The recent revelations about the NSA’s technological surveillance of American citizens have caused many in the US and overseas to question their level of trust in the US government. The German government and citizens have been particularly vocal about their skepticism of US surveillance practices.  The issue is coloring the recent election season, as the media outlets post encryption techniques and question the use of US based social networking sites. Given the country’s history, it is understandable why they would be particularly attuned to fears of a “surveillance state”. Compared to American data privacy laws, which are few and fragmented, Germany has a single data protection act enforced by 17 state supervisors dedicated protecting individual privacy.

These fears have led to an increased distrust of US technology.  The German Ministry of Economic Affairs has become uneasy over the security of the Windows 8 operating system, particularly in the Trusted Platform Module which is being built into an increasing number of windows PCs.  The TPM chip collects cryptographic data stored for Windows BitLocker, has total control over what programs can and cannot be run on the PC, and even allows remote administration of the device.  What is most striking is that the system cannot be overridden through the operating system.  Fears abound that this technology would allow for an even greater level of secret surveillance, one which PC users would be unable to escape.  Apart from fears of state surveillance, having such a chip raises confidentially issues, should third parties find a method of exploiting the system.

Image provided by windows.com

The European Commission recently passed legislation requiring public telecommunication companies to notify regulators within 24 hours of security breaches of their data.  A more detailed account of the security breach must be reported within 3 days after the initial report.

The Telecom must also notify the private individuals affected by the security breach if it is likely to adversely affect their personal data or privacy- a determination that is left wholly within the hands of the Telecoms itself.  The private individual must be notified without “undue delay,” although no specific timeframe is mandated.

Further information is available at: http://www.mondaq.com/x/258672/data+protection/European+Commission+Tightens+The+Deadline+Data+Breach+Notification+Within+24+Hrs&email_access=on

In the wake of Edward Snowden’s release of info on top-secret NSA spying programs, his reported encrypted email service is now shutting its doors rather than, allegedly, complying with U.S. government requests to release confidential information.  Silent Circle, an encrypted email, phone, and text service, reportedly used by not only Snowden, but by the rich, famous, and very private, said it would no longer provide its email services, but would continue to provide its phone and text services.  Lavabit, a similar encrypted email service, also appears to be additional Snowden collateral damage, shuttering its doors in the wake of government requests.  You can check out messages from the founders on their homepages here- Lavabit, Silent Circle.

These takedowns come on the heels of Freedom Hosting, which provides various anonymous services through the Tor network (one of privacy enthusiasts favorite tools), being shut down.   Although the Freedom Hosting takedown appears to be directly related to the site’s hosting of child pornography and its founder reportedly arrested, the FBI has been implicated in infiltrating Freedom Hosting with the use of Malware.  More info from Wired available here.

Whether you think Snowden is a traitor or Jason Bourne (so say young people according to Sen. McCain here), the repercussions for his release of classified info do not appear to be waning any time soon.

Still want the best encrypted email out there?  Check out this post by Extreme Tech.

What about the best encrypted cloud services, you say?  LifeHacker out of Australia has some great recommendations- including ways to encrypt your current non-encrypted more mainstream services (eg dropbox, box.net, SkyDrive, etc.) here.