begin quoting Paul G. Allen as of Tue, Nov 06, 2007 at 09:31:00AM -0800: > On Mon, 2007-11-05 at 22:06 -0800, Bob La Quey wrote: > > > I should _not_ waste my efforts caring about those things that do > > not matter though, such as the absolute fact that many forms of > > email are inherently insecure. If I care about my security I will have > > alternatives to the insecure methods. > > The problem is that John Q. Public has a reasonable expectation of > privacy when sending an e-mail.
s/reasonable/unreasonable/ > Remember that most people that use > computers know next to nothing about the technology or any other > mechanisms behind them. They do have an expectation that the only person > that is going to be reading that e-mail is the person(s) it's sent to > (with the exception of those that are sent within a company with a > policy that all e-mail is subject to being monitored). Ignorance doesn't make unreasonable expectations more readable. > Reading an e-mail not addressed to you is not as trivial as reading a > post card that is not addressed to you. Correct. It's easier. > To read the e-mail, one must be > at the ISP, or connected to one of the data lines transferring the > e-mail from point A to point B. As opposed to being a postal employee, or otherwise having access to the postcard somewhere along its route. This is a wash. > Then, it must be extracted from all the > other data on the line (or in the server). Trivial. Easier to do with email than with a postcard. > Then it must be decoded. One > can't simple pick it up and look at it. ASCII is easier to read on a screen then pen-scribbles on paper. > To summarize, there is a > reasonable expectation of privacy and that is covered under the 4th > Amendment. I emphatically disagree. > The US Government is currently attempting to enact a law allowing them > to intercept *all* e-mail without a warrant. A move like this is only a > first step. It's the first step down a slippery slope. I don't disagree with this. The government needs additional restrictions, just because they are so overwhemlingly powerful. [kooler-material snipped] > > Even a brief survey of the history of spycraft will provide you with > > many ways of sustaining secure communications in the face of > > very real oppression. > > It is not reasonable to expect the populous as a whole to be aware of > these. It is a reasonable expectation that the populous can enjoy > privacy from government and others as they go about their normal lives > and daily activities. Whether it's a reasonable expectation or not, it's not a wise expectation. You can argue that you ought to be able to send cash through the postal service, but that doesn't make it any less stupid to do so. I've explained greylisting to people, and have had 'em argue that it should be illegal to do so -- because there's a "reasonable expectation" that email is immediate and guaranteed. -- If you want secure email, encrypt it. And don't give up the private keys. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
