Safeguarding Data From Big Brother Sven?

An anonymous reader writes "Now that the Swedish government (in its infinite wisdom) has passed a law allowing them to monitor email traffic, a question that I think a lot of people are asking (or at least should be asking) is: 'What can I do to improve my privacy?' The answer is not obvious. So, what are the best solutions for seamless email encryption, search privacy, etc? What are your experiences with PGP vs GPG vs ...? In this day and age, why is the use of this type of privacy technologies still so limited? Why isn't there a larger movement promoting the use of privacy tools? Also, what is in your opinion the largest privacy concern? Search tracking? Email transfer? I believe this is an interesting question not only for Swedes, but for everyone. Lots of traffic is passing through Sweden, but more importantly, the Swedish government is not alone in using this type of surveillance."

Reader j1976 writes with a related question: "For most users with email addresses within large organizations, implementing their own email encryption scheme is not feasible, partly because of the technological aspects, but also since users in organizations often do not have administrative access to their workstations. What can an organization do, centrally, to lift the burden of encryption from the users? Are there any transparent schemes for email encryption which could be installed for the organization as a whole?"

Re:Someone please remind me...

[AltGrendel]

Ummm.....

Linus is from Finland,/a>. [wikipedia.org]

Re:Sweden's just being honest about it

[Hyppy]

Your SSL connection isn't any safer from snooping - not sure about MitM attacks, but if you're just listening in, do you really need to be a MitM?

Care to explain to me how to reliably intercept SSL communication wholesale without a very sophisticated man in the middle attack?

Re:On NPR...

[Paranatural]

...(Of all places) there was a pretty good segment this morning regarding email encryption, even including a short interview with Phil Zimmerman.

Why the 'of all places' comment? I've actually heard several good and tech-savvy news pieces on NPR.

Re:Sweden's just being honest about it

[k1e0x]

I've done MitM on SSL as a demonstration before. It would be reasonably hard to do in the real world even by an ISP. It involves generating a cert on the fly and passing it to the client.. today's browsers will warn on that.

I'd be more worried about a super hardware AES cracker that the NSA isn't telling us about.

Re:Sweden's just being honest about it

[11223]

It doesn't need to be an especially sophisticated attack if the government's doing it. Most uses of SSL just check that the other side has a properly signed certificate by a trusted authority. No doubt the government can generate trusted certificates at any time.

Re:Extra software?

[Gandalf_the_Beardy]

I'm not sure that follows. In all the cases I recall the outgoing mail servers were running Exchange or Sendmail (with one looking at migrating to Exim). There are bolt on packages for all three that do encrpytion serverside if you want to go to the trouble and the expense in money and support time. The reason they didn't move in at least one case was that the servers couldn't easily cope with a large increase in the processing load to encrypt the messages.

Seamless, no. Pretty darn close, yes.

[querist]

There is no "seamless" encryption method that will give you enough protection. Sorry.

However, there are plenty of options if you're willing to do just a little work.

Install GPG or PGP. I use GPG because I can give it away legally to my friends who are less technically saavy and it works on Linux, OS X, and Windows.

Enigmail will integrate nicely into Mozilla's emailer and automate nearly everything once you have the person's public key. It will even notice who your recipient is and automatically pick the correct key.

There is something similar for the OS X Mail application (and I have it installed) but I don't remember the name of the application. It's not as bright as Enigmail and won't figure out who the recepient is automatically and pick the correct key.

FireGPG is a plug-in for FireFox (and it works for "Mozilla" because the web browser _is_ FireFox) that will allow you to use GPG with GMail.

I have an email account in which _all_ of the traffic is encrypted because I use these tools. I never send anything unencrypted on that account.

It's not seamless, but it's not that hard and it is not very intrusive.

I do not know if I should pity you because of your government reading your emails or if I should at least feel happy for you that they are honest enough to admit it (supposedly) before starting. Either way, I doubt things are any better here in the USA.

I find it amusing that the CAPTCHA is "incided", as in this new law inciting a riot.

SSL Proxy

[markybob]

You need to use a proxy that encrypts all traffic to and from you and it. Try dipconsultants.com ...I use it and it's very fast.

Re:Sweden's just being honest about it

[Hyppy]

Well, I know that in order to verify most U.S. DoD SSL certificates you must install the U.S. DoD root certificates locally. Example. [army.mil]

Re:Someone please remind me...

[Kozar_The_Malignant]

Linus is from Finland,/a>. [wikipedia.org]

True, but from the Swedish speaking minority of Finns.

Re:SMTP over SSL

[Z00L00K]

That part is actually relatively easy - and you have to remember to also implement IMAPS and POP3S - and close the IMAP and POP3 services.

I have already implemented SMTPS, IMAPS and POP3S a few years ago. And it's actually not really necessary to buy a certificate if you are doing this for a closed group. Just use OpenSSL and generate your own certificate.

To send emails to others both ends have to buy an email certificate, like from Verisign.

And then some of those who voted for this law thought that encryption is very easy to crack - so easy that it doesn't matter if an email is encrypted or not. The problem with cracking encryption is that you first have to figure out which one it is - and the history is full of encryption techniques.

So in the end - this law will be a good promotor for encryption more than anything else and the monitors can continue to search with Google and not get a bit of useful information from the real criminals and terrorists.

Re:Extra software?

[rwxrwx]

I agree , although for most windows users if you want (free) privacy you have to install X number of programs for gpg e.g. I think for the common user this is to much of not only a hassle but a technical burden gpg for example.

1.Install gpg4win
2. Thunderbird (or equivilent free email client)
3.) Extensions for email ( case Thunderbird)
4.) make keys
5.) configure programs, get other users pub key etc etc.

This is to much for normal Joe by step 3 or 4 the normal Joe has given up.
If this would be automised or somehow integrated into a email client , I think we would see email encryption more widely used. Although through the automation process problems can arise, security hole here , and their, because all these process's have to be linked automated etc. etc

Whereas with a nix distro, most users are tech orientated, after adding the correct repos or (with some distros these things are even default installed gpg for e.g.) then the only thing left is to configure, which really is pretty painless to the tech user who knows what hes doing in the first place.

Re:Why can't it be simple.

[ahugenerd]

You have it backwards. Your public key is used to encrypt messages that are being sent TO you, which you can then only decrypt with your master key. The idea is that you (Alice) would send your message encrypted with Bob's public key to Bob. Since only Bob has his own master key (since it doesn't get posted to the server), then only Bob can decrypt it. Bob would then reply to you by encrypting his message with your public key. And so on.

Re:Why can't it be simple.

[Godji]

The public key server only holds your public key - the one that was meant for anyone to see. Your private key, which is the only one that can be used to decrypt messages addressed to you, stays with you. Nobody other than the parties involved in the communication ever holds one or the other's private keys.

The "public" in "public key server" means BOTH that the key server is public AND that it is a server for public keys. The most anal-retentive name for it would be a "public public key server".

See http://en.wikipedia.org/wiki/Public-key_cryptography [wikipedia.org] for all the details.

Re:Why can't it be simple.

[k1e0x]

Well.. yeah, you have a point. but at least they can't data mine this way unless they control the key server itself all the time.

When your dealing with an entity like government .. it's pretty difficult to stop them from doing something. I mean.. they could just make encryption itself illegal if they wanted.

It is our duty to stop them from doing that.. You have a right to privacy, you have a right to not show someone the inside of your house, the inside of your gym locker, the inside of your bank account, or the inside of your private letters. Governments should respect that right. A good paper came out a while ago called "'I've Got Nothing to Hide' and Other Misunderstandings of Privacy" http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565 [ssrn.com]

Re:SMTP over SSL

[Albanach]

Actually you don't need a certificate signed by a CA for SMTP over TLS.

We have used a self signed certificate for years and hundreds of other MTAs connect to us and happily set up a encrypted session to transfer mail.

Of course this has issues, by making it harder for the other end to be sure we are who we say we are, but given the alternative is simply to failover and send unencrypted that's not really a major concern.

This is with Postfix. Do any of the other big MTAs actually look to check the certificate is trusted before sending an encrypted message with default TLS settings?

Re:these kinds of stories are philosphically naive

[OldFish]

Nonsense. Eavesdropping on an encrypted conversation where the encryption is managed by the two endpoints gives you nothing but the identities of the communicators, and if they have taken steps to conceal their identities an eavesdropper doesn't even get that information. This secure communication exists peacefully alongside your "vast open network". You clearly invested a fair bit of time writing your post. Why? What part of communication security technology do you not understand?

Re:What about PirateBay/Relakks?

[winphreak]

A very good point, and so I looked it up on the Relakks website.

"RELAKKS Safe Surf enjoys the strongest legal protection possible under Swedish Law because of the service type (pre-paid flat-rate service). This means that RELAKKS do not have to keep an ordinary customer database (to be able handle transactions etc.). This is of importance if forced to hand over information.

If Swedish authorities can prove beyond reasonable doubt that they have a case for demanding subscription information from RELAKKS (they have to be of the opinion that if convicted the user will be imprisoned â" fined not enough). .

RELAKKS then have to hand over the subscription information entered by you (but thatâ(TM)s all). RELAKKS do not store any subscribtion information about you except what you entered yourself when signing up for the RELAKKS Safe Surf service.

For Swedish authorities to force RELAKKS to hand over âoetraffic dataâ including your RELAKKS IP at a specific point in time, they will have to prove a case with the minimum sentence of two years imprisonment.

Regarding inquires from other parties than Swedish authorities RELAKKS will never hand over any kind of information."
Source: https://www.relakks.com/faq/legal/ [relakks.com]

Seems they'd need more then just one red flag to get your registration info, but that would be prior to the wiretap law.

Sue the buggers!

[ayjay29]

The Pirate Bay seems to have the right idea [thelocal.se]. Take the governemt to court, start legal procedings.

If this is anything like the other PirateBay cases i can't wait to see the legal corrispondance [thepiratebay.org].

Re:Extra software?

[LighterShadeOfBlack]

security hole here , and their, because

there
There, spelled like here (ere), indicates location.
Their, Possessive.
The're, contraction of they are.

GET IT RIGHT!

They're, contraction of 'they are'.

The're, not a word.

GET IT RIGHT!

Because...

[jwiegley]

why is the use of this type of privacy technologies still so limited?

Several reasons:

Education. Most people that use email don't know what RSA, GPG or PGP is. Let alone the dozens of possible other ciphers available. These people also blissfully wandering around thinking their government is an effective, benevolent provider that keeps them safe so they don't even need encryption or privacy laws. (see: Nanny State). (Instead of the wasteful, corrupt, abusive, ignorant farce that it is.) Polls show that less than 1/4 of Americans know that there is no right to privacy (constitutionaly. The fourth amendment does not provide a right TO privacy; it only provides a right FROM search and seizure under certain conditions.) The rest of them think they have some such right and the government is upholding it, they don't need to encrypt their stuff. Besides [encryption is only for people breaking the law; if you aren't then you have nothing to hide.] lemma: People will not use something if they don't know they have a need for it or if it exists.

Ease of use. Have you ever tried to figured out how to be your own SSL Certificate Authority? or what that even means? I mean Christ, the openssl tool couldn't be any more complicated. Very few people can figure out and feel comfortable with creating, signing and maintaining keys and certificates correctly. Lemma: People will not use something that is confusing.

Guidance. Ever have a certificate/key fail to authenticate? Was the error/info helpful to somebody who doesn't understand the implementation details? No. When your VPN fails to connect or your message fails to decrypt is when I've seen some of the worst feedback presented to a user ever. We need to start practicing an intelligent feedback, one that diagnosis the problem and tells the user specifically what must be changed to solve the problem, not what the problem was. Tell people solutions, they already know a problem exists. Lemma: People will not use something that they cannot correct malfunctions with.

Standardization. PGP is not GPG. Not all mail agents support the same set of encryption capabilities. When sending a message you cannot be sure the recipient can read it no matter what you choose. As the receiver you are going to receive items that are incompatible with you. The result is pressure on ALL users not to use any encryption so that everybody is known to be using the same standard. Lemma: People will not use something [that interacts with all others] unless everybody else is using it.

Transparency. Install this, configure that, click this button, enter your password... People do not want to put this much effort into reading a piece of mail. I'm a security nut and I still hate typing my passwords the fifty times a day that I do. We need to make systems that are as transparent as possible. The user either has to never know they're using it, or they have to be expected to configure it only once and then never have to worry about it. Lemma: People will not use something that annoys them, especially repeatedly.

Too many choices. Which cipher do you want? Do you know why? Would you like RSA or DSA? How many bits? Would you like that in binary or ASCII armor? This detracts from a user's ability to be comfortable with a choice and as such they won't make one. Lemma: People will not use something if they aren't comfortable picking it.

Distribution. For PGP/GPG you need to distribute keys effectively (and transparently). This has not been solved adequately. Lemma: People will not use something that isn't available.

Economy. People do not want to pay for keys and certificates. While Verisign and others provide trusted stores where keys could be distributed the finance changes they enact are prohibitive for normal people. Yes, I know there exists free ones. But they aren't included in the root certificate databases of applications. You can add them but as I said earlier: you just crossed the line of ease of use that a user isn't going to cross

Re:Someone please remind me...

[ceifeira]

Socialism [wikipedia.org] refers to a broad array of ideologies and political movements with the goal of a socio-economic system in which property and the distribution of wealth are subject to control by the public.

Authoritarianism [wikipedia.org] means a form of social control characterized by strict obedience to the authority of a state. Hence, the term has similar meaning with totalitarianism, with the latter being an extreme case of the former.

Re:Seamless, no. Pretty darn close, yes.

[molo]

About FireGPG, you should be careful when using it with gmail. Unless you are using the HTML-only version, when using their javascript-enabled message composition window a draft of the message gets saved to the gmail server. So now you have your plaintext being sent to gmail. It is only after you write your plaintext that the message is then encrypted for transmission.

-molo

Encryption for the rest of us

[whatisevil]

There is a small startup called Poosty which aims to bring encryption to the less tech-savvy masses. You sign up with your existing email address and mobile number, and they claim to provide easy-to-use 1024 bit encryption for a free account, 2048 bit encryption for "Pro" subscribers. The company is, interestingly enough, based in Stockholm, Sweden. https://secure.poosty.com/ [poosty.com]