Slashdot Mirror
How To Enable Mom w/ Encrypted E-Mail?
mad.frog asks: "Given the recent revelations of the Bush administration spying on US citizens without warrants -- and their promise to continue doing so -- it's clearly high time for me to switch to encrypted email, after years of being too lazy to bother. The real question is how I can get all (or at least some) of my email contacts to switch as well; clearly, encryption does me no good if the recipient can't decode it. What are my options, and more importantly, what are the options that will be comprehensible and usable by my parents, and in-laws? (Keep in mind that good solutions must include robust Windows and Mac support...)"
I can assure you that in any hypothetical situation in which a government monitors the communications of its citizens, a message whose contents the author has encrypted stands out as interesting and worty of scrutiny in a sea of plain text transmissions. If you're looking to lay low, the best way to do so is to simply blend in.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Do you think that the NSA doesn't have ways around the encryption methods you are looking at implementing?
I understand the math behind it. Keep in mind a few bright Chinese scientists were able to find weaknesses in once stalwart signature technology. The stuff we use today isn't impervious, and we know that there are ways around it. We just don't know for sure how easy it is until someone proves it.
China's only problem is that they allowed these scientists to publish this. Why the communists didn't bring these guys into their top-secret intelligence org is beyond me. In the US, if a scientist discovered how to thwart similar security measures, they wouldn't be allowed to publish it. They would be instantly whisked away to the NSA secret HQ to work on similar problems for untold amounts of cash.
Which brings an interesting thought: How smart are the people who work at NSA, and how much can they crack? How do these people's intelligences and knowledge compare to the rest of the world, at least, the public world? We'll never know for sure unless we get a job working there as a scientist who has to develop new methods of cracking encryptions. And then we wouldn't be allowed to tell anyone. So the public will never know for sure, and can never know for sure.
In short, the encryption race can't be won with the US government, any more than you could win a nuclear arms race. You can go ahead and compete with nosy neighbors and competitors, and perhaps even 2nd or 3rd world foreign intelligence, but I strongly doubt that you'll be secure from the prying eyes of any administration of any of our allies. Besides, this is one area where our government has spent and will spend the required resources to ensure they are #1, just like the arms race was.
And remember, in security, the question is, "How secure do you really need to be, and how much are you willing to pay for it?" In the end, is your grandmother really that worried about some administration official reading her super-secret brownie recipe that she passes on to her friends? What will she say that could possibly alarm them? How secure will the recipients of her messages keep those messages? What's the point of being secure if you can't secure both ends of the conversation?
The radical sect of Islam would either see you dead or "reverted" to Islam.
The issue here is not being concerned about what you might disclose in a letter home to your Mommy. The issue is that nearly anything you do can be watched. And we have nearly no oversight to make sure that US governmental agencies are conducting this surveillence in a legal and ethical manner. Also, if you write something that could sound a little strange out of context (paintball, for example), you could end up with some big hassles because you seemed a bit "suspect". Your argument is nearly as bad as the "you shouldn't have anything to hide" ones.
Freedom of Speech does not imply the Freedom to Hear whatever is said!
(-hrair-)
Beware of the shining wires...
What's the use of Gmail if you can't search your old messages? BTW, how would you search your old messages using any encryption system?
Has the Bush administration actually invoked FISA as their legal basis? If so, I missed it. And, from what I've heard, it wouldn't fit. AFAIK, FISA requires either a warrant or only monitoring where no US person is likely to be involved (see Q18 in the EFF writeup).
Carter and Clinton both issued executive orders authorizing FISA monitoring, but specifically quoted FISA regulations to be followed. I haven't seen a similar order from Bush, and even according to legendary conservative Rush Limbaugh, the FISA courts were bypassed. Limbaugh's take on it was that the unprecedented denials and modifications of Bush's FISA requests forced him to go around the process.
In short, the President is not asserting legal authority under FISA. According to the Attorney General, his authority hinges (PDF) on his "inherent authority" as Commander-In-Chief, and Congress's Use of Force Resolution.
Of course, in my strict interpretation, I missed the part of the Presidential Oath, Constitution or the above resolution that grants him any power over surveillance. And, according to Daschle (partisan to be sure, but you'd think records of this kind of stuff would be easily checked), Congress specifically rejected the administration's request for having the resolution cover actions in the US.