Dev Update week beginning :safe: 24 november 2014

The EU wide law is the Data Retention Directive. That is implemented in custom variants by each country, so it isn’t actually a law itself, rather guidelines for each country who may diverge substantially from the guidelines. The UK’s implementation is the Regulation of Investigatory Powers Act 2000 which provides very wide warrantless data retrieval powers and gagging being able to publicise the event. These powers were expanded by the Data Retention and Investigatory Powers Act 2014 which if I read it correctly, could allow the government to seize TOR nodes and operate them on your behalf for sustained periods of time. This power isn’t unusual, other European governments have already made use of it by seizing TOR nodes.

The canary only works because the US is very unusual in that you cannot be compelled to lie under oath. You can be compelled to be silent, but not to lie. I think that’s simply a happy accident by the founding fathers. It is definitely unusual.

However to be honest Paige a canary is a gimmick anyway. Much more valuable is making public a threat matrix which shows in a single place all the threats which can be exerted on the SAFE network by adversaries. You then aim to plug those threats.

For example, in the UK it is illegal not to supply your encryption keys to the government. If they got the Maidsafe github keys and forcibly took over our servers and gagged us from telling anyone, they could, pretending to be us, modify the code base to subvert the network and push it out as authentic updates. That is but one threat entry in the matrix. Another might be that we can’t afford our own data center so we rent them, well that leaves us wide open to governments fiddling with our servers and we’d have no idea. Or they could trap all packets entering and exiting the main internet junctions and build a pattern - this is how they subvert TOR et all.

They’re a US based entity just like the FSF and therefore US focused almost to the point of ignoring anywhere else. Also acquiring competent legal advice on foreign law is orders of magnitude more expensive. So they don’t bother commenting on elsewhere.

If the servers are in country X then the laws of country X apply irrespective of the owning or renting company. Also if you don’t own your own data center you can’t control who fiddles with your servers, or know that someone has.

Collecting a single page of canaries for those who supply servers to Maidsafe might be a very good idea. And those providers who won’t provide a canary. For example, all our email is handled by Google, in there are all the passwords to our servers in the emails. It’s a cinch for a government to pull and we’d never know, hell Google even provide a web form which gives you a zip archive of everything Google has on a person.


Statistically you’re two orders of magnitude more likely to get killed by your cops than here. You may have noticed British police don’t even bother carrying guns and when someone dies it’s national news and there is a judicial inquiry. It’s about thirty per year for the whole of the UK, and most of those are suicides whilst in custody or people choking on their vomit whilst intoxicated. Police actually killing someone is between zero and one per year average compared to well over a thousand in the US annually.