Lawyers Would Rather Fly Than Download PGP

← Back to Stories (view on slashdot.org)

Lawyers Would Rather Fly Than Download PGP

Posted by kdawson on Monday April 28, 2008 @12:19PM from the fly-once-to-exchange-keys dept.

An anonymous reader writes "The NYTimes is running a front-page story about lawyers for suspects in terrorism-related cases fearing government monitoring of privileged conversations. But instead of talking about the technological solutions, the lawyers fly halfway across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?" The New Yorker has a detailed piece centering on the Oregon terrorism case discussed by the Times.

6 of 426 comments (clear)

Min score:

Reason:

Sort:

S/MIME, anyone? by danaris · 2008-04-28 12:24 · Score: 4, Interesting

What is it with the Slashdot crowd and PGP? What's wrong with S/MIME?

I can say with some authority, having been evaluating and testing it for my company for some months now, that it is natively supported by current versions of the 3 major email clients (Outlook, Thunderbird, and Apple Mail), and that their implementations are, by and large, compatible.

So...are there any particular issues with S/MIME that make PGP a significantly more desirable solution?

Dan Aris

--
Fun. Free. Online. RPG. BattleMaster.
1. Re:S/MIME, anyone? by Tacvek · 2008-04-28 12:39 · Score: 4, Interesting
  
  What is it with the Slashdot crowd and PGP? What's wrong with S/MIME?
  
  I can say with some authority, having been evaluating and testing it for my company for some months now, that it is natively supported by current versions of the 3 major email clients (Outlook, Thunderbird, and Apple Mail), and that their implementations are, by and large, compatible.
  
  So...are there any particular issues with S/MIME that make PGP a significantly more desirable solution?
  
  Dan Aris
  I think many Slashdot poster prefer OpenPGP encryption to S/MIME because OpenPGP is not email specific, and having 2 different keys (an S/MIME email key, and a PGP key) is not ideal. Further I suspect the PGP Web of Trust model is preferred by many of us to the CA model. Of course, there are ways around both things, but it may be slightly easier to use PGP for email than to deal with those issues. However, for your uses (depending on what they are), S/MIME may indeed be the best solution.
  
  --
  Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
2. Re:S/MIME, anyone? by Chandon+Seldon · 2008-04-28 13:35 · Score: 4, Interesting
  
  OpenPGP software allows you to easily self-generate valid keys. Doing the same with S/MIME (self-signing certificates) is really obnoxious. Further, OpenPGP clients tend to support a web-of-trust introduction model which is strictly better for actual security than the centralized commercial PKI model that S/MIME software tries to force on users.
  For sending secure messages within a medium to large sized organization there is some argument for S/MIME using a local CA, but even then simply emulating the same effect with a organization PGP key signer and key server is probably cleaner.
  
  --
  -- The act of censorship is always worse than whatever is being censored. Always.
How my conversation went... by DnemoniX · 2008-04-28 13:00 · Score: 3, Interesting

Several years ago now I set up a PGP server at work, mainly for my own use. However it was suggested that our attorney's might like to use it. Here is how the conversation went:

"Hey I just finished setting up an encryption system for the e-mail system"

"A what?"

"Encryption, you know to keep your corrispondence confidential..."

"A what what?"

Then about 5 years later I rolled out an automated encryption system that uses lexicons to detect patterns and auto encrypt e-mails if they trip the filters. That conversation with the attorney's went like this.

"You put in a what and why?"

A lengthy explanation later filled with examples of when they should be using it. Finally the lawyer who had just spent a few days at a HIPPA conference sees the light. DING DING DING Clueless I swear.
1. Re:How my conversation went... by Actually,+I+do+RTFA · 2008-04-28 14:05 · Score: 4, Interesting
  
  inally the lawyer who had just spent a few days at a HIPPA conference sees the light. DING DING DING Clueless I swear.
  
  Don't confuse your specialized knowledge with common knowledge. Your phrasing assumes that encryption, as a word, conjures up images as it would in a geek's mind (and more than five years earlier than now, when it was less well known.) Obviously they explained it better at the HIPPA conference.
  
  Really, I doubt had I not already know what encryption, or the ease of e-mails being read by third-parties, I would have gained nothing from your explaination.
  
  A possible alternative: It is easy for any third party to read your e-mails. Encryption uses a password (or automatic process) on both ends to make sure that only you and your recipients can read the e-mail. It also verifies that the person who claims to have sent the e-mail did, since falisifying the sender of an e-mail is also very easy.
  
  --
  Your ad here. Ask me how!
Re:Security not just about encryption. by profplump · 2008-04-28 15:00 · Score: 3, Interesting

Looking at your shadow I can still tell your body type, if given some scale I can make reasonable guesses about your height and weight. I can tell what orientation you're in, if you've got long or short hair, possibly your gender. You're right, I can't draw a picture of your face, but given a list of all 6 billion faces I could narrow down the choices quite a bit before I started rounding up people for a lineup.

If someone has a 12-character password alpha-numeric password the keyspace is about 104^12. If you can determine when the shift key is pressed and which of the 4 rows of keys each character is in, you can make that 13^12, which is 36 bits less keyspace -- almost a 50% reduction over the original 80 bits.