Safeguarding Data From Big Brother Sven?

An anonymous reader writes "Now that the Swedish government (in its infinite wisdom) has passed a law allowing them to monitor email traffic, a question that I think a lot of people are asking (or at least should be asking) is: 'What can I do to improve my privacy?' The answer is not obvious. So, what are the best solutions for seamless email encryption, search privacy, etc? What are your experiences with PGP vs GPG vs ...? In this day and age, why is the use of this type of privacy technologies still so limited? Why isn't there a larger movement promoting the use of privacy tools? Also, what is in your opinion the largest privacy concern? Search tracking? Email transfer? I believe this is an interesting question not only for Swedes, but for everyone. Lots of traffic is passing through Sweden, but more importantly, the Swedish government is not alone in using this type of surveillance."

Reader j1976 writes with a related question: "For most users with email addresses within large organizations, implementing their own email encryption scheme is not feasible, partly because of the technological aspects, but also since users in organizations often do not have administrative access to their workstations. What can an organization do, centrally, to lift the burden of encryption from the users? Are there any transparent schemes for email encryption which could be installed for the organization as a whole?"

Secure tunnels

[Gandalf_the_Beardy]

Many of the financial service companies I contracted for have only been sending sensitive mail to maybe a half dozen clients. It's reasonably easy if the two IT departments get together to establish secure tunnels at the organisation level for transferring mail between them. Doesn't protect the mail outside these of course but it's a reasonably quick solution and effective if enforced with policies within the workgroup about what is and isn't permissible in an email. Requires no extra software and is easy to set up and manage.

Re:

[Gandalf_the_Beardy]

I'm not sure that follows. In all the cases I recall the outgoing mail servers were running Exchange or Sendmail (with one looking at migrating to Exim). There are bolt on packages for all three that do encrpytion serverside if you want to go to the trouble and the expense in money and support time. The reason they didn't move in at least one case was that the servers couldn't easily cope with a large increase in the processing load to encrypt the messages.

Re:

[rwxrwx]

I agree , although for most windows users if you want (free) privacy you have to install X number of programs for gpg e.g. I think for the common user this is to much of not only a hassle but a technical burden gpg for example.

1.Install gpg4win
2. Thunderbird (or equivilent free email client)
3.) Extensions for email ( case Thunderbird)
4.) make keys
5.) configure programs, get other users pub key etc etc.

This is to much for normal Joe by step 3 or 4 the normal Joe has given up.
If this would be auto

Re:

[LighterShadeOfBlack]

security hole here , and their, because

there
There, spelled like here (ere), indicates location.
Their, Possessive.
The're, contraction of they are.

GET IT RIGHT!

They're, contraction of 'they are'.

The're, not a word.

GET IT RIGHT!

SMTP over SSL

[Skapare]

One of the things we need to add is SMTP over SSL. It won't prevent all snooping, but at least between 2 people that trust each other, no snooping happens on the path between.

Re:SMTP over SSL

[Z00L00K]

That part is actually relatively easy - and you have to remember to also implement IMAPS and POP3S - and close the IMAP and POP3 services.

I have already implemented SMTPS, IMAPS and POP3S a few years ago. And it's actually not really necessary to buy a certificate if you are doing this for a closed group. Just use OpenSSL and generate your own certificate.

To send emails to others both ends have to buy an email certificate, like from Verisign.

And then some of those who voted for this law thought that encryption is very easy to crack - so easy that it doesn't matter if an email is encrypted or not. The problem with cracking encryption is that you first have to figure out which one it is - and the history is full of encryption techniques.

So in the end - this law will be a good promotor for encryption more than anything else and the monitors can continue to search with Google and not get a bit of useful information from the real criminals and terrorists.

Re:SMTP over SSL

[Albanach]

Actually you don't need a certificate signed by a CA for SMTP over TLS.

We have used a self signed certificate for years and hundreds of other MTAs connect to us and happily set up a encrypted session to transfer mail.

Of course this has issues, by making it harder for the other end to be sure we are who we say we are, but given the alternative is simply to failover and send unencrypted that's not really a major concern.

This is with Postfix. Do any of the other big MTAs actually look to check the certificate is trusted before sending an encrypted message with default TLS settings?

On NPR...

[Illbay]

...(Of all places) there was a pretty good segment this morning regarding email encryption, even including a short interview with Phil Zimmerman. What was VERY interesting about it, to me, was the attitudes of the "man / woman in the internet cafe'" interviews they did, and how most people just "didn't care" about privacy issues regarding email. One fellow naively stated "I try to live my life in such a way that no one would have an issue with what I do." In my opinion, though, what YOU or I might consider innocuous might garner unwanted attention from government. As we are headed seemingly toward a more "European" philosophy here in the USA where the government assumes the duties of "personal watchdog" over your "lifestyle," what you eat, what you drink or smoke, what you teach your kids, etc., this would seem to be a foolhardy attitude.

Re:

[Paranatural]

...(Of all places) there was a pretty good segment this morning regarding email encryption, even including a short interview with Phil Zimmerman.

Why the 'of all places' comment? I've actually heard several good and tech-savvy news pieces on NPR.

Re:On NPR...

[bsDaemon]

The rest of his comment implies that he tends to the right of center -- an area of the political spectrum where NPR is not exactly loved and any information which backs up their preconceived notions, no matter what the topic is, is viewed as being "out of place."

Of course, I used to be one of those people, too. I started out listening to NPR because I liked classical and jazz music... eventually the news wore on me and I realized that I had been sort of a dick prior. Now I really like NPR news.

Re:

[Danse]

Of course, I used to be one of those people, too. I started out listening to NPR because I liked classical and jazz music... eventually the news wore on me and I realized that I had been sort of a dick prior. Now I really like NPR news.

That's kind of why I avoid political discussions at family gatherings. Most of them get all their news and opinions from Rush Limbaugh and Fox News. They see every issue as black and white and are absolutely convinced that anyone that doesn't agree with them is either stupid or (to be generous) horribly uninformed or mislead. There's no such thing as a discussion with those people. They make it a lecture about how everything wrong with the world is cause by liberals.

Re:

[bsDaemon]

No, everything wrong with the world is caused by irrational people. There tend to be a lot of irrational people on both sides. Irrational lefties are more concerned with how you "feel," for instance. They are more concerned with intentions than outcome.

Irrational Conservatives think that everyone night like them is going to go to hell and think GOP stands for God's Own Party.

I think that about 80% of people on either side are irrational, and frankly I would rather talk to/be represented by someone I disa

Re:

[sYkSh0n3]

who thinks that being pro-environment means you also have to want to tax the rich and ban guns, or vice versa.

ban the rich and tax guns? I'm not sure how that would help....

Re:

[InlawBiker]

If I have something important to encrypt I encrypt it but otherwise it's not worth the trouble to hide everything just because I can.

Also, on a personal level it evokes an unpleasant "paranoid" feeling that is only slightly more off-putting than feeling like somebody could be reading my email. Maybe I just don't like the thought of Big Brother so I avoid thinking about it, who knows.

So in other words somebody might be reading my email but so what. Of the billions of emails floating around the 'net mine ar

Re:

[urcreepyneighbor]

and how most people just "didn't care"

That's why the Clinton administration gave up on it. They realized most people just wouldn't use. Those that would (and are), well, they wouldn't be bothered by any sort of ban. ;) It's like gun control, in a way.

Re:On NPR...

[k1e0x]

That is absolutely right.

The 4th Amendment was written in response to the Stamp Act. Under the Stamp Act of 1765, all documents in your possession required the kings stamp on them to be legal. You had to by the stamps so this was in effect a tax.. the really ugly part of this law that people do not seem to know is that under the Stamp Act, British soldiers could come into your house any time they wanted to check your documents with what was known as a "writ of assistance". This is in effect a search warrant that British soldiers could write themselves. (It is akin to the NSA's National Security Letter as well..). Upon rummaging through your home, if you could not also prove that you paid taxes on other items such as your furniture or even your tea and your rum, they could arrest you.

Privacy is a property right, you are in your right not to show your property to anyone. This becomes all the more dangerous in a society of data mining and government provided "universal health care" because the government may decide you do not work out enough or your diet is not proper.

Don't think it can't happen.. In Japan the legal wast size is 33.5 inches. http://www.nytimes.com/2008/06/13/world/asia/13fat.html?_r=1&em&ex=1213588800&en=b5472f5ba2e31e50&ei=5087%0A&oref=slogin [nytimes.com] Anything over that and you may be sent to "re-education". If you deny "re-education" you may even be arrested for being fat.

Zimmermann, maybe?

[ricebowl]

In this day and age, why is the use of this type of privacy technologies still so limited? Why isn't there a larger movement promoting the use of privacy tools?

Only terrorists have anything to fear from this! Are you a terrorist?

Yeah, it's turning into an old joke now, but, sadly (and in the words of Homer J.) it's funny 'cause it's true. Sort of (the perception, not the reality).

As for the "why are privacy technologies so limited?" question I think that probably, though not certainly, has something to d

Re:

[sm62704]

Only terrorists have anything to fear from this! Are you a terrorist?

Woodie Guthrie's [wikipedia.org] guitar read "This machine kills fascists". So yes, as I own two guitars and a bass, I am in fact a a terrorist.

Sweden's just being honest about it

[Hektor_Troy]

I think we're rather naïve if we believe, that Sweden is the only country in the Western world to do this. They're just (one of) the first to be honest about it.

As the submitter points out, you cannot be sure where your data is being sent on the route between you and your recipient. For all you know your "Dear Mom" email might go through Sweden, the US, the UK, Denmark, Russia and China even though you live within 50 km of eachother.

And your Skype call? Well, that's likely to do the same thing with its routing feature.

Your SSL connection isn't any safer from snooping - not sure about MitM attacks, but if you're just listening in, do you really need to be a MitM?

Re:

[Hyppy]

Your SSL connection isn't any safer from snooping - not sure about MitM attacks, but if you're just listening in, do you really need to be a MitM?

Care to explain to me how to reliably intercept SSL communication wholesale without a very sophisticated man in the middle attack?

Re:Sweden's just being honest about it

[11223]

It doesn't need to be an especially sophisticated attack if the government's doing it. Most uses of SSL just check that the other side has a properly signed certificate by a trusted authority. No doubt the government can generate trusted certificates at any time.

Re:

[Hyppy]

Well, I know that in order to verify most U.S. DoD SSL certificates you must install the U.S. DoD root certificates locally. Example. [army.mil]

Re:

[pclminion]

And how do you acquire these certificates in a secure manner? How do you know the cert you've installed is the real DoD cert? Is it delivered to you in person on a USB key by armed guards?

Re:

[Hyppy]

What does that have to do with someone listening in on a SSL conversation with a third party?

Re:

[pclminion]

Because the only way you can avoid a MITM attack is to know that the other side's certificate is genuine. The entire point of the certificate is to prevent a MITM attack. How's it work? Simplified, you have the cert of the party you are trying to communicate with, and they in turn have yours. You generate a piece of random data and sign it with your private key, then send this to the other side. They decrypt with your public key and verify that you are who you say you are. Then they re-encrypt the data with

Re:

[Braino420]

I bet the DoD cert is delivered on a secure medium, in a a locked briefcase, chained to the wrist of a scary looking fellow wearing black shades.

You're confused because you think that it is still secrecy that protects the cert. The reason you can trust the CA's root certificate is because the CA's public key is PUBLIC. Anyone can read the cert using the CA's public key, which will decrypt the cert and then you're left with the DoD's public key and their identity (which was supposed to be verified by the C

Re:

[Braino420]

How do you know the Firefox download repository hasn't been hacked, and evil certificates inserted?

I don't, I compile everything from source and build my own compilers in hardware so I know there is no backdoor. I don't get out alot.

Re:

[Hektor_Troy]

Well, in the end, you're just sending bits back and forth. If you know that one of the ends of the communication is a person/entity of interest, you just have to copy the communication. Since the bits are running past your equipment, I don't see why you couldn't copy it now, decrypt it later.

Copying it doesn't really require you to be the man in the middle, and it's not like a "please don't copy"-flag would be respected anyway.

Re:

[pipatron]

How would you decrypt it?

Re:

[Hyppy]

So, you have a whole lot of ciphertext. Now what?

Re:Sweden's just being honest about it

[k1e0x]

I've done MitM on SSL as a demonstration before. It would be reasonably hard to do in the real world even by an ISP. It involves generating a cert on the fly and passing it to the client.. today's browsers will warn on that.

I'd be more worried about a super hardware AES cracker that the NSA isn't telling us about.

Re:Sweden's just being honest about it

[mrcaseyj]

>The NSA can probably get VeriSign to sign anything they want.

Maybe they can. Or they could just start their own Certificate Authority and get themselves onto the list of trusted authorities that comes installed with browsers or mail software.

But either way they might be reluctant to do the MITM like that because the bogus certificate with the genuine signature could be recorded by the targets and released to the public, causing great embarrassment to the certificate authority and much degradation to the trust of the certificate system.

Why can't it be simple.

[k1e0x]

I use s/mime and gpg. I have for years.. but I believe this is too much of a hassle for people who can't even figure out Yahoo Mail or tell the difference between Internet Explorer and Firefox.

Some time ago I suggested someone write a thunderbird extension that was a "one click" encryption setup. On clicking "encrypt" it would create a gpg key > send the pub key to a key server > and if it does not have someone elses key it can suggest thunderbird and itself to that person.

I know this is not a good way to do this, but I can't see people using pgp/gpg it any other way.

Re:

[cinnamon colbert]

agree that current pgp programs way to techie and hard to use. I finally got a program from MIT or someplace to run, but it was a real pain (for /.nerds: one click installation program, and a button that says encrypt email, anything more is to complicated)
on top of pgp, how about an email track me not - you can program thunderbird or firefox, to work with your friends family etc, to create dozens of fake temporary email accounts and just send out stuff all day long..

Re:

[Anonymous Coward]

Here's a simple solution : OVERTURN THE STINKIN LAW. Law isn't written in stone. That's the whole point of having a legislature. Get a referendum together and have the thing repealed. It won't stop the eavesdropping - nothing will - but it will make it illegal to use said information.

Re:

[k1e0x]

And how many tyrannical laws are overturned?

I'm still waiting on the Patriot act.. it breaks what the 1st, 4th, 5th, 6th, and 8th amendments to the constitution and its law.

Re:

[grumbel]

but I believe this is too much of a hassle for people who can't even figure out Yahoo Mail or tell the difference between Internet Explorer and Firefox.

Its not only to much hassle, it also doesn't really provide half as much security as one would expect. The header gets send completly unencrypted, so To, From, CC and stuff are easy to read, Subject sometimes to. And for a government it can often be enough to know your peers, the exact content isn't that important and if it is it can be retrieved by more drastic measures (keylocker, etc.). There is of course another issue in that when you sign your emails you lose deniability, so one should better not do t

Re:

[Z34107]

My question has always been what is to stop the government (or anyone else for that matter) from going to the public key server and getting your key to decrypt your email?

Because the public key can only encrypt e-mail.

I suggest a Google of "private public key encryption" because my knowledge is fuzzy at best. But, reverse-engineering the private key (the one that can decrypt) from the public one requires factoring big numbers. On a typical machine, this takes until the sun burns out. On an atypical

Re:Why can't it be simple.

[ahugenerd]

You have it backwards. Your public key is used to encrypt messages that are being sent TO you, which you can then only decrypt with your master key. The idea is that you (Alice) would send your message encrypted with Bob's public key to Bob. Since only Bob has his own master key (since it doesn't get posted to the server), then only Bob can decrypt it. Bob would then reply to you by encrypting his message with your public key. And so on.

Re:Why can't it be simple.

[Godji]

The public key server only holds your public key - the one that was meant for anyone to see. Your private key, which is the only one that can be used to decrypt messages addressed to you, stays with you. Nobody other than the parties involved in the communication ever holds one or the other's private keys.

The "public" in "public key server" means BOTH that the key server is public AND that it is a server for public keys. The most anal-retentive name for it would be a "public public key server".

See http://en.wikipedia.org/wiki/Public-key_cryptography [wikipedia.org] for all the details.

Re:

[Godji]

I forgot: While in symmetric cryptography your problem would be "how do I get my key to the other guy securely", with public key cryptography the question becomes "how do I prove to the guy who sends me stuff that my public key is really MY public key as opposed to someone else's, where said someone pretends to be me". This is where the certificate exchange stuff comes in.

Re:

[k1e0x]

Well.. yeah, you have a point. but at least they can't data mine this way unless they control the key server itself all the time.

When your dealing with an entity like government .. it's pretty difficult to stop them from doing something. I mean.. they could just make encryption itself illegal if they wanted.

It is our duty to stop them from doing that.. You have a right to privacy, you have a right to not show someone the inside of your house, the inside of your gym locker, the inside of your bank account, o

Re:

[Neoncow]

While I respect the spirit of the post, The first part is not informative. There's a reason key servers are called public key servers. When you upload your key to the server, you only upload the public half of the key. By definition, this part is meant to be distributed and does not compromise the security of your key-pair.

Re:

[k1e0x]

Your right. My mistake. (my excuse is I just didn't use my brain.. more concerned on the government angle and the legal angle than the technical angle.. I know how this stuff works..)

Re:

[Kozar_The_Malignant]

My question has always been what is to stop the government (or anyone else for that matter) from going to the public key server and getting your key to decrypt your email?

Two reasons:

1. You can't decrypt anything with any public key. You only use it to encrypt email to the key owner.
2. Possession of the public key provides absolutely no clue to the private key.

For a brief explanation of why, read this [wikipedia.org].

Re:

[Simon (S2)]

Your public key is public, and there is no problemwith that. Nobody can decrypt your email with your public key. You encrypt a mail with the public key of the person you send it to, and the receiver decrypts the mail with his private key. So only the private key has to be secret. That's why it's called private and public key pair.
Ex.:
Person A has a public key (PubKA), and a private key (PrivKA) and wants to send an email to Person B, who has PubKB and PrivKB. Public keys are public, so person A and person B

Re:

[Zironic]

http://en.wikipedia.org/wiki/Public-key_cryptography [wikipedia.org]

No need to keep your public key secure it it takes a few milenia to decrypt with it.

Re:

[k1e0x]

Maybe it should be included in Thunderbird Core then. On the creation of a new account in Thunderbird it could prompt the user to create a gpg key, and publish to mozilla's own keyserver.

Org-wide encryption

[gnick]

Are there any transparent schemes for email encryption which could be installed for the organization as a whole?

Entrust [entrust.com] works pretty well. I know of a couple of medium sized organizations (~14,000 employees) that use it. One ties it in to Eudora and the other, I believe, ties it into Outlook. Of course, if you want to exchange e-mail with customers, you'll have to make sure they have compatible software and keys (as with any encryption scheme.)

Re:

[khendron]

Of course, if you want to exchange e-mail with customers, you'll have to make sure they have compatible software and keys (as with any encryption scheme.)

Entrust also has a product called Entelligence Messaging Server [entrust.com] which can act as an encryption gateway between your company and your customers. It allows your company's employees to communicate securely with people outside the company, without having to deal with key exchanges and all that mess.

Too complex

[croftj]

It's too complex for most. If it were as simple as me putting code on my machine and sending encrypted emails to my family and friends I would do it. Sadly, I have to step them ALL though putting GPG or PGP onto their machines, creating a pair of keys then sending my and all of their friends their public key. Want to place bets how many of them would send their private key themselves?

      If MS would simplify it and make all of this just happen. I bet that there would be a big gaping hole for the gov't to make use of. Not to mention the security holes that would go along with it as well.

Re:

[mpapet]

It's too complex for most.
No. They don't have an urgent need. They'd do it if there was an urgent reason for it.

sending my and all of their friends their public key
That's what a key server is for. http://packages.debian.org/etch/onak [debian.org]

If MS would simplify it...
Show me the business case for a company the size of MS to get involved in this. There isn't one. RSA was as big as they got and they weren't strong enough to stay out on their own.

Nevermind the fact that it is simple!!! Compared to all of the time a

Why not make the government's job easier

[bigtrike]

And CC all of your email to the everyone in charge of this agency. Any good patriot should do this, just be sure the nation is secure even if the email monitoring system goes down.

Seamless, no. Pretty darn close, yes.

[querist]

There is no "seamless" encryption method that will give you enough protection. Sorry.

However, there are plenty of options if you're willing to do just a little work.

Install GPG or PGP. I use GPG because I can give it away legally to my friends who are less technically saavy and it works on Linux, OS X, and Windows.

Enigmail will integrate nicely into Mozilla's emailer and automate nearly everything once you have the person's public key. It will even notice who your recipient is and automatically pick the correct key.

There is something similar for the OS X Mail application (and I have it installed) but I don't remember the name of the application. It's not as bright as Enigmail and won't figure out who the recepient is automatically and pick the correct key.

FireGPG is a plug-in for FireFox (and it works for "Mozilla" because the web browser _is_ FireFox) that will allow you to use GPG with GMail.

I have an email account in which _all_ of the traffic is encrypted because I use these tools. I never send anything unencrypted on that account.

It's not seamless, but it's not that hard and it is not very intrusive.

I do not know if I should pity you because of your government reading your emails or if I should at least feel happy for you that they are honest enough to admit it (supposedly) before starting. Either way, I doubt things are any better here in the USA.

I find it amusing that the CAPTCHA is "incided", as in this new law inciting a riot.

