and I think we should all have it.
Senator Dianne Feinstein (D-NSA) among others is trying to write into law a definition of a "professional journalist." Coming from her, it's probably part of an effort to deny privacy rights to as many of us as possible by excluding us from her definition, but that got me thinking a few days ago about how we might all qualify as journalists.
Then, Friday August 23, 2013, I sent an email to the NY Times Public Editor suggesting that she and all reporters, or at least all investigative reporters, should be set up to receive encrypted email.
The more I think about it, the more I think the ability and willingness to accept and read encrypted (read private, because that's what it is) messages is the hallmark of an investigative journalist. So now I suppose I need to learn how to do that myself, and maybe we all should. That way we can all stake a claim to be journalists, entitled to whatever (extra) rights come with that status. Also, that way we can all receive [encrypted] private email. And if we and our friends start sending lots of privacy-protected email, it would strain the NSA's ability to read it all and it would greatly dilute the allegation that encrypted email is inherently suspicious. It shouldn't be any more suspicious than sealing a first class envelope.
I wrote that introduction (except those last eight words of the title, that ran into the introduction) last Friday, and I've been trying to do the homework I assigned myself since then. From last Saturday to today (Tuesday, or now early Wednesday morning 8-28-13) I've spent/wasted most of my free time trying to get set up to send and receive encrypted E-mail. I've gotten halfway there -- I can receive encrypted mail from two E-mail answering robots, but I can't send out anything encrypted.
Remember how Edward Snowden tried to persuade Glenn Greenwald to get set up to receive encrypted E-mail? Greenwald struggled with the software for a while, but then gave up and blew off Snowden. Snowden then got in touch with Laura Poitras, who was already an expert on encryption, thanks to the forced tutorial in it that our Customs agents put her through. She passed the first messages on to Greenwald, and eventually got him up to speed on encryption. Anyway, I can now thoroughly sympathize with Glenn Greenwald for his inability to figure out how to do it on his own.
I did some reading and it seems the basic method of Pretty Good Privacy still works. You use a computer program to create a Public Key and a Private Key. The Public Key you make available to anyone from whom you'd like to get encrypted E-mail. The Private Key you keep only on a secure computer. The Public Key is enough for the appropriate software to use to encrypt a message someone wants to send you, but to decrypt it you need the Private Key. That's kind of like a mail box -- anybody can put stuff in but only the postman has the key to take it out. A better analogy might be a bank's night deposit box if it had a small lock on the deposit slot that a customer would need a key to open. A bank might want that just to keep mischievous people from filling the box with trash. You can publish your public key for anyone to look up on the internet, but one guide I read suggested not doing that unless you're a business that wants the incoming traffic enough to put up with the spam. That's a bit like being the mailbox on the corner.
I think creating those keys has something to do with using one or two very large prime numbers, and maybe using one as an exponent of the other or something more complicated. Such a code can be broken by the 'brute force' method of trying all possible combinations, but somebody calculated that with the current method, all the computers in the world working on it would need much longer than the age of the universe to crack the code. And nobody the code gurus have heard of has found a shortcut. If such a shortcut exists, it's been sold to the NSA or KGB in secret. The British don't seem to have a shortcut; if they did, why did they hector David Miranda for nine hours to tell them the key for whatever he was or wasn't carrying?
Anyway, it seems that software that will (or should) do that encrypting for you is freely available, and the source code for it is public so people who understand that kind of programming should be able to tell if anyone slipped a 'back door' into the program.
So I started doing my homework at this web site:
... and read up on Pretty Good Privacy. Then I tried to download an open source program to go with Thunderbird, called Enigmail. You can get it at http://www.enigmail.net . But I couldn't get it to work. (Well, it works halfway for me -- I have sent my Public Key to a couple of robot answering sites, and they've sent me back encrypted E-mail that only(?) I can decrypt and read, using that Private Key.) All those E-mails say that they couldn't open/decrypt the encrypted part of the E-mail I sent them, which I tried to make using their Public Keys. I've combed through most of the support group discussions for Enigmail and haven't found an answer yet, but I have found mountains of confusion. I also tried a program called Kleopatra, that seems to do about the same thing as Enigmail. I couldn't find a way to make any of them work, with Thunderbird or with another E-mail program, Claws-mail. At this dead-of-night hour, somebody could probably convince me the NSA has sabotaged Pretty Good Privacy. Paranoia thrives after midnight.
Getting back to how Edward Snowden tried to get Glenn Greenwald to get set up to receive encrypted E-mail: the first thing Snowden asked for was Greenwald's Public Key. He didn't have one at the time. I now think every investigative reporter ought to have one, and at least the contact person at every news organization ought to have one and make it freely available and easy to find. And I think it's something we should all have, and we should all get ourselves up to speed on sending and receiving encrypted E-mail. It's just like sealing a first class letter before you mail it. It shouldn't make anyone suspicious, and if the NSA wants to intercept and store every encrypted E-mail, I say let's build them a haystack that reaches to the moon, even if we have no needles to hide in it. Especially if we have nothing to hide.
That first web site I mentioned,
suggests that PGP encryption won't mean the NSA couldn't read your encrypted E-mail. They may be right, but there's reason to think it's not easy even for them. I ran across something that mentioned "black bag cryptology" and "rubber hose cryptology". Those are euphemisms for breaking into someone's house and stealing information off the computer, and for threatening or torturing someone until he/she gives up the key. Apparently those methods are a lot easier and faster than real cryptology -- really cracking a code.
With that in mind, is there anyone out there who is expert enough to get a lot of us using encrypted E-mail? Or can anyone refer me to a computer person whom I can trust? It's a potentially lucrative business to be in. At this point I'd be happy to pay for an hour or so of consultant time to get it going. But I don't want to use something from a company like Symantec. The have a PGP program, but it's not cheap, and I'll bet the NSA has already made them put a 'back door' into their programs. If you know of somebody like that, please say so in the comments and we'll figure out a way to communicate without putting anybody's name or email out here in the public. Gee, where's Edward Snowden when you need him?