Slashdot Mirror
How To Enable Mom w/ Encrypted E-Mail?
mad.frog asks: "Given the recent revelations of the Bush administration spying on US citizens without warrants -- and their promise to continue doing so -- it's clearly high time for me to switch to encrypted email, after years of being too lazy to bother. The real question is how I can get all (or at least some) of my email contacts to switch as well; clearly, encryption does me no good if the recipient can't decode it. What are my options, and more importantly, what are the options that will be comprehensible and usable by my parents, and in-laws? (Keep in mind that good solutions must include robust Windows and Mac support...)"
I can assure you that in any hypothetical situation in which a government monitors the communications of its citizens, a message whose contents the author has encrypted stands out as interesting and worty of scrutiny in a sea of plain text transmissions. If you're looking to lay low, the best way to do so is to simply blend in.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Do you think that the NSA doesn't have ways around the encryption methods you are looking at implementing?
I understand the math behind it. Keep in mind a few bright Chinese scientists were able to find weaknesses in once stalwart signature technology. The stuff we use today isn't impervious, and we know that there are ways around it. We just don't know for sure how easy it is until someone proves it.
China's only problem is that they allowed these scientists to publish this. Why the communists didn't bring these guys into their top-secret intelligence org is beyond me. In the US, if a scientist discovered how to thwart similar security measures, they wouldn't be allowed to publish it. They would be instantly whisked away to the NSA secret HQ to work on similar problems for untold amounts of cash.
Which brings an interesting thought: How smart are the people who work at NSA, and how much can they crack? How do these people's intelligences and knowledge compare to the rest of the world, at least, the public world? We'll never know for sure unless we get a job working there as a scientist who has to develop new methods of cracking encryptions. And then we wouldn't be allowed to tell anyone. So the public will never know for sure, and can never know for sure.
In short, the encryption race can't be won with the US government, any more than you could win a nuclear arms race. You can go ahead and compete with nosy neighbors and competitors, and perhaps even 2nd or 3rd world foreign intelligence, but I strongly doubt that you'll be secure from the prying eyes of any administration of any of our allies. Besides, this is one area where our government has spent and will spend the required resources to ensure they are #1, just like the arms race was.
And remember, in security, the question is, "How secure do you really need to be, and how much are you willing to pay for it?" In the end, is your grandmother really that worried about some administration official reading her super-secret brownie recipe that she passes on to her friends? What will she say that could possibly alarm them? How secure will the recipients of her messages keep those messages? What's the point of being secure if you can't secure both ends of the conversation?
The radical sect of Islam would either see you dead or "reverted" to Islam.
The issue here is not being concerned about what you might disclose in a letter home to your Mommy. The issue is that nearly anything you do can be watched. And we have nearly no oversight to make sure that US governmental agencies are conducting this surveillence in a legal and ethical manner. Also, if you write something that could sound a little strange out of context (paintball, for example), you could end up with some big hassles because you seemed a bit "suspect". Your argument is nearly as bad as the "you shouldn't have anything to hide" ones.
I've set my whole family to use encryption and signatures using either KMail or Thunderbird. The setting up is the hard bit, and I don't think any of them really understand what the difference between signing and encrypting is, what a public or private key is. That doesn't matter though. If it's possible to encrypt (i.e. the key for the recipient is in the keyring) then both Kmail and Thunderbird automatically do so.
The only thing any of them notice is that ocassionally they have to enter their password again.
I have to say though that when Kmail popped up a message that was all in red to indicate that a signature was invalid, everyone loved it (it wasn't sinister, MS Exchange mangles certain messages).
Being sure that your email wasn't read, nor was it tampered with is a great feeling. Nothing any of us say to each other is, in theory, worth protecting in this way; however, it's now perfectly safe for them to send, say a home address or a telephone number or any other personal information in the knowledge that it hasn't been read. It's not national security stuff, it's just privacy. You're not protecting against government snooping, you're protecting against random snooping by some bored mail server operator.
I'd argue that if the government wanted to spy on me, they'd find it very dull, but wouldn't be thwated by the fact that I encrypt my emails.
Carpe Daemon
The Bush administration did not use FISA in the ongoing NSA wiretap constroversy. This is curious because FISA is already closed from the public and approves nearly every request brought before it. Because the NSA did not go through FISA or the usual judicial review process their action is considered by many to be illegal. The White House contends the issuing of these wiretaps was in line with their duty to protect the American public.
Freedom of Speech does not imply the Freedom to Hear whatever is said!
(-hrair-)
Beware of the shining wires...
What's the use of Gmail if you can't search your old messages? BTW, how would you search your old messages using any encryption system?
Has the Bush administration actually invoked FISA as their legal basis? If so, I missed it. And, from what I've heard, it wouldn't fit. AFAIK, FISA requires either a warrant or only monitoring where no US person is likely to be involved (see Q18 in the EFF writeup).
Carter and Clinton both issued executive orders authorizing FISA monitoring, but specifically quoted FISA regulations to be followed. I haven't seen a similar order from Bush, and even according to legendary conservative Rush Limbaugh, the FISA courts were bypassed. Limbaugh's take on it was that the unprecedented denials and modifications of Bush's FISA requests forced him to go around the process.
In short, the President is not asserting legal authority under FISA. According to the Attorney General, his authority hinges (PDF) on his "inherent authority" as Commander-In-Chief, and Congress's Use of Force Resolution.
Of course, in my strict interpretation, I missed the part of the Presidential Oath, Constitution or the above resolution that grants him any power over surveillance. And, according to Daschle (partisan to be sure, but you'd think records of this kind of stuff would be easily checked), Congress specifically rejected the administration's request for having the resolution cover actions in the US.
This bug says that Mozilla (aka Seamonkey) should implement the "encrypt when possible" feature. That is, if the email client has the public key of all recipients, then the email should be automatically encrypted. If this feature were implemented in Seamonkey and Thunderbird, it would do wonders for increasing the usage of encryption. All you would need to do then is get a private/public key for everyone you know, and then all email will be automatically encrypted. Your mom wouldn't even know it was happening.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart