Skip to main content

and I think we should all have it.

Senator Dianne Feinstein (D-NSA) among others is trying to write into law a definition of a "professional journalist."  Coming from her, it's probably part of an effort to deny privacy rights to as many of us as possible by excluding us from her definition, but that got me thinking a few days ago about how we might all qualify as journalists.
Then, Friday August 23, 2013, I sent an email to the NY Times Public Editor suggesting that she and all reporters, or at least all investigative reporters, should be set up to receive encrypted email.  

The more I think about it, the more I think the ability and willingness to accept and read encrypted (read private, because that's what it is) messages is the hallmark of an investigative journalist.  So now I suppose I need to learn how to do that myself, and maybe we all should.  That way we can all stake a claim to be journalists, entitled to whatever (extra) rights come with that status.  Also, that way we can all receive [encrypted] private email.  And if we and our friends start sending lots of privacy-protected email, it would strain the NSA's ability to read it all and it would greatly dilute the allegation that encrypted email is inherently suspicious.  It shouldn't be any more suspicious than sealing a first class envelope.

I wrote that introduction (except those last eight words of the title, that ran into the introduction) last Friday, and I've been trying to do the homework I assigned myself since then.  From last Saturday to today (Tuesday, or now early Wednesday morning 8-28-13) I've spent/wasted most of my free time trying to get set up to send and receive encrypted E-mail.  I've gotten halfway there -- I can receive encrypted mail from two E-mail answering robots, but I can't send out anything encrypted.
Remember how Edward Snowden tried to persuade Glenn Greenwald to get set up to receive encrypted E-mail?  Greenwald struggled with the software for a while, but then gave up and blew off Snowden.  Snowden then got in touch with Laura Poitras, who was already an expert on encryption, thanks to the forced tutorial in it that our Customs agents put her through.  She passed the first messages on to Greenwald, and eventually got him up to speed on encryption.  Anyway, I can now thoroughly sympathize with Glenn Greenwald for his inability to figure out how to do it on his own.

I did some reading and it seems the basic method of Pretty Good Privacy still works.  You use a computer program to create a Public Key and a Private Key.  The Public Key you make available to anyone from whom you'd like to get encrypted E-mail.  The Private Key you keep only on a secure computer.  The Public Key is enough for the appropriate software to use to encrypt a message someone wants to send you, but to decrypt it you need the Private Key.  That's kind of like a mail box -- anybody can put stuff in but only the postman has the key to take it out.  A better analogy might be a bank's night deposit box if it had a small lock on the deposit slot that a customer would need a key to open.  A bank might want that just to keep mischievous people from filling the box with trash.  You can publish your public key for anyone to look up on the internet, but one guide I read suggested not doing that unless you're a business that wants the incoming traffic enough to put up with the spam.  That's a bit like being the mailbox on the corner.  
I think creating those keys has something to do with using one or two very large prime numbers, and maybe using one as an exponent of the other or something more complicated.  Such a code can be broken by the 'brute force' method of trying all possible combinations, but somebody calculated that with the current method, all the computers in the world working on it would need much longer than the age of the universe to crack the code.  And nobody the code gurus have heard of has found a shortcut.  If such a shortcut exists, it's been sold to the NSA or KGB in secret.  The British don't seem to have a shortcut; if they did, why did they hector David Miranda for nine hours to tell them the key for whatever he was or wasn't carrying?  

Anyway, it seems that software that will (or should) do that encrypting for you is freely available, and the source code for it is public so people who understand that kind of programming should be able to tell if anyone slipped a 'back door' into the program.

So I started doing my homework at this web site:
http://lifehacker.com/...
 ... and read up on Pretty Good Privacy.  Then I tried to download an open source program to go with Thunderbird, called Enigmail.  You can get it at    http://www.enigmail.net  .  But I couldn't get it to work.  (Well, it works halfway for me -- I have sent my Public Key to a couple of robot answering sites, and they've sent me back encrypted E-mail that only(?) I can decrypt and read, using that Private Key.)  All those E-mails say that they couldn't open/decrypt the encrypted part of the E-mail I sent them, which I tried to make using their Public Keys.  I've combed through most of the support group discussions for Enigmail and haven't found an answer yet, but I have found mountains of confusion.  I also tried a program called Kleopatra, that seems to do about the same thing as Enigmail.  I couldn't find a way to make any of them work, with Thunderbird or with another E-mail program, Claws-mail.  At this dead-of-night hour, somebody could probably convince me the NSA has sabotaged Pretty Good Privacy.  Paranoia thrives after midnight.

Getting back to how Edward Snowden tried to get Glenn Greenwald to get set up to receive encrypted E-mail: the first thing Snowden asked for was Greenwald's Public Key.  He didn't have one at the time.  I now think every investigative reporter ought to have one, and at least the contact person at every news organization ought to have one and make it freely available and easy to find.  And I think it's something we should all have, and we should all get ourselves up to speed on sending and receiving encrypted E-mail.  It's just like sealing a first class letter before you mail it.  It shouldn't make anyone suspicious, and if the NSA wants to intercept and store every encrypted E-mail, I say let's build them a haystack that reaches to the moon, even if we have no needles to hide in it.  Especially if we have nothing to hide.

That first web site I mentioned,
http://lifehacker.com/...  
suggests that PGP encryption won't mean the NSA couldn't read your encrypted E-mail.  They may be right, but there's reason to think it's not easy even for them.  I ran across something that mentioned "black bag cryptology" and "rubber hose cryptology".  Those are euphemisms for breaking into someone's house and stealing information off the computer, and for threatening or torturing someone until he/she gives up the key.  Apparently those methods are a lot easier and faster than real cryptology -- really cracking a code.  

With that in mind, is there anyone out there who is expert enough to get a lot of us using encrypted E-mail?  Or can anyone refer me to a computer person whom I can trust?  It's a potentially lucrative business to be in.  At this point I'd be happy to pay for an hour or so of consultant time to get it going.  But I don't want to use something from a company like Symantec.  The have a PGP program, but it's not cheap, and I'll bet the NSA has already made them put a 'back door' into their programs.  If you know of somebody like that, please say so in the comments and we'll figure out a way to communicate without putting anybody's name or email out here in the public.  Gee, where's Edward Snowden when you need him?

Poll

Have you tried encrypted E-mail?

28%11 votes
10%4 votes
17%7 votes
43%17 votes
0%0 votes

| 39 votes | Vote | Results

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  Tip Jar (8+ / 0-)

    We're all pretty strange one way or another; some of us just hide it better. "Normal" is a dryer setting.

    by david78209 on Tue Aug 27, 2013 at 11:45:06 PM PDT

  •  You may want to take a look (2+ / 0-)
    Recommended by:
    david78209, linkage

    at this Business Insider article.

    My guess is, however, that if they are collecting texts as well, encrypting content may have its place, but knowing who is communicating with whom and when is the tip-off to really start looking.

    Now you've got me thinking, and I'll have to do some more searching, too.

    None are so hopelessly enslaved as those who falsely believe they are free. -Johann Wolfgang von Goethe

    by achronon on Wed Aug 28, 2013 at 12:55:59 AM PDT

  •  I wouldn't trust any ... (3+ / 0-)
    Recommended by:
    david78209, paulbkk, linkage

    ....commercial encryption product.  It has probably been compromised.  But I guess it is better than nothing.

    We Glory in war, in the shedding of human blood. What fools we are.

    by delver rootnose on Wed Aug 28, 2013 at 01:36:51 AM PDT

    •  Maybe not better than nothing. (1+ / 0-)
      Recommended by:
      david78209

      I think the NSA, in theory at least, is supposed to keep what they collect from the communications of US citizens or residents for no more than five years (used to be 18 months if memory serves), but can retain encrypted email (or that of foreigners) indefinitely. So that means they can keep it until they learn how to break the encryption, if they don't already have that ability.

      " 'In this world, Elwood, you must be oh so smart or oh so pleasant.' Well, for years I was smart. I recommend pleasant. You may quote me." Elwood P. Dowd

      by paulbkk on Wed Aug 28, 2013 at 03:21:57 AM PDT

      [ Parent ]

  •  about public keys (3+ / 0-)
    Recommended by:
    petral, david78209, linkage

    The only safe way to exchange public keys is in person[or have the key be signed by someone you have exchanged with in person who verified it in person].  Otherwise you are always vulnerable to man in the middle attacks.  You may be able get away with posting it somewhere only you have access, but e-mailing it will always be very sketchy if you are being paranoid.

    Can you e-mail an encrypted e-mail to yourself?

  •  Keep in mind that once you get set up, recipients (3+ / 0-)
    Recommended by:
    petral, david78209, linkage

    ...have to be educated as well. I've found that the whole public-private key thing tends to bring out the lazy and uninterest in some people. I think getting others to use encryption is a larger hurdle than NSA snooping.

    Even if you persuade others to use PGP, they don't always take care to use it. Some read the warnings about the possible and actual weaknesses of encryption and use them as an excuse to not even try.

    That said, Lavabit closing down was a big blow for seasoned encryption users and us novices as well. I have to wonder how many people who had been convinced that Lavabit was a very strong option have now jut given up? People here at DK were angry with me for saying so, but Snowden put the spotlight on Lavabit and made it into a target for government overreach. The consequences of it's noble closure is felt by all of it's users.

    The politicians may be bought, and the system corrupt, but it is our duty to fix these things.

    by sebastianguy99 on Wed Aug 28, 2013 at 04:13:54 AM PDT

  •  you're just painting a target on your back (3+ / 0-)
    Recommended by:
    paulbkk, david78209, linkage

    they can break the encryption.

    good luck.

    -You want to change the system, run for office.

    by Deep Texan on Wed Aug 28, 2013 at 06:25:22 AM PDT

    •  If we ALL wear targets... (2+ / 0-)
      Recommended by:
      wilderness voice, linkage

      Isn't that what the Danes did after the Nazis occupied their country?  IIRC, when the edict went out that Jews had to wear a yellow star, most people in Denmark wore one.  

      They may be able to break PGP encryption, but I don't think it's easy, even for them.  Why let it be easy for them to do something unconstitutional to us?  I can believe that if anyone has found a 'shortcut' way to break PGP coding, it's the NSA; but it's still possible if not likely that their 'shortcut' takes up hours or days of a supercomputer's time.  It may be that they can only crack the codes on a handful of the millions of 'suspicious' E-mails they collect every day.  And if they get faster years down the road, I don't really care if they read something I sent to my accountant for a tax return that went in years earlier.

      Anyway, I'm one of those folks dull or foolish enough to think I don't have anything to hide, so I should be one who tries to make it stylish to wear a target on the back.  It's legal, still...

      And just discussing it does something: It frames the narrative as "them" versus "us".  The founding fathers realized that their own government was the biggest threat to their rights.  I'm happy to remind people of that.

      I don't doubt that the NSA, FBI, and CIA have folks skilled enough to break an old type of privacy -- the seal on a letter -- in a way subtle enough that they could open my mail, read it, and then seal it back up and I wouldn't know it.  But that talent doesn't come cheap.  They can't check everybody's mail.  In the same way, they can't crack the codes on everybody's encrypted email, I hope.  And the more they increase their staff trying to read a bigger fraction of the encrypted E-mail, the more likely they are to hire somebody like Edward Snowden or Chelsea Manning who will blow the whistle on them.  

      One of the last steps in creating a surveillance society is when everybody knows they're being spied on but thinks there's nothing to do about it.  So far, the NSA seems absolutely furious people are realizing what they're up to.  When they put up banners saying "Big Brother is Watching" they've won the war and they're rubbing our noses in it.

      We're all pretty strange one way or another; some of us just hide it better. "Normal" is a dryer setting.

      by david78209 on Wed Aug 28, 2013 at 07:34:09 AM PDT

      [ Parent ]

      •  according to Snowden (1+ / 0-)
        Recommended by:
        david78209

        when they encountered encrypted email rather than try to break it (which may be impossible even for them) they would just trespass on the computer on either end and get it in decrypted form.  

        If you don't actually have anything to hide you could just send encrypted messages telling the snoopers they are really sad and to get a life.  If you do want to hide communications the best way is to post some pictures using steganography.

        As to physical mail they perfected reading it without opening it via laser.  I suppose aluminum foil wrapping would prmote geater interest like encryption.

        •  can't even do that anymore (2+ / 0-)
          Recommended by:
          david78209, linkage
          post some pictures using steganography
          DoD has the ability to find hidden communications in images, since 2006 i think.

          -You want to change the system, run for office.

          by Deep Texan on Wed Aug 28, 2013 at 10:39:42 AM PDT

          [ Parent ]

        •  There's a great example of this in the play (2+ / 0-)
          Recommended by:
          wilderness voice, linkage

          Little Murders by Jules Feiffer.  One of the characters has a long monologue about when they put a mail check on him back in his college days.  The guy was obviously incompetent -- the letters would come torn open and taped closed.  So the guy being spied on started writing letters, mailed to himself but for the spook to read.  He said, in effect, "You must be the office flunky.  I can tell that by the sloppy work you do, and also because they wouldn't waste good talent on a minor 'threat' like me."

          Something reminded me of the play recently, and I found a copy of the script -- a copy full of stage directions, like someone directing it would want.

