True privacy and security depend on free software
Famed whistleblower Edward Snowden delivers his talk "The Last Lighthouse" remotely for the LibrePlanet 2016 conference.
For all of the assurances you might receive from proprietary software companies that they respect your right to privacy, it is impossible to guarantee that your online communications are actually private without free software. Among technical users, it's common knowledge that privacy is dependent on strong encryption. However, the complex connection between software freedom, encryption, and privacy can be a little difficult to explain in the course of our individual activism, and is due for a more in-depth explanation.
Encryption is about keeping secrets secret, whether that means messages between you and a loved one, sensitive documents, or an entire hard drive. It also isn't only for those with something to hide: making strong encryption part of standard practice increases the safety of all those who really do need it by making it a normal thing to do. When your personal information is at stake, it's all the more important that encryption technology be based on free software. Even the most "benign" proprietary programs have a long history of mistreating their users, and a single "snitch" or backdoor in a proprietary encryption program in some cases could cost lives. At the FSF, we advocate for software freedom in any and all situations -- and in some cases, your safety may depend upon it.
Free encryption software is most crucial for whistleblowers and other activists: as he mentions in his LibrePlanet 2016 keynote (see: u.fsf.org/snow), Edward Snowden could not have exposed the United States government's overreaching surveillance without the use of free software. Would we have the thousands of documents Snowden leaked today if they were saved with BitLocker, a proprietary disk encryption program that sends its master keys to Microsoft? The developer of a proprietary disk encryption program like this one could point to as many "independent" studies of their program as they like, but this does nothing to change that when it comes to privacy, verification of the source code is fundamental. In order to verify a safe transfer of information, the software has to be free if it is to be trusted.
Taking your first steps with message and disk encryption isn't as difficult as it seems, and can be a great way to promote free software with those who aren't familiar with it. One good way to get started is to follow the FSF's Email Self-Defense Guide, which will walk you through the creation of a GPG key and your first encrypted messages to friends. You can think of your GPG key as a matching lock and key that you can use to make sure your files are read only by the people you want -- even if that's only yourself.
To take the next step, try finding a "cryptoparty" in your area. These are simple, informal, nontechnical meetings that help people get started on topics that can seem unapproachable, including the proper way to exchange GPG keys with a colleague. Attending one of these meetings might be your gateway to discussing free software and security issues with a friend who is alarmed by their email provider scanning their messages. (Or, if you want to organize your own cryptoparty, the libreplanet.org wiki is a great place to announce it and find resources!)
Perhaps because it has the potential to be so empowering, strong encryption is under continual threat. It's a topic frequently targeted by legislators, particularly those working as part of oppressive governments. The proposed EARN IT Bill of 2020 recently introduced into the United States Congress is one such effort, and is one that those in the USA should mention in letters to their representatives. This is only one such example, and it's up to all of us to watch for similar government encroachments. The safety of our secrets might depend on it.
Screenshot Copyright ©2020 Free Software Foundation, Inc. This image is licensed under a Creative Commons Attribution ShareAlike 4.0 International license.