Saturday, January 11, 2014

NSA, Encryption and Me - a reply

Chris at Carnifex.org writes:

Every year I go to the hassle of renewing my PGP keys. I have done this every year for at least 10 years, I dutifully post my public key on my website and I lave a link to it in the signature of my most of my emails. In that time, not a single person has ever used it for anything, nor has anyone ever asked me to use PGP, or even exchange keys. I expect this from normal not paranoid type of people, but I know plenty of Conspiracy Theorists and none of them use it either. I also expected to see more people want to use encryption with the recent revelations concerning the NSA, but again, nothing. Learning curve and technological barriers are not really an excuse, making a key pair and using them is trivial these days, anyone can do it nearly seamlessly.

The answer to his question is relatively simple, using encryption generally gains me nothing and costs me in terms of hassle.  Most of my emails are with friends or family who are generally tech illiterate, and have no idea how to use PGP.  That makes it a frustration cost.  In addition I look at what I am actually mailing and it doesn't require encryption.  If the NSA wants to intercept a Happy Birthday email to my niece more power to them.  I am not anti-encryption however, I use it when dealing with financial data. I have an encrypted USB key that contains copies of some important documents, I have a hushmail account for when I really need to send something private (or did I should log in and make sure it is active).  Encryption is a tool.  I use the tool when appropriate.

One other thing factors into this - I have maintained for years that:

 a) all encryption is in someway compromised.  In addition to the recent NSA revelations, there have been advances in math that are leading to a decrease in the effectiveness of encryption, there are doubts about the original research that backs most encryption standards, Distributed and GPU computing are making it ever easier to generate large prime pairs, as are a number of algorithms in common use now.  I also firmly believe that the NSA already has at least one code breaking quantum computer.

b) the fastest way to draw attention to yourself is to encrypt your internet traffic or start jumping onto TOR nodes.  Don't try and tell me the government isn't running honeypot nodes.

All in all to me encryption is more of a problem than a solution.

No comments: