Wave to the NSA
If you’ve ever thought the government would protect you from its own abuses, the recent domestic spying revelations have surely made the point that the only protection you’ll get is what you provide for yourself.
When you send email, it hops from computer to computer across the net in a form that can be read by anybody who cares to do so. Imagine every email is a postcard. It gets delvered by people passing it from hand to hand until it reaches its destination. Anybody handing it off can copy it, read it, or change it. People write all kinds of sensitive things in these postcards. They probably shouldn’t.
If you want more privacy than a postcard can offer, get yourself an envelope. I suggest you choose one that is tamper-resistant and very hard to open. In the world of email, that envelope is encryption.
The strongest encryption we know of is available to anybody who wants it at zero cost. It’s called GPG and works with many different email clients on Linux, Macs or even Windows. It takes some effort to set it up, but once you do, you can communicate privately with anybody.
How secure is GPG? Very. The amount of computing power it would take to break this encryption in a reasonable timeframe is more than we know exists on the Earth. Nothing is perfect, and this is as good as it gets.
Start using encryption. Encourage your friends and family to adopt it, and use it for everything from mundane chitchat to protecting sensitive business. There have been numeous attempts to outlaw encryption (from both major parties), and if it’s not in widespread use fairly soon, the current terror scaremongering might make it illegal to communicate in a way the government cannot understand.
Nobody can protect your privacy but you.
June 12th, 2006 at 2:44 pm
The idea of encrypting all of your emails isn’t now, but it’s lots easier said than done. If the people you’re emailing don’t have the software, they can’t read your email. You also both have to have keys. And if the other person is using populal Web-based email (not Hushmail or one of those), they’ll have to go through extra steps to decrypt your messages.
I don’t think I’d have much luck getting my friends or relatives to deal with the hassle of PGP for emailing me. They’d just stop emailing me instead. Easier solution: don’t email sensitive information. Truth is, most people aren’t emailing information they care enough about protecting to encrypt, which is why almost no one bothers.
I sell security software and hardware for a living, including PGP. Most organizations use it for securely transmitting select information from a specific sender to a specific receiver with specific security policy goals in mind, rather than as a general security talisman.
Financial institutions are finally catching on to its use for financial data, and one of the requirements for the VISA/MasterCard Cardholder Information Security Program is to encrypt data sent over public networks. Most companies are using PGP’s Command Line product to comply. (And FWIW, I think it’s odd that CISP only requires that the data be encrypted during transmission. Smart programmers encrypt on disk, too, since that laptop, drive, or backup tape could fall into the wrong hands.)
June 12th, 2006 at 3:04 pm
Yes, it’s much easier said than done. But it’s a network-effects kind of thing. The more people that do it, the easier it is to do. I pitched it to a bunch of friends and converted just a handful. But that’s a few more people than before, and when they want to communicate with each other, now they do so in an encrypted manner. I also enjoy encrypted communication with many clients.
Key exchange is easy and relatively automated wih public keyservers.
The goal is to entrench the technology. Have everybody use it for everything. The end-to-end encrypted net is one that is safe from prying eyes.
And I agree with you that it’s important to encrypt disks too. It’s incredibly easy to do. On Linux systems, it’s completely transparent. On other systems, only slightly less so.
June 12th, 2006 at 5:56 pm
One thing that could make all this easier is if just a few of the big Webmail companies adopted it. If Gmail and Yahoo offered encrypted email suddenly loads of people could encrypt data securely, and those two services alone account for probably 50% of the people I exchange email with.
June 12th, 2006 at 6:04 pm
I’ve thought the same thing and I talked to some Google folks about incorporating encryption into gmail. They say it’s on the radar but there’s no timetable.
What I can’t figure out is how they could do it without having a copy of your secret key. You would have privacy from everybody except Google.
June 12th, 2006 at 6:05 pm
I recently wrote a post about an article where (yet another) site disappeared down the “Google hole” for being anti-Islam. In the article, he theorized about his use of gMail. Given that google keeps every e-mail you’ve ever sent, and can probably scan it as you send it, there is the possibility that gMail may one day censor your e-mail.