Re:

[molo]

About FireGPG, you should be careful when using it with gmail. Unless you are using the HTML-only version, when using their javascript-enabled message composition window a draft of the message gets saved to the gmail server. So now you have your plaintext being sent to gmail. It is only after you write your plaintext that the message is then encrypted for transmission.

-molo

Well as Phil Z. has said..

[X86BSD]

The reason PGP, and GPG as well, fail is because PKI is just too difficult to setup and maintain. I'm sure some nerd who lives in his mom's basement is going to contest this but the fact remains it's too difficult to do in most corporations let alone end users. Making a key, remembering the password, managing keys, revoking keys, it's all just a total pain in the ass. If you truly want secure email for the masses it has to be transparent. This is just a given. People are not going to do PKI. This is the main reason we don't have mass adoption of PGP encrypted email.

The second reason and it's to a lesser extent but still a strong motivator IMO for the lack of secure options for communication are that corporations and governments don't WANT secure applications being adopted. How else can the government spy on you or corporations steal secrets from each other if things are encrypted. This isn't paranoid fantasy land I live in. I don't think any intelligent person today doesn't know especially over the last 8 years that the governments are doing everything they can to spy on you, record you, monitor you and track you. Wether its the TSA, DHS, warrant-less wiretapping whatever we are living in a 1984'esqe society. Seamless and mass adoption of strong encryption and anonymity by the masses would *seriously* curtail their ability to spy on you and find dissidents and evil doers who read catcher in the rye. So IMO these are the two strongest compelling reasons we don't have encryption for the masses yet. Phil's ZFone project is a good step in the right direction though.

Re:

[SanityInAnarchy]

The reason PGP, and GPG as well, fail is because PKI is just too difficult to setup and maintain.

That's why no one uses SSL. [wikipedia.org]

it's too difficult to do in most corporations

Most corporations aren't smart enough to use S/MIME.

If you truly want secure email for the masses it has to be transparent.

If it was transparent, it wouldn't be truly secure.

Still, I'd argue that we should go for PGP/GPG. It's a lot simpler than a lot of other things people do on a daily basis -- driving a car, for instance. Certainly much simpler than a lot of things which are taught in school.

corporations and governments don't WANT secure applications being adopted.

Hope that tinfoil hat is comfortable... (And you accuse me of living in my mom's basement?)

How else can the government spy on you or corporations steal secrets from each other if things are encrypted.

The government, I can see, but it's not as though they can re

Re:

[Sloppy]

SSL/X.509 is just a degenerate form of the same scheme PGP uses. If people can handle SSL, they can handle PGP. A PGP-based scheme can be made to look the same to the users.

Unfortunately, if it's really transparent (whether we're talking about X.509 or PGP), then it probably has at least a slight weakness (i.e. it never really gets authenticated).

PGP/GPG

[wilsoniya]

More people need to use these. Operating without a centralized Certificate Authority, GPG really depends on there being sufficient users to establish a web of trust.

I think people (in the US at least) either don't understand the simplicity of sniffing cleartext, or don't think they care. The aggravating part is that GPG can be really easy to use. Apps like Seahorse [gnome.org] make key and keyring management trivial. There's a great Thunderbird plugin [mozdev.org] that makes signing and/or encrypting your mail no harder than it was before. (Yes, I know not everyone uses Linux and Thunderbird, but I trust GPG tools exist for other OSs/email clients)

Given a safe and ubiquitous encryption scheme, I can't think any reasons for sending text/data in the clear. Now all we need is a ubiquitous encryption scheme.

Re:

[SanityInAnarchy]

I think people (in the US at least) either don't understand the simplicity of sniffing cleartext, or don't think they care.

Hmm. I propose we start sniffing emails everywhere we can, and put the results up on Wikileaks for the world to see. Then we'll know who really cares.

Why is use limited?

[nurb432]

Because most average people don't understand what is going on and still have that 'i'm not doing anything wrong' mentality.

And the few that do, dont understand how to mitigate it.

That 2nd is a problem for us techies too, as one way encryption is pretty worthless for communication.

Re:

[John Hasler]

> Because most average people don't understand what is going on and still have that 'i'm
> not doing anything wrong' mentality.

I don't approve of government snooping (I don't approve of government at all) but the fact is, they are right. The fact is that for most people (including most of us) there is nothing in any of their email such that having it read by any agency of any government would affect their lives in any way.

A real danger, though, is that the governments will get sucked in to some sort o

My largest privacy concern?

[multisync]

The fact that the majority of people will happily give up all manner of private information in exchange for a few pennies off the price of a carton of milk. If the threat of identity theft doesn't make people more conscious of their privacy, I doubt the threat of their government reading their email will.

SSL Proxy

[markybob]

You need to use a proxy that encrypts all traffic to and from you and it. Try dipconsultants.com ...I use it and it's very fast.

Tumbleweed

[PIPBoy3000]

What can an organization do, centrally, to lift the burden of encryption from the users? Are there any transparent schemes for email encryption which could be installed for the organization as a whole?

