Slashdot Mirror
Safeguarding Data From Big Brother Sven?
An anonymous reader writes "Now that the Swedish government (in its infinite wisdom) has passed a law allowing them to monitor email traffic, a question that I think a lot of people are asking (or at least should be asking) is: 'What can I do to improve my privacy?' The answer is not obvious.
So, what are the best solutions for seamless email encryption, search privacy, etc? What are your experiences with PGP vs GPG vs ...? In this day and age, why is the use of this type of privacy technologies still so limited? Why isn't there a larger movement promoting the use of privacy tools? Also, what is in your opinion the largest privacy concern? Search tracking? Email transfer?
I believe this is an interesting question not only for Swedes, but for everyone. Lots of traffic is passing through Sweden, but more importantly, the Swedish government is not alone in using this type of surveillance."
Reader j1976 writes with a related question: "For most users with email addresses within large organizations, implementing their own email encryption scheme is not feasible, partly because of the technological aspects, but also since users in organizations often do not have administrative access to their workstations. What can an organization do, centrally, to lift the burden of encryption from the users? Are there any transparent schemes for email encryption which could be installed for the organization as a whole?"
Many of the financial service companies I contracted for have only been sending sensitive mail to maybe a half dozen clients. It's reasonably easy if the two IT departments get together to establish secure tunnels at the organisation level for transferring mail between them. Doesn't protect the mail outside these of course but it's a reasonably quick solution and effective if enforced with policies within the workgroup about what is and isn't permissible in an email. Requires no extra software and is easy to set up and manage.
I have already implemented SMTPS, IMAPS and POP3S a few years ago. And it's actually not really necessary to buy a certificate if you are doing this for a closed group. Just use OpenSSL and generate your own certificate.
To send emails to others both ends have to buy an email certificate, like from Verisign.
And then some of those who voted for this law thought that encryption is very easy to crack - so easy that it doesn't matter if an email is encrypted or not. The problem with cracking encryption is that you first have to figure out which one it is - and the history is full of encryption techniques.
So in the end - this law will be a good promotor for encryption more than anything else and the monitors can continue to search with Google and not get a bit of useful information from the real criminals and terrorists.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
You have it backwards. Your public key is used to encrypt messages that are being sent TO you, which you can then only decrypt with your master key. The idea is that you (Alice) would send your message encrypted with Bob's public key to Bob. Since only Bob has his own master key (since it doesn't get posted to the server), then only Bob can decrypt it. Bob would then reply to you by encrypting his message with your public key. And so on.
I'll go out on a limb and predict that in 5 yrs or less time, encryption will be a 'self admission of guilt' to ALL governments.
....so depressing ;(
I really hope I'm wrong. but the trend is there if you just look.
we already have people saying 'if you are not a terrorist, you should have nothing to hide'. this is just a half step away from saying 'if you DO use encryption, you MUST be hiding something that we should see'.
mark my words.
you may think that you are out-smarting the governments but they have the money, the guns and all the power. and they're NOT about to give this bit of power (over the people) up.
if you encrypt a laptop and pass thru customs, you are FORCED to reveal your password or at the least, 'open' the disk for them to view the contents of. so tell me, how did encryption help here?
don't give me that crap about truecrypt, either. how long will it take before their border people know how to detect this?
--
"It is now safe to switch off your computer."
That is absolutely right.
The 4th Amendment was written in response to the Stamp Act. Under the Stamp Act of 1765, all documents in your possession required the kings stamp on them to be legal. You had to by the stamps so this was in effect a tax.. the really ugly part of this law that people do not seem to know is that under the Stamp Act, British soldiers could come into your house any time they wanted to check your documents with what was known as a "writ of assistance". This is in effect a search warrant that British soldiers could write themselves. (It is akin to the NSA's National Security Letter as well..). Upon rummaging through your home, if you could not also prove that you paid taxes on other items such as your furniture or even your tea and your rum, they could arrest you.
Privacy is a property right, you are in your right not to show your property to anyone. This becomes all the more dangerous in a society of data mining and government provided "universal health care" because the government may decide you do not work out enough or your diet is not proper.
Don't think it can't happen.. In Japan the legal wast size is 33.5 inches. http://www.nytimes.com/2008/06/13/world/asia/13fat.html?_r=1&em&ex=1213588800&en=b5472f5ba2e31e50&ei=5087%0A&oref=slogin Anything over that and you may be sent to "re-education". If you deny "re-education" you may even be arrested for being fat.
Bringing liberty to the masses. - http://freetalklive.com/