These
viagra approved neurons carry signals to the lower motor neurons, initiating movement
buy generic diclofenac and coordinating muscle activity. A person's coronary calcium score allows
order cialis no rx healthcare professionals to check a person's risk of coronary heart
order cialis from us disease, coronary artery disease (CAD), and heart attack. You should
cheap amikacin pill always consult your doctor or another healthcare professional before taking
order cephalexin lowest dosage cheapest price any medication. The National Institute of Mental Health states that
diclofenac online stores if someone feels they may be in immediate danger due
information no flovent prescription buy cheap to their mental health, they should seek help at the
purchase generic cialis prescription delivery nearest emergency room. A person with PTSD can benefit from
cialis medicine compassion, but their partner should not be the only source
order generic viagra of support. Some individuals enjoy these burgers for their taste,
fda approved betnovate while others say the salt content is too high and
aldactone prescription do not appreciate the additives. They watch over a person
buy clomid online during a medical procedure and give them drugs to ensure
betnovate sale they do not feel pain or anxiety. Using essential oils for.
In Blown to Bits we spend all of Chapter 5 making the argument that (a) perfect secrecy is possible through public key encryption and (b) almost no one encrypts their email anyway. Why this would be the case is one of those small mysteries of the universe. Few of us actually know people who know that their email has been read, but most of the time we’d have no way to know that. If you are sitting in Starbucks and the guy with the double mocha latte is running a packet sniffer, you’d never know the difference.
Today’s New York Times has the kind of story that might lead more people to take the issue seriously. It seems likely that the NSA is snooping on more email than they’d like to admit. The simple fact that the cost of surveillance has plummeted in itself makes abuse more likely. (THe NSA doesn’t need to loiter at Starbucks. They can get access to ISPs’ switching equipment.)
If you use Google’s Gmail, you can encrypt all your mail. The preference setting is pretty obscure, and you have to opt-in: the default is no encryption. Chris Soghoian, I, and a number of other computer scientists and security experts have just called on Google to make encryption the default. Our letter explains it all: You can read it here.
This entry was posted
on Wednesday, June 17th, 2009 at 9:53 am and is filed under Secrecy and encryption, Surveillance.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.
June 17th, 2009 at 10:32 am
[…] here: Encryption is the answer Posted in News | Tags: actually-know, double, file-today, fine-but, one-answer, one-encrypts, […]
June 17th, 2009 at 11:00 am
This is inaccurate. Gmail does not have the option of encrypting mail that is being sent. HTTPS only encrypts communications between your browser and Gmail’s servers while you’re interacting with the Gmail web client. Once you hit send, your message travels across the Internet from Google’s mail servers to the recipient’s mail server. This happens over the SMTP protocol, in clear text.
Unless both you and your recipient use additional tools for encrypting and decrypting mail before it’s sent over SMTP, anyone who is listening in can read your messages in transit. This is what the NSA does.
June 17th, 2009 at 12:43 pm
I’ve had https setup on my gmail account for a long time. One minor irritation is that the igoogle gadget for gmail doesn’t work when you have https turned on- I wish they’d fix that.
As another poster has pointed out, using https only protects your email as it goes from your machine to google’s server. From there on, it’s sent unencrypted to the recipients server. The chances that some hacker will be listening in on your Wifi network are much higher than that they’ll be listening to the traffic between Google’s server and the destination mail server, so it really does make sense to use https. However, it certainly doesn’t protect your email from snooping by the NSA.
June 18th, 2009 at 2:39 pm
Konstantin and brian,
Sorry I wasn’t more specific; you are both correct. Both ends of the email communication have to to be using encryption for the communication to be secure along the whole path (plus the path between servers, if they are different). People have the same confusion about Blackberries — from the mobile device to the Blackberry server is encrypted, but of course if the mail is not destined for another Blackberry it will not be encrypted the rest of the way. But with Gmail, the most worrisome vulnerability is WiFi packet sniffing at the source, and using SSL solves that problem.
June 19th, 2009 at 12:55 pm
Thanks for those further clarifications. I feel much better about having used the https log-in since it became available. It’s unfortunate that google isn’t doing more to encrypt given that most of the known problems out there have viable solutions (ie, the wifi sniffing mentioned above, or preventing phishing attempts with extended validation ssl’s green url bar).
One question, though, from the non-expert: how does this change while accessing Gmail through, say, an iPhone 3G network rather than a wifi connection? Obviously https is still an option, but is its preventative power affected at all from the change?
June 20th, 2009 at 12:01 pm
Assuming Apple has implemented https correctly, you’re safe.