Slashdot Mirror
How To Enable Mom w/ Encrypted E-Mail?
mad.frog asks: "Given the recent revelations of the Bush administration spying on US citizens without warrants -- and their promise to continue doing so -- it's clearly high time for me to switch to encrypted email, after years of being too lazy to bother. The real question is how I can get all (or at least some) of my email contacts to switch as well; clearly, encryption does me no good if the recipient can't decode it. What are my options, and more importantly, what are the options that will be comprehensible and usable by my parents, and in-laws? (Keep in mind that good solutions must include robust Windows and Mac support...)"
Just sprinkle big, intellectual-ish words like "multilateral," "constitutionally legitimate," and "evolutionary" into your emails. They'll never figure out what you're talking about.
How To Enable Mom w/ Encrypted E-Mail?
Don't.
-Colin
Enigmail project website features are:
Works for me!
Personally, I just assume that whatever I write or say is being listened to. It sucks, but that's the world we live in. Don't like it? Vote for a non-fascist next time.
I can assure you that in any hypothetical situation in which a government monitors the communications of its citizens, a message whose contents the author has encrypted stands out as interesting and worty of scrutiny in a sea of plain text transmissions. If you're looking to lay low, the best way to do so is to simply blend in.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Don't bother using encrypted emails, because if you're not sending anything incriminating, THERE'S NO NEED.
p osts
I love this type of thinking.
Check out the 60 minutes inteview on Echelon:
KROFT: (Voiceover) Is it possible for people like you and I, innocent civilians, to be targeted by Echelon?
Mr. FROST: Not only possible, not only probable, but factual. While I was at CSE, a classic example: A lady had been to a school play the night before, and her son was in the school play and she thought he did a--a lousy job. Next morning, she was talking on the telephone to her friend, and she said to her friend something like this, 'Oh, Danny really bombed last night,' just like that. The computer spit that conversation out. The analyst that was looking at it was not too sure about what the conversation w--was referring to, so erring on the side of caution, he listed that lady and her phone number in the database as a possible terrorist.
KROFT: This is not urban legend you're talking about. This actually happened?
Mr. FROST: Factual. Absolutely fact. No legend here.
http://www.freerepublic.com/focus/f-news/1543347/
I'll be darned if I'm going to live my life in fear that some TLA will mistake some perfectly innocent activity for terroristic proclivities. I only have control over my own mind - it's beyond my abilities to make someone else interpret my actions in the way I want.
So, I'll keep encrypting the emails I send to my friends. I'll also keep locking my door and sealing my envelopes, even though I don't have any secrets the government would be interested in.
Dewey, what part of this looks like authorities should be involved?
Who cares? Do you write your letters on postcards or do you seal them inside an envelope?
Maybe he has a nosy mailadmin. Maybe he doesn't want his kid sister reading mail meant for his parents. Some of us value our privacy, even though we don't have anything to hide.
Dewey, what part of this looks like authorities should be involved?
--Cardinal Richelieu
And then, you will be itting, like John Gilmore, on a no-fly list - maintained by secret laws that no American may know about, or make reasonable enquiry.
Only, unlike Gilmore, you are probably not a multi-millionaire...
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
May I reccommend a hush.ai address, as they're offshore.
They used to be. The servers are in Canada now. You know, the Country that tried to pass the Lawful Access bill last session to "compel all telephone and Internet companies to create and maintain infrastructures that are intercept capable and to provide access to basic subscriber contact information such as a name, address or telephone number."
Do you think that the NSA doesn't have ways around the encryption methods you are looking at implementing?
I understand the math behind it. Keep in mind a few bright Chinese scientists were able to find weaknesses in once stalwart signature technology. The stuff we use today isn't impervious, and we know that there are ways around it. We just don't know for sure how easy it is until someone proves it.
China's only problem is that they allowed these scientists to publish this. Why the communists didn't bring these guys into their top-secret intelligence org is beyond me. In the US, if a scientist discovered how to thwart similar security measures, they wouldn't be allowed to publish it. They would be instantly whisked away to the NSA secret HQ to work on similar problems for untold amounts of cash.
Which brings an interesting thought: How smart are the people who work at NSA, and how much can they crack? How do these people's intelligences and knowledge compare to the rest of the world, at least, the public world? We'll never know for sure unless we get a job working there as a scientist who has to develop new methods of cracking encryptions. And then we wouldn't be allowed to tell anyone. So the public will never know for sure, and can never know for sure.
In short, the encryption race can't be won with the US government, any more than you could win a nuclear arms race. You can go ahead and compete with nosy neighbors and competitors, and perhaps even 2nd or 3rd world foreign intelligence, but I strongly doubt that you'll be secure from the prying eyes of any administration of any of our allies. Besides, this is one area where our government has spent and will spend the required resources to ensure they are #1, just like the arms race was.
And remember, in security, the question is, "How secure do you really need to be, and how much are you willing to pay for it?" In the end, is your grandmother really that worried about some administration official reading her super-secret brownie recipe that she passes on to her friends? What will she say that could possibly alarm them? How secure will the recipients of her messages keep those messages? What's the point of being secure if you can't secure both ends of the conversation?
The radical sect of Islam would either see you dead or "reverted" to Islam.
To send email securely over your Google's gmail account, just configure Thunderbird mail account to retrieve gmail email using your Google POP3 account information.
Thunderbird/Enigmail combo neatly address your privacy issues for both sending and receiving.
With PGP/GnuPG perfect forward-secrecy protection, you can leave all your emails in your gmail account and not bother to delete them (EVER or until your GnuPG passphrase is compromised).
Google deux-machination of trying to find AdWords in your email for their massive onslaught of advertisement campaign will come to a screeching halt when your gmail InBox contains nothing but psuedo-random data.
Good riddance to invasive AdWords into your emails...
The problem with this argument is that the reason one puts messages in envelopes very rarely has anything to do with preventing the mail carrier from reading the contents of that letter.
As a case in point, if you are sending a check, money order, or even cash to someone, most people use some sort of method of further obscuring the contents than simply putting it into an envelope. They pay extra for a box of 'Security' envelopes, printed on the inside with some pattern that makes it difficult to discern writing or printing. They wrap an additional piece of paper around the instruments. And so on. This doesn't happen in every case, but just about as often as not.
It has also been long recognized that if you are sending mail to a country or person that someone has significant concerns about, that there are several ways of opening the envelope, or even extracting the letter from within the envelope without opening it. Read or copy the contents, then return the contents of the letter and send it on it's way.
In a lot of cases the real reason for using an envelope has more to do with protecting the contents of the envelope from smudging or being separated than with preventing anyone from knowing what those contents are. If you are paying a bill, you use an envelope to keep the check and the bill stub together so that the people being paid have some idea of what the check is for.
If you get a multi-page letter from Aunt May, she is more likely to be trying to keep the pages together and in order than otherwise. If you are traveling, you very probably do send post cards, often with a picture of where you are, and a brief note wishing the recipient were along for the trip. An interested party may glean far more from a brief glance at the picture than by reading pages of text.
Note that there are a couple of elements of the above that do make sense when related to encrypting or digitally signing the e-mail that you send. For all practical purposes the e-mail that you send is a single page document. Even if you print it to 100 pages of a single spaced double sided 6 point font as far as the e-mail handling software is concerned, it doesn't matter if the message is zero bytes, or a couple million bytes. If the parts are not all put together correctly at the far end, an error is logged, and the system trys to fix the situation. Likewise the system is mostly proof against smudging or error introduction to the body of the message, as it is being handled by a TCP connection. That does not prevent changes to the headers, nor does it prevent an alteration by a malicious server in the middle. Encrypting or signing the contents does reduce the likelyhood that a change to the contents will be noticed. (Though it does nothing for the headers, including the subject.)
Of course the above is a rather simplistic explanation, and there are other elements involved.
-Rusty
You never know...
Just go up stairs and tell her what you would have written in the email.
Terrorist.
Fighting the drug dealers was the excuse in the 80s. In the 90s it was saving the children. Now it's fighting terrorism. Please, keep up to date on the latest doublespeak - otherwise it's harder for the government to strip us of our rights.
... to get more people using encryption is because it will make it that much more difficult for them to ban it later.
To all the "you don't need encryption unless you have something to hide" people. Wow. I'm truly astounded by those people who have failed to learn anything from history.
Develop an encryption table that produces shapes similar to the screen characters created by the ASCII characters you want to transmit*.
Obtain a molecular transfer device that puts a dark material on semi-permiable surfaces, such as the paper you use in your printer.
Encode your message by placing dark marks on the paper. Seal it in an opaque layer of similar material and encode the physical address of the recipient on the outside.
You can then purchase a government document (for less than the cost of a cup of cofee, or of supporting a third world waif for a day) from a government agency tasked with transfering such encrypted information, afix it to the outside of the "envelope", and trick the 3\/1L goobermint into delivering your secret message for you.
If you REALLY want to be certain of your security, you can seal the "envelope" with the semi-transparent film developed by the security firm "3-M". The adhesive on one side of the film prevents unauthorized opening.
Of course this is all for naught due to the CIA's "remote viewers" unless you remain in motion. So when you're encrypting/molecular transfering, it's important to run around in circles so they can't focus on you. A tin foil hat won't actually help, but wearing one while running in circles will prevent those around you from asking pesky questions. Remember: shiny side out, otherwise a feedback loop can occur and cause dain bramage.
* As an alternative, entirely graphical representations can be developed. Pictures created with polychromatic, wax-based molecular transfer devices are especially attactive to moms, who tend to archive them on the outside of their refrigerator.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Freedom of Speech does not imply the Freedom to Hear whatever is said!
(-hrair-)
Beware of the shining wires...
Has the Bush administration actually invoked FISA as their legal basis? If so, I missed it. And, from what I've heard, it wouldn't fit. AFAIK, FISA requires either a warrant or only monitoring where no US person is likely to be involved (see Q18 in the EFF writeup).
Carter and Clinton both issued executive orders authorizing FISA monitoring, but specifically quoted FISA regulations to be followed. I haven't seen a similar order from Bush, and even according to legendary conservative Rush Limbaugh, the FISA courts were bypassed. Limbaugh's take on it was that the unprecedented denials and modifications of Bush's FISA requests forced him to go around the process.
In short, the President is not asserting legal authority under FISA. According to the Attorney General, his authority hinges (PDF) on his "inherent authority" as Commander-In-Chief, and Congress's Use of Force Resolution.
Of course, in my strict interpretation, I missed the part of the Presidential Oath, Constitution or the above resolution that grants him any power over surveillance. And, according to Daschle (partisan to be sure, but you'd think records of this kind of stuff would be easily checked), Congress specifically rejected the administration's request for having the resolution cover actions in the US.