under a FISC order to install technologies into their service which will give the NSA direct access to their users' searches in real time; and under the very same orders, they would be required by law to deny it if asked. In fact to make this completely clear, if DuckDuckGo's CEO, Gabriel Weinberg, were subject to a FISC order and disclosed the fact, he would almost certainly end up in prison for breach of the order and contempt of court.
To make matters worse, DuckDuckGo are not audited by any external body, so we only have their word that they are not an NSA honeypot setup to monitor people that deliberately avoid Google on privacy grounds (exactly the type of people the NSA are interested in) and we only have their word that their privacy policy is upheld - frankly Gabriel, that is not good enough.
For the above reasons, I once again turn my old friends at Ixquick. If you are looking for a private search engine, you cannot do better than Ixquick and Startpage at this time - they have been audited and certified by Europrise, they are not based in the US and therefore not under the jurisdiction of FISC and I know them personally and know that they stand by their word. They haven't paid me to say this, so no, this isn't some profit making scheme by me, but the facts are as they stand - it is literally impossible to trust that your data is private and secure if you use a company that has any legal ties to the United States. That means Cloud, Email, Blogs, ECommerce, Hosting, Image Galleries, Microblogs, Voice over IP, Instant Messaging, Social Networking - yes absolutely -everything- which makes up our digital society. If you still don't quite understand what that means, GMail, Hotmail, Skype, Facebook, Twitter, Dropbox, Crashplan, Blogger, Google Search, Bing, Yahoo Mail etc. are all inherently insecure as a direct result of the Foreign Intelligence Surveillance Act, the PATRIOT Act, the National Security Agency and PRISM - and that is before we even start to discuss CALEA and whether or not your broadband router has a built in back door...
Hopefully EU companies will now start to offer competing services which are not under the jurisdiction of the US "Total Information Awareness" program, just like Ixquick do. But until we have alternatives, you either need to stop using US based services or accept the fact that if you do, you are vulnerable to the wide focused surveillance of the United States Government. There is no "if you haven't done anything wrong, you have nothing to fear" argument here, this is not a "tin foil hat" conspiracy, it is not "paranoia", it is a fact - your data will be captured and put into a silo, it will be analysed and you will be profiled - that much is guaranteed.
UPDATE
Some people have asked me how can DuckDuckGo be a privacy risk if they do not log any data, so I will answer that here instead of keep having to post it to individuals on Twitter. Under the Foreign Intelligence Surveillance Court (FISC) or National Security Letters (NSL), DuckDuckGo can be legally compelled to log searches and those orders would come with a gag order attached - so they would not be able to tell you that they have been forced to log. This is why no matter what any US company says, they are still vulnerable to surveillance and programmes like PRISM. People may think I am being harsh to US companies, but the simple fact is until the US government change their laws and policies US companies cannot be trusted, whether it is there fault or not. Furthermore, US companies wield immense power through lobbying but they will not start to lobby for your privacy until it starts to effect their bottom line - stop using US companies and they might just become the allies we need on Capitol Hill because if their profits start to suffer due to US surveillance law, they will swing that lobbying axe with full force and effect.