Ask Slashdot: Will the NSA Controversy Drive People To Use Privacy Software?

Nerval's Lobster writes "As the U.S. government continues to pursue former NSA contractor Edward Snowden for leaking some of the country's most sensitive intelligence secrets, the debate over federal surveillance seems to have abated somewhat — despite Snowden's stated wish for his revelations to spark transformative and wide-ranging debate, it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata. Even so, will the recent revelations about the NSA cause a spike in demand for sophisticated privacy software, leading to a glut of new apps that vaporize or encrypt data? While there are quite a number of tools already on the market (SpiderOak, Silent Circle, and many more), is their presence enough to get people interested enough to install them? Or do you think the majority of people simply don't care? Despite some polling data that suggests people are concerned about their privacy, software for securing it is just not an exciting topic for most folks, who will rush to download the latest iteration of Instagram or Plants vs. Zombies, but who often throw up their hands and profess ignorance when asked about how they lock down their data."

easy,

[etash]

no. People don't practically care plus they have the memory of a fish.

Re:easy,

[auric_dude]

Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance-will-you-tolerate-to-keep-the-nsa-away/

Re:easy,

[Seumas]

Only a few people even give the slightest fuck about the current revelations, anyway. The distortion field of Slashdot and Reddit (ugh) give the impression that it's the biggest thing in the world and the entire population is angry, but that could not be further from the case. People didn't give a fuck about Echelon. People didn't give a fuck about the DMCA or The USA Patriot Act. They didn't give a fuck about all the signing statements that George Bush put down (basically, when a president goes through a passed bill and writes down little notes essentially saying how he will or won't abide by each part of the bill -- signing statements are how we wound up with authorized torture and claiming the Geneva Convention doesn't apply to Americans -- only to "bad guys"). People don't give a fuck about all the ones Obama has done. People didn't give a fuck about Kevin Mitnick spending many years behind bars without a trial or access to the evidence against him. People don't give a fuck about Gitmo. Whatever fuck people *do* give a damn about right now will be mitigated by the next big distraction coming down the pipe.

Slippery slope doesn't apply to civil liberties and surveillance in America -- but the thing about a slowly warming frying pan sure does.

Re:easy,

[_xeno_]

Yep. If you've been following the news, you'll notice that it's all about catching Snowden, and not about the massive NSA surveillance program. Most people just don't care about it, and the media sure isn't helping by focusing on Snowden to the exclusion of everything else.

I'm sure that ultimately, we'll get some law to "increase oversight on the NSA" that will have no teeth, the NSA will go back to spying on all communications it possibly can, and Snowden will get to discover the true meaning of "extraordinary rendition."

Re:easy,

[Seumas]

I don't understand this attitude. It basically comes down to "this doesn't directly impact me, so I don't give a fuck". So I guess you have an opinion on very few things, then?

I'm not a billionaire, but I don't think rich people should be capped at a certain level of income. I don't have a uterus, but I support a person's choice to do what they want with their body. I'm not gay, but I fervently support that they be treated like every other citizen as per the Constitution. I'll never be under age again, but I still think rights and liberties should apply to those who are under age.

In fact, it is kind of a sick and disgusting attitude. Less so, maybe, that you're not in the states -- but plenty in the states have exactly that opinion...

Re:easy,

[hairyfeet]

The correct answer is zero, zero annoyance. as somebody who works with the normal folks 6 days a week i can tell you a shitload of them already just blast their entire existence onto their FB page anyway, and if having everything encrypted wasn't "clicky clicky" simple or actually cost a cent compared to your Gmails and Yahoo mails? Not gonna happen, they just won't use it.

And of course the bigger bitch is that for most of this software to work you have to get both parties on it so you are stuck with a network effect to where YOU can be encrypted but it won't matter because nobody you know will go to the trouble to use the software so you won't be talking to anyone anyway.

Re:easy,

[hedwards]

The problem with encrypted email is that you can only send it to people who agree that security is important.

And the people causing the loss of my privacy are numb nuts that post pictures of me to FB and various other places without my permission.

Re:easy,

[Gr8Apes]

Having used PGP for email long ago, it really was "clicky clicky" simple, if your system supported it. The only reason it's "hard" is because apparently those making software either don't have the expertise or have been encouraged not to.

Re:easy,

[lister+king+of+smeg]

yes because the nsa would never lie before Congress oh wait they have already been caught lying before Congress twice. I trust encryption far more than I trust the nsa.

Re:easy,

[Znork]

To keep the NSA away? None. I have nothing to hide.

To ruin these assholes day? Lots. I have massive amounts of meaningless data I constantly send encrypted via foreign countries. It contains absolutely nothing of interest to them, but it will make it harder for them to find whatever they're interested in, and it will force them to either store massive amounts of meaningless data or discard it all, meaning they won't catch anything interesting in the future, should I ever need to send anything I don't want them snooping.

Either way I'm screwing with them. Not much but easily enough to cover the time and money spent doing my patriotic duty to humanity.

Re:easy,

[7-Vodka]

Did you say Outlook?

M$ was the FIRST company on the PRISM slide timeline you know?

Re:easy,

[luigi6699]

Really? It's been driving me crazy that I can't find a mail client which makes encryption "clicky clicky" easy. All I want is a mail client/plugin which automatically searches an authenticated keyserver for public keys that match my recipients, and offers to import them. Doesn't seem to exist as far as I can see. What's your setup that allows normies to encrypt/sign 100% of their email?

Re:easy,

[0111+1110]

I would really like to know why all those who have been hyperventilating over this thinks the government or anyone else for that matter gives a shit who you call or e-mail.

Because we are all potential terrorists and criminals. I suspect it's just a matter of keywords. If you mention the word NSA or terrorist or the name of any middle eastern country or allah or whatever the automated system kicks the conversation over to some poor SOB right out of college who gets to listen to or read all of our boring conversations. Since we don't really know the keywords we cannot really be sure when a human is monitoring us or just a computer. At this point it seems pretty obvious that at least a computer monitors EVERYTHING. Something I would have considered paranoid before Snowden let us know what is really going on.

What I wonder about is whether keywords that affect law enforcement are also included. Does mention of the word "weed" or "marijuana" send a transcript of the conversation over to the DEA? If that doesn't happen already you can be damn sure that it is only a matter of time before the government figures out the utility of that. Especially now that the cat is out of the bag anyway.

Re:easy,

[AmiMoJo]

There is a debate programme on the BBC where they were talking about this and one outraged member of the public exclaimed "I made my Facebook profile private!"

Unfortunately this is the level of understanding people have about these things.

Yes, some, but will it matter?

[PapayaSF]

The NSA gets a great deal of information through metadata and traffic analysis, so how much does encryption really matter? It might even call more attention to yourself: If you are just somebody surfing an Islamist website or emailing your school friend in Pakistan, the NSA will note it but possibly ignore it, if there's nothing else suspicious to connect you to. But if you are sending streams of encrypted data to those same locations, wouldn't that raise red flags?

Personal encryption tools need a UX overhaul badly

[Wonko+the+Sane]

I made a tutorial designed to help non tech-savvy people set up usable email encryption and even with the best narrator and script it's still terrible.

There are way too many steps involved, and in spite of how radically the usability has improved over the last decade or so it's still not at all user friendly. Default values are set poorly; things that should be completely automated and happen transparently in the background, like keyserver operations, require manual intervention.

It's almost enough to make me suspect a consipracy to keep these tools out of the reach of the average user, but realistically I suspect (unproductive) laziness combine with a lack of empathy for non-experts is the real culprit.

Most people CAN'T

[Kazoo+the+Clown]

I'm in IT and I can't figure out the gibberish that passes for documentation on open source security products. Without exception, they presume you already undrstand the issues, or they explain them badly...

What's different?

[jtownatpunk.net]

If all of the past disclosures and leaks haven't prompted them to do so, why would this one be any different? Did people really think the NSA put their toys away and went home after the Room 641A exposure? It's not like that was ancient history. It's the core of Congress' retroactive grant of immunity for warrantless wiretapping which was all over the news less than two years ago. And domestic spying was old news even before 641A.

Holy Crap, What A Bunch Of Pessimists

[Jane+Q.+Public]

Most of the comments I have seen here have been depressingly (and unjustifiably, IMO) negative.

I think it is obvious that people are becoming more concerned about privacy, now that they see how much of it they have inadvertently allowed to be taken from them.

I only hope that when they start using "privacy protection measures", they don't forget to fight against the reason they need to: abusive assholes (at least half of whom seem to be in government).

Re:Reddit

[peragrin]

um who do you think the "girls" are? This is the internet, everyone loves games and all girls are really government agents spying on you.

yes

[periol]

several non-tech folks have stopped communicating with me except for face-to-face, simply because they don't want the government to read our conversations. my text and emails have gotten very matter-of-fact ever since the snowden revelations leaked.

as a result, i've been researching the available encryption resources out there so we can actually have private conversations without worry. there aren't many that are really simple to use and actually effective. i'm talking with a friend about setting up a home server we can VPN into for chat sessions until there's a workable solution for non-tech types.

i've wanted to do this for a while, but no one else around me cared. now they care.

Of course not

[Le+Marteau]

Why would the average person give a fuck about their privacy? Most people have nothing to hide, and unless they are a fanatic or a hobbyist, they could not care less who reads their stuff.

