They said if I use bcrypt everything will be fine

Hi my name is Shackleford, Rusty Shackleford. I run a successful web service with millions of active users. It is a one man show but through sheer luck I designed it in a highly scalable way from the very beginning. I am a programmer so it is very important for me to make my service very secure and user privacy is treated with utmost importance. I write today for one reason. Tomorrow, I am shutting down my very profitable business because it is the only way I can hold my end of the privacy contract I promised my customers.

My Career

I worked for big businesses for 11 years before reaching the ceiling in my career as a programmer. On my last job I was very well paid but it had become a mechanical routine. I felt like I was playing politics instead of doing what I love: solving problems with programming. I figured it was time to start my own company to not only break the salary barrier I reached but also to give more attention to my side projects that I had been neglecting. So naturally I gave my two weeks notice and left.

My real career

With enough money in my savings, I focused on my side projects. I dug up my most promising project and started working on it. It was much easier, I felt no pressure at all. Every single keystroke I type was with passion. Three months into it I had a service ready to show for. I first posted it on Hacker News and was overwhelmed by the number of sign ups and feedback I received. This was amazing all my contribution to open source and stackoverflow (karma) had finally paid off.

Two months after the lunch I realized it was time to step up. I would no longer call this a side project, it was a real business. People sent me formal emails asking for key features and offered a whole lot of money for it. I had to spend real money on servers and consultants to help my website to cater to the overwhelming number of users. As the numbers grew the issue of privacy also came in. I had to do the not so exciting but necessary work of making sure user data is not compromised. The most basic thing was to move to https and I regularly consulted with security experts to help my site be more secure.

As the years went by I now had a profitable and stable business. I never have to work for someone else again. I have an office at home and unlike the cliché of working in your pajamas I was very professional. This was a real business not a side project that may just disappear in a blink of an eye.

Encrypt Everything.

We all know the government somehow spies on us but never take it too seriously. I always file this in the big government conspiracy cabinet. It never occurred to me how they do it until the recent events with the NSA. One afternoon, after a successful deployment fixing small bugs, I received an email ending with dot gov, asking me for some user information. It was very formal but i know how persistent spammers can be so I simply moved it to the trash. Not long after I received a letter in the mail asking about the same information and a few days later it was followed by a phone call, that went to voice mail. They can't just bully me into giving them users credentials.

Naturally like any hacker would do, I decided it's time to Encrypt Everything! Almost Everything I read about security was implemented in my website now. Even if they get data dumps from ISP or whatnots they wouldn't be able to do much with it.

The letters kept coming so I hired a lawyer. Apparently my website violated many laws and I had to appear in court. I had to pay a substantial amount of money just to protect my self and to appear in court. This was hurting me financially and morally. I could no longer spend time working instead I was spending time with a lawyer and I am sure not many enjoy that.

After a couple of month of battle it was time to let go.

With patriot act and national security and a bunch of other terms I never heard of, I couldn't fight anymore. My finances were dry and it was either I comply with the government demands or I am marked as a criminal. lose everything, and they still get the information they need. I complied and went on with my day. It was like nothing had ever happened.

But something had happened

I have been bullied. There was not much I can do anymore but to tell my story. It didn't matter how secure my servers were or what encryption algorithm I used. When they needed information they came in through the front door and took it. It was that simple. I have lost all motivations to work, hence why I am shutting down.

Is there a moral in this story?

There sure is a moral in this story. The law is broken. This law that is supposed to protect us, is harming us. We don't need new unbreakable encrypting algorithm, sure they help against thieves trying to steal your data and compromise your servers. But they do not help against legal bullying. The same law that ended Aaron Swartz life and is persecuting Edward Snowden. The law needs to change, and that is what we should fight for.

TL;DR.

Current Encryption is just fine, it's the law that is broken.


Comments

There are no comments added yet.

Let's hear your thoughts

For my eyes only