Mast Kalandar

bandar's colander of random jamun aur aam

Sat, 05 Nov 2011

< Popular Mathematics? | · | Moving to a Graphical User Interface >

Encryption by Default?

Tags: , , , [link] [comments (0)] [raw]

It is surprising to see that even people who are intellingent, knowledgable and computer savvy find it difficult to see the value of ``encryption by default'' for e-mail. As long ago as the 1990's this was one of the reasons that Phil Zimmerman gave for making PGP common knowledge --- to put the tool to encrypt mail in everyone's hands. Why? Here is his answer:

What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity.

In other words, encrypting mail is a form of solidarity with the person who needs to say something private and confidential. It is also a form of insurance for the time when you are that person.

Twenty years on, this is not as commonplace as Phil Zimmerman imagined. The primary reason is that the public key infrastructure (the web-of-trust) that the authors of PGP thought would lead to an exponential spread of the use of PGP (or tools like it) has failed to grow in the manner envisaged.

The (to my mind) no-so-important reasons cited for the lack of encrpyted mail are the lack of computational power and the lack of security of mail contents. It is true that encryption creates a small overhead. It is also true that encrypted mail does not ensure security in any absolute sense. (Absolute security is absolutely impossible!)

So I find it amazing that, in institutions where this infrastructure is already in place, there are sensible people who argue that we should not do it.

E-mail (will not be displayed)
OpenID (required)
Simple HTML and wiki markup are allowed.


< November 2011 >
   1 2 3 4 5
6 7 8 9101112

2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1997, 1995,