Kim Dotcom: End government surveillance, encrypt everything

File-sharing megahero Kim Dotcom is giving massive amounts of interviews to accompany his recent launch of Mega.co.nz — the file sharing portal that’s had over a million signups in about a week.

During an interview with Russia Today, Dotcom explained his views on how to end the snooping surveillance state the U.S. government has slowly wrapped around every packet traversing the internet. He wants everyone to start encrypting their online communication:

RT :The new program, Mega, is fully encrypted, and you’re touting it as an encrypted program so that people will want to use it. Do you think this is even necessary, right now, that people need encryption on the Internet?

KD: I think it’s important for the Internet that there is more encryption. Because what I have learned since I got dragged into this case is a lot about privacy abuses, about the government spying on people. You know, the US government invests a lot of money in spy clouds: massive data centers with hundreds of thousands of hard drives storing data. And what they are storing is basically any communication that traverses through US networks. And what that means they are not spying on individuals based on a warrant anymore. They just spy on everybody, permanently, all the time. And what that means for you and for anybody is that if you are ever a target of any kind of investigation, or someone has a political agenda against you, or a prosecutor doesn’t like you, or the police wants to interpret something in a way to get you in trouble — they can use all that data, go through it with a comb and find things even though we think we have nothing to hide and have done nothing wrong. They will find something that they can nail you with and that’s why it’s wrong to have these kinds of privacy abuses, and I decided to create a solution that overtime will encrypt more and more of the internet. So we start with files, we will then move to emails, and then move to Voice-Over-IP communication. And our API [Application Programming Interface] is available to any third-party developer to also create their own tools. And my goal is, within the next five years, I want to encrypt half of the Internet. Just reestablish a balance between a person — an individual — and the state. Because right now, we are living very close to this vision of George Orwell and I think it’s not the right way. It’s the wrong path that the government is on, thinking that they can spy on everybody.

Dotcom is so confident in his website that he has already issued a cash prize challenge, saying “Let’s see what you got.” Well Ars Technica went in and told us, “here’s the problem”:

A lot of the issues with Mega’s cryptographic implementation appear to be tied with the desire to make the service as “thin” as possible, requiring only a Javascript-capable browser (preferably Chrome, according to Mega). On one hand, this means there’s no client required, and the Web browser itself functions as the application platform—this simplifies the testing and deployment of new Mega features, since all Kim Dotcom’s guys have to do is update the site’s Javascript files. It also immediately buys total cross-platform compatibility, working on any computer in (just about) any browser.

On the other hand, the documentation and implementation have no small number of weaknesses and potential exploits. The RSA key pair generation process needs to be overhauled post-haste, and there needs to be some method of backing up and modifying a user’s encryption key.

The fact that encrypted data is not a total mystery to Mega is the most troubling issue.

Troubling indeed.

Thankfully we don’t need Dotcom’s Mega to do all the work of file encryption thinking for us. There are many options available out there, such as TrueCrypt. For browser encryption (without reminding yourself to change http to https or relying on site to do it automatically), Firefox and Chrome users can head on over to the Electronic Frontier Foundation’s HTTPS Everywhere project and begin encrypting all their traffic between browser and servers with a simple (and mostly transparent) plugin/add-on. PGP email encryption is nothing new to savvy geeks, even if they still have to send plain-text e-mail to their non-techie families.

Sadly, easy universal encryption has been slow in trickling down to the masses. And even worse: Even when it finally arrives, there remains the problem of a tyrannical government potentially forcing website owners to hand over unencrypted end-point data on users (for all we know, Dotcom’s servers could be raided again, providing a treasure trove of information to the snoops).

But don’t write off cyber privacy as an unwinnable battle just yet, Kim Dotcom may just be on to something, albeit on shaky grounds.

posted by vforvandyke · tags: , , , , , ,
  • Hippocrates

    RT: If you weren’t doing Mega, or Megaupload, what
    would you be doing? Here’s this businessman who strives to accomplish
    success. What would you be doing?

    KD: I would probably build spaceships and we would probably already be on Mars.

    Well, his ego is already there… might take a while for his fat ass to catch up.

    • http://twitter.com/epigrammaticus john galt

      his ego was there before he got his name changed from Schmitz. Right now, he’s bringing good things to light, so let him have his attention, but my advice is don’t trust him as far as you can throw him. In fact, consider whatever he does as compromised by most every TLA you can think of, and a few that you can’t. He walks away from the courthouse a hell of a lot more than anyone should…