They're reading your email.

by Jeremiah Foster

So you thought it was okay to joke about overthrowing the government? You thought your rights were protected by the Constitution, the Parliament, or law of the land.

Well you were wrong, we were all wrong. What should we do about it? Encrypt our email.

The NSA reads your email, the European Union saves your telephone calls for later use, Yahoo hands over your search results to the government if they ask nicely (or not). Everything you do online can easily be stored and recalled to be used as evidence against you.

This is fine of course, if you are terrorist or are communicating with terrorists. But what if you have a legitimate interest in Eugene Debs, John Kerry or healthy dissent? Well you are in luck because you can encrypt your email with GNU Privacy Guard.

GNU Privacy Guard (GPG) encrypts your email with your private key and makes the contents only openable by those to whom you send the email. This is a great way to provide yourself with privacy and ensure that it will be more difficult for those who want to snoop on your private communications. GPG can be used on nearly any operating system and integrates particularly well with Apple's mail program as well as Thunderbird and Evolution. The government, any government really, has ways to break this encryption, but it will take a while if you use a strong key.

Start using GPG, write to your friends and family, speak your mind freely with Benjamin Franklin's famous quote in mind - "Any society that would give up a little liberty to gain a little security will deserve neither and lose both."

6 Comments

Ben Franklin
2006-01-27 22:41:41
Amen brother.
M. Harris
2006-01-30 12:43:37
You write that we should encrypt email because our governments are reading it, but then point out that gpg encryption will not stop them doing this. So what is the point, to merely annoy them a little? I am not a cryptologist but my guess is that breaking gpg is trivial for my government and of little annoyance. If anything I would expect them to welcome gpg/pgp as it provides a stronger identification of those communicating.


While GPG is useful for protection from Crackers and Industrial Espionage, I would suggest that we are not as you write 'in luck'. I commend you for writing on this matter however. The geek world has a large part to play in not only choosing to implement or create alternatives to the obsessively intrusive policies of the US/Europe, but in understanding the issues and presenting them to those we have elected. My impression is that most of our general populations are so scared by the media of paedophiles and terrorists that they would jump into the nightmare of Trusted Computing with open arms.


That Benjamin Franklin quote is a good choice.

Jeremiah Foster
2006-01-30 13:08:48
I think we should encrypt our email because it gives us a measure of security above and beyond plain text. This means that those who do not have the legal and technical means will not have access to our email. If you use a strong enough key, it will not be trivial for a government, or any other entity, to decrypt your mail. In fact the technology is so effective that there are export restrictions on it - it is not allowed to be exported out of the United States though there are some parallel encryption algorithms that have been developed in Europe which are roughly identical.


The NSA or FBI could probably break the encryption on our email, but if you chose a very strong key it will take some massive computing power and currently that computing power is expensive, so you would have to represent quite a threat. Computing power is getting cheaper however and soon even strong keys will be able to be broken, but we will also have access to that power so we will be able to create even stronger keys. It is an arms race of course, with no detente in sight.

Brad B.
2006-01-30 15:40:25
First, I'll admit that I don't know the "ends and outs" of encryption/decryption. My question is don't you have to send your key (or a key) to the recipient(s) of your email. And to do that, the key can't be encrypted. Therefore the government already has the key so there's nothing to decrypt?


I must be (hopefully) missing something very important here.

Jeremiah Foster
2006-01-31 15:04:31
The government never gets your private key and a public key is not enough to decrypt a message.


If I send mail to James, I use his public key to encrypt the mail. He uses the combination of his public key and private key to decrypt the message. If the government just had his public key they could not read James' mail without his private key as well. It is this "key pair" combination that allows for encryption.

John
2006-05-14 21:11:46
Get a grip dude. Personally i dont want my parents or friends reading my emails but i would prefer some old bloke in a governmnet department read my most private emails to my girlfriend rather that getting bombed by Osama.