Privacy of Communications 8
Most nerds accept that email is not private. We are willing to send unencrypted emails to our friends, family and coworkers because it is convenient. We forget that email is really like a postcard, not a letter, so anyone along the way can read all the contents.
A few people use encrypted email. There are 2 main forms of this – x.509 and gpg. I’ve been using gpg more and more for unimportant communications, because it is my right to have private conversations over the internet. What is said between me and the other party is nobody elses’ business. Really, we are just chatting, but that isn’t the point.
Recently, a brave businessman has probably risked jail by not saying that his company was not asked to provide access to encrypted email sent by customers. There have been 2 encrypted email services shutdown by their owners in the last week. We don’t know why, but suspect a gag order by the US government prevents these businesses from talking.
Last time I checked, the 1st amendment to our Constitution expressly provided for free speech. It says (this is a direct quote):
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Seems pretty clear to me that gag orders are unconstitutional.
It has been some very sad years since 2001. The terrorist have won. The US government is more of an enemy now than anyone else in the world, I’m sad to say.
While I wouldn’t trust any 3rd party service for my encrypted email needs, I know how difficult and non-convenient using gpg is. It is a hassle, but I encourage everyone to use it for all their emails. What we say in our email is nobody elses damn business. We shouldn’t need to fear what we say privately and shouldn’t have to worry that our more and more oppressive government is reading those conversations.
So, google “how-to gpg email” for your platform and email program and get setup with your own gpg keys. This is very important for people using those free, huge, email providers like gmail.
A few related articles:
Now the government has made me sound like a lunatic, but at least I feel better.
Perhaps this is just my own ignorance, as I’ve only started playing with GPG, but wouldn’t both parties need to use GPG for the recipient to be able to read the encrypted email I sent because I’m encrypting it with THEIR public key so they can decrypt it with their private key?
This seems to be a broader issue than just nerds starting to use encrypted email — it needs to be made accessible to all, not just those like you and me who enjoy figuring things out on our own. There’s no way GPG or any email encryption is going to be used by the masses if it’s not “stupid simple”.
Seems that gmail (the company) thinks users and people sending emails to @gmail.com addresses have no expectation of privacy.
Here’s the story link
Looks like we all need to boycott gmail. Not just using it, but also refuse to email anyone else using it, unless they use gpg encryption.
@Bill, you are correct. It has become more difficult in the age of multiple email devices.
Script The Install and Setup
Anyone could create a script to set things up on Linux, in a fairly automatic way, but getting the keys moved to another device AND working would take some extra effort.
Send and Read from 1-OS
I only use 1 VM for my encrypted email and haven’t bothered pushing the keys to laptops, netbooks or Android devices at all. Encrypted email means I must use the primary desktop machine to read them. However, I do have remote access to that machine from anywhere in the world, except from Android (it uses NX).
Convenience
I suspect that most people would prefer to setup their keys on a portable device, not their desktop. They would accept the huge risk of losing access to all encrypted emails just for the added convenience. After they lost the device (which probably wouldn’t be backed up and is really not secure anyway), getting them to create new keys will be much harder. Doubtful they would even try.
Financial Pros Don’t Use It
I’ve asked my accountant, bank and broker to use gpg. They will not. It is really sad. People and businesses who should care, don’t.
I think our society has conditioned us not to care about privacy any more. People document everything on Facebook or tweets. Google is just another example, but they aren’t sharing the email data with the rest of the world. At least not yet. It is quite obvious to gmail users (or at least it should be) that google scans email contents just based on the adds it shows. It has been that way since day one.
I’m one of those people that has chosen to use it just because of the ease of use and the cloud aspect where you can get to it from anywhere. I’m willing to use GPG to encrypt my messages, but most people aren’t encryption savy. Only a small subset of techies are. Gmail isn’t going to make it easy to encrypt emails because looking at the email contents is how they make their money. Without directed advertising there would be no google. So gmail isn’t free, it comes at the cost of exposing your emails. I guess I’m one of those that has been willing to pay that cost. It seems cheaper to me than using facebook. Somehow the idea that the contents are still mostly private seems better than global exposure.
Video Owner of Snowden’s Email Service on Why He Closed Lavabit Rather Than Comply With Gov’t
Jump to 31:40 for the Lavabit interview if you aren’t interested in the rest of the show. The show was loaded with NYC stuff that just doesn’t apply where I live or anywhere I’ve lived.
- Ladar Levison of Lavabit
That says it all to me.
I’ve recently been getting emails from LinkedIn that various people on my gmail contact list have created Linked In profiles.
Goggle scanning my emails for directed advertising is one thing, but Linked-In parsing my contacts is another. I don’t recall EVER giving permission to access my contact lists. I tend to decline any kind of imports of contacts on websites a a general philosophy. I’m not sure what’s going on, and I’m not happy about it.
The New Yorker wrote an article about this story too. Lots of references for other companies who fought back and which powers the FISA court, United States Foreign Intelligence Surveillance Court, has.
Scary.
Bruce Schneier has been reading NSA docs the last few weeks for The Guardian and he’s put out a few recommendations.