It's a good piece by Dave. It won't change my intention of using more crypto, though, for a few reasons:
1 - regardless of archival and possible decryption by spooks, encryption will still help protect some of my data against some other threats*; 2 - the fact that I'm encrypting my traffic doesn't mean there's anything sensitive in it. In fact, it would be rather silly of me to only encrypt the particularly confidential parts; 3 - as Dave and some of the commenters note, the real benefit here comes when encryption becomes pervasive enough that encrypted traffic no longer sticks out like the proverbial sore thumb. *NB - that is still a rather cautious statement of benefit; I have intentionally qualified it in three ways: - encryption only helps protect data, it doesn't guarantee it's safety. For instance, for communications, I want the other party to read what I sent them! They will decrypt it, and at that point any confidentiality of the data has to rely on other factors. - I can't realistically encrypt all my traffic. Some of the apps, devices and services I want to use don't support encryption, and/or don't tell me if they encrypt traffic. Nor can I realistically encrypt my metadata; fixing things so that metadata, social graphs and traffic analysis reveal less information about me is a hard problem, and one I don't really have the resources, tools or rigour to solve. - Encryption (whether for confidentiality or integrity) doesn't help much against threats like malware (Trojans, key-loggers), tracking (pixel beacons, non-browser cookies), denial of service attacks, etc.. But then again, *not* using crypto doesn't keep me any safer against those either. That may all sound very pessimistic, but if Snowden has taught us anything, it is that pessimism is justified at every level in this context - from the hardware up, and at every network node (device, domestic router, commercial/telco router, backbone, data centre, etc etc). Robin Wilton Technical Outreach Director - Identity and Privacy On 30 Jan 2016, at 18:57, "Hugo Connery" <[email protected]> wrote: > Hi, > > Thanks Dave Crocker for posting this. It is useful to know > who is running the standard anti-crypto arguments, and when. > > "You stand out like a sore thumb and they (archive it forever, > focus on you more, ...)" goes with "only the 4 horsemen of the > infopocalypse use encryption" as one of the standard arguments. > > Regards, Hugo Connery > > On Sat, 2016-01-30 at 08:51 -0800, Dave Crocker wrote: >> Cops hate encryption but the NSA loves it when you use PGP >> It lights you up like a Vegas casino, says compsci boffin >> >> By Iain Thomson >> Jan 27 2016 >> <http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/> >> >> Although the cops and Feds wont stop banging on and on about encryption >> – the spies have a different take on the use of crypto. >> > <snip standard anti-crypto argument> > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
