Linked by Thom Holwerda on Thu 21st Nov 2013 23:46 UTC
Internet & Networking

"We can end government censorship in a decade," Schmidt said during a speech in Washington. "The solution to government surveillance is to encrypt everything."

Setting aside the entertaining aspect of the source of said statement, I don't think encryption in and of itself is enough. Encryption performed by companies is useless, since we know by now that companies - US or otherwise - are more than eager to bend over backwards to please their governments.

What we need is encryption that we perform ourselves, so that neither governments nor companies are involved. I imagine some sort of box between your home network and the internet, that encrypts and decrypts everything, regardless of source or destination. This box obviously needs to run open source software, otherwise we'd be right back where we started.

Is something like that even possible?

Permalink for comment 577258
To read all comments associated with this story, please click here.
rayx
Member since:
2006-03-24

I think it's more of an issue with people's awareness and easy use of security technology? Take mobile phone as an example, recently I asked a friend, who is working on Android phone development, about how personal information on the phone can be protected. He told me the data can be encrypted but nobody he knows actually does that because it's inconvenient. In the case that phone gets lost, most people care more about how to get the information (i.e., contact book) back than worrying about the leak. I think that may be the status with all phone platforms because there is no easy-to-use solution to protecting data, not to mention many users don't care about it that much (i.e., most people around me don't use disk or filesystem encryption to protect their files on laptop).

Regarding how to establish trust in end-to-end communication, I think there are actually interesting ways to do it? Examples are PGP's ring of trust and SMP authentication used in OTR protocol. It's just for various reasons, these technologies never draw mass people's attention or become popular (take me as an example, I never think it's necessary to use authentication and encryption in my emails).

2030 is very far away, hopefully people will figure out how to address all these issues before it comes. That said, most (if all all) encryption standards are defined by US government, so they are always in a better position than us normal people on this aspect (read: using weakness of encryption algorithm or bugs in software to thwart the effort ;)

Edited 2013-11-22 02:29 UTC

Reply Score: 3