[liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain

Sheila Parks sheilaruthparks at comcast.net
Wed Jun 12 03:15:30 PDT 2013 

Why not use "her" instead of "his"?

Using "his" in 2013 is, indeed,  misogyny

Sheila

At 04:05 AM 6/12/2013, you wrote:
>Let's first have context -- at this time I am a 30 year old 
>journalist. But (to establish my geek bona fides) shortly after I 
>could legally drive, but long before I could vote, I went through 
>the process of becoming a registered Debian Linux developer.
>
>Then, as is the case now, to achieve that status, one needs to have 
>their GnuPG key (back then PGP) signed by a fellow developer who has 
>verified their identity.
>
>While I had undergone the process with my PGP key back when I was a 
>high school student, by the time Debian made the switch to GPG (as I 
>recall for ideological reasons surrounding PGP's license) I was at 
>university with far less free time, and learning crypto software or 
>getting your keys exchanged and signed wasn't easy. And so I never 
>made the time to learn the new software until recent events led me 
>to revisit my options.
>
>I haven't been a regular Linux user since 2001 (switched to Apple) 
>but I've tried available tools for Linux and what's out there for 
>Mac OS, even trying to compile some F/OSS solutions from scratch on 
>Mac OS. And to be honest, despite all the innovations in user 
>interface over the past 12 years, the situation doesn't look to have 
>changed much since 2001.
>
>Now, I realize that for someone whose very life might depend on 
>strong encryption that works, their incentive to learn even the most 
>arcane and user-unfriendly software could be high enough to overcome 
>any resistance due to either inertia, poor design, or any other 
>conceivable reason why Joe Public wouldn't make everyday use of the stuff.
>
>These days I'm a journalist, and while my work has rarely taken me 
>into places or subjects where encryption is needed, recent events 
>have inspired me to venture back into the available tools to see if 
>I could make using email with strong cryptography easy enough that I 
>could suggest it to regular sources for everyday use.
>
>It still sucks. What exists is godawful at worse and cumbersome at best.
>
>For a cryptosystem to really, and I mean really become widespread 
>enough to make an impact, it needs to be designed and implemented in 
>such a way that a given user who wants to add that level of security 
>to his** email need only install at the very least some manner of 
>plugin to an existing client, or at most switch to an easy to use 
>replacement which has that functionality built in seamlessly. Key 
>exchange would have to be as easy as forming connections on a social 
>network. Heck, a crypto-social network might be the best way to 
>jump-start such a thing.
>
>But let's be honest here -- I think we all are aware on some level 
>or another that even if one was able to develop and deploy the 
>easiest software imaginable (say, Apple's "iCrypt" that they'd 
>allowed to be vetted, even made key parts open source)  and the most 
>robust algorithms known to man, it's not enough that it be easy to 
>use -- it has to become widely adopted, at least among enough of the 
>population that assuming easy key exchange, it would become a 
>non-event for someone to send or receive an encrypted message. It 
>would have to definitely be widespread enough that, if we also 
>assume pervasive surveillance -- at least on a passive "filtering" 
>level of some kind -- that to see cyphertext being transmitted back 
>and forth would be common enough that it wouldn't raise alarms or 
>attract attention of any sort.
>
>Let's get real -- assuming surveillance is the new normal, isn't it 
>more likely that cyphertext in the datastream is -- at least as of 
>this day and time -- more likely to attract attention from 
>authorities than say, quality steganography or something like a 
>carefully designed and well executed book code?
>
>Maybe the idea of pervasive surveillance and any resulting 
>discomfort will raise interest in easy encryption among the general 
>public, but given the state of the current crypto toolbox, I doubt it.
>
>Andrew
>
>**for those who are PC-inclined, please note I use "his" alone not 
>out of misogyny but for brevity and clarity.
>
>
>On Jun 11, 2013, at 9:56 PM, Kate Krauss 
><<mailto:katie at critpath.org>katie at critpath.org> wrote:
>
>>It's really easy to use these tools if you already know how to do it.
>>
>>Otherwise they are often complicated and unintuitive. For some of 
>>us, they represent an academic field or a fascinating hobby. For 
>>others, they are the keys to survival.  Hubris--and not really 
>>caring whether they work or not for non-geeks--is an obstacle to security.
>>
>>Most activists and journalists don't care how interesting these 
>>tools are, as long as they can get them to work. If they were as 
>>simple and stupid as AOL circa 2000, that would be great.
>>
>>This is the beauty of cryptoparties--people can sit next to you and 
>>talk you through it. Thanks, Asher Wolf. That is often all it 
>>takes. Otherwise, tiny glitches or misunderstandings can put them out of reach.
>>
>>A security workshop my group organized a couple years ago included 
>>lots of geeks ANDS lots of on-the-ground activists (of many 
>>stripes, including technophobes) who were teaching each other with 
>>the help of two excellent, feminist lead teachers who are good 
>>listeners. That also worked well and permanently evangelized 
>>everyone about the importance of activism around this issue.
>>
>>Yet this is also a capacity problem. There is the equivalent of a 
>>fleet of bicycles building online safety tools. And well-paid 
>>armies of spies trying to defeat them.
>>
>>One way to judge the effectiveness of cryptographically (?) sound 
>>tools is not by how cool they are in theory but by how many regular 
>>people can figure out how to use them the first time, without help. 
>>We can test this and rate the tools.
>>
>>Another obvious answer for increasing these tools' legibility is to 
>>convene test groups--perhaps this is already happening?-- of 
>>regular people and non-geek activists to try them out. And watch 
>>those people in action--see what keys they press, see where they 
>>pause. And then iterate. Startups do it, and so can we.
>>
>>There can be no security if the tools don't scale.
>>
>>Katie Krauss
>>AIDS Policy Project
>><http://www.aidspolicyproject.org/>www.AIDSPolicyProject.org
>>
>>
>>On Tue, Jun 11, 2013 at 7:54 PM, Nadim Kobeissi 
>><<mailto:nadim at nadim.cc>nadim at nadim.cc> wrote:
>>This story really solidifies why I believe that we need to make 
>>privacy technologies accessible to journalists, instead of simply 
>>focusing on the other way around.
>>
>>Glenn Greenwald had to substantially delay his communications with 
>>Edward Snowden due to how inaccessible a lot of privacy and 
>>encryption software is to use.
>>
>>Our main and primary goal at Cryptocat has been to focus on making 
>>encrypted communications accessible, easier to use and fun and 
>>attractive. We've always believed that accessibility is a security 
>>feature, and this idea is at the core of our project.
>>
>><http://arstechnica.com/security/2013/06/guardian-reporter-delayed-e-mailing-nsa-source-because-crypto-is-a-pain/>http://arstechnica.com/security/2013/06/guardian-reporter-delayed-e-mailing-nsa-source-because-crypto-is-a-pain/
>>
>>NK
>>--
>>Too many emails? Unsubscribe, change to digest, or change password 
>>by emailing moderator at 
>><mailto:companys at stanford.edu>companys at stanford.edu or changing 
>>your settings at 
>><https://mailman.stanford.edu/mailman/listinfo/liberationtech>https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>>
>>--
>>Too many emails? Unsubscribe, change to digest, or change password 
>>by emailing moderator at 
>><mailto:companys at stanford.edu>companys at stanford.edu or changing 
>>your settings at 
>><https://mailman.stanford.edu/mailman/listinfo/liberationtech>https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>--
>Too many emails? Unsubscribe, change to digest, or change password 
>by emailing moderator at companys at stanford.edu or changing your 
>settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

Sheila Parks, Ed.D.
Founder
Center for Hand-Counted Paper Ballots
Watertown, MA  02472
617 744 6020
DEMOCRACY IN OUR HANDS
www.handcountedpaperballots.org
sheila at handcountedpaperballots.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130612/c353ed46/attachment.html>

More information about the liberationtech mailing list