I work for a large healthcare organization and we use a product called Tumbleweed. It's not especially magical. If an outgoing e-mail is marked as encrypted (or keywords appear in the e-mail), the recipient gets a link to a secure web portal where they can log in and get that e-mail. It works fairly well, satisfying HIPPA requirements that otherwise prevented us from sending confidential e-mails to outside physician groups.

these kinds of stories are philosphically naive

[circletimessquare]

it is not that you don't deserve privacy, it is that privacy is philosophically impossible on a wide open network. such that giving up on the notion of privacy on the internet isn't cynical and defeatist, it is merely being realistic. in fact, fighting for privacy on the internet is not heroic and idealistic, it is simply gullible and naive and ignorant of the subject matter

if you take a large, open, sprawling network, there is no law or safeguard that can protect you from eavesdropping. forget the governme

Re:

[OldFish]

Nonsense. Eavesdropping on an encrypted conversation where the encryption is managed by the two endpoints gives you nothing but the identities of the communicators, and if they have taken steps to conceal their identities an eavesdropper doesn't even get that information. This secure communication exists peacefully alongside your "vast open network". You clearly invested a fair bit of time writing your post. Why? What part of communication security technology do you not understand?

say a govt identifies someone of interest

[circletimessquare]

all they need to do is map his circle of friends, like you said, without even knowing what was said, just by finding the identity of two people in a conversation. thats good enough for them in most espionage work, because then they just focus on other communication channels to find something unencrypted and damaging

in other words, even if your communication was immune from being cracked by the world's finest supercomputers, you essentially have no protection from their eyes on an open network. you simply ha

right

[circletimessquare]

anything that passes onto an open network

which is my whole point

(rolls eyes)

Okay

[Auckerman]

The solution is to migrate TCP/IP to a public key system. The entire protocol.

encryption is irrelevant

[TheGratefulNet]

I'll go out on a limb and predict that in 5 yrs or less time, encryption will be a 'self admission of guilt' to ALL governments.

I really hope I'm wrong. but the trend is there if you just look.

we already have people saying 'if you are not a terrorist, you should have nothing to hide'. this is just a half step away from saying 'if you DO use encryption, you MUST be hiding something that we should see'.

mark my words.

you may think that you are out-smarting the governments but they have the money, the guns and all the power. and they're NOT about to give this bit of power (over the people) up.

if you encrypt a laptop and pass thru customs, you are FORCED to reveal your password or at the least, 'open' the disk for them to view the contents of. so tell me, how did encryption help here?

don't give me that crap about truecrypt, either. how long will it take before their border people know how to detect this? ....so depressing ;(

Re:encryption is irrelevant

[Skal Tura]

As for passing customs, add in the hidden volume provided by truecrypt. I bet most would eat answer "there is none" ;)

on the "public" portion, have semi-private personal pics, ie. your gf about naked, some sex stories from web and change them like they would be your experiences, love letters same thing, and other personalish data like that.

That "GF" doesn't be even YOUR gf, just grab some package of amateur pics of some website X)

Social engineering!

2nd solution: Public torrent based encrypted "backup" service, goes through the borders easily. Could be somekind of torrent & truecrypt mashup.

Could work if say you want to "backup" 5 gigs, you got to host atleast 10gigs. Gigantic waste of HDD space, Gigantic waste of bandwidth, no live usage, but have good key, and you are golden :)

In theory could work, anyone attempting something like this?

Re:

[TheGratefulNet]

I'm not sure I follow you. explain again how putting nude or semi-nude photos on a public volume accomplishes anything.

if anything, I'd put BORING text docs on my public volume. certainly NOTHING to trigger the urge to want to look further! staying below the radar is the way to go, I think.

but my point is that even if right NOW, customs doesn't know about TC, they soon will. they're dumb but their bosses aren't ;(

now, suppose they get smart and detect (again, later on via some toolkit that they simply r

Re:

[uffe_nordholm]

There is an effective, although controversial, way to combat the "if you are not a terrorist then you have nothing to hide" idea. Ask whoever proposes it if they would mind you mounting a webcam in their bedroom. The idea is that unless they are sexual perverts (or paedophiles) they have nothing to hide, and will then,by their own logic, have nothing to hide. If they have nothing to hide, why should they then object to having a webcam in their bedroom?

I realise this is a very crude way of combating somet

Re:

[kellyb9]

I usually don't care to be argumentative... but thats dumbest thing I've ever heard. Encrypting a message isn't an admission of guilt at all. it just means you don't want anyone to read it. Key word: anyone. It's the same reason you use SSH to connect to a server instead of telnet - plain text messages with password information, credit card statements, etc are not secure without some level of encryption. I apologize for my rude introduction to this post, but I'm just getting so sick of people getting modded

Not Obvious?

[mh1997]

'What can I do to improve my privacy?' The answer is not obvious.

The obvious answer is to overthrow the government. Since that is not a practical or a desireable solution then the next obvious answer is do not send anything private via email.

Sadly, not enough people care about the loss of privacy rights to change this. Look at all the people that say "I don't care, I have nothing to hide."

The fact is the Facebook generation doesn't care

[wolfdvh]

Users of MySpace/Facebook etc. have clearly demonstrated by their actions that they don't care at all about their privacy. They routinely post loads of information about themselves that advertisers, marketers, and other intelligence agencies could not get easily, and probably could not get at all.

Some even think it a virtue to live an 'open life' and not do anything they would not mind seeing in public.

Since they are the future, it is no wonder that software vendors have little incentive to invest money

Re:The fact is the Facebook generation doesn't car

[Dunbal]

Users of MySpace/Facebook etc. have clearly demonstrated by their actions that they don't care at all about their privacy.

Patients have clearly demonstrated by their actions that they don't care at all about their privacy. After all they keep getting sick all the time, and visiting hospitals containing busy emergency rooms full of all kinds of undesirables - and that's just the staff!....

I think the key word, as always, is CHOICE. Do you really propose that socie

Sue the buggers!

[ayjay29]

The Pirate Bay seems to have the right idea [thelocal.se]. Take the governemt to court, start legal procedings.

If this is anything like the other PirateBay cases i can't wait to see the legal corrispondance [thepiratebay.org].

Off the record messaging

[Neoncow]

http://en.wikipedia.org/wiki/Off-the-Record_Messaging [wikipedia.org]

There are plug-ins available for it. OTR has some nice properties including the fact that messages are encrypted, but still deniable. What this means is an eavesdropper cannot read what you write, but at some later time an attacker with an unencrypted copy of the conversation cannot prove that you wrote it.

The goal of the project is to provide a level of security similar to meeting in a private place an d talking. Privacy without a paper trail.

http://www.cypherpunks.ca/otr/ [cypherpunks.ca]

Webmail

[Sloppy]

In this day and age, why is the use of this type of privacy technologies still so limited?

Aside from the usual reason of apathy, we have a (relatively) new, technical problem with securing email: a lot of people are using webmail.

That development was a technological step backwards: moving from specialized client software (mail reader) that understands what it is working on, to a generic tool (web browser). It's hard for a web browser to be able to understand that this piece of an web page is a PGP block, and this part is just UI, and that's assuming that it even has the whole message to work with (i.e. the web server actually sends all the PGP/MIME attachments, instead of presenting a nice webby interface that presents the message parts separately).

I have heard of a Firefox extension (damn, I can't remember the name) that can encrypt and decrypt pieces of web pages or textareas, but that sort of thing is always going to be hacky and cumbersome compared to a real mailreader, so I think that puts us at a disadvantage, compared to the situation ten years ago.

Discourage webmail. Webmail is creating a network effect that is a barrier to securing email.

Part 1 easy

[Skal Tura]

Live in sweden: secure VPN out of sweden first :)

Easy thing to do, really no companies however offer this service

Does encryption really help?

[ryanisflyboy]

When the state wants to read your e-mail, you have these choices: 'oops, it was accidentally deleted, our bad', let them read it, go to jail. If you try to 'cheat' the system by encrypting your mail, then they can simply pass a law that enforces you handing over the password. If you resist, you get X years in jail automatically even if you are innocent of the original offence. Clearly, only the guilty have secrets to hide. Or so will be the slogan the politicians will use to pacify any large resistance.

When

This Stuff Has Been Around For Years

[mpapet]

and it takes some legislation that some people don't like to raise awareness?

I've used PGP encrypted attachments for years. Works great.

SMTP over TLS is a good start. TLS is supposed to replace ssl, but who knows when that will happen. If you want to get mad-tricky, there's stunnel.

VOIP over TLS is another good start. It's not widely implemented, but widely available.

Chat can also be handled over TLS. Either through a VOIP softphone which is widely available or possibly XMPP.

If I offered TLS services f

Proxied search

[xrayspx]

There are search proxies [scroogle.org] to google which would guard your search traffic. Unfortunately that means you have to trust Scroogle on top of everything else, and of course, if you click on any of the results, you'll go to the target page in the clear.

Why does Google not want to provide an SSL search page? It could only be a benefit to their users.

I also have no idea why more people don't use GPG/PGP. Ease of use has come a long way, at least in Thunderbird. I find the Outlook and Mail.app plugins that

Because...

[jwiegley]

why is the use of this type of privacy technologies still so limited?

Several reasons:

Education. Most people that use email don't know what RSA, GPG or PGP is. Let alone the dozens of possible other ciphers available. These people also blissfully wandering around thinking their government is an effective, benevolent provider that keeps them safe so they don't even need encryption or privacy laws. (see: Nanny State). (Instead of the wasteful, corrupt, abusive, ignorant farce that it is.) Polls show that less than 1/4 of Americans know that there is no right to privacy (constitutionaly. The fourth amendment does not provide a right TO privacy; it only provides a right FROM search and seizure under certain conditions.) The rest of them think they have some such right and the government is upholding it, they don't need to encrypt their stuff. Besides [encryption is only for people breaking the law; if you aren't then you have nothing to hide.] lemma: People will not use something if they don't know they have a need for it or if it exists.

Ease of use. Have you ever tried to figured out how to be your own SSL Certificate Authority? or what that even means? I mean Christ, the openssl tool couldn't be any more complicated. Very few people can figure out and feel comfortable with creating, signing and maintaining keys and certificates correctly. Lemma: People will not use something that is confusing.

Guidance. Ever have a certificate/key fail to authenticate? Was the error/info helpful to somebody who doesn't understand the implementation details? No. When your VPN fails to connect or your message fails to decrypt is when I've seen some of the worst feedback presented to a user ever. We need to start practicing an intelligent feedback, one that diagnosis the problem and tells the user specifically what must be changed to solve the problem, not what the problem was. Tell people solutions, they already know a problem exists. Lemma: People will not use something that they cannot correct malfunctions with.

Standardization. PGP is not GPG. Not all mail agents support the same set of encryption capabilities. When sending a message you cannot be sure the recipient can read it no matter what you choose. As the receiver you are going to receive items that are incompatible with you. The result is pressure on ALL users not to use any encryption so that everybody is known to be using the same standard. Lemma: People will not use something [that interacts with all others] unless everybody else is using it.

Transparency. Install this, configure that, click this button, enter your password... People do not want to put this much effort into reading a piece of mail. I'm a security nut and I still hate typing my passwords the fifty times a day that I do. We need to make systems that are as transparent as possible. The user either has to never know they're using it, or they have to be expected to configure it only once and then never have to worry about it. Lemma: People will not use something that annoys them, especially repeatedly.

Too many choices. Which cipher do you want? Do you know why? Would you like RSA or DSA? How many bits? Would you like that in binary or ASCII armor? This detracts from a user's ability to be comfortable with a choice and as such they won't make one. Lemma: People will not use something if they aren't comfortable picking it.

Distribution. For PGP/GPG you need to distribute keys effectively (and transparently). This has not been solved adequately. Lemma: People will not use something that isn't available.

Economy. People do not want to pay for keys and certificates. While Verisign and others provide trusted stores where keys could be distributed the finance changes they enact are prohibitive for normal people. Yes, I know there exists free ones. But they aren't included in the root certificate databases of applications. You can add them but as I said earlier: you just crossed the line of ease of use that a user isn't going to cross

From a Terrorist perspective.

[Anachragnome]

The "cat is out of the bag" as far as government electronic snooping is concerned.

Look at how "low-tech" the 9/11 attack was. Fake IDs and boxcutters.

Does anyone really believe that Terrorists are still using email and cellphones(other then bomb triggers)?

My guess is they have gone back to face-to-face MeatMeetings and good old SnailMail(with re-posting networks) in conjunction with simple codewords.

That being said, I seriously doubt all this Security "Theater" is aimed at Terrorists, if, indeed, it is more then theater. My guess is that it is all to head off the "revolution" by average citizens when they snap out of complacency.

Re:Someone please remind me...

[Anonymous Coward]

Because no matter what country you live in some of your Internet traffic is likely to pass through Sweden. They snoop and tell your government about your stash of __________ (insert your own illegal/grey market goods etc. here). Wala - your government has "proof" you are engaged in illegal activity and busts down your door. Moreover, you apparently haven't been watching the news regarding the change in behavior people exhibit when they know/think they are being watched.

Re:Someone please remind me...

[sm62704]

They snoop and tell your government about your stash of _blackjack-playing, postmoking hookers_ (I'm in the US). Wala - your government has "proof" you are engaged in illegal activity and busts down your door.

Although I agree with your comment, just putting in an email, slashdot comment, or even one of my journals can't get the FBI and DEA and whatever anti-prostitution agency to break down my door. Otherwise it seems they already would have, as although I'm no gambler, my slashdot journals often feature potsmoking and hookers. Maybe I should add some blackjack.

However, adultery is NOT against the law. Do you want your wife to find the email you sent to your girlfriend because Sweden seems to be as anti-freedom as America?

(OT but related; why is it legal for me to fuck my congressman's wife, but illegal for me to pay her for it?)

Re:Someone please remind me...

[Mr2001]

I believe you may already know but, because if you pay for it: then pimps step in and abuse girls to do it.

That's a result of prostitution being illegal, not a cause. When an industry is legal, workers can freely move from one employer to another, and disputes can be resolved with words in open court instead of a gold-tipped cane in a dark alley.

Re:

[SBacks]

I'm an uncultured idiot, you insensitive clod!

Re:

[sm62704]

Wala? It's "voila" you uncultured idiot

It is? [dsokids.com] Wow, learn something new every day. Am I cultured now, or do I need more yeast?

Re:Someone please remind me...

[AltGrendel]

Ummm.....

Linus is from Finland,/a>. [wikipedia.org]

Re:Someone please remind me...

[Kozar_The_Malignant]

Linus is from Finland,/a>. [wikipedia.org]

True, but from the Swedish speaking minority of Finns.

Re:

[computational super]

Only on slashdot would a positive reference to Linus Torvalds be moderated tr- um, no, wait a minute... um, wait, where am I?

Re:Terrorists use encryption!

[JSBiff]

You make a fundamental assumption that there are no stupid criminals or stupid terrorists. Yes, *some* terrorists and criminals are smart enough to encrypt their emails. But I'm sure there really are people out there stupid enough to talk about their criminal plans/exploits in plaintext email, or plaintext IMs, because they are just stupid. The Swedish government, will, no doubt catch some of those stupid criminals through such spying on email, then point to those cases whenever they talk to the media/public about why this is a 'good thing'.

      As with any invasive authoritarian law, the government can always present anecdotal examples of it 'working', and so 'justify' the law, despite the fact that it's fundamentally a bad law, and probably not necessary.

Mod parent up. You are SO right.

[querist]

You are quite correct. It's scary, but you're right. The thing that is frightening is not the fact that there are stupid criminals, like my favourite example of the night-time purse snatcher with the light-up trainers, but that these stupid criminals who are not bright enough to use encryption will be used as "proof" that this new invasive law "works".

I am quite confident that this _will_ be abused. There is an established history of laws like this being abused, such as that anti-terrorist law that was used

Re:Here is what you do

[querist]

It is an unhappy prime [wikipedia.org].

Re:Here is what you do

[Anonymous Coward]

17 is a cussword in Swedish. Incidentally, so is 1000. It's true, ask anyone from Sweden. In Sweden, 17 is also the most random number. If you need to make up statistics, it's traditional to use 17. Much like if you need a name for a method when discussing programming, you use "foo". I've seen university level math exams where every answer was 17. The professor had a wonderful sense of humor.

Re:

[winphreak]

A very good point, and so I looked it up on the Relakks website.

"RELAKKS Safe Surf enjoys the strongest legal protection possible under Swedish Law because of the service type (pre-paid flat-rate service). This means that RELAKKS do not have to keep an ordinary customer database (to be able handle transactions etc.). This is of importance if forced to hand over information.

If Swedish authorities can prove beyond reasonable doubt that they have a case for demanding subscription information from RELAKKS (they