[liberationtech] to encrypt or not to encrypt?

Fri Jun 21 10:12:07 PDT 2013

________________________________
 >From: dan mcquillan <dan at internetartizans.co.uk>
>To: Liberation Technologies <liberationtech at lists.stanford.edu> 
>Sent: Friday, June 21, 2013 11:41 AM
>Subject: [liberationtech] to encrypt or not to encrypt?

>a few people who came to our university cryptoparty asked whether they're just going to draw attention to themselves by encrypting email. 

>the latest leaks seems to give a firm 'yes', as the NSA specifically keeps encrypted comms indefinitely. 

>sample news item: http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml

>how would list members answer the question 'to encrypt or not to encrypt'? 

>cheers
>dan

The technical answer is that the question makes the false assumption that privacy is a binary thing, either "on"-- you have privacy-- or "off"-- you don't.  Unfortunately there are also threats from private corporations, thieves, hackers, ex-spouses, etc.  If you turn privacy "off" in the perverse hope that you'll "blend in" with everyone else, you'd better hope that a) you never mention something that breaks one of the tens of thousands of laws you've probably never even read, because as the recent Guardian stories point out evidence of your criminal wrongdoing can be shared with other agencies even if you weren't the target of the initial query and even if it's not related to the initial investigation.  And oh yeah, b) you've now turned on spying for all those groups I mentioned above and more, groups for which there isn't even the modicum of court oversight that there is for the NSA.

As meaningless as that oversight seems to be, at least the NSA doesn't have the pressure of shareholders who want to see it monetize all the data it collects as soon as humanly (algorithmically?) possible.  Facebook does.  Google ad campaigns done by marketing idiots follow people around on webpages and creep them out, because it turns out suggesting that your customers "Don't be evil" doesn't work very well, even when it would actually help their bottom line.

I'm sorry but you have to think about these things.  The good news is that if you have nothing to hide, what better excuse is there to play around with crypto and possibly add cover for people doing important work in dangerous places?

Finally, I'm also sorry that there's a gaping hole in the free software community wrt user experience.  There's nothing implied by the four freedoms of the GPL that would lead a developer to take seriously the question of how to make those freedoms easy or even possible for the user to exercise meaningfully.  How many crypto projects try to get the user experience right first, and fill in the crypto part later?  There is plenty of crypto that has been well-tested and has a track record at this point, so it's not an impossible task.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130621/57220d34/attachment.html>