You should be able to exchange messages privately using the Internet. My profession should be working on making this easy for everyone, including non-geek civilians who shouldn’t need to understand cryptography.
I’ve been thinking about this a lot and even slinging little bits & pieces of code. This will probably turn into a series; the next piece is Where Is Your Data Safe?
It’d be helpful to define terms. So let’s start with a question: How private do you want to be? There are three obvious levels, which I’ll call Basic, Common, and Strong.
Basic Privacy · We can all agree that we want privacy from random strangers sniffing WiFi signals, from crooks looking for bank account numbers, and from agents of the Chinese government looking for dirt on dissidents. This is your Basic entry-level privacy.
[Geek note]: HTTPS-by-default with good endpoint implementations gets us most of the way on this one.
[For civilians]: You should get Basic Privacy for free wherever you go on the Net. If you don’t, the places you’re going are acting unprofessional.
Common Privacy · The label is chosen to suggest both Common law and “Common sense”.
Normally, you expect that when you shut your front door, what happens behind it is private. But if a government employee gets a judge to sign a warrant authorizing some door-busting, your privacy is over. And many people are OK with that, particularly those with the good fortune to live in civilized countries. Even granting that there are occasional bad-apple cops and rogue judges, the system can on balance work satisfactorily. In a well-run society, this Common level of privacy should meet most reasonable needs.
But, in a time where governments run projects like PRISM and BULLRUN whose goal is essentially to record everything about everybody, and those programs may even be judged legal, it’s reasonable to wonder whether Common Privacy is good enough.
[For civilians]: Your email should be private unless someone with a warrant shows up at your email provider’s office. It shouldn’t be legal, let alone common, for intelligence agencies to vacuum up everything, but empirically, they’re trying hard to do just that.
[Geek note]: Message encryption doesn’t stop government employees if private keys are stored online, and online keys certainly make things more convenient (and convenience is very important).
Strong Privacy · This is the kind of privacy where nobody else, and I mean nobody, can read messages that are meant for you, and furthermore, you can be sure who sent them. Technology can’t break this lock.
[Caveats:] Of course if the spooks really seriously think you’re really seriously bad, they’ve already planted a camera where it can see your screen and keyboard, so encryption is irrelevant. And while they can’t break the lock, they might persuade you to unfasten it, with thumbscrews or the threat of jail time.
On the downside, Strong Privacy makes it harder for the cops to track down the actual bad guys. Harder enough to significantly decrease public safety? The security establishment says so; but then they would, wouldn’t they?
On the upside, it seriously gets in the way of abusive officials. If you live in a place like China or Iran with an oppressive police state, Strong Privacy is a life-and-death (literally) issue. And if you’re in a reasonably civilized democracy but you’re worried it might swerve off the rails, or think parts of it already have, you might want to go with Strong Privacy, just in case.
It’s worth noting that if you have Strong Privacy, you also get Basic and Common Privacy as a side-effect.
[For civilians]: You can have Strong Privacy now, but it requires getting comfy with a few geek incantations and using not-quite-ready-for-prime-time software.
[Geek note]: The Web of Trust idea is stone cold dead, and reasonable people are frightened of CA-based approaches, and Crypto Won’t Save You (mostly) anyhow. But I’m pretty convinced there’s a path open to building increasingly-civilian-usable Strong Privacy.
One take-away · It seems that if our spooks weren’t doing egregiously-intrusive things like PRISM and BULLRUN, it’d be perfectly reasonable for a law-abiding citizen to settle for Common Privacy. But since they are, it’s plausible that they’ll drive the populace into the arms of Strong Privacy, which may, on balance, decrease public safety. Oh well.
Open questions · There are lots: Is Strong Privacy even possible? If so, practical? If so, can it be made routinely usable by civilians? If so, what technology do we need to invent? And one that I care about a lot: Where is your data safe?