Comments on: What to do about PRISM is unclear as of yet https://dfarq.homeip.net/what-to-do-about-prism-is-unclear-as-of-yet/?utm_source=rss&utm_medium=rss&utm_campaign=what-to-do-about-prism-is-unclear-as-of-yet David L. Farquhar on technology old and new, computer security, and more Wed, 26 Jun 2013 00:54:05 +0000 hourly 1 By: Dave Farquhar https://dfarq.homeip.net/what-to-do-about-prism-is-unclear-as-of-yet/#comment-31479 Wed, 26 Jun 2013 00:54:05 +0000 https://dfarq.homeip.net/?p=6686#comment-31479 In reply to joseph.

I can think of a dozen things that I’d send encrypted if I could. Anything related to finance, health, or that personally identifies you ought to be.

But beyond that. If a good amount of mundane stuff were encrypted, then encrypting stuff wouldn’t call attention to it. Encrypted stuff would just be normal, and if you went to the trouble of brute-forcing it, you wouldn’t know if you were getting something juicy, or just someone’s grocery list.

So encrypting mundane stuff protects the important stuff too.

And beyond that, the Fourth Amendment never was repealed, so it still applies. Produce a subpoena, and I’ll hand over my e-mail. There’s no reason whatsoever to hand it over a moment before.

]]>
By: joseph https://dfarq.homeip.net/what-to-do-about-prism-is-unclear-as-of-yet/#comment-31478 Tue, 25 Jun 2013 15:49:08 +0000 https://dfarq.homeip.net/?p=6686#comment-31478 What needs to be encrypted that isn’t already encrypted? Bank communications, and the sort, need encryption. Most others do not.
I don’t do or say anything that the POTUS would find objectionable. At least not in the light of day.
All bow down to the NSA and its computing abilities.
…..
“Live in such a way that you would not be ashamed to sell your parrot to the town gossip.”
Will Rogers

]]>
By: Dave Farquhar https://dfarq.homeip.net/what-to-do-about-prism-is-unclear-as-of-yet/#comment-31475 Tue, 25 Jun 2013 01:31:21 +0000 https://dfarq.homeip.net/?p=6686#comment-31475 In reply to Timothy.

I agree, if even a simple majority of people encrypted, that would be better. But I can’t even get loan officers to type a simple password to open an encrypted zip file in it–they expect me to send a document with my social security number and my checking account number in the clear because typing a password is too hard. (Yes, this annoys me to no end.) But when I start talking about encryption, they look at me like I just asked them to disassemble a rocket engine with nothing more than a coat hanger and a toothpick.

And people wonder why we have trouble with identity theft? I can’t believe anyone manages to get a mortgage without getting their identity stolen.

That’s just one other benefit, besides keeping government agencies honest.

Now, having worked for the Air Force for many years, we had encrypted e-mail. We’d insert a smartcard, type a PIN, and we could sign and/or encrypt mail. Click the appropriate icon, enter a PIN, and bam, it’s done. Easy. That’s what we need everywhere. Another reason: Making SMTP servers bounce any e-mail that doesn’t have a digital signature would have the oh-so-unfortunate side effect of completely eliminating spam. But people would gripe about needing a “license to use a computer.”

So instead, we live with a completely broken system, where I get incessant e-mail from Christian Mingle Singles (I’m married, dipsticks!), Female Seduction Secrets, Stop Struggling With Heavy Hoses (I really wish I was making this crap up), and Designer Watch Replica, all just this morning. And some computer in Baltimore (and, undoubtedly, its counterpart in China) pays better attention to my e-mail than I do.

Oh, and I traced your IP address. .co.uk e-mail address or no .co.uk e-mail address, you ought to be perfectly fine. And I can’t wait for the ACLU and/or the EFF to force the NSA to prove it.

]]>
By: Timothy https://dfarq.homeip.net/what-to-do-about-prism-is-unclear-as-of-yet/#comment-31472 Mon, 24 Jun 2013 17:04:33 +0000 https://dfarq.homeip.net/?p=6686#comment-31472 I’m also in St Louis, am a US Citizen, but not by birth. My email address is in a .uk domain, so it’s not immediately obvious I’m even in the US, let alone a Citizen.

In any case, ever since I learnt about PGP, it made sense to me that everyone should be encrypting everything. The problem is getting enough traction, because I need the recipient’s co-operation to make a public key for me to use.

Let us imagine a world in which people habitually sent snail mail by postcard. When I want to send you something secret, I put it in an envelope. That item immediately becomes a target, because it’s different. It makes it an easy target. A spy in the post office could easily identify envelopes from postcards, and focus their energies there.

By putting everything in envelopes, it makes it much harder to tell the important from the innocuous. Sure, there are other analyses you can perform. If the sender or recipient is my bank, chances are it has some more important information there. But the postal worker spy would need to do more work. They’d need to know names and addresses of banks, and then look at the sender/recipient address of every piece of mail to see if there were a match. That’s more work than simply picking out envelopes.

I think there’s a similar case to be made for encrypting emails. By making everything encrypted, it’s much harder for interceptors to know which items are worth directing their efforts at. The problem, of course, is getting the buy in from everyone.

]]>