A Year After Snowden's Disclosures, EFF, FSF Want You To Fight Surveillance

Today, as the EFF notes, marks one year from Edward Snowden's first document leaks, and the group is using that as a good spur to install free software intended to make it harder for anyone (the NSA is certainly not the first, and arguably far from the worst) to spy on your electronic communications. Nowadays, that means nearly everything besides face-to-face communication, or paper shipped through the world's postal systems. Reader gnujoshua (540710) highlights one of the options: 'The FSF has published a (rather beautiful) infographic and guide to encrypting your email using GnuPG. In their blog post announcing the guide they write: "One year ago today, an NSA contractor named Edward Snowden went public with his history-changing revelations about the NSA's massive system of indiscriminate surveillance. Today the FSF is releasing Email Self-Defense, a guide to personal email encryption to help everyone, including beginners, make the NSA's job a little harder.'" Serendipitous timing: a year and a day ago, we mentioned a UN report that made explicit the seemingly obvious truth that undue government surveillance, besides being an affront in itself, chills free speech. (Edward Snowden agrees.)

No point encrypting if you're the only one...

[nine-times]

There's no point in encrypting your email with something like GPG if you're the only one using it, and most people aren't going to use it until it's easy.

I know, you'll tell me it's easy. Just download this software, install it, and it'll work for your email client assume you're still using an email client and there's a plugin available for it, which there might not be. Otherwise you need to copy and paste and stuff, and... oh right, then there's also the whole issue of managing keys and keeping a backup copy safe. Most people don't back anything up.

You have to make it easy. Someone will get angry because I appear to be praising Apple, but take iMessage's encryption for example. Do people using it know that their messages are encrypted? Probably not. Are they given a choice? No. Do they know that they're generating encryption keys? Probably not. Are they asked to manage their own encryption keys? No.

That's easy. GPG isn't. Email encryption needs to be that easy, or people won't use it.

Fixing a social problem with technical means?

[cpghost]

Basically, we're making it WAY too easy for the NSA to spy on us. But, even if we all switched to encrypted mail, that's not enough: with their metadata collection, they can still infer a lot of things from our communications patterns. So technically, we need I2P, Freenet or similar anonymizing technology to hide in the crowd. However, to REALLY fix the problem once and for all, we need to take it to the political arena, and fight for majorities to get Congress to reign in NSA in earnest, no matter what "Yes We Scan" Obama wants. If we don't, Orwell's 1984 will remain in effect, no matter how much we use OSS, encryption and so on.

Encryption isn't privacy

[bigpat]

Encryption misses the point. Encryption isn't privacy. The major threat to privacy from the US government is not from the content of your communications being read without a warrant it is that your communications are going to be monitored without a warrant so they will be able to monitor all your associations, purchases, communications and movement and locations. Basically it is like having a tail on 24x7 with someone looking over your shoulder... they don't need to know what you are saying until they want to and if they want to then you are past the point where encryption will mean much since they can put a keylogger on your system or maybe even break your 256 bit encryption.

The only protection from the surveillance state is either to eliminate communications technology altogether or to return to the rule of law.