Linked by Thom Holwerda on Thu 21st Nov 2013 23:46 UTC
Internet & Networking

"We can end government censorship in a decade," Schmidt said during a speech in Washington. "The solution to government surveillance is to encrypt everything."

Setting aside the entertaining aspect of the source of said statement, I don't think encryption in and of itself is enough. Encryption performed by companies is useless, since we know by now that companies - US or otherwise - are more than eager to bend over backwards to please their governments.

What we need is encryption that we perform ourselves, so that neither governments nor companies are involved. I imagine some sort of box between your home network and the internet, that encrypts and decrypts everything, regardless of source or destination. This box obviously needs to run open source software, otherwise we'd be right back where we started.

Is something like that even possible?

Thread beginning with comment 577253
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by Luminair
by galvanash on Fri 22nd Nov 2013 00:38 UTC in reply to "Comment by Luminair"
galvanash
Member since:
2006-01-25

the war on privacy ends in a final battle over whether or not obfuscated packets are allowed across the network at all.


Its even worse than that.

I am a fan of Google, but Schmidt is seriously deluded...

Even in this perfect world where everyone has their own key pairs to do end to end encryption, assuming as you say the government doesn't outlaw the practice (a very real possibility) - you still have a rather fundamental problem...

It requires you to trust that the party on the other side has not been compromised.


So yeah, casual eavesdropping is eliminated - but is that really the problem in light of all the secret NSLs that companies have reportedly gotten?

What good is encryption is the government can secretly demand anyone's keys - and even saying that you were asked is a crime???

Encryption doesn't mean anything at all in the current environment...

Reply Parent Score: 8

RE[2]: Comment by Luminair
by Lennie on Sat 23rd Nov 2013 09:13 in reply to "RE: Comment by Luminair"
Lennie Member since:
2007-09-22

It requires you to trust that the party on the other side has not been compromised.


Not if the you give encrypted data to the other party.

An example:

Chrome has a bookmark, acocunt, whatever sync system. Data lives in cleartext at Google.

Firefox has a bookmark, account, whatever sync system, data is encrypted and than it is stored at Mozilla (Mozilla doesn't even want to see your data, data that isn't encrypted needs a lot more work to keep safe).

You could always choose where to keep your data with Mozilla, with Chrome you don't. But you needed to run a server.

Mozilla is now working on making it possible to store that data anywhere you like. It could be something like Dropbox, as it is already encrypted it doesn't matter all that much anumore.

Reply Parent Score: 4

RE[3]: Comment by Luminair
by galvanash on Sat 23rd Nov 2013 21:22 in reply to "RE[2]: Comment by Luminair"
galvanash Member since:
2006-01-25

Not if the you give encrypted data to the other party.


What you are talking about isn't communication... Communication involves one party sending information to another party with the intent that they can read it. That requires a key exchange, and your back to the same problem...

Reply Parent Score: 3

RE[2]: Comment by Luminair
by cipri on Sat 23rd Nov 2013 12:13 in reply to "RE: Comment by Luminair"
cipri Member since:
2007-02-15

but it's a big improvement, because at the moment the spying took place without google knowing it.
In case of encryption, the nsa must go to google and with the approval by a judge.
So in case they want to spy on person X, they can, but they will not see also the stuff off the other people, that is flowing throw the same "pipe".
So it's a very big improvement, and I'm not against, that some certain people, can be spied, if suspected. The problem is, when they get all the data also from people that are not suspected.

Reply Parent Score: 2

RE[3]: Comment by Luminair
by galvanash on Sat 23rd Nov 2013 21:32 in reply to "RE[2]: Comment by Luminair"
galvanash Member since:
2006-01-25

but it's a big improvement, because at the moment the spying took place without google knowing it.


I see what you are getting at... But as an end user, what difference does that make to me?

Seriously, as things are now my data may be monitored by the government without anyone's knowledge.

In the "everything is encrypted" scenario, now Google will know when my data is being monitored... So what? I still won't know about it - because Google cannot tell me without committing a crime.

I will admit that it could be better if you replace Google with someone like Lavabit that chooses to shut down rather than compromise their user's security. The problem is when push comes to shove the Google's of the world will cave before shutting down - anyone who things otherwise is completely deluded...

Reply Parent Score: 4