What is the point of keeping e-mail private by e.g. encrypting their content?

�If you want to go onto the list of persons to be watched, write a few mails that contain words like "bomb", "Beehive", etc. Be sure that existing surveillance programs will catch it and bring you to the attention of one of the observers employed by the organization running the surveillance. So you go on the list and are marked "Subversive, to be watched". And if I then send a picture of a Queen Bee, what other reaction can you expect than "Assassination Plans" and a general alert?
Catch it?
Unfortunately for these security types, I did learn the one or other bit about thermodynamics and concepts like "Closed System" and "Second Law". Closed System is like a room with doors. If one is locked, try the next one, and if that is locked too, try the next next one. Replace "door" with "encryption" and you get the link. But don't forget that rooms also have windows, air conditioning ducts, etc., all of which can be used to get into the room, by person or by proxy (listening device).
Meta-data come to mind here, data about you and me that are needed to get that mail from one place to the other and thus need to be clear text. Peter has sent us enough mails on that topic to make clear even to me how transparent we all are there, e.g. "[wlug] 81% of Tor Users Can Be De-anonymized By Analysing Router Information", sent 15 Nov 2014.
"Second Law" encompasses all the methods available to me to downgrade my presence on the watch list and thus make the list inconsequential. General Alerts are great to have, but 100 false alerts? Entropy is not just about heat, it is also about information.
Peter has done enough work on data mining (i.e. catching the few fish (=useful information) in a huge lake of muddy and unpalatable water), so what about doing something that allows those fish to escape his nets?
Steganography is one way this may be done. Planting doubt in the mind of the observer is another. Read this mail a second time, and see how I set out to make myself a terrorist suspect at the start, and then ask yourself, after you have read all of it: "Is he ISIL material? Or is he just a modern version of Diogenes?" (a Greek cynic, cynic meaning "dogs that bark don't bite?"

Wolfgang

On 22/08/15 16:38, Chris O'Halloran wrote:

On 2015-08-22 14:45, Lawrence D'Oliveiro wrote:

True. Perhaps the right approach is to build the ability into the
e-mail app to mark an entire thread as confidential, so replies to it
are automatically encrypted.

What you've described would be excellent.

It just surprises me that tool like Outlook do not already do this.� And the third party tools that try (I've tried using them) are still a bit clunky and not up with the latest versions.

It almost seems like the agenda is 'don't implement PGP in Outlook, we don't want to upset our friends who gather a lot of business intelligence by keeping email unencrypted'



_______________________________________________
wlug mailing list | wlug@list.waikato.ac.nz
Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug