![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
The NY Times is reporting that the U.S. government is pushing a law that (roughly speaking) would require essentially all software makers or service providers who enable encrypted communication in this country to be able to provide plain text if served with a warrant. Their stated motives are reasonable: it's harder and harder to create effective wiretaps these days because of peer-to-peer networking and encrypted communications, so investigating criminals is getting harder. And they're not asking to control the back doors themselves, just that the companies be able to give them unencrypted content if they ask for it. But even so, I like the idea of being able to conduct some aspects my life without anyone looking over my shoulder, and there's a very, very long history of the government stretching its police authority as far as it possibly can within the letter of the law. (Look at how many provisions of the Patriot Act have been heavily used in cases that have nothing to do with terrorism, for example.)
I'm a bit of a crypto/security nerd, so this is a big deal to me. I'm not sure what to think of it: on some level it's a hopeless effort, since today's encryption software should remain effective for many years even if tomorrow's is ineffective. Also, it's hard to see how they could shut down distributed open source development. The only way to get around that would be for the government to criminalize the use of effective encryption... which means I wouldn't be at all surprised if that's on their radar.
So what do we do about it? Talking about it can help a little, of course, and writing letters to congress, and that sort of thing. But to my eye, the best thing we can do is simply to download and (at least occasionally) use some of the strong encryption software that's out there. The GPG project provides free public key encryption for any digital files (there's a Mac bundle if you want it). Once that's installed, you can encrypt email by hand or use helper programs like the Enigmail extension for Thunderbird, GPGMail for Apple Mail, or others. A lot of instant messaging programs have encryption built-in as an option (Adium has an "OTR" feature, Pidgin has various plugins), and they can usually do it in a nice, unobtrusive way (like a "turn it on automatically but only if the other person's software can handle it" mode).
The point isn't to do this all the time: I'll be the first to admit that it can be a pain (especially if you're really careful about the details). The point is to be capable of exchanging encrypted messages, and maybe to actually do so on occasion just to make sure that doing so becomes at least vaguely mainstream. Does it matter? Probably not. But maybe your chances will be a tiny bit better when the revolution comes.
I'm a bit of a crypto/security nerd, so this is a big deal to me. I'm not sure what to think of it: on some level it's a hopeless effort, since today's encryption software should remain effective for many years even if tomorrow's is ineffective. Also, it's hard to see how they could shut down distributed open source development. The only way to get around that would be for the government to criminalize the use of effective encryption... which means I wouldn't be at all surprised if that's on their radar.
So what do we do about it? Talking about it can help a little, of course, and writing letters to congress, and that sort of thing. But to my eye, the best thing we can do is simply to download and (at least occasionally) use some of the strong encryption software that's out there. The GPG project provides free public key encryption for any digital files (there's a Mac bundle if you want it). Once that's installed, you can encrypt email by hand or use helper programs like the Enigmail extension for Thunderbird, GPGMail for Apple Mail, or others. A lot of instant messaging programs have encryption built-in as an option (Adium has an "OTR" feature, Pidgin has various plugins), and they can usually do it in a nice, unobtrusive way (like a "turn it on automatically but only if the other person's software can handle it" mode).
The point isn't to do this all the time: I'll be the first to admit that it can be a pain (especially if you're really careful about the details). The point is to be capable of exchanging encrypted messages, and maybe to actually do so on occasion just to make sure that doing so becomes at least vaguely mainstream. Does it matter? Probably not. But maybe your chances will be a tiny bit better when the revolution comes.