Lawyers Would Rather Fly Than Download PGP

An anonymous reader writes "The NYTimes is running a front-page story about lawyers for suspects in terrorism-related cases fearing government monitoring of privileged conversations. But instead of talking about the technological solutions, the lawyers fly halfway across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?" The New Yorker has a detailed piece centering on the Oregon terrorism case discussed by the Times.

S/MIME, anyone?

[danaris]

What is it with the Slashdot crowd and PGP? What's wrong with S/MIME?

I can say with some authority, having been evaluating and testing it for my company for some months now, that it is natively supported by current versions of the 3 major email clients (Outlook, Thunderbird, and Apple Mail), and that their implementations are, by and large, compatible.

So...are there any particular issues with S/MIME that make PGP a significantly more desirable solution?

Dan Aris

Re:S/MIME, anyone?

[Tacvek]

What is it with the Slashdot crowd and PGP? What's wrong with S/MIME?

I can say with some authority, having been evaluating and testing it for my company for some months now, that it is natively supported by current versions of the 3 major email clients (Outlook, Thunderbird, and Apple Mail), and that their implementations are, by and large, compatible.

So...are there any particular issues with S/MIME that make PGP a significantly more desirable solution?

Dan Aris

I think many Slashdot poster prefer OpenPGP encryption to S/MIME because OpenPGP is not email specific, and having 2 different keys (an S/MIME email key, and a PGP key) is not ideal. Further I suspect the PGP Web of Trust model is preferred by many of us to the CA model. Of course, there are ways around both things, but it may be slightly easier to use PGP for email than to deal with those issues. However, for your uses (depending on what they are), S/MIME may indeed be the best solution.

Re:Security not just about encryption.

[Otter]

Basically, a well-resourced, determined attacked doesn't have to crack PGP itself.

Anyway, who says the NSA can't crack PGP? Some crypto-fanboy showing off how much smarterer he is than lawyers who make no claim of security expertise and have a professional obligation to err on the side of caution?

How my conversation went...

[DnemoniX]

Several years ago now I set up a PGP server at work, mainly for my own use. However it was suggested that our attorney's might like to use it. Here is how the conversation went:

"Hey I just finished setting up an encryption system for the e-mail system"

"A what?"

"Encryption, you know to keep your corrispondence confidential..."

"A what what?"

Then about 5 years later I rolled out an automated encryption system that uses lexicons to detect patterns and auto encrypt e-mails if they trip the filters. That conversation with the attorney's went like this.

"You put in a what and why?"

A lengthy explanation later filled with examples of when they should be using it. Finally the lawyer who had just spent a few days at a HIPPA conference sees the light. DING DING DING Clueless I swear.

Re:S/MIME, anyone?

[danaris]

Who controls the certificate authority that issues the certificates?

In our case, me :-)

We're just using Microsoft's PKI (yeah, I'd rather use something OSS, but requirement #1 is that it work well with Outlook, and I wasn't able, with my limited experience, to get anything else set up to do so...), so the certificate authority is one of our servers. Naturally, it means that anyone who wants to be able to use & trust our user certificates is going to have to install our CA certificate, but that's the price of getting it all for free...

Dan Aris

Re:S/MIME, anyone?

[Chandon Seldon]

OpenPGP software allows you to easily self-generate valid keys. Doing the same with S/MIME (self-signing certificates) is really obnoxious. Further, OpenPGP clients tend to support a web-of-trust introduction model which is strictly better for actual security than the centralized commercial PKI model that S/MIME software tries to force on users.

For sending secure messages within a medium to large sized organization there is some argument for S/MIME using a local CA, but even then simply emulating the same effect with a organization PGP key signer and key server is probably cleaner.

Re:Security not just about encryption.

[hardburn]

NSA isn't a god-like organization. They have limits like anyone else.

It seems that in the vast majority of cases the NSA handles involving encryption, they don't bother to try breaking the crypto itself. Rather, they find some backdoor (keylogger, mishandled key management, etc.). It may seem like cheating to use human error to break the crypto, but in the real world, humans make errors all the time, so you can rely on it in your investigations.

Therefore, it's likely the NSA can't break PGP, simply because it's a waste of effort to try.

Re:How my conversation went...

[Actually, I do RTFA]

inally the lawyer who had just spent a few days at a HIPPA conference sees the light. DING DING DING Clueless I swear.

Don't confuse your specialized knowledge with common knowledge. Your phrasing assumes that encryption, as a word, conjures up images as it would in a geek's mind (and more than five years earlier than now, when it was less well known.) Obviously they explained it better at the HIPPA conference.

Really, I doubt had I not already know what encryption, or the ease of e-mails being read by third-parties, I would have gained nothing from your explaination.

A possible alternative: It is easy for any third party to read your e-mails. Encryption uses a password (or automatic process) on both ends to make sure that only you and your recipients can read the e-mail. It also verifies that the person who claims to have sent the e-mail did, since falisifying the sender of an e-mail is also very easy.

Re:Security not just about encryption.

[profplump]

Looking at your shadow I can still tell your body type, if given some scale I can make reasonable guesses about your height and weight. I can tell what orientation you're in, if you've got long or short hair, possibly your gender. You're right, I can't draw a picture of your face, but given a list of all 6 billion faces I could narrow down the choices quite a bit before I started rounding up people for a lineup.

If someone has a 12-character password alpha-numeric password the keyspace is about 104^12. If you can determine when the shift key is pressed and which of the 4 rows of keys each character is in, you can make that 13^12, which is 36 bits less keyspace -- almost a 50% reduction over the original 80 bits.

Re:Of course they thought about it. Not good enoug

[peacefinder]

"That's actually pretty reasonable to guard against, and given that the laptop would presumably be locked, someone would need to be alone with it for an extended period of time."

Oh, I dunno. Unless you're using an encrypting drive, worst case - for the attacker - is long enough alone with it to physically pull the hard drive, clone it, and button the case back up. A couple hours tops, for a well-rehearsed operation. (How good is the laptop's security while you're asleep?) A better case is to boot it in firewire target mode, snarf up the relevant files for analysis and/or execute a scripted keylogger install. Or if you're really paranoid, maybe you'd wonder if they can just pop in bootable media and install a custom keylogging bios (crafted just for your machine) in five minutes flat. Hard to say.

Of course all these attacks have countermeasures - bios passwords, drive passwords, no firewire, truecrypt, keeping the laptop under your pillow at night - but to be really thorough would be pretty inconvenient, and still wouldn't protect against simple theft of the whole laptop for leisurely analysis of past secrets.

"A laptop can be had for less than that plane ticket, so you don't have to take that particular one overseas."

So you're leaving the one with the actual secrets on it back in the office, then? See above. :-)

"If so, you have to assume that the other end of the connection is probably much more thoroughly bugged physically than either of their computers are electronically."

True. But if you assume that level of surveillance on the other end, it wouldn't be safe for your client to use a computer there either, would it?

As has been said often by people much smarter than I, "security is hard".

Re:Extra: Lawyers don't want to go to jail...

[RiotingPacifist]

Zimmermann challenged these regulations in a curious way. He published the entire source code of PGP in a hardback book, via MIT Press, which was distributed and sold widely. Anybody wishing to build their own copy of PGP could buy the $60 book, cut off the covers, separate the pages, and scan them using an OCR program, creating a set of source code text files. One could then build the application using the freely available GNU C Compiler. PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitionsâ"guns, bombs, planes, and softwareâ"was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court in respect to PGP, but had been established by the Supreme Court in the Bernstein case.

More worryingly why do you agree with the spirit of the law? are foreigners not allowed privacy? DO you consider privacy as US ONLY, right?

Re:IANAL, but...

[Miseph]

Indeed, I am taking a course taught by a lawyer who is working with some people in Guantanamo Bay and I know that he flies down there frequently to see his clients (one of my papers has the smudges and small airplane grit to prove it, he did some grading on the flight). He's working pro bono because the people he is representing have no money at all, although I believe his actual expenses are being covered, at least in part, by various funds and groups (he's the ACLU representative for his county). Even if he could trust the Gitmo guards (who think it's funny to do things like turn around the legally mandated signs indicating which direction is east so that the prisoners will be tricked into breaking their religious tenets...) not to break into any encrypted files or otherwise illegally observe their communications, there just aren't any computers at all for the clients to use.

Most terrorism suspects aren't Saudi billionaires living in comfortable modern homes in the Middle East, most of them are dirt poor and either holed up in some dark dirty corner of the globe or stuck in the world's largest and most paranoid prison complex. PGP just won't work for these people.

Re:Security not just about encryption.

[RiotingPacifist]

No the maths sides with it being impossible to factorise by anything much better than brute force.
Is PGP breakable by brute force on current hardware? even with NSAs resources this is unlikely.
Has PGP been broken in the crytpographic sense, well given that mathmaticians cant get the maths sorted, unless you belive the NSA has a secret lab of mathmaticians that are years ahead of the rest of them, Hell no.
Can 2GB (or whatever the upper limit is for a key) encryption be broken, again unless the NSA dedicate a cluster of supercomputers to every email (as PGP isnt broken) its unlikely.

In some senses PGP is actually safer than one time pads, you use the same pad to encrypt and decrypt the message meaning there are two pads that could be captured, hell pgp keys can be used as improved one time pad. The only place where one time pads beat PGP is if your message is bigger than your encryption strength, but thats only because a one time pad is effectively one huge encryption.

considering most people's PGP password is probably "golf" or their birthday, and there are all sorts of excuses to seize computers, the encryption itself doesn't even have to be broken.

Theres a big difference between people being stupid and PGP being broken, as long as Im careful with my key (keep it on me at all times, and only use it on safe systems), in the absence of
a) a bunch of supper mathematicians
b) a huge amount of computing power (not feasible)(per email)*
c) an even bigger amount of computing power (probably not even possible)(per PGP key)*
encrypted emails sent to me can only be read by me.

*in the case that the NSA are going to dedicate either of these to me, then I really have to wonder what Im doing to deserver all this attention.

Re:Security not just about encryption.

[el americano]

I can think of a couple of reasons to meet face to face, but the vulnerability of PGP is not one of them. There are scientific reviews of the implementation, so it's disingenuous to characterize it as a fanboy technology. Besides, if you really doubted it, you could make a single trip to your client and set up a supply of unbreakable one-time pads.

I think it's funny how willing some people are to speculate that US Intelligence agencies have superhuman powers. Haven't their obvious limitations dispelled the idea that nothing gets by them?