|
Eric H. Johnson on 18 Sep 2013 08:45:54 -0700
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
I should add one more important attribute, volume. Even the NSA is resource limited. If people would just more often use encrypted email, web browsing when available and alternate services such as Diaspora instead of Facebook, Duckduckgo instead of google, etc., it makes that much more work for anyone trying to monitor the activity of others.
Regards,
Eric
-------- Original message --------
From: "Eric H. Johnson" <ejohnson@camalytics.com>
Date: 18/09/2013 11:33 AM (GMT-05:00)
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] encryption
I suppose this is the point in the conversation where someone has to say that encryption is not an end unto itself when it comes to security or privacy.
For the most part it seems that the NSA has been most effective in doing an end around on encryption by intercepting the traffic before it is encrypted, after it is decrypted or accessing the private keys used for encryption.
If they could decrypt in real time they would not be forcing services to install monitoring software / devices on, for instance, the secure mail server used by Ed Snowden, which shut down rather than complied. Silent Circle proactively shut down their secure mail service too.
Other attributes aiding security include anonymity, decentralization and of course the use of strong passwords.
Even if at some future date the traffic can be decrypted, it still must be able to identify the parties to the conversation. In addition, if decentralized it will be very hard to install monitoring tools as described above where they could be of any significant use.
Regards,
Eric
-------- Original message --------
From: Andrew Libby <alibby@xforty.com>
Date: 18/09/2013 11:00 AM (GMT-05:00)
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] encryption
That's the whole hedge with encryption right? Make it
inaccessible until the value of the information decreases
enough to not matter. Frankly, that's not very long.
Most information that's sensitive is so for a relatively
short period of time.
On 9/18/13 10:56 AM, Paul Walker wrote:
> As I understand it (I believe it was something disclosed in
> this keynote http://www.youtube.com/watch?v=FOFtQ6n3WR4) the
> NSA has access to the internet backbone infrastructure and
> is actually storing a large percentage of all internet traffic.
>
> Even if pgp (or any) encryption is currently unbreakable,
> it's silly to think that it is future proof.
>
> So, what I would do - if I wanted to know the contents of
> every human communication transmitted by electromagnetic
> radiation, and some of it was encrypted and unbreakable, and
> I had unlimited resources: store that stuff until such time
> as it became breakable. This is probably within the realm of
> possibility.
>
>
--
Andrew Libby
xforty technologies
http://xforty.com
alibby@xforty.com
484-887-7505 x 1115
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug