People like Sir Tim need to speak out on such issues, because their contributions to science and technology are touted by our leaders as 'proof' of Britain being a modern, forward thinking society - rather than the withered, reactionary, largely technophobic old empire we in fact are.

Because most of us came to this realization: http://xkcd.com/538/ [xkcd.com] or the fact that 90% of it doesn't matter.

All of my Tax documents and other financial stuff is on a 256-bit encrypted disk image. But why the hell do I need to encrypt the message to my mom about my Easter plans? Furthermore, how do I explain to someone that just learned to use a computer that Obama wants to know if it's going to be Ham or Turkey.

And the last time I planned something big and illegal we sure as hell didn't EMAIL each other about it, we met in person. (3 friends of mine all worked at Taco Bell through High School. Summer before college we planned a heist of the flags off the top. I still have a flag I fly on Rugby trips with the Taco Bell Dog.)

Well that's the thing. Anonymous posting provided one form of security that's no longer feasibly available. Encryption allows better privacy. As more and more cultures/subcultures/thought-pattern-sharers participate on the web, conflicts and clashes are more and more likely to happen. Opportunistic encryption, as long as it is controllable, will make the web a mutual haven for all cultures. One community can keep their convos/files/culture to themselves, while others can still broadcast theirs. The hearts and minds of people, no matter where they are geographically, are the final battlefield for a fight that should never take place, and encryption is one way to help ensure it never does.

Posting AC because I have mod points and also I seem to have started rambling.

Because most of us came to this realization: http://xkcd.com/538/ [xkcd.com] or the fact that 90% of it doesn't matter.

The problem with the xkcd cartoon is that it only applies if whoever wants your information knows that you have it.

The point of general encryption is that fishing expeditions are impossible... so the "juicy" stuff that would warrant attention from the powers that be is hidden in the morass of all the other encrypted data.

Yes, a ten-dollar hammer can be used to get my keys from me... but how do you know I've got the goods if you've never been able to read anyone's data?

Encryption gives a sometimes false sense of security, and the technology is a hassle. It's better to reinforce societal expectations for privacy where it is due, and let social mechanisms (like laws and market reputation) do the job.

Consider e.g. that if you use https from your workplace and see the happy little lock icon in FF or IE, you probably feel safe.

But some workplaces insert a proxy in between you and gmail (or what have you), having stuffed the proxy's certificate on your (their) work machine through local policy. Unbeknownst to you, your employer then sees the communication which you thought was totally private. Now imagine if an ISP could do that and get away with it.

The point is that even if you do *care*, the technology is hard to keep track of, and there is an arms-race ladder of one-upmanship that makes this a never-ending game, which some nerds can win, and most of us will lose.

What will really keep you safe is to stand up for a reasonable expectation of privacy where it should exist, and create norms and laws that protect this. Saying "NO" to Phorm or other invasions by ISPs is part of that approach, and creates legal and commercial consequences that are more effective than asking every grandma to mess with PGP.

Key exchange is hard.

If we had signed DNS, and DNS started distributing X.509 certificates ("type CERT queries"), then secure email really would hit the mainstream.

Because if somebody's watching you send all those messages to your mom about Easter plans and then suddenly see encrypted traffic, they're going to know that the encrypted traffic must have been special and then come after you with the wrench?

The world has moved beyond simply sending encrypted e-mails back and forth. Steganography, torrents, tor, etc.

If I REALLY wanted to coordinate killing the president or something big. I'd probably use YouTube or Craigslist where the Signal to Noise is infinitely small. I'd embed an encrypted stegano message inside video of a guy lighting farts on fire or 'casual encounter' ad. Heck, put up some eBay listings with big pictures. How do you know that latest version of Heroes you downloaded from Bit Torrent doesn't have a 5MB image embedded in it with the President's route on some foreign trip?

How about those Spam messages that look like a ton of gibberish, do you know they're not some secret code?

I'm sure if a few Slashdoters put their minds to it, they could come up with a bit more ingenious ways of sending messages than 'plain text' encrypted PGP e-mails.

The next terrorist isn't going to suddenly start sending encrypted messages from a normal account.

Now, the majority of even the hard-core geeks no longer have much interest in encryption.

Then they're not hard-core geeks.

Geez, they're not even soft-core geeks. In December 2005, paranoid what-if rants about theoretical risks, became mainstream knowledge. If you're awake (geek or not), you know we have to start encrypting.

A lot of very foolish people have overgeneralized the point of that cartoon.

The $5 wrench attack does work to defeat encryption, but it only works when someone is specifically interested in you.

The bad guys cannot put a $5 wrench on the backbone and slurp up everything. The only way they can do that, is if people agree to not encrypt.

If you encrypt, you defeat massive-scale surveillance. And you are not defeating a theoretical attack; you're not even defeating a plausible attack. You defeat an attack that the US government is known to be using.

You don't need to read phrack or 2600 to know about this; read the New York Times or turn on your TV and watch Frontline. Get your head out of the sand.

But why the hell do I need to encrypt the message to my mom about my Easter plans?

Because I might be looking for houses to burgle on Easter.

Because privacy should be the default. Instead of asking why your plans should be secret, ask why your plans should be public. It's just as legitimate of a question.

And the last time I planned something big and illegal we sure as hell didn't EMAIL each other about it, we met in person.

Good for you. But there's more to life than planning crimes, and there are other threats than government law enforcement (they just happen to be the most high-profile). I know some people think that the only purpose of the internet is for pedophiles to trade porn, but really, people do have other uses for it. Most of those uses are nobody else's business. If you wanted the world to know your Easter plans, you could have posted them to Usenet. Instead, you chose email.

"The promise of the internet is free and open data."

I thought the promise of the internet was free porn.

Seriously, it started as a government program and open and free communications was not the goal.

And you just accidently hit on the reason why having that stuff can have you sent to PMITA prison. Did you catch it? Here I'll point it out-"Even that child porn dude that's in the supreme court knew enough to use TrueCrypt.". The simple facts are that law enforcement HATES encryption, because it means they have to bust their ass instead of running a simple scan for *.whatever. So I have no doubt you will see more and more prosecutors using "You know why he has that stuff and won't let us go through his files? It is because he is a child molester! Are you going to let him get away with that?" And sadly juries who think all the crap they see on CSI and Numbers is real will think you must be some "elite child molesting super hacker" because the cops can't crack your crypto and you will get to rot in jail until you let them go through your stuff because "If you did nothing wrong you have nothing to hide".

I have had talks with a friend working state crime lab and believe me, they would love nothing more than to only allow crypto that had state approved back doors in it. He told me the reason the only "child pornographers" you see arrested is the loser in his basement whacking off to the same crap that has been floating around since the old BBS days is because the REAL bad guys are passing encrypted DVDs to each other through the mail. He said the few they have busted were because one of their victims talked but when they snatched all the data everything was so locked down with crypto there was no way to trace it back to their partners. And when a guy is already facing 400+ years good luck with getting him to rat.

Sadly right there is the problem, good men that can not see the evil they are pushing. He and his friends in the lab see nothing wrong with demanding everyone's data be accessible because they are not evil men and would only use it to protect kids. What they don't see is that for every one of them there are a thousand Karl Rove style scumbags that would happily abuse any power they can get their dirty little hands on if it meant that their "enemies" got burnt. Just look at the spying on civil rights leaders in the 60s or warrantless wiretapping now. But how to convince the good men that allowing some evil doers to escape to protect us all is the dilemma that we all must face. Because with "child porn" being like the red scare of the 50s, with parents scared to death that pervos are hiding around every bush, it is simply becoming too easy to use that word and get any law passed that they desire.

While I hope we don't end up with "Trusted Internet" or some other way to ensure that those in power can always access your data that certainly seems to be the way that those in law enforcement want it to go. We just have to find a way to convince people that defending the idea of privacy is not the same as advocating criminal sexual activity. Because ATM all it takes is for a prosecutor to bring up "those two words" in front of a jury and you're screwed, even if all you are doing is trying to keep Big Brother out of your data. Privacy doesn't really mean anything anymore as long as those two words hold so much power in the minds and hearts of juries. It is truly scary times we are living in.