This security stuff is NOT about the average guy, though. It's about movers and shakers... politicians, lawyers, businessmen, members of the media... people who have power in some ways to affect change, and who communicate in ways which REQUIRE privacy.

Likewise, the NSA monitoring the average person does not matter in the least. It is about them monitoring movers and shakers. It's about people who could potentially upset the powers that be.

So cut me a break with the ruminations about whether Joe Six Pack or Susy Soccer Mom is going to encrypt their email. The real question will be, will the next candidate for high office, who aims to shake things up, and who thinks the current Republicratic overlords need to GTFO... the question is... will he us it, and will he continue to be monitored.

Re:Of course not

[stephanruby]

Why would the average person give a fuck about their privacy? Most people have nothing to hide, and unless they are a fanatic or a hobbyist, they could not care less who reads their stuff.

I agree with you. The average person probably doesn't care, but that doesn't mean he/she shouldn't care. Privacy is important to everyone, even if you're one of those persons who mistakenly believes that you have nothing to hide.

Divorces, custody disputes, false accusations, lovers' quarrels, medical sexual history, medical history, dating, underage alcohol consumption/sexting/sex, stalkers, job interviews, job-related credit checks and/or background checks (depending on the type of job and your local laws), salary negotiations, career promotions, college/school applications, car accidents, car insurance penalties, red-lining, profiling, red light cameras, speed cameras, identity thefts, arbitrary tax laws, IRS audits/penalties (if you don't live in the US, replace IRS with the relevant tax/customs authorities), collection agencies, filesharing, porn, sexual orientation, tethering, rooting your own device, netflix/hulu-specific throttling, recycling fines, arbitrary electricity/water consumption fines/penalties, housing association violations, neighborhood/city zoning/building violations, cigarette smoking violations, dog leash/breed violations, contrived political redistricting, poll tampering, etc.

And it is true, that as individuals, we may not care that much about each particular privacy-related issue, but as a whole and as an aggregate, we should care, because every single one of us is impacted by at least some of these issues and consequences.

More likely to influence companies outside of US

[dcavens]

I think the whole fiasco is going to convince a lot more companies located outside of the U.S. to stay away from U.S. based cloud-providers and SaS. As a Canadian, I'm looking for a Canadian cloud provider that guarantees data is located in Canadian data centres, is Canadian-owned (U.S. law treats subsidiaries of U.S. companies as U.S. companies), and is only subject to Canadian laws.

I suspect many non-U.S. companies are going to do the same- I'd rather be subject to laws I have some influence over.

a quote from Ross Andersen

[BACbKA]

Yep. And, regarding your "even if they do not decrypt it", I can't help quoting one of my favourite books on security: "The main problem facing the worldâ(TM)s signals intelligence agencies is traffic selection â" how to filter out interesting nuggets from the mass of international phone, fax, email and other traffic. A terrorist who helpfully encrypts his important traffic does this part of the policeâ(TM)s job for them. If the encryption algorithm used is breakable, or if the end systems can be hacked, then the net result is worse than if the traffic had been sent in clear." (See http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c09.pdf p31)

Re:Is it even worth it?

[hedwards]

The more people that encrypted trivial bullshit, the more they need to store and the longer it'll take them to crack it at any point in the future. And the less likely it is that they'll be able to pay attention to everybody.

Remember, the time it takes them to crack thousands of LOL cat videos is time they don't have to crack things we actually care about.

Re:Reddit

[Gr8Apes]

Considering how many people on this site are pirates, then yes, NSA monitors Slashdot more.

Just because we know how and don't subscribe to DRM and other crap doesn't mean we're "pirates".

Security is not the users problem

[WaffleMonster]

We are the problem not the end user.

We have failed to provide basic communication infrastructure that protects the end user.

Expecting people to use optional add-on technology requiring x additional software and y additional knowledge is obviously not going to happen regardless of how small x and y can be made.

The only way to fix the problem is wholesale replacement of existing bullshit (e.g. SMTP) with a solution that is secure by default. Users simply must not have the choice of skipping rational and meaningful key exchange steps before communication. It can be made easy or hard to give users control of the security tradeoff but it must not be optional.

Re:no

[1s44c]

two words: television, facebook.

With the exception of a few people, American's just don't care about anyting-- unless it interrupts their viewing pleasure.

Very sad and very true.

Stupid distractions like television, facebook, and sport are rendering entire generates hopeless and pointless. Few people do anything anymore and everyone hates everyone else.

Imagine a world where people spend just some of their free time doing socially useful things. There would be no litter in the streets, no potholes in the roads, the elderly would not be alone and issolated, the hungry would be fed and waste space would become parks or food growing areas. There would be no need of stupid things like television shows or any of the other distractions from living.