But, if it is encryped, they can’t scan it, and they can’t block out words, and they can’t “not deliver” if a scan determines it to be “hate mail”. In a way, encryption could be the only way to ensure truly free communications. I doubt Google would volunteer for a feature like that.
But – on the other hand – I just had a whacko idea.
What if you had a blog (or other website), that required an encryption key to read?
It would (obviously) decrease the readership, but if – in order to get the encryption key – the reader simply needed to create an account with a valid e-mail address, then the site would send an applet that would decrypt the site – it would allow a person to put anything they wanted on the site without fear of “offending” anyone. It would cut down on the search engine hits, but who finds blogs that way anyhow? However, if someone were to write a blog AND an FireFox extension that worked with the blog encryption, that would be even easier – and better.
Yes, I took my medicines and I’m feeling frisky right now…. 🙂
(oooh look – pretty buttons: bold, Italics, link,
,
code
, andstrike!. I dunno what ‘lookup’ is….June 12th, 2006 at 6:12 pm
Via a combination of username/password authentication and SSL, it is already possible to have encrypted websites that only select people can see. Your gmail account works like that. As does your online banking account. Expanding the model to an entire website is common for things like “members-only” areas of websites.
June 13th, 2006 at 1:30 pm
Look up onion routing and Tor. There’s a whole blacknet already out there to play around in.
June 13th, 2006 at 1:44 pm
Yes, Tor is definitely another good tool for anonymity. It is not encryption, though. If you use Tor, you should encrypt as well.
June 13th, 2006 at 3:47 pm
Is it possible to use GPG (or something like it) with web-based e-mail clients like Yahoo or gmail? If so, perhaps a primer is in order.
June 13th, 2006 at 3:52 pm
You can use GPG with web-based email, but it’s extremely clunky and involves lots of cutting and pasting.
If you have a gmail account, you can access it like any other POP account. So you can get your mail delivered to you in Thunderbird or Outlook or any other email client. If you do it like that, you can get your gmail delivered to a program that can do GPG (i.e. Thunderbird) and then using GPG in that context is like any other.
June 13th, 2006 at 5:27 pm
This is a problem. Most of those with whom I correspond have no access to POP mail, so it would make it prohibitively difficult to start encrypting. Which is a shame, because I’d love to do so.
June 13th, 2006 at 6:29 pm
Most people just cryptographically sign emails, not encrypt the whole thing.
And I’ve never bothered to set it up, at all, ever. Why? Because I have exactly zero need to, in that I never email anything sensitive.
A “network effect’ of people encrypting (rather than signing) their mail will just cause me to ignore their email. And, really, considering how bad people are at backups and computer maintenance? Do you want to deal with updating people’s public keys every week? Worrying about how your archived mail can’t be read because the keys are changed/lost/confused?
The wisdom of the people really seems to have already spoken; the only people who encrypt are people who are 1) crazies (and I mean that for the most part affectionately, not so much seriously as a literal accusation of mental imbalance) and 2) people who are actually emailing sensitive information.
(The same sort of problem in the penulutimate paragraph above applies to disk encryption; if you’re competent, sure, it’s fine. But people who can barely remember their own password, having all their data encrypted? They’re just going to lose it all and then never encrypt again. Then again, why even encrypt most of a filesystem? It’s useless overhead to encrypt pretty much anything that isn’t your sensitive data, after all…)
June 13th, 2006 at 6:43 pm
Sigivald,
The big reason to encrypt even non-sensitive data is that it increases the overall amount of encrypted data. Even if the gov (or whoever you want privacy from) has the immense computing resources needed to crack *some* encrypted traffic, by encrypting everything, you make it difficult for them to decrypt anything of value.
I agree that we don’t currently have the tools to make encryption and key management easy. That situation is improving.
Most people are not willing or able to never email anything sensitive. From business information to legal documents to personal missives, there are a lot of good reasons to want privacy, at least some of the time. Besides, do you really want the NSA reading even your non-sensitive email? As things stand, they are.
June 13th, 2006 at 9:57 pm
I’ve been using GPG signatures by default on my mail for years, and the only tangible benefit is a few people here and there that didn’t read my message because of the “funny attachment” on it.