As a technologist, Ray Ozzie knows a little something about data security and is also known for thinking through — and articulating — the ramifications of technology and how we use it. Now, the former Microsoft chief software architect and developer of Lotus Notes has waded into the NSA surveillance controversy with a weekend post to Hacker News and with remarks at the Nantucket Conference.
His take? U.S. citizens are reaping what was sewn more than ten years ago when the U.S. Patriot Act passed nearly unanimously in the wake of 9/11. In that deal and subsequently, we’ve given up more of our rights to privacy in return for better security from terrorist threats.
“I hope that people wake up, truly wake up, to what’s happening to society, from both a big brother perspective and little brother perspective,” Ozzie said according to a Boston.com report. From the passage of that law till now, we’ve seen an increasing ability of government agencies to gather data (or at least meta data) from cell phone records and social networks.
Update: Ozzie, who is traveling in Asia, responded to my request to comment, reiterating his call for debate.He wrote:
“Watching this pan out from afar has been difficult – especially as some in our industry seemingly want to sweep it away and move on to the next news cycle. I do hope it stays in-focus as long as possible and that people appreciate the importance and relevance of what’s transpiring. [the Electronic Privacy Information Center and [the Electronic Freedom Foundation] can help, but we all need to find a way to advance this discussion in a nonpartisan way.”
Before joining Microsoft, Ozzie shepherded the development of Lotus Notes collaboration and email software and had to navigate a tricky course between offering the most secure software possible — with 64-bit encryption — and laws that forbid the export of that technology outside the U.S. because it was too secure. A compromise was struck that allowed Lotus to offer a version of Notes that was more secure than other commercial offerings but met government export restrictions.
As a former Lotus exec explained it this weekend: “Lotus had the maximum security standard (64-bit encryption) for domestic distribution but only 40-bit for export … There was a public key deal with NSA that would essentially accelerate their process of decrypting messages – their key would unlock 24 bits of the 64, leaving 40 bits encrypted – conforming to the export restriction.”
In Hacker News, Ozzie said the difference between then and now was that when Lotus shipped that implementation, he also spoke at the RSA Conference to spell out what Lotus did. That transparency is lacking today, he wrote.
With the disclosures about NSA tab-keeping, it’s time for citizens to reconsider the deal they’ve struck with government, appears to be Ozzie’s takeaway. In short: If we’re ceding more of our rights to privacy we should at least talk about it first.
“Of course, the common man knows it’s common sense that there’s an inherent need for secrecy in conducting small scale covert operations. We do get it.
However, it’s also common sense that it’s inevitable that any complex large-scale long-term operation will ultimately come to light. And so it’s just common sense that any such broad-based operations that might be perceived as impacting our constitutional rights should be the subject of broad public debate.”
I’ve reached out to Ozzie, who is a board member of Electronic Privacy Information Center (EPIC), for comment and will update this if it’s forthcoming.
This story was updated at 6:03 a.m. PDT on July 10 with a more complete explanation of the Lotus encryption plan and again at 3:50 p.m. PDT with Ray Ozzie’s additional comment.