          Off the subject, there's a hilarious clip of the wedding scene in the movie they made.  A young Donald Sutherland plays the hippie clergyman.  Here's a link:
          http://www.youtube.com/...
          It's a little over seven minutes long.

          We're all pretty strange one way or another; some of us just hide it better. "Normal" is a dryer setting.

          by david78209 on Wed Aug 28, 2013 at 12:33:10 PM PDT

          [ Parent ]

  •  I have used email-signing certificates... (4+ / 0-)

    which is conceptually similar to PGP, but with certificates there is the whole chain of trust thing, and if you don't trust the issuer of the certificate, it defeats the entire purpose.

    You can create self-signed certificates of course, and use those for email with many stand-along clients.  Those are a little harder to use in that you need to somehow get your public key to the recipient.

    I am starting to think it would be worthwhile to do a series of diaries on data integrity and encryption.  Whenever this subject comes up here, I see lots of misconceptions and misinformation..

    •  Maybe we need a session on that at Netroots (1+ / 0-)
      Recommended by:
      linkage

      Nation next summer.  I'd go.  I might even help organize it.  Are you interested?  

      And do you know somebody who can set up a way to look at my computer and see what I've got set wrong?  Preferably somebody I can trust, who doesn't work for the FBI...

      We're all pretty strange one way or another; some of us just hide it better. "Normal" is a dryer setting.

      by david78209 on Wed Aug 28, 2013 at 07:39:29 AM PDT

      [ Parent ]

  •  First, what you want to use is GnuPG as unlike (1+ / 0-)
    Recommended by:
    david78209

    PGP it has full source code available and is not a commercial product thus making it much more unlikely to have backdoors inserted at the request of the government.  While GnuPG is a command line program there are several front ends that make key generation pretty much point and click.  You can even get add-ons for your email client (such as Thunderbird) that let you encrypt and/or sign an email with the push of a single button assuming you have already added the recipient's public key to your address book.

    There are plenty of guides available online that will walk you through setting everything up that available with just a google search.  One final word of advice, always use the largest key you can even if it seems like overkill.  For example, even if they only recommend 4096 bit RSA go ahead and do 8192 bit instead as even if the recipient has an old Android 2.0 era phone it won't take more than 10 seconds or so to open the email.

    You have watched Faux News, now lose 2d10 SAN.

    by Throw The Bums Out on Wed Aug 28, 2013 at 07:29:33 AM PDT

    •  I got as far as GnuPG and Thunderbird, but (1+ / 0-)
      Recommended by:
      Throw The Bums Out

      there's some glitch that's keeping the Enigmail add-on to thunderbird from working right for sending encrypted stuff.  I can receive and decrypt OK.  

      I'm afraid there is one silly little thing I did wrong downloading or installing something, that would be easy to fix but it's very difficult to find.

      Should I just delete Thunderbird, Enigmail, Kleopatra, and start over?

      For that matter, is any computer running Windows 7 vulnerable to an NSA hack?  Maybe I need to start by learning to use Linux and doing anything that needs encryption on a computer that has never had anything but Linux running on it.

      We're all pretty strange one way or another; some of us just hide it better. "Normal" is a dryer setting.

      by david78209 on Wed Aug 28, 2013 at 09:06:22 AM PDT

      [ Parent ]

      •  Any computer is vulnerable to a NSA hack in (2+ / 0-)
        Recommended by:
        linkage, david78209

        theory.  In fact, DARPA is working on a way to hack computers that have never been connected to any kind of network, basically it would be like an EMP blast except it would hack computers rather than fry them.

        I have no idea what is wrong with it, you could try asking about it on the Enigmail forums.

        You have watched Faux News, now lose 2d10 SAN.

        by Throw The Bums Out on Wed Aug 28, 2013 at 12:27:01 PM PDT

        [ Parent ]

  •  Know How... 50: Encrypt your email with PGP (2+ / 0-)
    Recommended by:
    david78209, linkage

    From the twit.tv network.

  •  Tech experts disagree (1+ / 0-)
    Recommended by:
    linkage

    Some say only safe way to communicate anonymously is to use a computer with strong encryption and then, only use it once.  Not very practical.

    Still, Snowden and his journalist contacts have been using encryption and seem to think it's pretty secure..for now.  Who knows what capability the NSA will have five years from now.

    So, one can try encryption.  But, I wouldn't assume it was totally, forever secure.  For many communications, it may not be worth the effort. But, for journalists, lawyers, whistleblowers, activists and others, it's certainly worth it.

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site