![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
The NY Times is reporting that the U.S. government is pushing a law that (roughly speaking) would require essentially all software makers or service providers who enable encrypted communication in this country to be able to provide plain text if served with a warrant. Their stated motives are reasonable: it's harder and harder to create effective wiretaps these days because of peer-to-peer networking and encrypted communications, so investigating criminals is getting harder. And they're not asking to control the back doors themselves, just that the companies be able to give them unencrypted content if they ask for it. But even so, I like the idea of being able to conduct some aspects my life without anyone looking over my shoulder, and there's a very, very long history of the government stretching its police authority as far as it possibly can within the letter of the law. (Look at how many provisions of the Patriot Act have been heavily used in cases that have nothing to do with terrorism, for example.)
I'm a bit of a crypto/security nerd, so this is a big deal to me. I'm not sure what to think of it: on some level it's a hopeless effort, since today's encryption software should remain effective for many years even if tomorrow's is ineffective. Also, it's hard to see how they could shut down distributed open source development. The only way to get around that would be for the government to criminalize the use of effective encryption... which means I wouldn't be at all surprised if that's on their radar.
So what do we do about it? Talking about it can help a little, of course, and writing letters to congress, and that sort of thing. But to my eye, the best thing we can do is simply to download and (at least occasionally) use some of the strong encryption software that's out there. The GPG project provides free public key encryption for any digital files (there's a Mac bundle if you want it). Once that's installed, you can encrypt email by hand or use helper programs like the Enigmail extension for Thunderbird, GPGMail for Apple Mail, or others. A lot of instant messaging programs have encryption built-in as an option (Adium has an "OTR" feature, Pidgin has various plugins), and they can usually do it in a nice, unobtrusive way (like a "turn it on automatically but only if the other person's software can handle it" mode).
The point isn't to do this all the time: I'll be the first to admit that it can be a pain (especially if you're really careful about the details). The point is to be capable of exchanging encrypted messages, and maybe to actually do so on occasion just to make sure that doing so becomes at least vaguely mainstream. Does it matter? Probably not. But maybe your chances will be a tiny bit better when the revolution comes.
I'm a bit of a crypto/security nerd, so this is a big deal to me. I'm not sure what to think of it: on some level it's a hopeless effort, since today's encryption software should remain effective for many years even if tomorrow's is ineffective. Also, it's hard to see how they could shut down distributed open source development. The only way to get around that would be for the government to criminalize the use of effective encryption... which means I wouldn't be at all surprised if that's on their radar.
So what do we do about it? Talking about it can help a little, of course, and writing letters to congress, and that sort of thing. But to my eye, the best thing we can do is simply to download and (at least occasionally) use some of the strong encryption software that's out there. The GPG project provides free public key encryption for any digital files (there's a Mac bundle if you want it). Once that's installed, you can encrypt email by hand or use helper programs like the Enigmail extension for Thunderbird, GPGMail for Apple Mail, or others. A lot of instant messaging programs have encryption built-in as an option (Adium has an "OTR" feature, Pidgin has various plugins), and they can usually do it in a nice, unobtrusive way (like a "turn it on automatically but only if the other person's software can handle it" mode).
The point isn't to do this all the time: I'll be the first to admit that it can be a pain (especially if you're really careful about the details). The point is to be capable of exchanging encrypted messages, and maybe to actually do so on occasion just to make sure that doing so becomes at least vaguely mainstream. Does it matter? Probably not. But maybe your chances will be a tiny bit better when the revolution comes.
no subject
no subject
So as a practical matter this looks like a mandate to build in weaknesses to our infrastructure, for no particular gain, even aside from the question of liberty (should the government really be saying what kind of communications we can use?).
I don't think I trust the parties involved to either build an otherwise-secure system, nor to use what data they intercept wisely, based on history.
no subject
no subject
It's a situation where an efficient government would a) not do the pointless intermediate thing and b) weigh the costs & benefits of giving up vs. the costs & benefits of enforcing a law severe enough to actually stop bad guys. But if you analyze the incentives of democracy, you find they do not lead to efficient policies, so expecting democracy to conduct proper cost/benefit analysis is like expecting...umm...some bad physics model that looks intuitively plausible but consistently & significantly mis-predicts the real world to consistently get the answer right :).
Maybe it's the marketing of public choice economics, I dunno...I find it incredibly sad that decades after we understood why our governments do the wrong thing again & again, hardly anyone knows it, and even fewer people internalize it. Even among economists! Can you imagine if, decades after relativity was discovered & confirmed, most physicists frequently wondered at the gap between Newtonian physics & the observed data?