Linked by Thom Holwerda on Thu 21st Nov 2013 23:46 UTC
Internet & Networking

"We can end government censorship in a decade," Schmidt said during a speech in Washington. "The solution to government surveillance is to encrypt everything."

Setting aside the entertaining aspect of the source of said statement, I don't think encryption in and of itself is enough. Encryption performed by companies is useless, since we know by now that companies - US or otherwise - are more than eager to bend over backwards to please their governments.

What we need is encryption that we perform ourselves, so that neither governments nor companies are involved. I imagine some sort of box between your home network and the internet, that encrypts and decrypts everything, regardless of source or destination. This box obviously needs to run open source software, otherwise we'd be right back where we started.

Is something like that even possible?

Permalink for comment 577278
To read all comments associated with this story, please click here.
RE: Comment by pcunite
by Kroc on Fri 22nd Nov 2013 09:09 UTC in reply to "Comment by pcunite"
Kroc
Member since:
2005-11-10

This right here is one of the biggest bug bears I have.

Encryption != Identity.

Tying the trust of encryption to SSL CAs is the reason that even today most websites don't use HTTPS -- just broadcasting everything unencrypted over the web.

The browser vendors too should be blamed. Had Firefox allowed 'untrusted' certificates in the beginning then HTTPS would be standard and on by default for all servers, everywhere. This is not a security problem -- trustworthiness of the host (identity) is the responsibility of ECV certificates and the like, but that shouldn't force everybody else to have to run on HTTP!

Reply Parent Score: 3