----- Forwarded message from Gregory Maxwell <gmaxw...@gmail.com> -----
From: Gregory Maxwell <gmaxw...@gmail.com> Date: Thu, 1 Dec 2011 01:38:33 -0500 To: Jeffrey Burdges <burd...@gmail.com> Cc: liberationt...@lists.stanford.edu Subject: Re: [liberationtech] Crypto Advocacy TED Talk On Thu, Dec 1, 2011 at 12:01 AM, Jeffrey Burdges <burd...@gmail.com> wrote: [snip] > Aside from arguing these point, there should be emphasis that "this ain't > your daddy's PGP", meaning modern crypto packages have grown incredibly easy > to use. Tor Browser Bundles are about the most user friendly thing in the > world. Off-the-record messaging is almost a triviality in Adium, Jitsi, or > other open source IM clients. Most mail readers have user friendly plugins > for GPG. etc. I've argued before that protocol designers have an ethical obligation to include always-on-by-default cryptography whenever it isn't contraindicated by other requirements— The primary idea being here that the whole cost of cryptography to the user can be drastically reduced when its properly integrated. In particular, even unauthenticated cryptography provides absolute immunity to passive attacks, invisible wiretapping dragnets, and gives active attacks a serious risk of discovery. And this protection can be added to any realtime communication for _free_ and invisibly from the users perspective. (Of course, authentication is important— and nothing unauthenticated should be advertised to the user as encrypted. But the unavoidable user-costlyness of authentication shouldn't prevent us from getting encryption). One point on this subject that is overlooked is the network effect: I may have good reasons why I should be using encryption, but it's very hard to use it when most of my friends are not using it. This is related to your point (1), but not identical. Unrelated to cover, my contacts can't use encryption with me if I don't use encryption— and asking me to use it is a social/time cost that discourages them from using it when they really should. Unless encryption is a norm they won't even ask. Related to your point (2) I'd add a more subtle argument: The widespread use of unencrypted communications enables an _industry_ of dragnet surveillance. Iran pays FooBarNetworks to build a fleet of passive eavesdropping widgets... The R&D cost gets sunk building it and then FooBar has a new product in their price book which their sales drones go peddling to everyone who will take them, including the governments of countries which are less prone to coming up with these initiatives on their own. In this manner, oppression gains a marketing department. Fairly modest decreases in the effectiveness of surveillance can break this cycle by making the initial cost less appealing and making the products harder to sell. (And at the extreme limit: A few billion to build and maintain an infrastructure of hundreds of thousands of optical taps and fast stateless packet filters is a _lot_ more attractive when it will intercept Almost Everything then when its mostly only useful for traffic analysis). Another point that I make when discussing this subject is that none of us is really able to correctly assess the risks in making the choice to use encryption: We're not aware of secret lawful and unlawful interception by governments (our own, and/or hostile ones) and organized crime. We don't have a good feel for how massive collections of data may be used against our interests in the future. And once disclosed the information genie can't easily be rebottled. Encryption is cheap insurance, and would be much cheaper if ubiquitously deployed. _______________________________________________ liberationtech mailing list liberationt...@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography